summaryrefslogtreecommitdiff
path: root/internal/cryptocore
diff options
context:
space:
mode:
Diffstat (limited to 'internal/cryptocore')
-rw-r--r--internal/cryptocore/cryptocore.go24
1 files changed, 24 insertions, 0 deletions
diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go
index 9e25bfa..a355342 100644
--- a/internal/cryptocore/cryptocore.go
+++ b/internal/cryptocore/cryptocore.go
@@ -8,11 +8,13 @@ import (
"crypto/sha512"
"fmt"
"log"
+ "runtime"
"github.com/rfjakob/eme"
"github.com/rfjakob/gocryptfs/internal/siv_aead"
"github.com/rfjakob/gocryptfs/internal/stupidgcm"
+ "github.com/rfjakob/gocryptfs/internal/tlog"
)
// AEADTypeEnum indicates the type of AEAD backend in use.
@@ -129,3 +131,25 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
IVLen: IVLen,
}
}
+
+// Wipe tries to wipe secret keys from memory by overwriting them with zeros
+// and/or setting references to nil.
+//
+// This is not bulletproof due to possible GC copies, but
+// still raises to bar for extracting the key.
+func (c *CryptoCore) Wipe() {
+ if c.AEADBackend == BackendOpenSSL {
+ tlog.Debug.Print("CryptoCore.Wipe: Wiping stupidgcm key")
+ // We don't use "x, ok :=" because we *want* to crash loudly if the
+ // type assertion fails (it should never fail).
+ sgcm := c.AEADCipher.(*stupidgcm.StupidGCM)
+ sgcm.Wipe()
+ } else {
+ tlog.Debug.Print("CryptoCore.Wipe: niling stdlib refs")
+ }
+ // We have no access to the keys (or key-equivalents) stored inside the
+ // Go stdlib. Best we can is to nil the references and force a GC.
+ c.AEADCipher = nil
+ c.EMECipher = nil
+ runtime.GC()
+}