configfile: overwrite and let keys run out of scope

As soon as we don't need them anymore, overwrite keys with zeros and make sure they run out of scope so we don't create a risk of inadvertedly using all-zero keys for encryption. https://github.com/rfjakob/gocryptfs/issues/211
2018-02-18 12:37:37 +01:00 · 2018-02-18 12:37:37 +01:00 · 0efd220d1e
parent 72ddbae1e6
commit 0efd220d1e
1 changed files with 21 additions and 15 deletions
--- a/internal/configfile/config_file.go
+++ b/internal/configfile/config_file.go
@ -87,20 +87,23 @@ func CreateConfFile(filename string, password string, plaintextNames bool, logN
 	if aessiv {
 		cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagAESSIV])
 	}
-
-	// Generate new random master key
-	var key []byte
-	if devrandom {
-		key = randBytesDevRandom(cryptocore.KeyLen)
-	} else {
-		key = cryptocore.RandBytes(cryptocore.KeyLen)
+	{
+		// Generate new random master key
+		var key []byte
+		if devrandom {
+			key = randBytesDevRandom(cryptocore.KeyLen)
+		} else {
+			key = cryptocore.RandBytes(cryptocore.KeyLen)
+		}
+		// Encrypt it using the password
+		// This sets ScryptObject and EncryptedKey
+		// Note: this looks at the FeatureFlags, so call it AFTER setting them.
+		cf.EncryptKey(key, password, logN)
+		for i := range key {
+			key[i] = 0
+		}
+		// key runs out of scope here
 	}
-
-	// Encrypt it using the password
-	// This sets ScryptObject and EncryptedKey
-	// Note: this looks at the FeatureFlags, so call it AFTER setting them.
-	cf.EncryptKey(key, password, logN)
-
 	// Write file to disk
 	return cf.WriteFile()
 }
@ -197,14 +200,17 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {
 // Uses scrypt with cost parameter logN and stores the scrypt parameters in
 // cf.ScryptObject.
 func (cf *ConfFile) EncryptKey(key []byte, password string, logN int) {
-	// Generate derived key from password
+	// Generate scrypt-derived key from password
 	cf.ScryptObject = NewScryptKDF(logN)
 	scryptHash := cf.ScryptObject.DeriveKey(password)
-
 	// Lock master key using password-based key
 	useHKDF := cf.IsFeatureFlagSet(FlagHKDF)
 	ce := getKeyEncrypter(scryptHash, useHKDF)
 	cf.EncryptedKey = ce.EncryptBlock(key, 0, nil)
+	// Purge scrypt-derived key
+	for i := range scryptHash {
+		scryptHash[i] = 0
+	}
 }

 // WriteFile - write out config in JSON format to file "filename.tmp"