diff options
author | Janek Bevendorff <janek@jbev.net> | 2019-02-22 00:28:45 +0300 |
---|---|---|
committer | Jonathan White <support@dmapps.us> | 2019-04-21 16:39:28 +0300 |
commit | 13eb1c0bbdf07312f099099c7ca571c6a77eafa1 (patch) | |
tree | e9f20157bd7cd08abad3f12ddb3a99e8fd14fc6f /src/keys/FileKey.h | |
parent | c7898fdeee07b17939d2e5af4bb507493b2d8a0b (diff) |
Improve resilience against memory attacks
To reduce residual fragments of secret data in memory after
deallocation, this patch replaces the global delete operator with a
version that zeros out previously allocated memory. It makes use of
the new C++14 sized deallocation, but provides an unsized fallback
with platform-specific size deductions.
This change is only a minor mitigation and cannot protect against
buffer reallocations by the operating system or non-C++ libraries.
Thus, we still cannot guarantee all memory to be wiped after free.
As a further improvement, this patch uses libgcrypt and libsodium
to write long-lived master key component hashes into a secure
memory area and wipe it afterwards.
The patch also fixes compiler flags not being set properly on macOS.
Diffstat (limited to 'src/keys/FileKey.h')
-rw-r--r-- | src/keys/FileKey.h | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/keys/FileKey.h b/src/keys/FileKey.h index d7486467b..290a04af0 100644 --- a/src/keys/FileKey.h +++ b/src/keys/FileKey.h @@ -40,6 +40,7 @@ public: }; FileKey(); + ~FileKey() override; bool load(QIODevice* device); bool load(const QString& fileName, QString* errorMsg = nullptr); QByteArray rawKey() const override; @@ -48,6 +49,8 @@ public: static bool create(const QString& fileName, QString* errorMsg = nullptr, int size = 128); private: + static constexpr int SHA256_SIZE = 32; + bool loadXml(QIODevice* device); bool loadXmlMeta(QXmlStreamReader& xmlReader); QByteArray loadXmlKey(QXmlStreamReader& xmlReader); @@ -55,7 +58,7 @@ private: bool loadHex(QIODevice* device); bool loadHashed(QIODevice* device); - QByteArray m_key; + char* m_key = nullptr; Type m_type = None; }; |