diff options
author | Jakob Unterwurzacher | 2018-06-25 22:27:15 +0200 |
---|---|---|
committer | Jakob Unterwurzacher | 2018-07-01 20:56:22 +0200 |
commit | 9a15dfa494c76b5fcadcd32e2e46cbee84218a87 (patch) | |
tree | 5dcb84d222f355750d1b0773660b891b509dadb1 /internal/readpassword | |
parent | 91de77943fba3cb993aad4e9756e159c4514764a (diff) |
trezor: add TrezorPayload
TrezorPayload stores 32 random bytes used for unlocking
the master key using a Trezor security module. The randomness makes sure
that a unique unlock value is used for each gocryptfs filesystem.
Diffstat (limited to 'internal/readpassword')
-rw-r--r-- | internal/readpassword/trezor.go | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/internal/readpassword/trezor.go b/internal/readpassword/trezor.go index 37dde79..45edfd8 100644 --- a/internal/readpassword/trezor.go +++ b/internal/readpassword/trezor.go @@ -7,12 +7,22 @@ import ( "github.com/rfjakob/gocryptfs/internal/tlog" ) +const ( + // TrezorPayloadLen is the length of the payload data passed to Trezor's + // CipherKeyValue function. + TrezorPayloadLen = 32 +) + // Trezor reads 16 deterministically derived bytes from a // SatoshiLabs Trezor USB security module. // The bytes are pseudorandom binary data and may contain null bytes. // This function either succeeds and returns 16 bytes or calls os.Exit to end // the application. -func Trezor() []byte { +func Trezor(payload []byte) []byte { + if len(payload) != TrezorPayloadLen { + tlog.Fatal.Printf("Invalid TrezorPayload length: wanted %d, got %d bytes\n", TrezorPayloadLen, len(payload)) + os.Exit(exitcodes.LoadConf) + } var err error // TODO try to read bytes here.... // Handle errors @@ -20,7 +30,6 @@ func Trezor() []byte { tlog.Fatal.Printf("xxx some error was encountered...") os.Exit(exitcodes.TrezorError) } - tlog.Warn.Println("XXX readpassword.Trezor(): not implemented yet - returning hardcoded dummy bytes XXX") return []byte("1234567890123456") } |