#!/usr/bin/env python

"""
Somewhere, the HSM has to have a last-gasp default PIN, even if it's
only the null string, because there has to be **some** way to
initialize the poor thing.  Absent a better plan (feel free to
suggest one!), this last-gasp default is compiled in.

The normal value of this last-gasp PIN is deliberately chosen to be
annoying, so that people will change it, but since the derevation
requires running PBKDF2 and you might want a different default if
you're compiling this for yourself, we provide the script that
generates the default.
"""

# Author: Rob Austein
# Copyright (c) 2016, NORDUnet A/S
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# - Redistributions of source code must retain the above copyright notice,
#   this list of conditions and the following disclaimer.
#
# - Redistributions in binary form must reproduce the above copyright
#   notice, this list of conditions and the following disclaimer in the
#   documentation and/or other materials provided with the distribution.
#
# - Neither the name of the NORDUnet nor the names of its contributors may
#   be used to endorse or promote products derived from this software
#   without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

from argparse                   import ArgumentParser, ArgumentDefaultsHelpFormatter
from os                         import urandom
from Crypto.Protocol.KDF        import PBKDF2
from Crypto.Hash                import SHA256, HMAC

parser = ArgumentParser(description = __doc__, formatter_class = ArgumentDefaultsHelpFormatter)
parser.add_argument("-p", "--pin",
                    default = "YouReallyNeedToChangeThisPINRightNowWeAreNotKidding",
                    help    = "PIN plaintext before PBKDF2 processing")
parser.add_argument("-i", "--iterations",
                    type    = int,
                    default = 1000,
                    help    = "PBKDF2 iteration count")
parser.add_argument("-d", "--derived-key-length",
                    type    = int,
                    default = 64,
                    help    = "length of PBKDF2 output (must match libhal)")
args = parser.parse_args()

def HMAC_SHA256(pin, salt):
    return HMAC.new(pin, salt, SHA256).digest()

def hexify(value):
    return ", ".join("0x%02x" % ord(v) for v in value)

salt = urandom(16)

pin  = PBKDF2(password = args.pin,
              salt     = salt,
              dkLen    = args.derived_key_length,
              count    = args.iterations,
              prf      = HMAC_SHA256)

print '''\
/*
 * Automatically generated by a script, do not edit.
 */

static const hal_ks_pin_t hal_last_gasp_pin = {{
  {iterations},
  {{{pin}}},
  {{{salt}}}
}};'''.format(iterations = args.iterations,
              pin        = hexify(pin),
              salt       = hexify(salt))