Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / security / bb22a6c50d609dffc7002f906f4d385d7c7cbfdc / . / keystore / keystore_cli_v2.cpp
blob: 9e184e890e453da61fdeabb17cb221785246e314 [file] [log] [blame]
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]1// Copyright 2015 The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15#include <cstdio>
16#include <memory>
17#include <string>
18#include <vector>
19
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame^]20#include <base/command_line.h>
21#include <base/files/file_util.h>
22#include <base/strings/string_util.h>
23#include <keystore/keymaster_types.h>
24#include <keystore/keystore_client_impl.h>
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]25
26using base::CommandLine;
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]27using keystore::KeystoreClient;
28
29namespace {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]30using namespace keystore;
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]31
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]32struct TestCase {
33 std::string name;
34 bool required_for_brillo_pts;
35 AuthorizationSet parameters;
36};
37
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]38void PrintUsageAndExit() {
39 printf("Usage: keystore_client_v2 <command> [options]\n");
Darren Krahn82f4f5b2016-03-03 16:21:07 -0800[diff] [blame]40 printf("Commands: brillo-platform-test [--prefix=<test_name_prefix>] [--test_for_0_3]\n"
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]41 " list-brillo-tests\n"
42 " add-entropy --input=<entropy>\n"
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]43 " generate --name=<key_name>\n"
44 " get-chars --name=<key_name>\n"
45 " export --name=<key_name>\n"
46 " delete --name=<key_name>\n"
47 " delete-all\n"
48 " exists --name=<key_name>\n"
49 " list [--prefix=<key_name_prefix>]\n"
Darren Krahn251cb282015-09-28 08:51:18 -0700[diff] [blame]50 " sign-verify --name=<key_name>\n"
51 " [en|de]crypt --name=<key_name> --in=<file> --out=<file>\n");
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]52 exit(1);
53}
54
55std::unique_ptr<KeystoreClient> CreateKeystoreInstance() {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]56 return std::unique_ptr<KeystoreClient>(
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame^]57 static_cast<KeystoreClient*>(new keystore::KeystoreClientImpl));
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]58}
59
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]60void PrintTags(const AuthorizationSet& parameters) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]61 for (auto iter = parameters.begin(); iter != parameters.end(); ++iter) {
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame^]62 auto tag_str = toString(iter->tag);
63 printf(" %s\n", tag_str.c_str());
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]64 }
65}
66
67void PrintKeyCharacteristics(const AuthorizationSet& hardware_enforced_characteristics,
68 const AuthorizationSet& software_enforced_characteristics) {
69 printf("Hardware:\n");
70 PrintTags(hardware_enforced_characteristics);
71 printf("Software:\n");
72 PrintTags(software_enforced_characteristics);
73}
74
75bool TestKey(const std::string& name, bool required, const AuthorizationSet& parameters) {
76 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
77 AuthorizationSet hardware_enforced_characteristics;
78 AuthorizationSet software_enforced_characteristics;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]79 auto result = keystore->generateKey("tmp", parameters, &hardware_enforced_characteristics,
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame^]80 &software_enforced_characteristics);
Darren Krahn82f4f5b2016-03-03 16:21:07 -0800[diff] [blame]81 const char kBoldRedAbort[] = "\033[1;31mABORT\033[0m";
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]82 if (!result.isOk()) {
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]83 LOG(ERROR) << "Failed to generate key: " << result;
Darren Krahn82f4f5b2016-03-03 16:21:07 -0800[diff] [blame]84 printf("[%s] %s\n", kBoldRedAbort, name.c_str());
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]85 return false;
86 }
87 result = keystore->deleteKey("tmp");
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]88 if (!result.isOk()) {
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]89 LOG(ERROR) << "Failed to delete key: " << result;
Darren Krahn82f4f5b2016-03-03 16:21:07 -0800[diff] [blame]90 printf("[%s] %s\n", kBoldRedAbort, name.c_str());
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]91 return false;
92 }
93 printf("===============================================================\n");
94 printf("%s Key Characteristics:\n", name.c_str());
95 PrintKeyCharacteristics(hardware_enforced_characteristics, software_enforced_characteristics);
96 bool hardware_backed = (hardware_enforced_characteristics.size() > 0);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]97 if (software_enforced_characteristics.GetTagCount(TAG_ALGORITHM) > 0 ||
98 software_enforced_characteristics.GetTagCount(TAG_KEY_SIZE) > 0 ||
99 software_enforced_characteristics.GetTagCount(TAG_RSA_PUBLIC_EXPONENT) > 0) {
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]100 VLOG(1) << "Hardware-backed key but required characteristics enforced in software.";
101 hardware_backed = false;
102 }
103 const char kBoldRedFail[] = "\033[1;31mFAIL\033[0m";
104 const char kBoldGreenPass[] = "\033[1;32mPASS\033[0m";
105 const char kBoldYellowWarn[] = "\033[1;33mWARN\033[0m";
106 printf("[%s] %s\n",
107 hardware_backed ? kBoldGreenPass : (required ? kBoldRedFail : kBoldYellowWarn),
108 name.c_str());
109
110 return (hardware_backed || !required);
111}
112
113AuthorizationSet GetRSASignParameters(uint32_t key_size, bool sha256_only) {
114 AuthorizationSetBuilder parameters;
115 parameters.RsaSigningKey(key_size, 65537)
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]116 .Digest(Digest::SHA_2_256)
117 .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)
118 .Padding(PaddingMode::RSA_PSS)
119 .Authorization(TAG_NO_AUTH_REQUIRED);
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]120 if (!sha256_only) {
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame^]121 parameters.Digest(Digest::SHA_2_224).Digest(Digest::SHA_2_384).Digest(Digest::SHA_2_512);
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]122 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]123 return parameters;
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]124}
125
126AuthorizationSet GetRSAEncryptParameters(uint32_t key_size) {
127 AuthorizationSetBuilder parameters;
128 parameters.RsaEncryptionKey(key_size, 65537)
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]129 .Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT)
130 .Padding(PaddingMode::RSA_OAEP)
131 .Authorization(TAG_NO_AUTH_REQUIRED);
132 return parameters;
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]133}
134
135AuthorizationSet GetECDSAParameters(uint32_t key_size, bool sha256_only) {
136 AuthorizationSetBuilder parameters;
137 parameters.EcdsaSigningKey(key_size)
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]138 .Digest(Digest::SHA_2_256)
139 .Authorization(TAG_NO_AUTH_REQUIRED);
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]140 if (!sha256_only) {
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame^]141 parameters.Digest(Digest::SHA_2_224).Digest(Digest::SHA_2_384).Digest(Digest::SHA_2_512);
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]142 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]143 return parameters;
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]144}
145
146AuthorizationSet GetAESParameters(uint32_t key_size, bool with_gcm_mode) {
147 AuthorizationSetBuilder parameters;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]148 parameters.AesEncryptionKey(key_size).Authorization(TAG_NO_AUTH_REQUIRED);
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]149 if (with_gcm_mode) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]150 parameters.Authorization(TAG_BLOCK_MODE, BlockMode::GCM)
151 .Authorization(TAG_MIN_MAC_LENGTH, 128);
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]152 } else {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]153 parameters.Authorization(TAG_BLOCK_MODE, BlockMode::ECB);
154 parameters.Authorization(TAG_BLOCK_MODE, BlockMode::CBC);
155 parameters.Authorization(TAG_BLOCK_MODE, BlockMode::CTR);
156 parameters.Padding(PaddingMode::NONE);
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]157 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]158 return parameters;
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]159}
160
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]161AuthorizationSet GetHMACParameters(uint32_t key_size, Digest digest) {
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]162 AuthorizationSetBuilder parameters;
163 parameters.HmacKey(key_size)
164 .Digest(digest)
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]165 .Authorization(TAG_MIN_MAC_LENGTH, 224)
166 .Authorization(TAG_NO_AUTH_REQUIRED);
167 return parameters;
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]168}
169
170std::vector<TestCase> GetTestCases() {
171 TestCase test_cases[] = {
172 {"RSA-2048 Sign", true, GetRSASignParameters(2048, true)},
173 {"RSA-2048 Sign (more digests)", false, GetRSASignParameters(2048, false)},
174 {"RSA-3072 Sign", false, GetRSASignParameters(3072, false)},
175 {"RSA-4096 Sign", false, GetRSASignParameters(4096, false)},
176 {"RSA-2048 Encrypt", true, GetRSAEncryptParameters(2048)},
177 {"RSA-3072 Encrypt", false, GetRSAEncryptParameters(3072)},
178 {"RSA-4096 Encrypt", false, GetRSAEncryptParameters(4096)},
179 {"ECDSA-P256 Sign", true, GetECDSAParameters(256, true)},
180 {"ECDSA-P256 Sign (more digests)", false, GetECDSAParameters(256, false)},
181 {"ECDSA-P224 Sign", false, GetECDSAParameters(224, false)},
182 {"ECDSA-P384 Sign", false, GetECDSAParameters(384, false)},
183 {"ECDSA-P521 Sign", false, GetECDSAParameters(521, false)},
184 {"AES-128", true, GetAESParameters(128, false)},
185 {"AES-256", true, GetAESParameters(256, false)},
186 {"AES-128-GCM", false, GetAESParameters(128, true)},
187 {"AES-256-GCM", false, GetAESParameters(256, true)},
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]188 {"HMAC-SHA256-16", true, GetHMACParameters(16, Digest::SHA_2_256)},
189 {"HMAC-SHA256-32", true, GetHMACParameters(32, Digest::SHA_2_256)},
190 {"HMAC-SHA256-64", false, GetHMACParameters(64, Digest::SHA_2_256)},
191 {"HMAC-SHA224-32", false, GetHMACParameters(32, Digest::SHA_2_224)},
192 {"HMAC-SHA384-32", false, GetHMACParameters(32, Digest::SHA_2_384)},
193 {"HMAC-SHA512-32", false, GetHMACParameters(32, Digest::SHA_2_512)},
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]194 };
195 return std::vector<TestCase>(&test_cases[0], &test_cases[arraysize(test_cases)]);
196}
197
Darren Krahn82f4f5b2016-03-03 16:21:07 -0800[diff] [blame]198int BrilloPlatformTest(const std::string& prefix, bool test_for_0_3) {
199 const char kBoldYellowWarning[] = "\033[1;33mWARNING\033[0m";
200 if (test_for_0_3) {
201 printf("%s: Testing for keymaster v0.3. "
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame^]202 "This does not meet Brillo requirements.\n",
203 kBoldYellowWarning);
Darren Krahn82f4f5b2016-03-03 16:21:07 -0800[diff] [blame]204 }
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]205 int test_count = 0;
206 int fail_count = 0;
207 std::vector<TestCase> test_cases = GetTestCases();
208 for (const auto& test_case : test_cases) {
Darren Krahn82f4f5b2016-03-03 16:21:07 -0800[diff] [blame]209 if (!prefix.empty() &&
210 !base::StartsWith(test_case.name, prefix, base::CompareCase::SENSITIVE)) {
211 continue;
212 }
213 if (test_for_0_3 &&
214 (base::StartsWith(test_case.name, "AES", base::CompareCase::SENSITIVE) ||
215 base::StartsWith(test_case.name, "HMAC", base::CompareCase::SENSITIVE))) {
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]216 continue;
217 }
218 ++test_count;
219 if (!TestKey(test_case.name, test_case.required_for_brillo_pts, test_case.parameters)) {
220 VLOG(1) << "Test failed: " << test_case.name;
221 ++fail_count;
222 }
223 }
224 return fail_count;
225}
226
227int ListTestCases() {
228 const char kBoldGreenRequired[] = "\033[1;32mREQUIRED\033[0m";
229 const char kBoldYellowRecommended[] = "\033[1;33mRECOMMENDED\033[0m";
230 std::vector<TestCase> test_cases = GetTestCases();
231 for (const auto& test_case : test_cases) {
232 printf("%s : %s\n", test_case.name.c_str(),
233 test_case.required_for_brillo_pts ? kBoldGreenRequired : kBoldYellowRecommended);
234 }
235 return 0;
236}
237
Darren Krahn251cb282015-09-28 08:51:18 -0700[diff] [blame]238std::string ReadFile(const std::string& filename) {
239 std::string content;
240 base::FilePath path(filename);
241 if (!base::ReadFileToString(path, &content)) {
242 printf("Failed to read file: %s\n", filename.c_str());
243 exit(1);
244 }
245 return content;
246}
247
248void WriteFile(const std::string& filename, const std::string& content) {
249 base::FilePath path(filename);
250 int size = content.size();
251 if (base::WriteFile(path, content.data(), size) != size) {
252 printf("Failed to write file: %s\n", filename.c_str());
253 exit(1);
254 }
255}
256
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]257int AddEntropy(const std::string& input) {
258 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
259 int32_t result = keystore->addRandomNumberGeneratorEntropy(input);
260 printf("AddEntropy: %d\n", result);
261 return result;
262}
263
264int GenerateKey(const std::string& name) {
265 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
266 AuthorizationSetBuilder params;
267 params.RsaSigningKey(2048, 65537)
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]268 .Digest(Digest::SHA_2_224)
269 .Digest(Digest::SHA_2_256)
270 .Digest(Digest::SHA_2_384)
271 .Digest(Digest::SHA_2_512)
272 .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)
273 .Padding(PaddingMode::RSA_PSS)
274 .Authorization(TAG_NO_AUTH_REQUIRED);
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]275 AuthorizationSet hardware_enforced_characteristics;
276 AuthorizationSet software_enforced_characteristics;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]277 auto result = keystore->generateKey(name, params, &hardware_enforced_characteristics,
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame^]278 &software_enforced_characteristics);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]279 printf("GenerateKey: %d\n", int32_t(result));
280 if (result.isOk()) {
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]281 PrintKeyCharacteristics(hardware_enforced_characteristics,
282 software_enforced_characteristics);
283 }
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]284 return result;
285}
286
287int GetCharacteristics(const std::string& name) {
288 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
289 AuthorizationSet hardware_enforced_characteristics;
290 AuthorizationSet software_enforced_characteristics;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]291 auto result = keystore->getKeyCharacteristics(name, &hardware_enforced_characteristics,
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame^]292 &software_enforced_characteristics);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]293 printf("GetCharacteristics: %d\n", int32_t(result));
294 if (result.isOk()) {
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]295 PrintKeyCharacteristics(hardware_enforced_characteristics,
296 software_enforced_characteristics);
297 }
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]298 return result;
299}
300
301int ExportKey(const std::string& name) {
302 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
303 std::string data;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]304 int32_t result = keystore->exportKey(KeyFormat::X509, name, &data);
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]305 printf("ExportKey: %d (%zu)\n", result, data.size());
306 return result;
307}
308
309int DeleteKey(const std::string& name) {
310 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
311 int32_t result = keystore->deleteKey(name);
312 printf("DeleteKey: %d\n", result);
313 return result;
314}
315
316int DeleteAllKeys() {
317 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
318 int32_t result = keystore->deleteAllKeys();
319 printf("DeleteAllKeys: %d\n", result);
320 return result;
321}
322
323int DoesKeyExist(const std::string& name) {
324 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
325 printf("DoesKeyExist: %s\n", keystore->doesKeyExist(name) ? "yes" : "no");
326 return 0;
327}
328
329int List(const std::string& prefix) {
330 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
331 std::vector<std::string> key_list;
332 if (!keystore->listKeys(prefix, &key_list)) {
333 printf("ListKeys failed.\n");
334 return 1;
335 }
336 printf("Keys:\n");
337 for (const auto& key_name : key_list) {
338 printf(" %s\n", key_name.c_str());
339 }
340 return 0;
341}
342
343int SignAndVerify(const std::string& name) {
344 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
345 AuthorizationSetBuilder sign_params;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]346 sign_params.Padding(PaddingMode::RSA_PKCS1_1_5_SIGN);
347 sign_params.Digest(Digest::SHA_2_256);
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]348 AuthorizationSet output_params;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]349 uint64_t handle;
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame^]350 auto result =
351 keystore->beginOperation(KeyPurpose::SIGN, name, sign_params, &output_params, &handle);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]352 if (!result.isOk()) {
353 printf("Sign: BeginOperation failed: %d\n", int32_t(result));
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]354 return result;
355 }
356 AuthorizationSet empty_params;
357 size_t num_input_bytes_consumed;
358 std::string output_data;
359 result = keystore->updateOperation(handle, empty_params, "data_to_sign",
360 &num_input_bytes_consumed, &output_params, &output_data);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]361 if (!result.isOk()) {
362 printf("Sign: UpdateOperation failed: %d\n", int32_t(result));
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]363 return result;
364 }
365 result = keystore->finishOperation(handle, empty_params, std::string() /*signature_to_verify*/,
366 &output_params, &output_data);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]367 if (!result.isOk()) {
368 printf("Sign: FinishOperation failed: %d\n", int32_t(result));
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]369 return result;
370 }
371 printf("Sign: %zu bytes.\n", output_data.size());
372 // We have a signature, now verify it.
373 std::string signature_to_verify = output_data;
Darren Krahn251cb282015-09-28 08:51:18 -0700[diff] [blame]374 output_data.clear();
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame^]375 result =
376 keystore->beginOperation(KeyPurpose::VERIFY, name, sign_params, &output_params, &handle);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]377 if (!result.isOk()) {
378 printf("Verify: BeginOperation failed: %d\n", int32_t(result));
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]379 return result;
380 }
381 result = keystore->updateOperation(handle, empty_params, "data_to_sign",
382 &num_input_bytes_consumed, &output_params, &output_data);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]383 if (!result.isOk()) {
384 printf("Verify: UpdateOperation failed: %d\n", int32_t(result));
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]385 return result;
386 }
387 result = keystore->finishOperation(handle, empty_params, signature_to_verify, &output_params,
388 &output_data);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]389 if (result == ErrorCode::VERIFICATION_FAILED) {
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]390 printf("Verify: Failed to verify signature.\n");
391 return result;
392 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]393 if (!result.isOk()) {
394 printf("Verify: FinishOperation failed: %d\n", int32_t(result));
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]395 return result;
396 }
397 printf("Verify: OK\n");
398 return 0;
399}
400
Darren Krahn251cb282015-09-28 08:51:18 -0700[diff] [blame]401int Encrypt(const std::string& key_name, const std::string& input_filename,
402 const std::string& output_filename) {
403 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
404 std::string input = ReadFile(input_filename);
405 std::string output;
406 if (!keystore->encryptWithAuthentication(key_name, input, &output)) {
407 printf("EncryptWithAuthentication failed.\n");
408 return 1;
409 }
410 WriteFile(output_filename, output);
411 return 0;
412}
413
414int Decrypt(const std::string& key_name, const std::string& input_filename,
415 const std::string& output_filename) {
416 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
417 std::string input = ReadFile(input_filename);
418 std::string output;
419 if (!keystore->decryptWithAuthentication(key_name, input, &output)) {
420 printf("DecryptWithAuthentication failed.\n");
421 return 1;
422 }
423 WriteFile(output_filename, output);
424 return 0;
425}
426
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]427} // namespace
428
429int main(int argc, char** argv) {
430 CommandLine::Init(argc, argv);
431 CommandLine* command_line = CommandLine::ForCurrentProcess();
432 CommandLine::StringVector args = command_line->GetArgs();
433 if (args.empty()) {
434 PrintUsageAndExit();
435 }
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]436 if (args[0] == "brillo-platform-test") {
Darren Krahn82f4f5b2016-03-03 16:21:07 -0800[diff] [blame]437 return BrilloPlatformTest(command_line->GetSwitchValueASCII("prefix"),
438 command_line->HasSwitch("test_for_0_3"));
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]439 } else if (args[0] == "list-brillo-tests") {
440 return ListTestCases();
441 } else if (args[0] == "add-entropy") {
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]442 return AddEntropy(command_line->GetSwitchValueASCII("input"));
443 } else if (args[0] == "generate") {
444 return GenerateKey(command_line->GetSwitchValueASCII("name"));
445 } else if (args[0] == "get-chars") {
446 return GetCharacteristics(command_line->GetSwitchValueASCII("name"));
447 } else if (args[0] == "export") {
448 return ExportKey(command_line->GetSwitchValueASCII("name"));
449 } else if (args[0] == "delete") {
450 return DeleteKey(command_line->GetSwitchValueASCII("name"));
451 } else if (args[0] == "delete-all") {
452 return DeleteAllKeys();
453 } else if (args[0] == "exists") {
454 return DoesKeyExist(command_line->GetSwitchValueASCII("name"));
455 } else if (args[0] == "list") {
456 return List(command_line->GetSwitchValueASCII("prefix"));
457 } else if (args[0] == "sign-verify") {
458 return SignAndVerify(command_line->GetSwitchValueASCII("name"));
Darren Krahn251cb282015-09-28 08:51:18 -0700[diff] [blame]459 } else if (args[0] == "encrypt") {
460 return Encrypt(command_line->GetSwitchValueASCII("name"),
461 command_line->GetSwitchValueASCII("in"),
462 command_line->GetSwitchValueASCII("out"));
463 } else if (args[0] == "decrypt") {
464 return Decrypt(command_line->GetSwitchValueASCII("name"),
465 command_line->GetSwitchValueASCII("in"),
466 command_line->GetSwitchValueASCII("out"));
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]467 } else {
468 PrintUsageAndExit();
469 }
470 return 0;
471}