diff --git a/init_dir.go b/init_dir.go index 791f7d1..b13f741 100644 --- a/init_dir.go +++ b/init_dir.go @@ -36,13 +36,18 @@ func initDir(args *argContainer) { if args.extpass == "" { tlog.Info.Printf("Choose a password for protecting your files.") } - password := readpassword.Twice(args.extpass) - readpassword.CheckTrailingGarbage() - creator := tlog.ProgramName + " " + GitVersion - err = configfile.CreateConfFile(args.config, password, args.plaintextnames, args.scryptn, creator, args.aessiv, args.devrandom) - if err != nil { - tlog.Fatal.Println(err) - os.Exit(exitcodes.WriteConf) + { + creator := tlog.ProgramName + " " + GitVersion + password := readpassword.Twice(args.extpass) + readpassword.CheckTrailingGarbage() + err = configfile.CreateConfFile(args.config, password, args.plaintextnames, args.scryptn, creator, args.aessiv, args.devrandom) + if err != nil { + tlog.Fatal.Println(err) + os.Exit(exitcodes.WriteConf) + } + // Note: cannot overwrite password because in Go, strings are + // read-only byte slices. + // password runs out of scope here } // Forward mode with filename encryption enabled needs a gocryptfs.diriv // in the root dir diff --git a/mount.go b/mount.go index 9b7410d..c19d684 100644 --- a/mount.go +++ b/mount.go @@ -93,37 +93,47 @@ func doMount(args *argContainer) int { } }() } - // Get master key (may prompt for the password) - var masterkey []byte var confFile *configfile.ConfFile - if args.masterkey != "" { - // "-masterkey" - masterkey = parseMasterKey(args.masterkey) - } else if args.zerokey { - // "-zerokey" - tlog.Info.Printf("Using all-zero dummy master key.") - tlog.Info.Printf(tlog.ColorYellow + - "ZEROKEY MODE PROVIDES NO SECURITY AT ALL AND SHOULD ONLY BE USED FOR TESTING." + - tlog.ColorReset) - masterkey = make([]byte, cryptocore.KeyLen) - } else { - // Load master key from config file - // Prompts the user for the password - masterkey, confFile, err = loadConfig(args) - if err != nil { - if args._ctlsockFd != nil { - // Close the socket file (which also deletes it) - args._ctlsockFd.Close() + var srv *fuse.Server + var wipeKeys func() + { + // Get master key (may prompt for the password) + var masterkey []byte + if args.masterkey != "" { + // "-masterkey" + masterkey = parseMasterKey(args.masterkey) + } else if args.zerokey { + // "-zerokey" + tlog.Info.Printf("Using all-zero dummy master key.") + tlog.Info.Printf(tlog.ColorYellow + + "ZEROKEY MODE PROVIDES NO SECURITY AT ALL AND SHOULD ONLY BE USED FOR TESTING." + + tlog.ColorReset) + masterkey = make([]byte, cryptocore.KeyLen) + } else { + // Load master key from config file + // Prompts the user for the password + masterkey, confFile, err = loadConfig(args) + if err != nil { + if args._ctlsockFd != nil { + // Close the socket file (which also deletes it) + args._ctlsockFd.Close() + } + exitcodes.Exit(err) } - exitcodes.Exit(err) + readpassword.CheckTrailingGarbage() + printMasterKey(masterkey) } - readpassword.CheckTrailingGarbage() - printMasterKey(masterkey) + // We cannot use JSON for pretty-printing as the fields are unexported + tlog.Debug.Printf("cli args: %#v", args) + // Initialize FUSE server + srv, wipeKeys = initFuseFrontend(masterkey, args, confFile) + // fusefrontend / fusefrontend_reverse have initialized their crypto, + // we can purge the master key from memory. + for i := range masterkey { + masterkey[i] = 0 + } + // masterkey runs out of scope here } - // We cannot use JSON for pretty-printing as the fields are unexported - tlog.Debug.Printf("cli args: %#v", args) - // Initialize FUSE server - srv, wipeKeys := initFuseFrontend(masterkey, args, confFile) tlog.Info.Println(tlog.ColorGreen + "Filesystem mounted and ready." + tlog.ColorReset) // We have been forked into the background, as evidenced by the set // "notifypid". @@ -267,11 +277,6 @@ func initFuseFrontend(masterkey []byte, args *argContainer, confFile *configfile } else { fs = fusefrontend.NewFS(frontendArgs, cEnc, nameTransform) } - // fusefrontend / fusefrontend_reverse have initialized their crypto with - // derived keys (HKDF), we can purge the master key from memory. - for i := range masterkey { - masterkey[i] = 0 - } // We have opened the socket early so that we cannot fail here after // asking the user for the password if args._ctlsockFd != nil {