stupidgcm: implement key wipe
Not bulletproof due to possible GC copies, but still raises to bar for extracting the key. https://github.com/rfjakob/gocryptfs/issues/211
This commit is contained in:
parent
7e0fefe970
commit
eeed4b4bef
@ -56,6 +56,9 @@ func (g *stupidGCM) Seal(dst, iv, in, authData []byte) []byte {
|
||||
if len(in) == 0 {
|
||||
log.Panic("Zero-length input data is not supported")
|
||||
}
|
||||
if len(g.key) != keyLen {
|
||||
log.Panicf("Wrong key length: %d. Key has been wiped?", len(g.key))
|
||||
}
|
||||
|
||||
// If the "dst" slice is large enough we can use it as our output buffer
|
||||
outLen := len(in) + tagLen
|
||||
@ -140,6 +143,9 @@ func (g *stupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) {
|
||||
if len(in) <= tagLen {
|
||||
log.Panic("Input data too short")
|
||||
}
|
||||
if len(g.key) != keyLen {
|
||||
log.Panicf("Wrong key length: %d. Key has been wiped?", len(g.key))
|
||||
}
|
||||
|
||||
// If the "dst" slice is large enough we can use it as our output buffer
|
||||
outLen := len(in) - tagLen
|
||||
@ -224,3 +230,15 @@ func (g *stupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) {
|
||||
}
|
||||
return append(dst, buf...), nil
|
||||
}
|
||||
|
||||
// Wipe wipes the AES key from memory by overwriting it with zeros and
|
||||
// setting the reference to nil.
|
||||
//
|
||||
// This is not bulletproof due to possible GC copies, but
|
||||
// still raises to bar for extracting the key.
|
||||
func (g *stupidGCM) Wipe() {
|
||||
for i := range g.key {
|
||||
g.key[i] = 0
|
||||
}
|
||||
g.key = nil
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user