trezor: add TrezorPayload

TrezorPayload stores 32 random bytes used for unlocking
the master key using a Trezor security module. The randomness makes sure
that a unique unlock value is used for each gocryptfs filesystem.

1 files changed, 11 insertions, 2 deletions

diff --git a/internal/readpassword/trezor.go b/internal/readpassword/trezor.go
index 37dde79..45edfd8 100644
--- a/internal/readpassword/trezor.go
+++ b/internal/readpassword/trezor.go
@@ -7,12 +7,22 @@ import (
 	"github.com/rfjakob/gocryptfs/internal/tlog"
 )
 
+const (
+	// TrezorPayloadLen is the length of the payload data passed to Trezor's
+	// CipherKeyValue function.
+	TrezorPayloadLen = 32
+)
+
 // Trezor reads 16 deterministically derived bytes from a
 // SatoshiLabs Trezor USB security module.
 // The bytes are pseudorandom binary data and may contain null bytes.
 // This function either succeeds and returns 16 bytes or calls os.Exit to end
 // the application.
-func Trezor() []byte {
+func Trezor(payload []byte) []byte {
+	if len(payload) != TrezorPayloadLen {
+		tlog.Fatal.Printf("Invalid TrezorPayload length: wanted %d, got %d bytes\n", TrezorPayloadLen, len(payload))
+		os.Exit(exitcodes.LoadConf)
+	}
 	var err error
 	// TODO try to read bytes here....
 	// Handle errors
@@ -20,7 +30,6 @@ func Trezor() []byte {
 		tlog.Fatal.Printf("xxx some error was encountered...")
 		os.Exit(exitcodes.TrezorError)
 	}
-
 	tlog.Warn.Println("XXX readpassword.Trezor(): not implemented yet - returning hardcoded dummy bytes XXX")
 	return []byte("1234567890123456")
 }