From 50998fcfb916ae251309bd4b464f2c122e8cb30d Mon Sep 17 00:00:00 2001 From: jaseg Date: Fri, 9 Apr 2021 18:38:02 +0200 Subject: Repo re-org --- reset-controller/fw/tools/presig_gen.py | 141 ++++++++++++++++++++++++++++++++ 1 file changed, 141 insertions(+) create mode 100644 reset-controller/fw/tools/presig_gen.py (limited to 'reset-controller/fw/tools/presig_gen.py') diff --git a/reset-controller/fw/tools/presig_gen.py b/reset-controller/fw/tools/presig_gen.py new file mode 100644 index 0000000..c5dafe7 --- /dev/null +++ b/reset-controller/fw/tools/presig_gen.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python3 + +import os +import sys +import textwrap +import uuid +import hmac +import binascii +import time +from datetime import datetime + +LINKING_KEY_SIZE = 15 +PRESIG_VERSION = '000.001' +DOMAINS = ['all', 'country', 'region', 'vendor', 'series'] + +def format_hex(data, indent=4, wrap=True): + indent = ' '*indent + par = ', '.join(f'0x{b:02x}' for b in data) + par = textwrap.fill(par, width=120, + initial_indent=indent, subsequent_indent=indent, + replace_whitespace=False, drop_whitespace=False) + if wrap: + return f'{{\n{par}\n}}' + return par + +def domain_string(domain, value): + return f'smart reset domain string v{PRESIG_VERSION}: domain:{domain}={value}' + +def keygen_cmd(args): + if os.path.exists(args.keyfile) and not args.force: + print("Error: keyfile already exists. We won't overwrite it. Instead please remove it manually.", + file=sys.stderr) + return 1 + + root_key = os.urandom(LINKING_KEY_SIZE) + + with open(args.keyfile, 'wb') as f: + f.write(binascii.hexlify(root_key)) + f.write(b'\n') + return 0 + +def gen_at_height(domain, value, height, key): + # nanananananana BLOCKCHAIN! + + ds = domain_string(domain, value).encode('utf-8') + + for height in range(height+1): + key = hmac.digest(key, ds, 'sha512')[:LINKING_KEY_SIZE] + + return key + +def auth_cmd(args): + with open(args.keyfile, 'r') as f: + root_key = binascii.unhexlify(f.read().strip()) + + vals = [ (domain, getattr(args, domain)) for domain in DOMAINS if getattr(args, domain) is not None ] + if not vals: + vals = [('all', 'all')] + for domain, value in vals: + auth = gen_at_height(domain, value, args.height, root_key) + print(f'{domain}="{value}" @{args.height}: {binascii.hexlify(auth).decode()}') + + +def prekey_cmd(args): + with open(args.keyfile, 'r') as f: + root_key = binascii.unhexlify(f.read().strip()) + + print('#include ') + print('#include ') + print() + print('#include "crypto.h"') + print() + + bundle_id = uuid.uuid4().bytes + print(f'/* bundle id {binascii.hexlify(bundle_id).decode()} */') + print(f'uint8_t presig_bundle_id[16] = {format_hex(bundle_id)};') + print() + print(f'/* generated on {datetime.now()} */') + print(f'uint64_t bundle_timestamp = {int(time.time())};') + print() + print(f'int presig_height = {args.max_height};') + print() + + print('const char *presig_domain_strings[_TRIGGER_DOMAIN_COUNT] = {') + for domain in DOMAINS: + ds = domain_string(domain, getattr(args, domain)) + assert '"' not in ds + print(f' [TRIGGER_DOMAIN_{domain.upper()}] = "{ds}",') + print('};') + print() + + print('uint8_t presig_keys[_TRIGGER_DOMAIN_COUNT][PRESIG_MSG_LEN] = {') + for domain in DOMAINS: + key = gen_at_height(domain, getattr(args, domain), args.max_height, root_key) + print(f' [TRIGGER_DOMAIN_{domain.upper()}] = {{{format_hex(key, indent=0, wrap=False)}}},') + print('};') + + print() + print('static inline void __hack_asserts_only(void) {') + print(f' static_assert(_TRIGGER_DOMAIN_COUNT == {len(DOMAINS)});') + print(f' static_assert(PRESIG_MSG_LEN == {LINKING_KEY_SIZE});') + print('}') + print() + + + +TEST_VENDOR = 'Darthenschmidt Cyberei und Verschleierungstechnik GmbH' +TEST_SERIES = 'Frobnicator v0.23.7' +TEST_REGION = 'Neuland' +TEST_COUNTRY = 'Germany' + +if __name__ == '__main__': + import argparse + parser = argparse.ArgumentParser() + parser.add_argument('keyfile', help='Key file to use') + + subparsers = parser.add_subparsers(title='subcommands') + keygen_parser = subparsers.add_parser('keygen', help='Generate a new key') + keygen_parser.add_argument('-f', '--force', action='store_true', help='Force overwriting existing keyfile') + keygen_parser.set_defaults(func=keygen_cmd) + + auth_parser = subparsers.add_parser('auth', help='Generate one-time authentication string') + auth_parser.add_argument('height', type=int, help='Authentication string height, counting from 0 (root key)') + auth_parser.set_defaults(func=auth_cmd) + auth_parser.add_argument('-a', '--all', action='store_const', const='all', help='Vendor name for vendor domain') + auth_parser.add_argument('-v', '--vendor', type=str, nargs='?', const=TEST_VENDOR, help='Vendor name for vendor domain') + auth_parser.add_argument('-s', '--series', type=str, nargs='?', const=TEST_SERIES, help='Series identifier for series domain') + auth_parser.add_argument('-r', '--region', type=str, nargs='?', const=TEST_REGION, help='Region name for region domain') + auth_parser.add_argument('-c', '--country', type=str, nargs='?', const=TEST_COUNTRY, help='Country name for country domain') + + prekey_parser = subparsers.add_parser('prekey', help='Generate prekey data .C source code file') + prekey_parser.add_argument('-m', '--max-height', type=int, default=8, help='Height of generated prekey') + prekey_parser.add_argument('-v', '--vendor', type=str, default=TEST_VENDOR, help='Vendor name for vendor domain') + prekey_parser.add_argument('-s', '--series', type=str, default=TEST_SERIES, help='Series identifier for series domain') + prekey_parser.add_argument('-r', '--region', type=str, default=TEST_REGION, help='Region name for region domain') + prekey_parser.add_argument('-c', '--country', type=str, default=TEST_COUNTRY, help='Country name for country domain') + prekey_parser.set_defaults(func=prekey_cmd, all='all') + + args = parser.parse_args() + sys.exit(args.func(args)) + -- cgit