configfile: Explicitly wipe scrypt derived key after decrypting/encrypting master key.

Further raises the bar for recovering keys from memory.
libgocryptfs
Sebastian Lackner 4 years ago committed by rfjakob
parent 874eaf9734
commit 07c486603c
  1. 14
      internal/configfile/config_file.go
  2. 7
      internal/contentenc/content.go

@ -224,6 +224,15 @@ func (cf *ConfFile) DecryptMasterKey(password []byte) (masterkey []byte, err err
tlog.Warn.Enabled = false // Silence DecryptBlock() error messages on incorrect password
masterkey, err = ce.DecryptBlock(cf.EncryptedKey, 0, nil)
tlog.Warn.Enabled = true
// Purge scrypt-derived key
for i := range scryptHash {
scryptHash[i] = 0
}
scryptHash = nil
ce.Wipe()
ce = nil
if err != nil {
tlog.Warn.Printf("failed to unlock master key: %s", err.Error())
return nil, exitcodes.NewErr("Password incorrect.", exitcodes.PasswordIncorrect)
@ -239,14 +248,19 @@ func (cf *ConfFile) EncryptKey(key []byte, password []byte, logN int) {
// Generate scrypt-derived key from password
cf.ScryptObject = NewScryptKDF(logN)
scryptHash := cf.ScryptObject.DeriveKey(password)
// Lock master key using password-based key
useHKDF := cf.IsFeatureFlagSet(FlagHKDF)
ce := getKeyEncrypter(scryptHash, useHKDF)
cf.EncryptedKey = ce.EncryptBlock(key, 0, nil)
// Purge scrypt-derived key
for i := range scryptHash {
scryptHash[i] = 0
}
scryptHash = nil
ce.Wipe()
ce = nil
}
// WriteFile - write out config in JSON format to file "filename.tmp"

@ -324,3 +324,10 @@ func (be *ContentEnc) MergeBlocks(oldData []byte, newData []byte, offset int) []
}
return out[0:outLen]
}
// Wipe tries to wipe secret keys from memory by overwriting them with zeros
// and/or setting references to nil.
func (be *ContentEnc) Wipe() {
be.cryptoCore.Wipe()
be.cryptoCore = nil
}

Loading…
Cancel
Save