trezor: add skeleton for Trezor support

readpassword.Trezor() is not implemented yet and returns
a hardcoded dummy key.

5 files changed, 42 insertions, 5 deletions

diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go
index 0d5e545..da6c4da 100644
--- a/internal/configfile/config_file.go
+++ b/internal/configfile/config_file.go
@@ -67,7 +67,8 @@ func randBytesDevRandom(n int) []byte {
 // CreateConfFile - create a new config with a random key encrypted with
 // "password" and write it to "filename".
 // Uses scrypt with cost parameter logN.
-func CreateConfFile(filename string, password []byte, plaintextNames bool, logN int, creator string, aessiv bool, devrandom bool) error {
+func CreateConfFile(filename string, password []byte, plaintextNames bool,
+	logN int, creator string, aessiv bool, devrandom bool, trezor bool) error {
 	var cf ConfFile
 	cf.filename = filename
 	cf.Creator = creator
@@ -87,6 +88,9 @@ func CreateConfFile(filename string, password []byte, plaintextNames bool, logN
 	if aessiv {
 		cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagAESSIV])
 	}
+	if trezor {
+		cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagTrezor])
+	}
 	{
 		// Generate new random master key
 		var key []byte
diff --git a/internal/configfile/config_test.go b/internal/configfile/config_test.go
index 15728c6..3152ab5 100644
--- a/internal/configfile/config_test.go
+++ b/internal/configfile/config_test.go
@@ -62,7 +62,7 @@ func TestLoadV2StrangeFeature(t *testing.T) {
 }
 
 func TestCreateConfDefault(t *testing.T) {
-	err := CreateConfFile("config_test/tmp.conf", testPw, false, 10, "test", false, false)
+	err := CreateConfFile("config_test/tmp.conf", testPw, false, 10, "test", false, false, false)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -83,14 +83,14 @@ func TestCreateConfDefault(t *testing.T) {
 }
 
 func TestCreateConfDevRandom(t *testing.T) {
-	err := CreateConfFile("config_test/tmp.conf", testPw, false, 10, "test", false, true)
+	err := CreateConfFile("config_test/tmp.conf", testPw, false, 10, "test", false, true, false)
 	if err != nil {
 		t.Fatal(err)
 	}
 }
 
 func TestCreateConfPlaintextnames(t *testing.T) {
-	err := CreateConfFile("config_test/tmp.conf", testPw, true, 10, "test", false, false)
+	err := CreateConfFile("config_test/tmp.conf", testPw, true, 10, "test", false, false, false)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -111,7 +111,7 @@ func TestCreateConfPlaintextnames(t *testing.T) {
 
 // Reverse mode uses AESSIV
 func TestCreateConfFileAESSIV(t *testing.T) {
-	err := CreateConfFile("config_test/tmp.conf", testPw, false, 10, "test", true, false)
+	err := CreateConfFile("config_test/tmp.conf", testPw, false, 10, "test", true, false, false)
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/internal/configfile/feature_flags.go b/internal/configfile/feature_flags.go
index 2d609f2..141b007 100644
--- a/internal/configfile/feature_flags.go
+++ b/internal/configfile/feature_flags.go
@@ -25,6 +25,9 @@ const (
 	// Note that this flag does not change the password hashing algorithm
 	// which always is scrypt.
 	FlagHKDF
+	// FlagTrezor means that "-trezor" was used when creating the filesystem.
+	// The masterkey is protected using a Trezor device instead of a password.
+	FlagTrezor
 )
 
 // knownFlags stores the known feature flags and their string representation
@@ -37,6 +40,7 @@ var knownFlags = map[flagIota]string{
 	FlagAESSIV:         "AESSIV",
 	FlagRaw64:          "Raw64",
 	FlagHKDF:           "HKDF",
+	FlagTrezor:         "Trezor",
 }
 
 // Filesystems that do not have these feature flags set are deprecated.
diff --git a/internal/exitcodes/exitcodes.go b/internal/exitcodes/exitcodes.go
index fc65166..3fbfdc6 100644
--- a/internal/exitcodes/exitcodes.go
+++ b/internal/exitcodes/exitcodes.go
@@ -65,6 +65,9 @@ const (
 	FsckErrors = 26
 	// DeprecatedFS - this filesystem is deprecated
 	DeprecatedFS = 27
+	// TrezorError - an error was encountered while interacting with a Trezor
+	// device
+	TrezorError = 28
 )
 
 // Err wraps an error with an associated numeric exit code
diff --git a/internal/readpassword/trezor.go b/internal/readpassword/trezor.go
new file mode 100644
index 0000000..37dde79
--- /dev/null
+++ b/internal/readpassword/trezor.go
@@ -0,0 +1,26 @@
+package readpassword
+
+import (
+	"os"
+
+	"github.com/rfjakob/gocryptfs/internal/exitcodes"
+	"github.com/rfjakob/gocryptfs/internal/tlog"
+)
+
+// Trezor reads 16 deterministically derived bytes from a
+// SatoshiLabs Trezor USB security module.
+// The bytes are pseudorandom binary data and may contain null bytes.
+// This function either succeeds and returns 16 bytes or calls os.Exit to end
+// the application.
+func Trezor() []byte {
+	var err error
+	// TODO try to read bytes here....
+	// Handle errors
+	if err != nil {
+		tlog.Fatal.Printf("xxx some error was encountered...")
+		os.Exit(exitcodes.TrezorError)
+	}
+
+	tlog.Warn.Println("XXX readpassword.Trezor(): not implemented yet - returning hardcoded dummy bytes XXX")
+	return []byte("1234567890123456")
+}