From 0c520845f3623eff28f0277a52e3ccffd928f5c2 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Fri, 11 Aug 2017 18:42:30 +0200
Subject: main: purge masterkey from memory as soon as possible

Remove the "Masterkey" field from fusefrontend.Args because it
should not be stored longer than neccessary. Instead pass the
masterkey as a separate argument to the filesystem initializers.

Then overwrite it with zeros immediately so we don't have
to wait for garbage collection.

Note that the crypto implementation still stores at least a
masterkey-derived value, so this change makes it harder, but not
impossible, to extract the encryption keys from memory.

Suggested at https://github.com/rfjakob/gocryptfs/issues/137
---
 internal/fusefrontend/fs.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'internal/fusefrontend/fs.go')

diff --git a/internal/fusefrontend/fs.go b/internal/fusefrontend/fs.go
index 7a23710..3c442a5 100644
--- a/internal/fusefrontend/fs.go
+++ b/internal/fusefrontend/fs.go
@@ -42,8 +42,8 @@ type FS struct {
 var _ pathfs.FileSystem = &FS{} // Verify that interface is implemented.
 
 // NewFS returns a new encrypted FUSE overlay filesystem.
-func NewFS(args Args) *FS {
-	cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits, args.HKDF, args.ForceDecode)
+func NewFS(masterkey []byte, args Args) *FS {
+	cryptoCore := cryptocore.New(masterkey, args.CryptoBackend, contentenc.DefaultIVBits, args.HKDF, args.ForceDecode)
 	contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS, args.ForceDecode)
 	nameTransform := nametransform.New(cryptoCore.EMECipher, args.LongNames, args.Raw64)
 
-- 
cgit v1.2.3