aboutsummaryrefslogtreecommitdiff
path: root/init_dir.go
diff options
context:
space:
mode:
authorJakob Unterwurzacher2018-06-25 22:27:15 +0200
committerJakob Unterwurzacher2018-07-01 20:56:22 +0200
commit9a15dfa494c76b5fcadcd32e2e46cbee84218a87 (patch)
tree5dcb84d222f355750d1b0773660b891b509dadb1 /init_dir.go
parent91de77943fba3cb993aad4e9756e159c4514764a (diff)
trezor: add TrezorPayload
TrezorPayload stores 32 random bytes used for unlocking the master key using a Trezor security module. The randomness makes sure that a unique unlock value is used for each gocryptfs filesystem.
Diffstat (limited to 'init_dir.go')
-rw-r--r--init_dir.go7
1 files changed, 5 insertions, 2 deletions
diff --git a/init_dir.go b/init_dir.go
index 0cd2957..e264cf0 100644
--- a/init_dir.go
+++ b/init_dir.go
@@ -8,6 +8,7 @@ import (
"strings"
"github.com/rfjakob/gocryptfs/internal/configfile"
+ "github.com/rfjakob/gocryptfs/internal/cryptocore"
"github.com/rfjakob/gocryptfs/internal/exitcodes"
"github.com/rfjakob/gocryptfs/internal/nametransform"
"github.com/rfjakob/gocryptfs/internal/readpassword"
@@ -70,9 +71,11 @@ func initDir(args *argContainer) {
}
{
var password []byte
+ var trezorPayload []byte
if args.trezor {
+ trezorPayload = cryptocore.RandBytes(readpassword.TrezorPayloadLen)
// Get binary data from from Trezor
- password = readpassword.Trezor()
+ password = readpassword.Trezor(trezorPayload)
} else {
// Normal password entry
password = readpassword.Twice(args.extpass)
@@ -80,7 +83,7 @@ func initDir(args *argContainer) {
}
creator := tlog.ProgramName + " " + GitVersion
err = configfile.Create(args.config, password, args.plaintextnames,
- args.scryptn, creator, args.aessiv, args.devrandom, args.trezor)
+ args.scryptn, creator, args.aessiv, args.devrandom, trezorPayload)
if err != nil {
tlog.Fatal.Println(err)
os.Exit(exitcodes.WriteConf)