# Sample RTC reset server to be contacted from activation initramfs.
#
# This server should run from inside bios-crypto/build with the key specified
# by ACTIVATION_KEY_NAME available in the same place.
#
# A RTC reset signature will be generated for every known laptop that sends a
# request. A laptop is "known" if its UUID is present in the UUIDS map
# below.
#
# The RTC reset signature will reset the client's rtc-timestamp field to
# a hardcoded value specified by RESET_TIMESTAMP.
#
# This server should run on an interface bound to an address that is
# contacted by the initramfs. At time of writing, these addresses are
# fe80::abcd:ef02 and 172.18.0.1. If using the IPv4 address be sure to
# match the subnet/netmask configuration to that used by the XS and initramfs.
#
# A "real server" may wish to additionally consider the following items:
# - Further input data validation
# - UUID database rather than a hardcoded list
# - Does the client's rtc-timestamp look bad to begin with? If not, there is
#   no need to generate a reset signature; the client has a bad RTC value, and
#   resetting rtc-timestamp will not help the situation.
# - Reset to a timestamp reflective of the current time rather than a hardcoded
#   timestamp

import socket
import subprocess

### Begin configuration

# Serial-to-UUID mappings. The server needs to know the UUID of
# the client laptop in order to generate a RTC reset signature, and the UUID
# is not included in the client's request
UUIDS = {
    'SHC01601310' : 'D073B3F3-E516-D31C-3235-F49C640C692D',
}

# Name of the activation keypair used to sign the RTC reset messages, as
# originally generated by bios-crypto's "makekey".
ACTIVATION_KEY_NAME = "test"

# Port to listen on. Probably don't want to change this.
PORT = 191

# IP protocol version to use. socket.AF_INET for IPv4 or socket.AF_INET6 for
# IPv6.
PROTO = socket.AF_INET6

# Timestamp to reset the client's rtc-timestamp field to.
RESET_TIMESTAMP = "20091201T210100Z"

### End of configuration

backlog = 5 
s = socket.socket(PROTO, socket.SOCK_STREAM) 
s.bind(('',PORT)) 
s.listen(backlog) 
while 1: 
    client, address = s.accept() 
    data = client.recv(1024).strip()
    print "Got data:", data
    if data:
        params = data.split()
        if params[0] != "rtcreset":
            client.close()
            continue

        serial = params[1]
        if not serial in UUIDS:
            client.close()
            continue

        uuid = UUIDS[serial]
        rtc_timestamp = params[2]
        ctr = params[3]

        args = ["/home/dsd/bios-crypto/build/make-rtcreset.sh", "--signingkey", ACTIVATION_KEY_NAME, serial, uuid, rtc_timestamp, ctr, RESET_TIMESTAMP]
        prog = subprocess.Popen(args, stdout=subprocess.PIPE)
        output = prog.communicate()[0]
        client.send(output)
        print output
        print "Sent reset signature for", serial
    client.close()