diff options
| author | Jakob Unterwurzacher | 2018-06-26 20:06:42 +0200 |
|---|---|---|
| committer | Jakob Unterwurzacher | 2018-07-01 20:56:22 +0200 |
| commit | 991891a5c4b75a8815ebd3add8b453cbcb36012a (patch) | |
| tree | 257b8d545341f3d1748fb3fac1d0b724a8e568f7 | |
| parent | 978f1f3f6d44d1e71c85b5ea2ac13e80cde773bb (diff) | |
trezor: add sanity checks for decrypted value
Check that the value has changed, is not all-zero
and has the right length.
| -rw-r--r-- | internal/readpassword/trezor.go | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/internal/readpassword/trezor.go b/internal/readpassword/trezor.go index be9c22a..9020b33 100644 --- a/internal/readpassword/trezor.go +++ b/internal/readpassword/trezor.go @@ -1,6 +1,8 @@ package readpassword import ( + "bytes" + "log" "os" "github.com/rfjakob/gocryptfs/internal/exitcodes" @@ -96,6 +98,18 @@ func Trezor(payload []byte) []byte { os.Exit(exitcodes.TrezorError) } + // Sanity checks + if len(key) != TrezorPayloadLen { + log.Panicf("BUG: decrypted value has wrong length %d", len(key)) + } + if bytes.Equal(key, payload) { + log.Panicf("BUG: payload and decrypted value are identical") + } + zero := make([]byte, TrezorPayloadLen) + if bytes.Equal(key, zero) { + log.Panicf("BUG: decrypted value is all-zero") + } + // Everything ok return key } |