diff options
| author | Jakob Unterwurzacher | 2018-06-26 20:06:42 +0200 | 
|---|---|---|
| committer | Jakob Unterwurzacher | 2018-07-01 20:56:22 +0200 | 
| commit | 991891a5c4b75a8815ebd3add8b453cbcb36012a (patch) | |
| tree | 257b8d545341f3d1748fb3fac1d0b724a8e568f7 /internal/readpassword | |
| parent | 978f1f3f6d44d1e71c85b5ea2ac13e80cde773bb (diff) | |
trezor: add sanity checks for decrypted value
Check that the value has changed, is not all-zero
and has the right length.
Diffstat (limited to 'internal/readpassword')
| -rw-r--r-- | internal/readpassword/trezor.go | 14 | 
1 files changed, 14 insertions, 0 deletions
| diff --git a/internal/readpassword/trezor.go b/internal/readpassword/trezor.go index be9c22a..9020b33 100644 --- a/internal/readpassword/trezor.go +++ b/internal/readpassword/trezor.go @@ -1,6 +1,8 @@  package readpassword  import ( +	"bytes" +	"log"  	"os"  	"github.com/rfjakob/gocryptfs/internal/exitcodes" @@ -96,6 +98,18 @@ func Trezor(payload []byte) []byte {  		os.Exit(exitcodes.TrezorError)  	} +	// Sanity checks +	if len(key) != TrezorPayloadLen { +		log.Panicf("BUG: decrypted value has wrong length %d", len(key)) +	} +	if bytes.Equal(key, payload) { +		log.Panicf("BUG: payload and decrypted value are identical") +	} +	zero := make([]byte, TrezorPayloadLen) +	if bytes.Equal(key, zero) { +		log.Panicf("BUG: decrypted value is all-zero") +	} +  	// Everything ok  	return key  } | 
