aboutsummaryrefslogtreecommitdiff
path: root/internal/readpassword
diff options
context:
space:
mode:
authorJakob Unterwurzacher2018-06-26 20:06:42 +0200
committerJakob Unterwurzacher2018-07-01 20:56:22 +0200
commit991891a5c4b75a8815ebd3add8b453cbcb36012a (patch)
tree257b8d545341f3d1748fb3fac1d0b724a8e568f7 /internal/readpassword
parent978f1f3f6d44d1e71c85b5ea2ac13e80cde773bb (diff)
trezor: add sanity checks for decrypted value
Check that the value has changed, is not all-zero and has the right length.
Diffstat (limited to 'internal/readpassword')
-rw-r--r--internal/readpassword/trezor.go14
1 files changed, 14 insertions, 0 deletions
diff --git a/internal/readpassword/trezor.go b/internal/readpassword/trezor.go
index be9c22a..9020b33 100644
--- a/internal/readpassword/trezor.go
+++ b/internal/readpassword/trezor.go
@@ -1,6 +1,8 @@
package readpassword
import (
+ "bytes"
+ "log"
"os"
"github.com/rfjakob/gocryptfs/internal/exitcodes"
@@ -96,6 +98,18 @@ func Trezor(payload []byte) []byte {
os.Exit(exitcodes.TrezorError)
}
+ // Sanity checks
+ if len(key) != TrezorPayloadLen {
+ log.Panicf("BUG: decrypted value has wrong length %d", len(key))
+ }
+ if bytes.Equal(key, payload) {
+ log.Panicf("BUG: payload and decrypted value are identical")
+ }
+ zero := make([]byte, TrezorPayloadLen)
+ if bytes.Equal(key, zero) {
+ log.Panicf("BUG: decrypted value is all-zero")
+ }
+
// Everything ok
return key
}