From eeed4b4bef64059e5a52f4ceaa0d3a52b197349a Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sat, 17 Feb 2018 15:12:45 +0100 Subject: stupidgcm: implement key wipe Not bulletproof due to possible GC copies, but still raises to bar for extracting the key. https://github.com/rfjakob/gocryptfs/issues/211 --- internal/stupidgcm/stupidgcm.go | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/internal/stupidgcm/stupidgcm.go b/internal/stupidgcm/stupidgcm.go index 2660808..9fa730f 100644 --- a/internal/stupidgcm/stupidgcm.go +++ b/internal/stupidgcm/stupidgcm.go @@ -56,6 +56,9 @@ func (g *stupidGCM) Seal(dst, iv, in, authData []byte) []byte { if len(in) == 0 { log.Panic("Zero-length input data is not supported") } + if len(g.key) != keyLen { + log.Panicf("Wrong key length: %d. Key has been wiped?", len(g.key)) + } // If the "dst" slice is large enough we can use it as our output buffer outLen := len(in) + tagLen @@ -140,6 +143,9 @@ func (g *stupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) { if len(in) <= tagLen { log.Panic("Input data too short") } + if len(g.key) != keyLen { + log.Panicf("Wrong key length: %d. Key has been wiped?", len(g.key)) + } // If the "dst" slice is large enough we can use it as our output buffer outLen := len(in) - tagLen @@ -224,3 +230,15 @@ func (g *stupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) { } return append(dst, buf...), nil } + +// Wipe wipes the AES key from memory by overwriting it with zeros and +// setting the reference to nil. +// +// This is not bulletproof due to possible GC copies, but +// still raises to bar for extracting the key. +func (g *stupidGCM) Wipe() { + for i := range g.key { + g.key[i] = 0 + } + g.key = nil +} -- cgit v1.2.3