| /* |
| * Copyright (C) 2009 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| #include <stdio.h> |
| #include <stdint.h> |
| #include <string.h> |
| #include <sys/types.h> |
| #include <vector> |
| |
| #include <android/security/keystore/IKeystoreService.h> |
| #include <binder/IPCThreadState.h> |
| #include <binder/IServiceManager.h> |
| |
| #include <keystore/keystore.h> |
| |
| using namespace android; |
| using namespace keystore; |
| using android::security::keystore::IKeystoreService; |
| |
| static const char* responses[] = { |
| nullptr, |
| /* [NO_ERROR] = */ "No error", |
| /* [LOCKED] = */ "Locked", |
| /* [UNINITIALIZED] = */ "Uninitialized", |
| /* [SYSTEM_ERROR] = */ "System error", |
| /* [PROTOCOL_ERROR] = */ "Protocol error", |
| /* [PERMISSION_DENIED] = */ "Permission denied", |
| /* [KEY_NOT_FOUND] = */ "Key not found", |
| /* [VALUE_CORRUPTED] = */ "Value corrupted", |
| /* [UNDEFINED_ACTION] = */ "Undefined action", |
| /* [WRONG_PASSWORD] = */ "Wrong password (last chance)", |
| /* [WRONG_PASSWORD + 1] = */ "Wrong password (2 tries left)", |
| /* [WRONG_PASSWORD + 2] = */ "Wrong password (3 tries left)", |
| /* [WRONG_PASSWORD + 3] = */ "Wrong password (4 tries left)", |
| }; |
| |
| #define NO_ARG_INT_RETURN(cmd) \ |
| do { \ |
| if (strcmp(argv[1], #cmd) == 0) { \ |
| int32_t ret = -1; \ |
| service->cmd(&ret); \ |
| if (ret < 0) { \ |
| fprintf(stderr, "%s: could not connect: %d\n", argv[0], ret); \ |
| return 1; \ |
| } else { \ |
| printf(#cmd ": %s (%d)\n", responses[ret], ret); \ |
| return 0; \ |
| } \ |
| } \ |
| } while (0) |
| |
| #define SINGLE_ARG_INT_RETURN(cmd) \ |
| do { \ |
| if (strcmp(argv[1], #cmd) == 0) { \ |
| if (argc < 3) { \ |
| fprintf(stderr, "Usage: %s " #cmd " <name>\n", argv[0]); \ |
| return 1; \ |
| } \ |
| int32_t ret = -1; \ |
| service->cmd(String16(argv[2]), &ret); \ |
| if (ret < 0) { \ |
| fprintf(stderr, "%s: could not connect: %d\n", argv[0], ret); \ |
| return 1; \ |
| } else { \ |
| printf(#cmd ": %s (%d)\n", responses[ret], ret); \ |
| return 0; \ |
| } \ |
| } \ |
| } while (0) |
| |
| #define SINGLE_INT_ARG_INT_RETURN(cmd) \ |
| do { \ |
| if (strcmp(argv[1], #cmd) == 0) { \ |
| if (argc < 3) { \ |
| fprintf(stderr, "Usage: %s " #cmd " <name>\n", argv[0]); \ |
| return 1; \ |
| } \ |
| int32_t ret = -1; \ |
| service->cmd(atoi(argv[2]), &ret); \ |
| if (ret < 0) { \ |
| fprintf(stderr, "%s: could not connect: %d\n", argv[0], ret); \ |
| return 1; \ |
| } else { \ |
| printf(#cmd ": %s (%d)\n", responses[ret], ret); \ |
| return 0; \ |
| } \ |
| } \ |
| } while (0) |
| |
| #define SINGLE_ARG_PLUS_UID_INT_RETURN(cmd) \ |
| do { \ |
| if (strcmp(argv[1], #cmd) == 0) { \ |
| if (argc < 3) { \ |
| fprintf(stderr, "Usage: %s " #cmd " <name> <uid>\n", argv[0]); \ |
| return 1; \ |
| } \ |
| int uid = -1; \ |
| if (argc > 3) { \ |
| uid = atoi(argv[3]); \ |
| fprintf(stderr, "Running as uid %d\n", uid); \ |
| } \ |
| int32_t ret = -1; \ |
| service->cmd(String16(argv[2]), uid, &ret); \ |
| if (ret < 0) { \ |
| fprintf(stderr, "%s: could not connect: %d\n", argv[0], ret); \ |
| return 1; \ |
| } else { \ |
| printf(#cmd ": %s (%d)\n", responses[ret], ret); \ |
| return 0; \ |
| } \ |
| } \ |
| } while (0) |
| |
| #define SINGLE_ARG_PLUS_UID_DATA_RETURN(cmd) \ |
| do { \ |
| if (strcmp(argv[1], #cmd) == 0) { \ |
| if (argc < 3) { \ |
| fprintf(stderr, "Usage: %s " #cmd " <name> <uid>\n", argv[0]); \ |
| return 1; \ |
| } \ |
| std::vector<uint8_t> data; \ |
| int uid = -1; \ |
| if (argc > 3) { \ |
| uid = atoi(argv[3]); \ |
| fprintf(stderr, "Running as uid %d\n", uid); \ |
| } \ |
| ::android::binder::Status ret = service->cmd(String16(argv[2]), uid, &data); \ |
| if (!ret.isOk()) { \ |
| fprintf(stderr, "Exception code: %d\n", ret.exceptionCode()); \ |
| return 1; \ |
| } else { \ |
| fwrite(&data[0], data.size(), 1, stdout); \ |
| fflush(stdout); \ |
| return 0; \ |
| } \ |
| } \ |
| } while (0) |
| |
| #define STRING_ARG_DATA_STDIN_INT_RETURN(cmd) \ |
| do { \ |
| if (strcmp(argv[1], #cmd) == 0) { \ |
| if (argc < 3) { \ |
| fprintf(stderr, "Usage: %s " #cmd " <name>\n", argv[0]); \ |
| return 1; \ |
| } \ |
| uint8_t* data; \ |
| size_t dataSize; \ |
| read_input(&data, &dataSize); \ |
| int32_t ret = -1; \ |
| service->cmd(String16(argv[2]), data, dataSize, &ret); \ |
| if (ret < 0) { \ |
| fprintf(stderr, "%s: could not connect: %d\n", argv[0], ret); \ |
| return 1; \ |
| } else { \ |
| printf(#cmd ": %s (%d)\n", responses[ret], ret); \ |
| return 0; \ |
| } \ |
| } \ |
| } while (0) |
| |
| #define SINGLE_ARG_DATA_RETURN(cmd) \ |
| do { \ |
| if (strcmp(argv[1], #cmd) == 0) { \ |
| if (argc < 3) { \ |
| fprintf(stderr, "Usage: %s " #cmd " <name>\n", argv[0]); \ |
| return 1; \ |
| } \ |
| std::vector<uint8_t> data; \ |
| ::android::binder::Status ret = service->cmd(String16(argv[2]), &data); \ |
| if (!ret.isOk()) { \ |
| fprintf(stderr, "Exception code: %d\n", ret.exceptionCode()); \ |
| return 1; \ |
| } else { \ |
| fwrite(&data[0], data.size(), 1, stdout); \ |
| fflush(stdout); \ |
| return 0; \ |
| } \ |
| } \ |
| } while (0) |
| |
| static int list(const sp<IKeystoreService>& service, const String16& name, int uid) { |
| std::vector<String16> matches; |
| ::android::binder::Status ret = service->list(name, uid, &matches); |
| |
| if (!ret.isOk()) { |
| fprintf(stderr, "list: exception (%d)\n", ret.exceptionCode()); |
| return 1; |
| } else { |
| std::vector<String16>::const_iterator it = matches.begin(); |
| for (; it != matches.end(); ++it) { |
| printf("%s\n", String8(*it).string()); |
| } |
| return 0; |
| } |
| } |
| |
| int main(int argc, char* argv[]) |
| { |
| if (argc < 2) { |
| fprintf(stderr, "Usage: %s action [parameter ...]\n", argv[0]); |
| return 1; |
| } |
| |
| sp<IServiceManager> sm = defaultServiceManager(); |
| sp<IBinder> binder = sm->getService(String16("android.security.keystore")); |
| sp<IKeystoreService> service = interface_cast<IKeystoreService>(binder); |
| |
| if (service == nullptr) { |
| fprintf(stderr, "%s: error: could not connect to keystore service\n", argv[0]); |
| return 1; |
| } |
| |
| /* |
| * All the commands should return a value |
| */ |
| |
| SINGLE_INT_ARG_INT_RETURN(getState); |
| |
| SINGLE_ARG_PLUS_UID_DATA_RETURN(get); |
| |
| // TODO: insert |
| |
| SINGLE_ARG_PLUS_UID_INT_RETURN(del); |
| |
| SINGLE_ARG_PLUS_UID_INT_RETURN(exist); |
| |
| if (strcmp(argv[1], "list") == 0) { |
| return list(service, argc < 3 ? String16("") : String16(argv[2]), |
| argc < 4 ? -1 : atoi(argv[3])); |
| } |
| |
| NO_ARG_INT_RETURN(reset); |
| |
| // TODO: notifyUserPasswordChanged |
| |
| SINGLE_INT_ARG_INT_RETURN(lock); |
| |
| // TODO: unlock |
| |
| SINGLE_INT_ARG_INT_RETURN(isEmpty); |
| |
| // TODO: generate |
| |
| // TODO: grant |
| |
| // TODO: ungrant |
| |
| // TODO: getmtime |
| |
| fprintf(stderr, "%s: unknown command: %s\n", argv[0], argv[1]); |
| return 1; |
| } |