From 3b8f5cbb17c964224456bb36b096feafb0e24f44 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sun, 18 Feb 2018 14:26:54 +0100 Subject: readpassword: convert from string to []byte This will allows us to overwrite the password with zeros once we are done with it. https://github.com/rfjakob/gocryptfs/issues/211 --- internal/configfile/config_file.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'internal/configfile/config_file.go') diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go index 01e3b80..3fd16c7 100644 --- a/internal/configfile/config_file.go +++ b/internal/configfile/config_file.go @@ -67,7 +67,7 @@ func randBytesDevRandom(n int) []byte { // CreateConfFile - create a new config with a random key encrypted with // "password" and write it to "filename". // Uses scrypt with cost parameter logN. -func CreateConfFile(filename string, password string, plaintextNames bool, logN int, creator string, aessiv bool, devrandom bool) error { +func CreateConfFile(filename string, password []byte, plaintextNames bool, logN int, creator string, aessiv bool, devrandom bool) error { var cf ConfFile cf.filename = filename cf.Creator = creator @@ -114,7 +114,7 @@ func CreateConfFile(filename string, password string, plaintextNames bool, logN // // If "password" is empty, the config file is read // but the key is not decrypted (returns nil in its place). -func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) { +func LoadConfFile(filename string, password []byte) ([]byte, *ConfFile, error) { var cf ConfFile cf.filename = filename @@ -171,7 +171,7 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) { return nil, nil, fmt.Errorf("Deprecated filesystem") } - if password == "" { + if len(password) == 0 { // We have validated the config file, but without a password we cannot // decrypt the master key. Return only the parsed config. return nil, &cf, nil @@ -199,7 +199,7 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) { // and store it in cf.EncryptedKey. // Uses scrypt with cost parameter logN and stores the scrypt parameters in // cf.ScryptObject. -func (cf *ConfFile) EncryptKey(key []byte, password string, logN int) { +func (cf *ConfFile) EncryptKey(key []byte, password []byte, logN int) { // Generate scrypt-derived key from password cf.ScryptObject = NewScryptKDF(logN) scryptHash := cf.ScryptObject.DeriveKey(password) -- cgit v1.2.3