From 0c520845f3623eff28f0277a52e3ccffd928f5c2 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Fri, 11 Aug 2017 18:42:30 +0200 Subject: main: purge masterkey from memory as soon as possible Remove the "Masterkey" field from fusefrontend.Args because it should not be stored longer than neccessary. Instead pass the masterkey as a separate argument to the filesystem initializers. Then overwrite it with zeros immediately so we don't have to wait for garbage collection. Note that the crypto implementation still stores at least a masterkey-derived value, so this change makes it harder, but not impossible, to extract the encryption keys from memory. Suggested at https://github.com/rfjakob/gocryptfs/issues/137 --- internal/cryptocore/cryptocore.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'internal/cryptocore/cryptocore.go') diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go index 1ad928d..aafe12b 100644 --- a/internal/cryptocore/cryptocore.go +++ b/internal/cryptocore/cryptocore.go @@ -72,7 +72,7 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec emeCipher = eme.New(emeBlockCipher) } - // Initilize an AEAD cipher for file content encryption. + // Initialize an AEAD cipher for file content encryption. var aeadCipher cipher.AEAD if aeadType == BackendOpenSSL || aeadType == BackendGoGCM { gcmKey := key @@ -84,7 +84,13 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec if IVLen != 16 { log.Panic("stupidgcm only supports 128-bit IVs") } - aeadCipher = stupidgcm.New(gcmKey, forceDecode) + // stupidgcm does not create a private copy of the key, so things + // break when initFuseFrontend() overwrites it with zeros. Create + // a copy here. This is unneccessary when useHKDF == true, but + // does no harm. + var stupidgcmKey []byte + stupidgcmKey = append(stupidgcmKey, gcmKey...) + aeadCipher = stupidgcm.New(stupidgcmKey, forceDecode) case BackendGoGCM: goGcmBlockCipher, err := aes.NewCipher(gcmKey) if err != nil { -- cgit v1.2.3