| // Copyright 2015 The Android Open Source Project |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| #include <cstdio> |
| #include <memory> |
| #include <string> |
| #include <vector> |
| |
| #include "base/command_line.h" |
| #include "base/files/file_util.h" |
| #include "keymaster/authorization_set.h" |
| #include "keystore/keystore_client_impl.h" |
| |
| using base::CommandLine; |
| using keymaster::AuthorizationSet; |
| using keymaster::AuthorizationSetBuilder; |
| using keystore::KeystoreClient; |
| |
| namespace { |
| |
| struct TestCase { |
| std::string name; |
| bool required_for_brillo_pts; |
| AuthorizationSet parameters; |
| }; |
| |
| void PrintUsageAndExit() { |
| printf("Usage: keystore_client_v2 <command> [options]\n"); |
| printf("Commands: brillo-platform-test [--prefix=<test_name_prefix>]\n" |
| " list-brillo-tests\n" |
| " add-entropy --input=<entropy>\n" |
| " generate --name=<key_name>\n" |
| " get-chars --name=<key_name>\n" |
| " export --name=<key_name>\n" |
| " delete --name=<key_name>\n" |
| " delete-all\n" |
| " exists --name=<key_name>\n" |
| " list [--prefix=<key_name_prefix>]\n" |
| " sign-verify --name=<key_name>\n" |
| " [en|de]crypt --name=<key_name> --in=<file> --out=<file>\n"); |
| exit(1); |
| } |
| |
| std::unique_ptr<KeystoreClient> CreateKeystoreInstance() { |
| return std::unique_ptr<KeystoreClient>(new keystore::KeystoreClientImpl); |
| } |
| |
| const char* StringifyTag(keymaster_tag_t tag) { |
| switch (tag) { |
| case KM_TAG_INVALID: |
| return "KM_TAG_INVALID"; |
| case KM_TAG_PURPOSE: |
| return "KM_TAG_PURPOSE"; |
| case KM_TAG_ALGORITHM: |
| return "KM_TAG_ALGORITHM"; |
| case KM_TAG_KEY_SIZE: |
| return "KM_TAG_KEY_SIZE"; |
| case KM_TAG_BLOCK_MODE: |
| return "KM_TAG_BLOCK_MODE"; |
| case KM_TAG_DIGEST: |
| return "KM_TAG_DIGEST"; |
| case KM_TAG_PADDING: |
| return "KM_TAG_PADDING"; |
| case KM_TAG_CALLER_NONCE: |
| return "KM_TAG_CALLER_NONCE"; |
| case KM_TAG_MIN_MAC_LENGTH: |
| return "KM_TAG_MIN_MAC_LENGTH"; |
| case KM_TAG_RSA_PUBLIC_EXPONENT: |
| return "KM_TAG_RSA_PUBLIC_EXPONENT"; |
| case KM_TAG_BLOB_USAGE_REQUIREMENTS: |
| return "KM_TAG_BLOB_USAGE_REQUIREMENTS"; |
| case KM_TAG_BOOTLOADER_ONLY: |
| return "KM_TAG_BOOTLOADER_ONLY"; |
| case KM_TAG_ACTIVE_DATETIME: |
| return "KM_TAG_ACTIVE_DATETIME"; |
| case KM_TAG_ORIGINATION_EXPIRE_DATETIME: |
| return "KM_TAG_ORIGINATION_EXPIRE_DATETIME"; |
| case KM_TAG_USAGE_EXPIRE_DATETIME: |
| return "KM_TAG_USAGE_EXPIRE_DATETIME"; |
| case KM_TAG_MIN_SECONDS_BETWEEN_OPS: |
| return "KM_TAG_MIN_SECONDS_BETWEEN_OPS"; |
| case KM_TAG_MAX_USES_PER_BOOT: |
| return "KM_TAG_MAX_USES_PER_BOOT"; |
| case KM_TAG_ALL_USERS: |
| return "KM_TAG_ALL_USERS"; |
| case KM_TAG_USER_ID: |
| return "KM_TAG_USER_ID"; |
| case KM_TAG_USER_SECURE_ID: |
| return "KM_TAG_USER_SECURE_ID"; |
| case KM_TAG_NO_AUTH_REQUIRED: |
| return "KM_TAG_NO_AUTH_REQUIRED"; |
| case KM_TAG_USER_AUTH_TYPE: |
| return "KM_TAG_USER_AUTH_TYPE"; |
| case KM_TAG_AUTH_TIMEOUT: |
| return "KM_TAG_AUTH_TIMEOUT"; |
| case KM_TAG_ALL_APPLICATIONS: |
| return "KM_TAG_ALL_APPLICATIONS"; |
| case KM_TAG_APPLICATION_ID: |
| return "KM_TAG_APPLICATION_ID"; |
| case KM_TAG_APPLICATION_DATA: |
| return "KM_TAG_APPLICATION_DATA"; |
| case KM_TAG_CREATION_DATETIME: |
| return "KM_TAG_CREATION_DATETIME"; |
| case KM_TAG_ORIGIN: |
| return "KM_TAG_ORIGIN"; |
| case KM_TAG_ROLLBACK_RESISTANT: |
| return "KM_TAG_ROLLBACK_RESISTANT"; |
| case KM_TAG_ROOT_OF_TRUST: |
| return "KM_TAG_ROOT_OF_TRUST"; |
| case KM_TAG_ASSOCIATED_DATA: |
| return "KM_TAG_ASSOCIATED_DATA"; |
| case KM_TAG_NONCE: |
| return "KM_TAG_NONCE"; |
| case KM_TAG_AUTH_TOKEN: |
| return "KM_TAG_AUTH_TOKEN"; |
| case KM_TAG_MAC_LENGTH: |
| return "KM_TAG_MAC_LENGTH"; |
| case KM_TAG_KDF: |
| return "KM_TAG_KDF"; |
| case KM_TAG_EC_CURVE: |
| return "KM_TAG_EC_CURVE"; |
| case KM_TAG_ECIES_SINGLE_HASH_MODE: |
| return "KM_TAG_ECIES_SINGLE_HASH_MODE"; |
| } |
| return "<Unknown>"; |
| } |
| |
| void PrintTags(const AuthorizationSet& parameters) { |
| const keymaster_key_param_t* iter = nullptr; |
| for (iter = parameters.begin(); iter != parameters.end(); ++iter) { |
| printf(" %s\n", StringifyTag(iter->tag)); |
| } |
| } |
| |
| void PrintKeyCharacteristics(const AuthorizationSet& hardware_enforced_characteristics, |
| const AuthorizationSet& software_enforced_characteristics) { |
| printf("Hardware:\n"); |
| PrintTags(hardware_enforced_characteristics); |
| printf("Software:\n"); |
| PrintTags(software_enforced_characteristics); |
| } |
| |
| bool TestKey(const std::string& name, bool required, const AuthorizationSet& parameters) { |
| std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| AuthorizationSet hardware_enforced_characteristics; |
| AuthorizationSet software_enforced_characteristics; |
| int32_t result = keystore->generateKey("tmp", parameters, &hardware_enforced_characteristics, |
| &software_enforced_characteristics); |
| if (result != KM_ERROR_OK) { |
| LOG(ERROR) << "Failed to generate key: " << result; |
| printf("%s Result: ABORT\n", name.c_str()); |
| return false; |
| } |
| result = keystore->deleteKey("tmp"); |
| if (result != KM_ERROR_OK) { |
| LOG(ERROR) << "Failed to delete key: " << result; |
| printf("%s Result: ABORT\n", name.c_str()); |
| return false; |
| } |
| printf("===============================================================\n"); |
| printf("%s Key Characteristics:\n", name.c_str()); |
| PrintKeyCharacteristics(hardware_enforced_characteristics, software_enforced_characteristics); |
| bool hardware_backed = (hardware_enforced_characteristics.size() > 0); |
| if (software_enforced_characteristics.GetTagCount(KM_TAG_PURPOSE) > 0 || |
| software_enforced_characteristics.GetTagCount(KM_TAG_ALGORITHM) > 0 || |
| software_enforced_characteristics.GetTagCount(KM_TAG_KEY_SIZE) > 0 || |
| software_enforced_characteristics.GetTagCount(KM_TAG_RSA_PUBLIC_EXPONENT) > 0 || |
| software_enforced_characteristics.GetTagCount(KM_TAG_DIGEST) > 0 || |
| software_enforced_characteristics.GetTagCount(KM_TAG_PADDING) > 0 || |
| software_enforced_characteristics.GetTagCount(KM_TAG_BLOCK_MODE) > 0) { |
| VLOG(1) << "Hardware-backed key but required characteristics enforced in software."; |
| hardware_backed = false; |
| } |
| const char kBoldRedFail[] = "\033[1;31mFAIL\033[0m"; |
| const char kBoldGreenPass[] = "\033[1;32mPASS\033[0m"; |
| const char kBoldYellowWarn[] = "\033[1;33mWARN\033[0m"; |
| printf("[%s] %s\n", |
| hardware_backed ? kBoldGreenPass : (required ? kBoldRedFail : kBoldYellowWarn), |
| name.c_str()); |
| |
| return (hardware_backed || !required); |
| } |
| |
| AuthorizationSet GetRSASignParameters(uint32_t key_size, bool sha256_only) { |
| AuthorizationSetBuilder parameters; |
| parameters.RsaSigningKey(key_size, 65537) |
| .Digest(KM_DIGEST_SHA_2_256) |
| .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN) |
| .Padding(KM_PAD_RSA_PSS) |
| .Authorization(keymaster::TAG_NO_AUTH_REQUIRED); |
| if (!sha256_only) { |
| parameters.Digest(KM_DIGEST_SHA_2_224) |
| .Digest(KM_DIGEST_SHA_2_384) |
| .Digest(KM_DIGEST_SHA_2_512); |
| } |
| return parameters.build(); |
| } |
| |
| AuthorizationSet GetRSAEncryptParameters(uint32_t key_size) { |
| AuthorizationSetBuilder parameters; |
| parameters.RsaEncryptionKey(key_size, 65537) |
| .Padding(KM_PAD_RSA_PKCS1_1_5_ENCRYPT) |
| .Padding(KM_PAD_RSA_OAEP) |
| .Authorization(keymaster::TAG_NO_AUTH_REQUIRED); |
| return parameters.build(); |
| } |
| |
| AuthorizationSet GetECDSAParameters(uint32_t key_size, bool sha256_only) { |
| AuthorizationSetBuilder parameters; |
| parameters.EcdsaSigningKey(key_size) |
| .Digest(KM_DIGEST_SHA_2_256) |
| .Authorization(keymaster::TAG_NO_AUTH_REQUIRED); |
| if (!sha256_only) { |
| parameters.Digest(KM_DIGEST_SHA_2_224) |
| .Digest(KM_DIGEST_SHA_2_384) |
| .Digest(KM_DIGEST_SHA_2_512); |
| } |
| return parameters.build(); |
| } |
| |
| AuthorizationSet GetAESParameters(uint32_t key_size, bool with_gcm_mode) { |
| AuthorizationSetBuilder parameters; |
| parameters.AesEncryptionKey(key_size).Authorization(keymaster::TAG_NO_AUTH_REQUIRED); |
| if (with_gcm_mode) { |
| parameters.Authorization(keymaster::TAG_BLOCK_MODE, KM_MODE_GCM) |
| .Authorization(keymaster::TAG_MIN_MAC_LENGTH, 128); |
| } else { |
| parameters.Authorization(keymaster::TAG_BLOCK_MODE, KM_MODE_ECB); |
| parameters.Authorization(keymaster::TAG_BLOCK_MODE, KM_MODE_CBC); |
| parameters.Authorization(keymaster::TAG_BLOCK_MODE, KM_MODE_CTR); |
| } |
| return parameters.build(); |
| } |
| |
| AuthorizationSet GetHMACParameters(uint32_t key_size, keymaster_digest_t digest) { |
| AuthorizationSetBuilder parameters; |
| parameters.HmacKey(key_size) |
| .Digest(digest) |
| .Authorization(keymaster::TAG_MIN_MAC_LENGTH, 224) |
| .Authorization(keymaster::TAG_NO_AUTH_REQUIRED); |
| return parameters.build(); |
| } |
| |
| std::vector<TestCase> GetTestCases() { |
| TestCase test_cases[] = { |
| {"RSA-2048 Sign", true, GetRSASignParameters(2048, true)}, |
| {"RSA-2048 Sign (more digests)", false, GetRSASignParameters(2048, false)}, |
| {"RSA-3072 Sign", false, GetRSASignParameters(3072, false)}, |
| {"RSA-4096 Sign", false, GetRSASignParameters(4096, false)}, |
| {"RSA-2048 Encrypt", true, GetRSAEncryptParameters(2048)}, |
| {"RSA-3072 Encrypt", false, GetRSAEncryptParameters(3072)}, |
| {"RSA-4096 Encrypt", false, GetRSAEncryptParameters(4096)}, |
| {"ECDSA-P256 Sign", true, GetECDSAParameters(256, true)}, |
| {"ECDSA-P256 Sign (more digests)", false, GetECDSAParameters(256, false)}, |
| {"ECDSA-P224 Sign", false, GetECDSAParameters(224, false)}, |
| {"ECDSA-P384 Sign", false, GetECDSAParameters(384, false)}, |
| {"ECDSA-P521 Sign", false, GetECDSAParameters(521, false)}, |
| {"AES-128", true, GetAESParameters(128, false)}, |
| {"AES-256", true, GetAESParameters(256, false)}, |
| {"AES-128-GCM", false, GetAESParameters(128, true)}, |
| {"AES-256-GCM", false, GetAESParameters(256, true)}, |
| {"HMAC-SHA256-16", true, GetHMACParameters(16, KM_DIGEST_SHA_2_256)}, |
| {"HMAC-SHA256-32", true, GetHMACParameters(32, KM_DIGEST_SHA_2_256)}, |
| {"HMAC-SHA256-64", false, GetHMACParameters(64, KM_DIGEST_SHA_2_256)}, |
| {"HMAC-SHA224-32", false, GetHMACParameters(32, KM_DIGEST_SHA_2_224)}, |
| {"HMAC-SHA384-32", false, GetHMACParameters(32, KM_DIGEST_SHA_2_384)}, |
| {"HMAC-SHA512-32", false, GetHMACParameters(32, KM_DIGEST_SHA_2_512)}, |
| }; |
| return std::vector<TestCase>(&test_cases[0], &test_cases[arraysize(test_cases)]); |
| } |
| |
| int BrilloPlatformTest(const std::string& prefix) { |
| int test_count = 0; |
| int fail_count = 0; |
| std::vector<TestCase> test_cases = GetTestCases(); |
| for (const auto& test_case : test_cases) { |
| if (!prefix.empty() && test_case.name.find(prefix) != 0) { |
| continue; |
| } |
| ++test_count; |
| if (!TestKey(test_case.name, test_case.required_for_brillo_pts, test_case.parameters)) { |
| VLOG(1) << "Test failed: " << test_case.name; |
| ++fail_count; |
| } |
| } |
| return fail_count; |
| } |
| |
| int ListTestCases() { |
| const char kBoldGreenRequired[] = "\033[1;32mREQUIRED\033[0m"; |
| const char kBoldYellowRecommended[] = "\033[1;33mRECOMMENDED\033[0m"; |
| std::vector<TestCase> test_cases = GetTestCases(); |
| for (const auto& test_case : test_cases) { |
| printf("%s : %s\n", test_case.name.c_str(), |
| test_case.required_for_brillo_pts ? kBoldGreenRequired : kBoldYellowRecommended); |
| } |
| return 0; |
| } |
| |
| std::string ReadFile(const std::string& filename) { |
| std::string content; |
| base::FilePath path(filename); |
| if (!base::ReadFileToString(path, &content)) { |
| printf("Failed to read file: %s\n", filename.c_str()); |
| exit(1); |
| } |
| return content; |
| } |
| |
| void WriteFile(const std::string& filename, const std::string& content) { |
| base::FilePath path(filename); |
| int size = content.size(); |
| if (base::WriteFile(path, content.data(), size) != size) { |
| printf("Failed to write file: %s\n", filename.c_str()); |
| exit(1); |
| } |
| } |
| |
| int AddEntropy(const std::string& input) { |
| std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| int32_t result = keystore->addRandomNumberGeneratorEntropy(input); |
| printf("AddEntropy: %d\n", result); |
| return result; |
| } |
| |
| int GenerateKey(const std::string& name) { |
| std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| AuthorizationSetBuilder params; |
| params.RsaSigningKey(2048, 65537) |
| .Digest(KM_DIGEST_SHA_2_224) |
| .Digest(KM_DIGEST_SHA_2_256) |
| .Digest(KM_DIGEST_SHA_2_384) |
| .Digest(KM_DIGEST_SHA_2_512) |
| .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN) |
| .Padding(KM_PAD_RSA_PSS) |
| .Authorization(keymaster::TAG_NO_AUTH_REQUIRED); |
| AuthorizationSet hardware_enforced_characteristics; |
| AuthorizationSet software_enforced_characteristics; |
| int32_t result = keystore->generateKey(name, params.build(), &hardware_enforced_characteristics, |
| &software_enforced_characteristics); |
| printf("GenerateKey: %d\n", result); |
| if (result == KM_ERROR_OK) { |
| PrintKeyCharacteristics(hardware_enforced_characteristics, |
| software_enforced_characteristics); |
| } |
| return result; |
| } |
| |
| int GetCharacteristics(const std::string& name) { |
| std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| AuthorizationSet hardware_enforced_characteristics; |
| AuthorizationSet software_enforced_characteristics; |
| int32_t result = keystore->getKeyCharacteristics(name, &hardware_enforced_characteristics, |
| &software_enforced_characteristics); |
| printf("GetCharacteristics: %d\n", result); |
| if (result == KM_ERROR_OK) { |
| PrintKeyCharacteristics(hardware_enforced_characteristics, |
| software_enforced_characteristics); |
| } |
| return result; |
| } |
| |
| int ExportKey(const std::string& name) { |
| std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| std::string data; |
| int32_t result = keystore->exportKey(KM_KEY_FORMAT_X509, name, &data); |
| printf("ExportKey: %d (%zu)\n", result, data.size()); |
| return result; |
| } |
| |
| int DeleteKey(const std::string& name) { |
| std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| int32_t result = keystore->deleteKey(name); |
| printf("DeleteKey: %d\n", result); |
| return result; |
| } |
| |
| int DeleteAllKeys() { |
| std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| int32_t result = keystore->deleteAllKeys(); |
| printf("DeleteAllKeys: %d\n", result); |
| return result; |
| } |
| |
| int DoesKeyExist(const std::string& name) { |
| std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| printf("DoesKeyExist: %s\n", keystore->doesKeyExist(name) ? "yes" : "no"); |
| return 0; |
| } |
| |
| int List(const std::string& prefix) { |
| std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| std::vector<std::string> key_list; |
| if (!keystore->listKeys(prefix, &key_list)) { |
| printf("ListKeys failed.\n"); |
| return 1; |
| } |
| printf("Keys:\n"); |
| for (const auto& key_name : key_list) { |
| printf(" %s\n", key_name.c_str()); |
| } |
| return 0; |
| } |
| |
| int SignAndVerify(const std::string& name) { |
| std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| AuthorizationSetBuilder sign_params; |
| sign_params.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN); |
| sign_params.Digest(KM_DIGEST_SHA_2_256); |
| AuthorizationSet output_params; |
| keymaster_operation_handle_t handle; |
| int32_t result = keystore->beginOperation(KM_PURPOSE_SIGN, name, sign_params.build(), |
| &output_params, &handle); |
| if (result != KM_ERROR_OK) { |
| printf("Sign: BeginOperation failed: %d\n", result); |
| return result; |
| } |
| AuthorizationSet empty_params; |
| size_t num_input_bytes_consumed; |
| std::string output_data; |
| result = keystore->updateOperation(handle, empty_params, "data_to_sign", |
| &num_input_bytes_consumed, &output_params, &output_data); |
| if (result != KM_ERROR_OK) { |
| printf("Sign: UpdateOperation failed: %d\n", result); |
| return result; |
| } |
| result = keystore->finishOperation(handle, empty_params, std::string() /*signature_to_verify*/, |
| &output_params, &output_data); |
| if (result != KM_ERROR_OK) { |
| printf("Sign: FinishOperation failed: %d\n", result); |
| return result; |
| } |
| printf("Sign: %zu bytes.\n", output_data.size()); |
| // We have a signature, now verify it. |
| std::string signature_to_verify = output_data; |
| output_data.clear(); |
| result = keystore->beginOperation(KM_PURPOSE_VERIFY, name, sign_params.build(), &output_params, |
| &handle); |
| if (result != KM_ERROR_OK) { |
| printf("Verify: BeginOperation failed: %d\n", result); |
| return result; |
| } |
| result = keystore->updateOperation(handle, empty_params, "data_to_sign", |
| &num_input_bytes_consumed, &output_params, &output_data); |
| if (result != KM_ERROR_OK) { |
| printf("Verify: UpdateOperation failed: %d\n", result); |
| return result; |
| } |
| result = keystore->finishOperation(handle, empty_params, signature_to_verify, &output_params, |
| &output_data); |
| if (result == KM_ERROR_VERIFICATION_FAILED) { |
| printf("Verify: Failed to verify signature.\n"); |
| return result; |
| } |
| if (result != KM_ERROR_OK) { |
| printf("Verify: FinishOperation failed: %d\n", result); |
| return result; |
| } |
| printf("Verify: OK\n"); |
| return 0; |
| } |
| |
| int Encrypt(const std::string& key_name, const std::string& input_filename, |
| const std::string& output_filename) { |
| std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| std::string input = ReadFile(input_filename); |
| std::string output; |
| if (!keystore->encryptWithAuthentication(key_name, input, &output)) { |
| printf("EncryptWithAuthentication failed.\n"); |
| return 1; |
| } |
| WriteFile(output_filename, output); |
| return 0; |
| } |
| |
| int Decrypt(const std::string& key_name, const std::string& input_filename, |
| const std::string& output_filename) { |
| std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| std::string input = ReadFile(input_filename); |
| std::string output; |
| if (!keystore->decryptWithAuthentication(key_name, input, &output)) { |
| printf("DecryptWithAuthentication failed.\n"); |
| return 1; |
| } |
| WriteFile(output_filename, output); |
| return 0; |
| } |
| |
| } // namespace |
| |
| int main(int argc, char** argv) { |
| CommandLine::Init(argc, argv); |
| CommandLine* command_line = CommandLine::ForCurrentProcess(); |
| CommandLine::StringVector args = command_line->GetArgs(); |
| if (args.empty()) { |
| PrintUsageAndExit(); |
| } |
| if (args[0] == "brillo-platform-test") { |
| return BrilloPlatformTest(command_line->GetSwitchValueASCII("prefix")); |
| } else if (args[0] == "list-brillo-tests") { |
| return ListTestCases(); |
| } else if (args[0] == "add-entropy") { |
| return AddEntropy(command_line->GetSwitchValueASCII("input")); |
| } else if (args[0] == "generate") { |
| return GenerateKey(command_line->GetSwitchValueASCII("name")); |
| } else if (args[0] == "get-chars") { |
| return GetCharacteristics(command_line->GetSwitchValueASCII("name")); |
| } else if (args[0] == "export") { |
| return ExportKey(command_line->GetSwitchValueASCII("name")); |
| } else if (args[0] == "delete") { |
| return DeleteKey(command_line->GetSwitchValueASCII("name")); |
| } else if (args[0] == "delete-all") { |
| return DeleteAllKeys(); |
| } else if (args[0] == "exists") { |
| return DoesKeyExist(command_line->GetSwitchValueASCII("name")); |
| } else if (args[0] == "list") { |
| return List(command_line->GetSwitchValueASCII("prefix")); |
| } else if (args[0] == "sign-verify") { |
| return SignAndVerify(command_line->GetSwitchValueASCII("name")); |
| } else if (args[0] == "encrypt") { |
| return Encrypt(command_line->GetSwitchValueASCII("name"), |
| command_line->GetSwitchValueASCII("in"), |
| command_line->GetSwitchValueASCII("out")); |
| } else if (args[0] == "decrypt") { |
| return Decrypt(command_line->GetSwitchValueASCII("name"), |
| command_line->GetSwitchValueASCII("in"), |
| command_line->GetSwitchValueASCII("out")); |
| } else { |
| PrintUsageAndExit(); |
| } |
| return 0; |
| } |