From c6f6e8ec4d71475a24ebbb0e64f19ad94249efd9 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sun, 17 Jun 2018 15:25:09 +0200 Subject: trezor: add skeleton for Trezor support readpassword.Trezor() is not implemented yet and returns a hardcoded dummy key. --- internal/configfile/config_file.go | 6 +++++- internal/configfile/config_test.go | 8 ++++---- internal/configfile/feature_flags.go | 4 ++++ internal/exitcodes/exitcodes.go | 3 +++ internal/readpassword/trezor.go | 26 ++++++++++++++++++++++++++ 5 files changed, 42 insertions(+), 5 deletions(-) create mode 100644 internal/readpassword/trezor.go (limited to 'internal') diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go index 0d5e545..da6c4da 100644 --- a/internal/configfile/config_file.go +++ b/internal/configfile/config_file.go @@ -67,7 +67,8 @@ func randBytesDevRandom(n int) []byte { // CreateConfFile - create a new config with a random key encrypted with // "password" and write it to "filename". // Uses scrypt with cost parameter logN. -func CreateConfFile(filename string, password []byte, plaintextNames bool, logN int, creator string, aessiv bool, devrandom bool) error { +func CreateConfFile(filename string, password []byte, plaintextNames bool, + logN int, creator string, aessiv bool, devrandom bool, trezor bool) error { var cf ConfFile cf.filename = filename cf.Creator = creator @@ -87,6 +88,9 @@ func CreateConfFile(filename string, password []byte, plaintextNames bool, logN if aessiv { cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagAESSIV]) } + if trezor { + cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagTrezor]) + } { // Generate new random master key var key []byte diff --git a/internal/configfile/config_test.go b/internal/configfile/config_test.go index 15728c6..3152ab5 100644 --- a/internal/configfile/config_test.go +++ b/internal/configfile/config_test.go @@ -62,7 +62,7 @@ func TestLoadV2StrangeFeature(t *testing.T) { } func TestCreateConfDefault(t *testing.T) { - err := CreateConfFile("config_test/tmp.conf", testPw, false, 10, "test", false, false) + err := CreateConfFile("config_test/tmp.conf", testPw, false, 10, "test", false, false, false) if err != nil { t.Fatal(err) } @@ -83,14 +83,14 @@ func TestCreateConfDefault(t *testing.T) { } func TestCreateConfDevRandom(t *testing.T) { - err := CreateConfFile("config_test/tmp.conf", testPw, false, 10, "test", false, true) + err := CreateConfFile("config_test/tmp.conf", testPw, false, 10, "test", false, true, false) if err != nil { t.Fatal(err) } } func TestCreateConfPlaintextnames(t *testing.T) { - err := CreateConfFile("config_test/tmp.conf", testPw, true, 10, "test", false, false) + err := CreateConfFile("config_test/tmp.conf", testPw, true, 10, "test", false, false, false) if err != nil { t.Fatal(err) } @@ -111,7 +111,7 @@ func TestCreateConfPlaintextnames(t *testing.T) { // Reverse mode uses AESSIV func TestCreateConfFileAESSIV(t *testing.T) { - err := CreateConfFile("config_test/tmp.conf", testPw, false, 10, "test", true, false) + err := CreateConfFile("config_test/tmp.conf", testPw, false, 10, "test", true, false, false) if err != nil { t.Fatal(err) } diff --git a/internal/configfile/feature_flags.go b/internal/configfile/feature_flags.go index 2d609f2..141b007 100644 --- a/internal/configfile/feature_flags.go +++ b/internal/configfile/feature_flags.go @@ -25,6 +25,9 @@ const ( // Note that this flag does not change the password hashing algorithm // which always is scrypt. FlagHKDF + // FlagTrezor means that "-trezor" was used when creating the filesystem. + // The masterkey is protected using a Trezor device instead of a password. + FlagTrezor ) // knownFlags stores the known feature flags and their string representation @@ -37,6 +40,7 @@ var knownFlags = map[flagIota]string{ FlagAESSIV: "AESSIV", FlagRaw64: "Raw64", FlagHKDF: "HKDF", + FlagTrezor: "Trezor", } // Filesystems that do not have these feature flags set are deprecated. diff --git a/internal/exitcodes/exitcodes.go b/internal/exitcodes/exitcodes.go index fc65166..3fbfdc6 100644 --- a/internal/exitcodes/exitcodes.go +++ b/internal/exitcodes/exitcodes.go @@ -65,6 +65,9 @@ const ( FsckErrors = 26 // DeprecatedFS - this filesystem is deprecated DeprecatedFS = 27 + // TrezorError - an error was encountered while interacting with a Trezor + // device + TrezorError = 28 ) // Err wraps an error with an associated numeric exit code diff --git a/internal/readpassword/trezor.go b/internal/readpassword/trezor.go new file mode 100644 index 0000000..37dde79 --- /dev/null +++ b/internal/readpassword/trezor.go @@ -0,0 +1,26 @@ +package readpassword + +import ( + "os" + + "github.com/rfjakob/gocryptfs/internal/exitcodes" + "github.com/rfjakob/gocryptfs/internal/tlog" +) + +// Trezor reads 16 deterministically derived bytes from a +// SatoshiLabs Trezor USB security module. +// The bytes are pseudorandom binary data and may contain null bytes. +// This function either succeeds and returns 16 bytes or calls os.Exit to end +// the application. +func Trezor() []byte { + var err error + // TODO try to read bytes here.... + // Handle errors + if err != nil { + tlog.Fatal.Printf("xxx some error was encountered...") + os.Exit(exitcodes.TrezorError) + } + + tlog.Warn.Println("XXX readpassword.Trezor(): not implemented yet - returning hardcoded dummy bytes XXX") + return []byte("1234567890123456") +} -- cgit v1.2.3