From 18f6c6106c66ba1fe6e7b48aaa5dd444ba0f9b09 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Sun, 18 Feb 2018 11:33:47 +0100
Subject: main: try to wipe cryptocore's secret keys on unmount

Raise the bar for recovering keys from memory.

https://github.com/rfjakob/gocryptfs/issues/211
---
 internal/cryptocore/cryptocore.go | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

(limited to 'internal/cryptocore')

diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go
index 9e25bfa..a355342 100644
--- a/internal/cryptocore/cryptocore.go
+++ b/internal/cryptocore/cryptocore.go
@@ -8,11 +8,13 @@ import (
 	"crypto/sha512"
 	"fmt"
 	"log"
+	"runtime"
 
 	"github.com/rfjakob/eme"
 
 	"github.com/rfjakob/gocryptfs/internal/siv_aead"
 	"github.com/rfjakob/gocryptfs/internal/stupidgcm"
+	"github.com/rfjakob/gocryptfs/internal/tlog"
 )
 
 // AEADTypeEnum indicates the type of AEAD backend in use.
@@ -129,3 +131,25 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
 		IVLen:       IVLen,
 	}
 }
+
+// Wipe tries to wipe secret keys from memory by overwriting them with zeros
+// and/or setting references to nil.
+//
+// This is not bulletproof due to possible GC copies, but
+// still raises to bar for extracting the key.
+func (c *CryptoCore) Wipe() {
+	if c.AEADBackend == BackendOpenSSL {
+		tlog.Debug.Print("CryptoCore.Wipe: Wiping stupidgcm key")
+		// We don't use "x, ok :=" because we *want* to crash loudly if the
+		// type assertion fails (it should never fail).
+		sgcm := c.AEADCipher.(*stupidgcm.StupidGCM)
+		sgcm.Wipe()
+	} else {
+		tlog.Debug.Print("CryptoCore.Wipe: niling stdlib refs")
+	}
+	// We have no access to the keys (or key-equivalents) stored inside the
+	// Go stdlib. Best we can is to nil the references and force a GC.
+	c.AEADCipher = nil
+	c.EMECipher = nil
+	runtime.GC()
+}
-- 
cgit v1.2.3