From 18f6c6106c66ba1fe6e7b48aaa5dd444ba0f9b09 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sun, 18 Feb 2018 11:33:47 +0100 Subject: main: try to wipe cryptocore's secret keys on unmount Raise the bar for recovering keys from memory. https://github.com/rfjakob/gocryptfs/issues/211 --- internal/cryptocore/cryptocore.go | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'internal/cryptocore') diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go index 9e25bfa..a355342 100644 --- a/internal/cryptocore/cryptocore.go +++ b/internal/cryptocore/cryptocore.go @@ -8,11 +8,13 @@ import ( "crypto/sha512" "fmt" "log" + "runtime" "github.com/rfjakob/eme" "github.com/rfjakob/gocryptfs/internal/siv_aead" "github.com/rfjakob/gocryptfs/internal/stupidgcm" + "github.com/rfjakob/gocryptfs/internal/tlog" ) // AEADTypeEnum indicates the type of AEAD backend in use. @@ -129,3 +131,25 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec IVLen: IVLen, } } + +// Wipe tries to wipe secret keys from memory by overwriting them with zeros +// and/or setting references to nil. +// +// This is not bulletproof due to possible GC copies, but +// still raises to bar for extracting the key. +func (c *CryptoCore) Wipe() { + if c.AEADBackend == BackendOpenSSL { + tlog.Debug.Print("CryptoCore.Wipe: Wiping stupidgcm key") + // We don't use "x, ok :=" because we *want* to crash loudly if the + // type assertion fails (it should never fail). + sgcm := c.AEADCipher.(*stupidgcm.StupidGCM) + sgcm.Wipe() + } else { + tlog.Debug.Print("CryptoCore.Wipe: niling stdlib refs") + } + // We have no access to the keys (or key-equivalents) stored inside the + // Go stdlib. Best we can is to nil the references and force a GC. + c.AEADCipher = nil + c.EMECipher = nil + runtime.GC() +} -- cgit v1.2.3