main: overwrite keys and let them run out of scope
As soon as we don't need them anymore, overwrite keys with zeros. Make sure they run out of scope so we don't create a risk of inadvertedly using all-zero keys for encryption. https://github.com/rfjakob/gocryptfs/issues/211
This commit is contained in:
Jakob Unterwurzacher
parent
bd78b44389
commit
5b5c7a0a5d
|
|
@ -36,14 +36,19 @@ func initDir(args *argContainer) {
|
|||
if args.extpass == "" {
|
||||
tlog.Info.Printf("Choose a password for protecting your files.")
|
||||
}
|
||||
{
|
||||
creator := tlog.ProgramName + " " + GitVersion
|
||||
password := readpassword.Twice(args.extpass)
|
||||
readpassword.CheckTrailingGarbage()
|
||||
creator := tlog.ProgramName + " " + GitVersion
|
||||
err = configfile.CreateConfFile(args.config, password, args.plaintextnames, args.scryptn, creator, args.aessiv, args.devrandom)
|
||||
if err != nil {
|
||||
tlog.Fatal.Println(err)
|
||||
os.Exit(exitcodes.WriteConf)
|
||||
}
|
||||
// Note: cannot overwrite password because in Go, strings are
|
||||
// read-only byte slices.
|
||||
// password runs out of scope here
|
||||
}
|
||||
// Forward mode with filename encryption enabled needs a gocryptfs.diriv
|
||||
// in the root dir
|
||||
if !args.plaintextnames && !args.reverse {
|
||||
|
|
|
|||
19
mount.go
19
mount.go
|
|
@ -93,9 +93,12 @@ func doMount(args *argContainer) int {
|
|||
}
|
||||
}()
|
||||
}
|
||||
var confFile *configfile.ConfFile
|
||||
var srv *fuse.Server
|
||||
var wipeKeys func()
|
||||
{
|
||||
// Get master key (may prompt for the password)
|
||||
var masterkey []byte
|
||||
var confFile *configfile.ConfFile
|
||||
if args.masterkey != "" {
|
||||
// "-masterkey"
|
||||
masterkey = parseMasterKey(args.masterkey)
|
||||
|
|
@ -123,7 +126,14 @@ func doMount(args *argContainer) int {
|
|||
// We cannot use JSON for pretty-printing as the fields are unexported
|
||||
tlog.Debug.Printf("cli args: %#v", args)
|
||||
// Initialize FUSE server
|
||||
srv, wipeKeys := initFuseFrontend(masterkey, args, confFile)
|
||||
srv, wipeKeys = initFuseFrontend(masterkey, args, confFile)
|
||||
// fusefrontend / fusefrontend_reverse have initialized their crypto,
|
||||
// we can purge the master key from memory.
|
||||
for i := range masterkey {
|
||||
masterkey[i] = 0
|
||||
}
|
||||
// masterkey runs out of scope here
|
||||
}
|
||||
tlog.Info.Println(tlog.ColorGreen + "Filesystem mounted and ready." + tlog.ColorReset)
|
||||
// We have been forked into the background, as evidenced by the set
|
||||
// "notifypid".
|
||||
|
|
@ -267,11 +277,6 @@ func initFuseFrontend(masterkey []byte, args *argContainer, confFile *configfile
|
|||
} else {
|
||||
fs = fusefrontend.NewFS(frontendArgs, cEnc, nameTransform)
|
||||
}
|
||||
// fusefrontend / fusefrontend_reverse have initialized their crypto with
|
||||
// derived keys (HKDF), we can purge the master key from memory.
|
||||
for i := range masterkey {
|
||||
masterkey[i] = 0
|
||||
}
|
||||
// We have opened the socket early so that we cannot fail here after
|
||||
// asking the user for the password
|
||||
if args._ctlsockFd != nil {
|
||||
|
|
|
|||
Loading…
Reference in New Issue