From 0cd8850c6158ca5d263c21b52b8906c974b3cfcc Mon Sep 17 00:00:00 2001
From: Paul Selkirk <paul@psgd.org>
Date: Sat, 25 Jun 2016 23:13:30 -0400
Subject: Dial back the last-gasp iterations to something sane.

I can't see protecting the well-known default password against a
brute-force attack, and 100k iterations takes almost a minute, which
makes a terrible first impression.
---
 last_gasp_pin_internal.h    | 6 +++---
 utils/last_gasp_default_pin | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/last_gasp_pin_internal.h b/last_gasp_pin_internal.h
index 96dc879..bbcac76 100644
--- a/last_gasp_pin_internal.h
+++ b/last_gasp_pin_internal.h
@@ -3,7 +3,7 @@
  */
 
 static const hal_ks_pin_t hal_last_gasp_pin = {
-  100000,
-  {0xb8, 0x47, 0xcb, 0x83, 0xdd, 0x93, 0xf7, 0xd7, 0x53, 0x3f, 0xcb, 0xae, 0xc2, 0x19, 0xcd, 0xb9, 0x4e, 0x9d, 0x4e, 0x71, 0x30, 0xcd, 0x01, 0x05, 0x87, 0x6d, 0xa7, 0x03, 0x8d, 0x46, 0x36, 0xf1, 0xcf, 0x55, 0x1f, 0x36, 0x22, 0x9d, 0xc3, 0x18, 0xcd, 0x43, 0x49, 0x14, 0x0b, 0x79, 0x85, 0xf9, 0xd0, 0xa5, 0xb0, 0x9f, 0x43, 0x95, 0xf8, 0xae, 0x01, 0xa0, 0x82, 0xaf, 0xc6, 0xf2, 0x8f, 0xf4},
-  {0x37, 0x6e, 0x15, 0x14, 0x5a, 0xd4, 0x35, 0xaf, 0x1c, 0x81, 0xc2, 0x80, 0x97, 0x18, 0x8d, 0x81}
+  10000,
+  {0x06, 0xe2, 0x10, 0x7b, 0xb8, 0x40, 0xb5, 0x90, 0x33, 0xc8, 0xdb, 0xcc, 0xde, 0x3e, 0xb0, 0x33, 0x2b, 0x7c, 0x60, 0x7c, 0xb4, 0x52, 0xb1, 0x43, 0xa2, 0x20, 0x71, 0xdd, 0xbc, 0x95, 0x92, 0x04, 0xe6, 0x51, 0x90, 0xda, 0x6e, 0x2b, 0x6d, 0x8c, 0xb8, 0x63, 0x8d, 0x59, 0xad, 0xc5, 0xae, 0x6c, 0xf5, 0x7c, 0x75, 0x5e, 0x38, 0x72, 0x06, 0xc5, 0xa9, 0x3b, 0xaa, 0xe9, 0x64, 0x6e, 0xb1, 0x1a},
+  {0x40, 0x49, 0xe4, 0xb6, 0x18, 0x0e, 0xe2, 0xbf, 0x3b, 0x22, 0xc8, 0xfe, 0xeb, 0xef, 0x09, 0x81}
 };
diff --git a/utils/last_gasp_default_pin b/utils/last_gasp_default_pin
index 2d09db1..50d822f 100755
--- a/utils/last_gasp_default_pin
+++ b/utils/last_gasp_default_pin
@@ -54,7 +54,7 @@ parser.add_argument("-p", "--pin",
                     help    = "PIN plaintext before PBKDF2 processing")
 parser.add_argument("-i", "--iterations",
                     type    = int,
-                    default = 100000,
+                    default = 10000,
                     help    = "PBKDF2 iteration count")
 parser.add_argument("-d", "--derived-key-length",
                     type    = int,
-- 
cgit v1.2.3


From a16159562d5e7a2998654c3f88ba0f88a3aaa42e Mon Sep 17 00:00:00 2001
From: Paul Selkirk <paul@psgd.org>
Date: Sun, 26 Jun 2016 01:02:44 -0400
Subject: Add hal_set_pin_default_iterations so the CLI can use hal_rpc_set_pin
 with control over iterations.

---
 hal_internal.h |  3 +++
 rpc_misc.c     | 22 ++++++++++++++++------
 2 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/hal_internal.h b/hal_internal.h
index 0c38c00..bd8e97d 100644
--- a/hal_internal.h
+++ b/hal_internal.h
@@ -316,6 +316,9 @@ typedef struct {
 
 } hal_ks_keydb_t;
 
+extern hal_error_t hal_set_pin_default_iterations(const hal_client_handle_t client,
+                                                  const uint32_t iterations);
+
 /*
  * Internal functions within the keystore implementation.  Think of
  * these as concrete methods for the keystore API subclassed onto
diff --git a/rpc_misc.c b/rpc_misc.c
index 8176c6f..1902b71 100644
--- a/rpc_misc.c
+++ b/rpc_misc.c
@@ -85,6 +85,8 @@ typedef struct {
 #define HAL_PIN_DEFAULT_ITERATIONS 20000
 #endif
 
+static uint32_t hal_pin_default_iterations = HAL_PIN_DEFAULT_ITERATIONS;
+
 #ifndef HAL_STATIC_CLIENT_STATE_BLOCKS
 #define HAL_STATIC_CLIENT_STATE_BLOCKS	10
 #endif
@@ -135,7 +137,7 @@ static hal_error_t login(const hal_client_handle_t client,
     return err;
 
   uint8_t buf[sizeof(p->pin)];
-  const uint32_t iterations = p->iterations == 0 ? HAL_PIN_DEFAULT_ITERATIONS : p->iterations;
+  const uint32_t iterations = p->iterations == 0 ? hal_pin_default_iterations : p->iterations;
 
   if ((err = hal_pbkdf2(NULL, hal_hash_sha256, (const uint8_t *) pin, pin_len,
                         p->salt, sizeof(p->salt), buf, sizeof(buf), iterations)) != HAL_OK)
@@ -210,11 +212,7 @@ static hal_error_t set_pin(const hal_client_handle_t client,
 
   hal_ks_pin_t p = *pp;
 
-  /*
-   * Another all-zeros vs all-ones disagreement between drivers.
-   */
-  if (p.iterations == 0x00000000 || p.iterations == 0xffffffff)
-    p.iterations = HAL_PIN_DEFAULT_ITERATIONS;
+  p.iterations = hal_pin_default_iterations;
 
   if ((err = hal_get_random(NULL, p.salt, sizeof(p.salt)))      != HAL_OK ||
       (err = hal_pbkdf2(NULL, hal_hash_sha256,
@@ -227,6 +225,18 @@ static hal_error_t set_pin(const hal_client_handle_t client,
   return HAL_OK;
 }
 
+hal_error_t hal_set_pin_default_iterations(const hal_client_handle_t client,
+                                           const uint32_t iterations)
+{
+  if ((is_logged_in(client, HAL_USER_WHEEL) != HAL_OK) &&
+      (is_logged_in(client, HAL_USER_SO) != HAL_OK))
+    return HAL_ERROR_FORBIDDEN;
+
+  /* should probably store this in flash somewhere */
+  hal_pin_default_iterations = (iterations == 0) ? HAL_PIN_DEFAULT_ITERATIONS : iterations;
+  return HAL_OK;
+}
+
 const hal_rpc_misc_dispatch_t hal_rpc_local_misc_dispatch = {
   set_pin,
   login,
-- 
cgit v1.2.3