summaryrefslogtreecommitdiff
path: root/internal/readpassword
diff options
context:
space:
mode:
authorJakob Unterwurzacher2018-06-25 22:27:15 +0200
committerJakob Unterwurzacher2018-07-01 20:56:22 +0200
commit9a15dfa494c76b5fcadcd32e2e46cbee84218a87 (patch)
tree5dcb84d222f355750d1b0773660b891b509dadb1 /internal/readpassword
parent91de77943fba3cb993aad4e9756e159c4514764a (diff)
trezor: add TrezorPayload
TrezorPayload stores 32 random bytes used for unlocking the master key using a Trezor security module. The randomness makes sure that a unique unlock value is used for each gocryptfs filesystem.
Diffstat (limited to 'internal/readpassword')
-rw-r--r--internal/readpassword/trezor.go13
1 files changed, 11 insertions, 2 deletions
diff --git a/internal/readpassword/trezor.go b/internal/readpassword/trezor.go
index 37dde79..45edfd8 100644
--- a/internal/readpassword/trezor.go
+++ b/internal/readpassword/trezor.go
@@ -7,12 +7,22 @@ import (
"github.com/rfjakob/gocryptfs/internal/tlog"
)
+const (
+ // TrezorPayloadLen is the length of the payload data passed to Trezor's
+ // CipherKeyValue function.
+ TrezorPayloadLen = 32
+)
+
// Trezor reads 16 deterministically derived bytes from a
// SatoshiLabs Trezor USB security module.
// The bytes are pseudorandom binary data and may contain null bytes.
// This function either succeeds and returns 16 bytes or calls os.Exit to end
// the application.
-func Trezor() []byte {
+func Trezor(payload []byte) []byte {
+ if len(payload) != TrezorPayloadLen {
+ tlog.Fatal.Printf("Invalid TrezorPayload length: wanted %d, got %d bytes\n", TrezorPayloadLen, len(payload))
+ os.Exit(exitcodes.LoadConf)
+ }
var err error
// TODO try to read bytes here....
// Handle errors
@@ -20,7 +30,6 @@ func Trezor() []byte {
tlog.Fatal.Printf("xxx some error was encountered...")
os.Exit(exitcodes.TrezorError)
}
-
tlog.Warn.Println("XXX readpassword.Trezor(): not implemented yet - returning hardcoded dummy bytes XXX")
return []byte("1234567890123456")
}