#!/usr/bin/env python
"""
Somewhere, the HSM has to have a last-gasp default PIN, even if it's
only the null string, because there has to be **some** way to
initialize the poor thing. Absent a better plan (feel free to
suggest one!), this last-gasp default is compiled in.
The normal value of this last-gasp PIN is deliberately chosen to be
annoying, so that people will change it, but since the derevation
requires running PBKDF2 and you might want a different default if
you're compiling this for yourself, we provide the script that
generates the default.
"""
# Author: Rob Austein
# Copyright (c) 2016, NORDUnet A/S
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# - Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
#
# - Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# - Neither the name of the NORDUnet nor the names of its contributors may
# be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
from argparse import ArgumentParser, ArgumentDefaultsHelpFormatter
from os import urandom
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Hash import SHA256, HMAC
parser = ArgumentParser(description = __doc__, formatter_class = ArgumentDefaultsHelpFormatter)
parser.add_argument("-p", "--pin",
default = "YouReallyNeedToChangeThisPINRightNowWeAreNotKidding",
help = "PIN plaintext before PBKDF2 processing")
parser.add_argument("-i", "--iterations",
type = int,
default = 100000,
help = "PBKDF2 iteration count")
parser.add_argument("-d", "--derived-key-length",
type = int,
default = 64,
help = "length of PBKDF2 output (must match libhal)")
args = parser.parse_args()
def HMAC_SHA256(pin, salt):
return HMAC.new(pin, salt, SHA256).digest()
def hexify(value):
return ", ".join("0x%02x" % ord(v) for v in value)
salt = urandom(16)
pin = PBKDF2(password = args.pin,
salt = salt,
dkLen = args.derived_key_length,
count = args.iterations,
prf = HMAC_SHA256)
print '''\
/*
* Automatically generated by a script, do not edit.
*/
static const hal_ks_pin_t hal_last_gasp_pin = {{
{iterations},
{{{pin}}},
{{{salt}}}
}};'''.format(iterations = args.iterations,
pin = hexify(pin),
salt = hexify(salt))