File: exit.go

package info (click to toggle)
golang-github-awnumar-memguard 0.22.5-2
  • links: PTS, VCS
  • area: main
  • in suites: sid, trixie
  • size: 572 kB
  • sloc: makefile: 3
file content (87 lines) | stat: -rw-r--r-- 2,449 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
 
package core

import (
	"fmt"
	"os"

	"github.com/awnumar/memcall"
)

/*
Purge wipes all sensitive data and keys before reinitialising the session with a fresh encryption key and secure values. Subsequent library operations will use these fresh values and the old data is assumed to be practically unrecoverable.

The creation of new Enclave objects should wait for this function to return since subsequent Enclave objects will use the newly created key.

This function should be called before the program terminates, or else the provided Exit or Panic functions should be used to terminate.
*/
func Purge() {
	var opErr error

	func() {
		// Halt the re-key cycle and prevent new enclaves or keys being created.
		keyMtx.Lock()
		defer keyMtx.Unlock()
		if !key.Destroyed() {
			key.Lock()
			defer key.Unlock()
		}

		// Get a snapshot of existing Buffers.
		snapshot := buffers.flush()

		// Destroy them, performing the usual sanity checks.
		for _, b := range snapshot {
			if err := b.destroy(); err != nil {
				if opErr == nil {
					opErr = err
				} else {
					opErr = fmt.Errorf("%s; %s", opErr.Error(), err.Error())
				}
				// buffer destroy failed; wipe instead
				b.Lock()
				defer b.Unlock()
				if !b.mutable {
					if err := memcall.Protect(b.inner, memcall.ReadWrite()); err != nil {
						// couldn't change it to mutable; we can't wipe it! (could this happen?)
						// not sure what we can do at this point, just warn and move on
						fmt.Fprintf(os.Stderr, "!WARNING: failed to wipe immutable data at address %p", &b.data)
						continue // wipe in subprocess?
					}
				}
				Wipe(b.data)
			}
		}
	}()

	// If we encountered an error, panic.
	if opErr != nil {
		panic(opErr)
	}
}

/*
Exit terminates the process with a specified exit code but securely wipes and cleans up sensitive data before doing so.
*/
func Exit(c int) {
	// Wipe the encryption key used to encrypt data inside Enclaves.
	getKey().Destroy()

	// Get a snapshot of existing Buffers.
	snapshot := buffers.copy() // copy ensures the buffers stay in the list until they are destroyed.

	// Destroy them, performing the usual sanity checks.
	for _, b := range snapshot {
		b.Destroy()
	}

	// Exit with the specified exit code.
	os.Exit(c)
}

/*
Panic is identical to the builtin panic except it purges the session before calling panic.
*/
func Panic(v interface{}) {
	Purge() // creates a new key so it is safe to recover from this panic
	panic(v)
}