From fc64a407696e81ccd63d8ac422b3ae7ac13082c9 Mon Sep 17 00:00:00 2001 From: slush0 Date: Thu, 12 Jun 2014 21:45:33 +0200 Subject: [PATCH] Refactored password.dat format, backward incompatible change. --- tools/encfs_aes_getpass.py | 47 +++++++++++++++++++------------------- 1 file changed, 24 insertions(+), 23 deletions(-) diff --git a/tools/encfs_aes_getpass.py b/tools/encfs_aes_getpass.py index dd32968e64..6f0aa7c9ca 100755 --- a/tools/encfs_aes_getpass.py +++ b/tools/encfs_aes_getpass.py @@ -11,7 +11,6 @@ encfs --standard --extpass=./encfs_aes_getpass.py ~/.crypt ~/crypt import os import sys import json -import base64 import hashlib import binascii @@ -28,6 +27,15 @@ def wait_for_devices(): return devices def choose_device(devices): + if not len(devices): + raise Exception("No Trezor connected!") + + if len(devices) == 1: + try: + return HidTransport(devices[0]) + except IOError: + raise Exception("Device is currently in use") + i = 0 sys.stderr.write("----------------------------\n") sys.stderr.write("Available devices:\n") @@ -52,21 +60,13 @@ def choose_device(devices): try: device_id = int(raw_input()) - transport = HidTransport(devices[device_id]) + return HidTransport(devices[device_id]) except: raise Exception("Invalid choice, exiting...") - return transport - def main(): - devices = wait_for_devices() - - if len(devices) > 1: - transport = choose_device(devices) - else: - transport = HidTransport(devices[0]) - + transport = choose_device(devices) client = TrezorClient(transport) rootdir = os.environ['encfs_root'] # Read "man encfs" for more @@ -78,7 +78,8 @@ def main(): sys.stderr.write('Please provide label for new drive: ') label = raw_input() - sys.stderr.write('Computer asked Trezor for new strong password.\nPlease confirm action on your device.\n') + sys.stderr.write('Computer asked Trezor for new strong password.\n') + sys.stderr.write('Please confirm action on your device.\n') # 32 bytes, good for AES trezor_entropy = client.get_entropy(32) @@ -89,24 +90,24 @@ def main(): raise Exception("32 bytes password expected") bip32_path = [10, 0] - passw_encrypted = client.encrypt_keyvalue(bip32_path, - label, passw, False, True) + passw_encrypted = client.encrypt_keyvalue(bip32_path, label, passw, False, True) - f = open(passw_file, 'wb') - f.write(binascii.hexlify(label) + ',' + binascii.hexlify(passw_encrypted) + \ - ',' + binascii.hexlify(json.dumps(bip32_path))) - f.close() + data = {'label': label, + 'bip32_path': bip32_path, + 'password_encrypted_hex': binascii.hexlify(passw_encrypted)} + + json.dump(data, open(passw_file, 'wb')) # Let's load password + data = json.load(open(passw_file, 'r')) sys.stderr.write('Please confirm action on your device.\n') - label, passw_encrypted, bip32_path = open(passw_file, 'r').read().split(',') - passw = client.decrypt_keyvalue(json.loads(binascii.unhexlify(bip32_path)), - binascii.unhexlify(label), - binascii.unhexlify(passw_encrypted), + passw = client.decrypt_keyvalue(data['bip32_path'], + data['label'], + binascii.unhexlify(data['password_encrypted_hex']), False, True) - print passw + print passw if __name__ == '__main__': main()