File: ActionChangePIN.py

package info (click to toggle)
hsmwiz 0.0.2-1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 280 kB
  • sloc: python: 714; makefile: 3
file content (69 lines) | stat: -rw-r--r-- 2,298 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
#	hsmwiz - Simplified handling of Hardware Security Modules
#	Copyright (C) 2018-2020 Johannes Bauer
#
#	This file is part of hsmwiz.
#
#	hsmwiz is free software; you can redistribute it and/or modify
#	it under the terms of the GNU General Public License as published by
#	the Free Software Foundation; this program is ONLY licensed under
#	version 3 of the License, later versions are explicitly excluded.
#
#	hsmwiz is distributed in the hope that it will be useful,
#	but WITHOUT ANY WARRANTY; without even the implied warranty of
#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#	GNU General Public License for more details.
#
#	You should have received a copy of the GNU General Public License
#	along with this program.  If not, see <https://www.gnu.org/licenses/>.
#
#	Johannes Bauer <JohannesBauer@gmx.de>

import os
import sys
import getpass
from .BaseAction import BaseAction
from .HardwareSecurityModule import HardwareSecurityModule

class ActionChangePIN(BaseAction):
	@staticmethod
	def _gen_int_pin(digits):
		assert(digits >= 2)
		min_value = 10 ** (digits - 1)
		max_value = (10 ** digits) - 1
		val_range = max_value - min_value + 1
		# Choose candidate so large that the bias because of the modulo
		# operation becomes neglegible
		candidate = int.from_bytes(os.urandom(8 + digits), byteorder = "little")
		result = min_value + (candidate % val_range)
		assert(min_value <= result <= max_value)
		return result

	def __init__(self, cmdname, args):
		BaseAction.__init__(self, cmdname, args)
		if self.args.affect_so_pin:
			pin = None
			sopin = self.args.old
		else:
			pin = self.args.old
			sopin = None

		if self.args.randomize_new:
			if self.args.affect_so_pin:
				new_value = os.urandom(8).hex()
				print("!!! Do not lose this !!!")
				print("--> New SO-PIN: %s <--" % (new_value))
				print("!!! Do not lose this !!!")
			else:
				new_value = self._gen_int_pin(6)
				print("New PIN: %s" % (new_value))
		else:
			if self.args.new is not None:
				new_value = self.args.new
			else:
				new_value = getpass.getpass("New PIN: ")

		hsm = HardwareSecurityModule(verbose = (self.args.verbose > 0), so_path = self.args.so_path, pin = pin, sopin = sopin)
		if self.args.affect_so_pin:
			hsm.change_sopin(new_value)
		else:
			hsm.change_pin(new_value)