stupidgcm: implement key wipe
Not bulletproof due to possible GC copies, but still raises to bar for extracting the key. https://github.com/rfjakob/gocryptfs/issues/211
This commit is contained in:
parent
7e0fefe970
commit
eeed4b4bef
|
@ -56,6 +56,9 @@ func (g *stupidGCM) Seal(dst, iv, in, authData []byte) []byte {
|
||||||
if len(in) == 0 {
|
if len(in) == 0 {
|
||||||
log.Panic("Zero-length input data is not supported")
|
log.Panic("Zero-length input data is not supported")
|
||||||
}
|
}
|
||||||
|
if len(g.key) != keyLen {
|
||||||
|
log.Panicf("Wrong key length: %d. Key has been wiped?", len(g.key))
|
||||||
|
}
|
||||||
|
|
||||||
// If the "dst" slice is large enough we can use it as our output buffer
|
// If the "dst" slice is large enough we can use it as our output buffer
|
||||||
outLen := len(in) + tagLen
|
outLen := len(in) + tagLen
|
||||||
|
@ -140,6 +143,9 @@ func (g *stupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) {
|
||||||
if len(in) <= tagLen {
|
if len(in) <= tagLen {
|
||||||
log.Panic("Input data too short")
|
log.Panic("Input data too short")
|
||||||
}
|
}
|
||||||
|
if len(g.key) != keyLen {
|
||||||
|
log.Panicf("Wrong key length: %d. Key has been wiped?", len(g.key))
|
||||||
|
}
|
||||||
|
|
||||||
// If the "dst" slice is large enough we can use it as our output buffer
|
// If the "dst" slice is large enough we can use it as our output buffer
|
||||||
outLen := len(in) - tagLen
|
outLen := len(in) - tagLen
|
||||||
|
@ -224,3 +230,15 @@ func (g *stupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) {
|
||||||
}
|
}
|
||||||
return append(dst, buf...), nil
|
return append(dst, buf...), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Wipe wipes the AES key from memory by overwriting it with zeros and
|
||||||
|
// setting the reference to nil.
|
||||||
|
//
|
||||||
|
// This is not bulletproof due to possible GC copies, but
|
||||||
|
// still raises to bar for extracting the key.
|
||||||
|
func (g *stupidGCM) Wipe() {
|
||||||
|
for i := range g.key {
|
||||||
|
g.key[i] = 0
|
||||||
|
}
|
||||||
|
g.key = nil
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue