From 16fac26c57ba303bf60266d24c17f5243e5ea376 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Mon, 4 Feb 2019 21:57:24 +0100 Subject: Disable Trezor support Trezor support has been broken since Sept 2018 ( https://github.com/rfjakob/gocryptfs/issues/261 ). Disable trezor.go by renaming to trezor.go.broken. This keeps "dep" from having to pull in A LOT OF dependencies: Before: $ du -sh vendor/ 49M vendor/ After: $ du -sh vendor/ 16M vendor/ --- internal/readpassword/trezor.go | 119 --------------------------------- internal/readpassword/trezor.go.broken | 119 +++++++++++++++++++++++++++++++++ 2 files changed, 119 insertions(+), 119 deletions(-) delete mode 100644 internal/readpassword/trezor.go create mode 100644 internal/readpassword/trezor.go.broken diff --git a/internal/readpassword/trezor.go b/internal/readpassword/trezor.go deleted file mode 100644 index a4d32cf..0000000 --- a/internal/readpassword/trezor.go +++ /dev/null @@ -1,119 +0,0 @@ -// +build enable_trezor - -package readpassword - -import ( - "bytes" - "log" - "os" - - "github.com/rfjakob/gocryptfs/internal/exitcodes" - "github.com/rfjakob/gocryptfs/internal/tlog" - - "github.com/xaionaro-go/cryptoWallet" - "github.com/xaionaro-go/cryptoWallet/vendors" -) - -const ( - // TrezorPayloadLen is the length of the payload data passed to Trezor's - // CipherKeyValue function. - TrezorPayloadLen = 32 - trezorNonce = "" // the "nonce" is optional and has no use in here - trezorKeyName = "gocryptfs" - trezorKeyDerivationPath = `m/10019'/0'` - // TrezorSupport is true when gocryptfs has been compile with -tags enable_trezor - TrezorSupport = true -) - -func trezorGetPin(title, description, ok, cancel string) ([]byte, error) { - return Once("", title), nil -} -func trezorGetConfirm(title, description, ok, cancel string) (bool, error) { - return false, nil // do not retry on connection failure -} - -// Trezor reads 32 deterministically derived bytes from a -// SatoshiLabs Trezor USB security module. -// The bytes are pseudorandom binary data and may contain null bytes. -// This function either succeeds and returns 32 bytes or calls os.Exit to end -// the application. -func Trezor(payload []byte) []byte { - if len(payload) != TrezorPayloadLen { - tlog.Fatal.Printf("Invalid TrezorPayload length: wanted %d, got %d bytes\n", TrezorPayloadLen, len(payload)) - os.Exit(exitcodes.LoadConf) - } - - // Find all trezor devices - trezors := cryptoWallet.Find(cryptoWallet.Filter{ - VendorID: &[]uint16{vendors.GetVendorID("satoshilabs")}[0], - ProductIDs: []uint16{1 /* Trezor One */}, - }) - - // ATM, we require to one and only one trezor device to be connected. - // The support of multiple trezor devices is not implemented, yet. - if len(trezors) == 0 { - tlog.Fatal.Printf("Trezor device is not found. Check the connection.") - os.Exit(exitcodes.TrezorError) - } - if len(trezors) > 1 { - tlog.Fatal.Printf("It's more than one Trezor device connected. This case is not implemented, yet. The number of currently connected devices: %v.", len(trezors)) - os.Exit(exitcodes.TrezorError) - } - - // Using the first found device - trezor := trezors[0] - - // Trezor may ask for PIN or Passphrase. Setting the handler for this case. - trezor.SetGetPinFunc(trezorGetPin) - - // In some cases (like lost connection to the Trezor device and cannot - // reconnect) it's required to get a confirmation from the user to - // retry to reconnect. Setting the handler for this case. - trezor.SetGetConfirmFunc(trezorGetConfirm) - - // To reset the state of the device and check if it's initialized. - // If device is not initialized then trezor.Reset() will return an - // error. - err := trezor.Reset() - if err != nil { - tlog.Fatal.Printf("Cannot reset the Trezor device. Error: %v", err.Error()) - os.Exit(exitcodes.TrezorError) - } - - // To generate a deterministic key we trying to decrypt our - // predefined constant key using the Trezor device. The resulting key - // will depend on next variables: - // * the Trezor master key; - // * the passphrase (passed to the Trezor). - // - // The right key will be received only if both values (mentioned - // above) are correct. - // - // Note: - // Also the resulting key depends on this values (that we defined as - // constants above): - // * the key derivation path; - // * the "encrypted" payload; - // * the nonce; - // * the key name. - key, err := trezor.DecryptKey(trezorKeyDerivationPath, payload, []byte(trezorNonce), trezorKeyName) - if err != nil { - tlog.Fatal.Printf("Cannot get the key from the Trezor device. Error description:\n\t%v", err.Error()) - os.Exit(exitcodes.TrezorError) - } - - // Sanity checks - if len(key) != TrezorPayloadLen { - log.Panicf("BUG: decrypted value has wrong length %d", len(key)) - } - if bytes.Equal(key, payload) { - log.Panicf("BUG: payload and decrypted value are identical") - } - zero := make([]byte, TrezorPayloadLen) - if bytes.Equal(key, zero) { - log.Panicf("BUG: decrypted value is all-zero") - } - - // Everything ok - return key -} diff --git a/internal/readpassword/trezor.go.broken b/internal/readpassword/trezor.go.broken new file mode 100644 index 0000000..a4d32cf --- /dev/null +++ b/internal/readpassword/trezor.go.broken @@ -0,0 +1,119 @@ +// +build enable_trezor + +package readpassword + +import ( + "bytes" + "log" + "os" + + "github.com/rfjakob/gocryptfs/internal/exitcodes" + "github.com/rfjakob/gocryptfs/internal/tlog" + + "github.com/xaionaro-go/cryptoWallet" + "github.com/xaionaro-go/cryptoWallet/vendors" +) + +const ( + // TrezorPayloadLen is the length of the payload data passed to Trezor's + // CipherKeyValue function. + TrezorPayloadLen = 32 + trezorNonce = "" // the "nonce" is optional and has no use in here + trezorKeyName = "gocryptfs" + trezorKeyDerivationPath = `m/10019'/0'` + // TrezorSupport is true when gocryptfs has been compile with -tags enable_trezor + TrezorSupport = true +) + +func trezorGetPin(title, description, ok, cancel string) ([]byte, error) { + return Once("", title), nil +} +func trezorGetConfirm(title, description, ok, cancel string) (bool, error) { + return false, nil // do not retry on connection failure +} + +// Trezor reads 32 deterministically derived bytes from a +// SatoshiLabs Trezor USB security module. +// The bytes are pseudorandom binary data and may contain null bytes. +// This function either succeeds and returns 32 bytes or calls os.Exit to end +// the application. +func Trezor(payload []byte) []byte { + if len(payload) != TrezorPayloadLen { + tlog.Fatal.Printf("Invalid TrezorPayload length: wanted %d, got %d bytes\n", TrezorPayloadLen, len(payload)) + os.Exit(exitcodes.LoadConf) + } + + // Find all trezor devices + trezors := cryptoWallet.Find(cryptoWallet.Filter{ + VendorID: &[]uint16{vendors.GetVendorID("satoshilabs")}[0], + ProductIDs: []uint16{1 /* Trezor One */}, + }) + + // ATM, we require to one and only one trezor device to be connected. + // The support of multiple trezor devices is not implemented, yet. + if len(trezors) == 0 { + tlog.Fatal.Printf("Trezor device is not found. Check the connection.") + os.Exit(exitcodes.TrezorError) + } + if len(trezors) > 1 { + tlog.Fatal.Printf("It's more than one Trezor device connected. This case is not implemented, yet. The number of currently connected devices: %v.", len(trezors)) + os.Exit(exitcodes.TrezorError) + } + + // Using the first found device + trezor := trezors[0] + + // Trezor may ask for PIN or Passphrase. Setting the handler for this case. + trezor.SetGetPinFunc(trezorGetPin) + + // In some cases (like lost connection to the Trezor device and cannot + // reconnect) it's required to get a confirmation from the user to + // retry to reconnect. Setting the handler for this case. + trezor.SetGetConfirmFunc(trezorGetConfirm) + + // To reset the state of the device and check if it's initialized. + // If device is not initialized then trezor.Reset() will return an + // error. + err := trezor.Reset() + if err != nil { + tlog.Fatal.Printf("Cannot reset the Trezor device. Error: %v", err.Error()) + os.Exit(exitcodes.TrezorError) + } + + // To generate a deterministic key we trying to decrypt our + // predefined constant key using the Trezor device. The resulting key + // will depend on next variables: + // * the Trezor master key; + // * the passphrase (passed to the Trezor). + // + // The right key will be received only if both values (mentioned + // above) are correct. + // + // Note: + // Also the resulting key depends on this values (that we defined as + // constants above): + // * the key derivation path; + // * the "encrypted" payload; + // * the nonce; + // * the key name. + key, err := trezor.DecryptKey(trezorKeyDerivationPath, payload, []byte(trezorNonce), trezorKeyName) + if err != nil { + tlog.Fatal.Printf("Cannot get the key from the Trezor device. Error description:\n\t%v", err.Error()) + os.Exit(exitcodes.TrezorError) + } + + // Sanity checks + if len(key) != TrezorPayloadLen { + log.Panicf("BUG: decrypted value has wrong length %d", len(key)) + } + if bytes.Equal(key, payload) { + log.Panicf("BUG: payload and decrypted value are identical") + } + zero := make([]byte, TrezorPayloadLen) + if bytes.Equal(key, zero) { + log.Panicf("BUG: decrypted value is all-zero") + } + + // Everything ok + return key +} -- cgit v1.2.3