trezor: add sanity checks for decrypted value
Check that the value has changed, is not all-zero and has the right length.
This commit is contained in:
parent
978f1f3f6d
commit
991891a5c4
@ -1,6 +1,8 @@
|
||||
package readpassword
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"log"
|
||||
"os"
|
||||
|
||||
"github.com/rfjakob/gocryptfs/internal/exitcodes"
|
||||
@ -96,6 +98,18 @@ func Trezor(payload []byte) []byte {
|
||||
os.Exit(exitcodes.TrezorError)
|
||||
}
|
||||
|
||||
// Sanity checks
|
||||
if len(key) != TrezorPayloadLen {
|
||||
log.Panicf("BUG: decrypted value has wrong length %d", len(key))
|
||||
}
|
||||
if bytes.Equal(key, payload) {
|
||||
log.Panicf("BUG: payload and decrypted value are identical")
|
||||
}
|
||||
zero := make([]byte, TrezorPayloadLen)
|
||||
if bytes.Equal(key, zero) {
|
||||
log.Panicf("BUG: decrypted value is all-zero")
|
||||
}
|
||||
|
||||
// Everything ok
|
||||
return key
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user