Refactored password.dat format, backward incompatible change.

2025-01-10 15:30:55 +00:00 · 2014-06-12 21:45:33 +02:00 · 2014-06-12 21:45:33 +02:00 · fc64a40769
commit fc64a40769
parent f48646ac83
1 changed files with 24 additions and 23 deletions
--- a/tools/encfs_aes_getpass.py
+++ b/tools/encfs_aes_getpass.py
@ -11,7 +11,6 @@ encfs --standard --extpass=./encfs_aes_getpass.py ~/.crypt ~/crypt
 import os
 import sys
 import json
-import base64
 import hashlib
 import binascii

@ -28,6 +27,15 @@ def wait_for_devices():
    return devices

 def choose_device(devices):
+    if not len(devices):
+        raise Exception("No Trezor connected!")
+
+    if len(devices) == 1:
+        try:
+            return HidTransport(devices[0])
+        except IOError:
+            raise Exception("Device is currently in use")
+
    i = 0
    sys.stderr.write("----------------------------\n")
    sys.stderr.write("Available devices:\n")
@ -52,21 +60,13 @@ def choose_device(devices):

    try:
        device_id = int(raw_input())
-        transport = HidTransport(devices[device_id])
+        return HidTransport(devices[device_id])
    except:
        raise Exception("Invalid choice, exiting...")

-    return transport
-
 def main():
-
    devices = wait_for_devices()
-
-    if len(devices) > 1:
-        transport = choose_device(devices)
-    else:
-        transport = HidTransport(devices[0])
-
+    transport = choose_device(devices)
    client = TrezorClient(transport)

    rootdir = os.environ['encfs_root']  # Read "man encfs" for more
@ -78,7 +78,8 @@ def main():
        sys.stderr.write('Please provide label for new drive: ')
        label = raw_input()

-        sys.stderr.write('Computer asked Trezor for new strong password.\nPlease confirm action on your device.\n')
+        sys.stderr.write('Computer asked Trezor for new strong password.\n')
+        sys.stderr.write('Please confirm action on your device.\n')

        # 32 bytes, good for AES
        trezor_entropy = client.get_entropy(32)
@ -89,24 +90,24 @@ def main():
            raise Exception("32 bytes password expected")

        bip32_path = [10, 0]
-        passw_encrypted = client.encrypt_keyvalue(bip32_path,
-                    label, passw, False, True)
+        passw_encrypted = client.encrypt_keyvalue(bip32_path, label, passw, False, True)

-        f = open(passw_file, 'wb')
-        f.write(binascii.hexlify(label) + ',' + binascii.hexlify(passw_encrypted) + \
-            ',' + binascii.hexlify(json.dumps(bip32_path)))
-        f.close()
+        data = {'label': label,
+                'bip32_path': bip32_path,
+                'password_encrypted_hex': binascii.hexlify(passw_encrypted)}
+        
+        json.dump(data, open(passw_file, 'wb'))

    # Let's load password
+    data = json.load(open(passw_file, 'r'))

    sys.stderr.write('Please confirm action on your device.\n')
-    label, passw_encrypted, bip32_path = open(passw_file, 'r').read().split(',')
-    passw = client.decrypt_keyvalue(json.loads(binascii.unhexlify(bip32_path)),
-                binascii.unhexlify(label),
-                binascii.unhexlify(passw_encrypted),
+    passw = client.decrypt_keyvalue(data['bip32_path'],
+                data['label'],
+                binascii.unhexlify(data['password_encrypted_hex']),
                False, True)
-    print passw

+    print passw

 if __name__ == '__main__':
    main()