Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 1 | // Copyright 2015 The Android Open Source Project |
| 2 | // |
| 3 | // Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | // you may not use this file except in compliance with the License. |
| 5 | // You may obtain a copy of the License at |
| 6 | // |
| 7 | // http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | // |
| 9 | // Unless required by applicable law or agreed to in writing, software |
| 10 | // distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | // See the License for the specific language governing permissions and |
| 13 | // limitations under the License. |
| 14 | |
Janis Danisevskis | 4aec5bc | 2018-11-14 20:36:55 -0800 | [diff] [blame] | 15 | #include <chrono> |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 16 | #include <cstdio> |
Janis Danisevskis | 4aec5bc | 2018-11-14 20:36:55 -0800 | [diff] [blame] | 17 | #include <future> |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 18 | #include <memory> |
| 19 | #include <string> |
| 20 | #include <vector> |
| 21 | |
Shawn Willden | bb22a6c | 2017-12-06 19:35:28 -0700 | [diff] [blame] | 22 | #include <base/command_line.h> |
| 23 | #include <base/files/file_util.h> |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 24 | #include <base/strings/string_number_conversions.h> |
| 25 | #include <base/strings/string_split.h> |
Shawn Willden | bb22a6c | 2017-12-06 19:35:28 -0700 | [diff] [blame] | 26 | #include <base/strings/string_util.h> |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 27 | #include <base/strings/utf_string_conversions.h> |
| 28 | #include <base/threading/platform_thread.h> |
Shawn Willden | bb22a6c | 2017-12-06 19:35:28 -0700 | [diff] [blame] | 29 | #include <keystore/keymaster_types.h> |
| 30 | #include <keystore/keystore_client_impl.h> |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 31 | |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 32 | #include <android/hardware/confirmationui/1.0/types.h> |
| 33 | #include <android/security/BnConfirmationPromptCallback.h> |
Rob Barnes | bb6cabd | 2018-10-04 17:10:37 -0600 | [diff] [blame] | 34 | #include <android/security/keystore/IKeystoreService.h> |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 35 | |
| 36 | #include <binder/IPCThreadState.h> |
| 37 | #include <binder/IServiceManager.h> |
| 38 | |
| 39 | //#include <keystore/keystore.h> |
| 40 | |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 41 | using base::CommandLine; |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 42 | using keystore::KeystoreClient; |
| 43 | |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 44 | using android::sp; |
| 45 | using android::String16; |
Rob Barnes | bb6cabd | 2018-10-04 17:10:37 -0600 | [diff] [blame] | 46 | using android::security::keystore::IKeystoreService; |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 47 | using base::CommandLine; |
| 48 | using ConfirmationResponseCode = android::hardware::confirmationui::V1_0::ResponseCode; |
| 49 | |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 50 | namespace { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 51 | using namespace keystore; |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 52 | |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 53 | struct TestCase { |
| 54 | std::string name; |
| 55 | bool required_for_brillo_pts; |
| 56 | AuthorizationSet parameters; |
| 57 | }; |
| 58 | |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 59 | void PrintUsageAndExit() { |
| 60 | printf("Usage: keystore_client_v2 <command> [options]\n"); |
Darren Krahn | 82f4f5b | 2016-03-03 16:21:07 -0800 | [diff] [blame] | 61 | printf("Commands: brillo-platform-test [--prefix=<test_name_prefix>] [--test_for_0_3]\n" |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 62 | " list-brillo-tests\n" |
Janis Danisevskis | c146014 | 2017-12-18 16:48:46 -0800 | [diff] [blame] | 63 | " add-entropy --input=<entropy> [--seclevel=software|strongbox|tee(default)]\n" |
| 64 | " generate --name=<key_name> [--seclevel=software|strongbox|tee(default)]\n" |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 65 | " get-chars --name=<key_name>\n" |
| 66 | " export --name=<key_name>\n" |
| 67 | " delete --name=<key_name>\n" |
| 68 | " delete-all\n" |
| 69 | " exists --name=<key_name>\n" |
| 70 | " list [--prefix=<key_name_prefix>]\n" |
Rob Barnes | eb7f79b | 2018-11-08 15:44:10 -0700 | [diff] [blame] | 71 | " list-apps-with-keys\n" |
Darren Krahn | 251cb28 | 2015-09-28 08:51:18 -0700 | [diff] [blame] | 72 | " sign-verify --name=<key_name>\n" |
Janis Danisevskis | c146014 | 2017-12-18 16:48:46 -0800 | [diff] [blame] | 73 | " [en|de]crypt --name=<key_name> --in=<file> --out=<file>\n" |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 74 | " [--seclevel=software|strongbox|tee(default)]\n" |
| 75 | " confirmation --prompt_text=<PromptText> --extra_data=<hex>\n" |
| 76 | " --locale=<locale> [--ui_options=<list_of_ints>]\n" |
| 77 | " --cancel_after=<seconds>\n"); |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 78 | exit(1); |
| 79 | } |
| 80 | |
| 81 | std::unique_ptr<KeystoreClient> CreateKeystoreInstance() { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 82 | return std::unique_ptr<KeystoreClient>( |
Shawn Willden | bb22a6c | 2017-12-06 19:35:28 -0700 | [diff] [blame] | 83 | static_cast<KeystoreClient*>(new keystore::KeystoreClientImpl)); |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 84 | } |
| 85 | |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 86 | void PrintTags(const AuthorizationSet& parameters) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 87 | for (auto iter = parameters.begin(); iter != parameters.end(); ++iter) { |
Shawn Willden | bb22a6c | 2017-12-06 19:35:28 -0700 | [diff] [blame] | 88 | auto tag_str = toString(iter->tag); |
| 89 | printf(" %s\n", tag_str.c_str()); |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 90 | } |
| 91 | } |
| 92 | |
| 93 | void PrintKeyCharacteristics(const AuthorizationSet& hardware_enforced_characteristics, |
| 94 | const AuthorizationSet& software_enforced_characteristics) { |
| 95 | printf("Hardware:\n"); |
| 96 | PrintTags(hardware_enforced_characteristics); |
| 97 | printf("Software:\n"); |
| 98 | PrintTags(software_enforced_characteristics); |
| 99 | } |
| 100 | |
| 101 | bool TestKey(const std::string& name, bool required, const AuthorizationSet& parameters) { |
| 102 | std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| 103 | AuthorizationSet hardware_enforced_characteristics; |
| 104 | AuthorizationSet software_enforced_characteristics; |
Janis Danisevskis | c146014 | 2017-12-18 16:48:46 -0800 | [diff] [blame] | 105 | auto result = |
| 106 | keystore->generateKey("tmp", parameters, 0 /*flags*/, &hardware_enforced_characteristics, |
| 107 | &software_enforced_characteristics); |
Darren Krahn | 82f4f5b | 2016-03-03 16:21:07 -0800 | [diff] [blame] | 108 | const char kBoldRedAbort[] = "\033[1;31mABORT\033[0m"; |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 109 | if (!result.isOk()) { |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 110 | LOG(ERROR) << "Failed to generate key: " << result; |
Darren Krahn | 82f4f5b | 2016-03-03 16:21:07 -0800 | [diff] [blame] | 111 | printf("[%s] %s\n", kBoldRedAbort, name.c_str()); |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 112 | return false; |
| 113 | } |
| 114 | result = keystore->deleteKey("tmp"); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 115 | if (!result.isOk()) { |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 116 | LOG(ERROR) << "Failed to delete key: " << result; |
Darren Krahn | 82f4f5b | 2016-03-03 16:21:07 -0800 | [diff] [blame] | 117 | printf("[%s] %s\n", kBoldRedAbort, name.c_str()); |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 118 | return false; |
| 119 | } |
| 120 | printf("===============================================================\n"); |
| 121 | printf("%s Key Characteristics:\n", name.c_str()); |
| 122 | PrintKeyCharacteristics(hardware_enforced_characteristics, software_enforced_characteristics); |
| 123 | bool hardware_backed = (hardware_enforced_characteristics.size() > 0); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 124 | if (software_enforced_characteristics.GetTagCount(TAG_ALGORITHM) > 0 || |
| 125 | software_enforced_characteristics.GetTagCount(TAG_KEY_SIZE) > 0 || |
| 126 | software_enforced_characteristics.GetTagCount(TAG_RSA_PUBLIC_EXPONENT) > 0) { |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 127 | VLOG(1) << "Hardware-backed key but required characteristics enforced in software."; |
| 128 | hardware_backed = false; |
| 129 | } |
| 130 | const char kBoldRedFail[] = "\033[1;31mFAIL\033[0m"; |
| 131 | const char kBoldGreenPass[] = "\033[1;32mPASS\033[0m"; |
| 132 | const char kBoldYellowWarn[] = "\033[1;33mWARN\033[0m"; |
| 133 | printf("[%s] %s\n", |
| 134 | hardware_backed ? kBoldGreenPass : (required ? kBoldRedFail : kBoldYellowWarn), |
| 135 | name.c_str()); |
| 136 | |
| 137 | return (hardware_backed || !required); |
| 138 | } |
| 139 | |
| 140 | AuthorizationSet GetRSASignParameters(uint32_t key_size, bool sha256_only) { |
| 141 | AuthorizationSetBuilder parameters; |
| 142 | parameters.RsaSigningKey(key_size, 65537) |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 143 | .Digest(Digest::SHA_2_256) |
| 144 | .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN) |
| 145 | .Padding(PaddingMode::RSA_PSS) |
| 146 | .Authorization(TAG_NO_AUTH_REQUIRED); |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 147 | if (!sha256_only) { |
Shawn Willden | bb22a6c | 2017-12-06 19:35:28 -0700 | [diff] [blame] | 148 | parameters.Digest(Digest::SHA_2_224).Digest(Digest::SHA_2_384).Digest(Digest::SHA_2_512); |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 149 | } |
Yi Kong | 53b02f7 | 2018-07-26 17:13:50 -0700 | [diff] [blame] | 150 | return std::move(parameters); |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 151 | } |
| 152 | |
| 153 | AuthorizationSet GetRSAEncryptParameters(uint32_t key_size) { |
| 154 | AuthorizationSetBuilder parameters; |
| 155 | parameters.RsaEncryptionKey(key_size, 65537) |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 156 | .Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT) |
| 157 | .Padding(PaddingMode::RSA_OAEP) |
| 158 | .Authorization(TAG_NO_AUTH_REQUIRED); |
Yi Kong | 53b02f7 | 2018-07-26 17:13:50 -0700 | [diff] [blame] | 159 | return std::move(parameters); |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 160 | } |
| 161 | |
| 162 | AuthorizationSet GetECDSAParameters(uint32_t key_size, bool sha256_only) { |
| 163 | AuthorizationSetBuilder parameters; |
| 164 | parameters.EcdsaSigningKey(key_size) |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 165 | .Digest(Digest::SHA_2_256) |
| 166 | .Authorization(TAG_NO_AUTH_REQUIRED); |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 167 | if (!sha256_only) { |
Shawn Willden | bb22a6c | 2017-12-06 19:35:28 -0700 | [diff] [blame] | 168 | parameters.Digest(Digest::SHA_2_224).Digest(Digest::SHA_2_384).Digest(Digest::SHA_2_512); |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 169 | } |
Yi Kong | 53b02f7 | 2018-07-26 17:13:50 -0700 | [diff] [blame] | 170 | return std::move(parameters); |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 171 | } |
| 172 | |
| 173 | AuthorizationSet GetAESParameters(uint32_t key_size, bool with_gcm_mode) { |
| 174 | AuthorizationSetBuilder parameters; |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 175 | parameters.AesEncryptionKey(key_size).Authorization(TAG_NO_AUTH_REQUIRED); |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 176 | if (with_gcm_mode) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 177 | parameters.Authorization(TAG_BLOCK_MODE, BlockMode::GCM) |
| 178 | .Authorization(TAG_MIN_MAC_LENGTH, 128); |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 179 | } else { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 180 | parameters.Authorization(TAG_BLOCK_MODE, BlockMode::ECB); |
| 181 | parameters.Authorization(TAG_BLOCK_MODE, BlockMode::CBC); |
| 182 | parameters.Authorization(TAG_BLOCK_MODE, BlockMode::CTR); |
| 183 | parameters.Padding(PaddingMode::NONE); |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 184 | } |
Yi Kong | 53b02f7 | 2018-07-26 17:13:50 -0700 | [diff] [blame] | 185 | return std::move(parameters); |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 186 | } |
| 187 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 188 | AuthorizationSet GetHMACParameters(uint32_t key_size, Digest digest) { |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 189 | AuthorizationSetBuilder parameters; |
| 190 | parameters.HmacKey(key_size) |
| 191 | .Digest(digest) |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 192 | .Authorization(TAG_MIN_MAC_LENGTH, 224) |
| 193 | .Authorization(TAG_NO_AUTH_REQUIRED); |
Yi Kong | 53b02f7 | 2018-07-26 17:13:50 -0700 | [diff] [blame] | 194 | return std::move(parameters); |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 195 | } |
| 196 | |
| 197 | std::vector<TestCase> GetTestCases() { |
| 198 | TestCase test_cases[] = { |
| 199 | {"RSA-2048 Sign", true, GetRSASignParameters(2048, true)}, |
| 200 | {"RSA-2048 Sign (more digests)", false, GetRSASignParameters(2048, false)}, |
| 201 | {"RSA-3072 Sign", false, GetRSASignParameters(3072, false)}, |
| 202 | {"RSA-4096 Sign", false, GetRSASignParameters(4096, false)}, |
| 203 | {"RSA-2048 Encrypt", true, GetRSAEncryptParameters(2048)}, |
| 204 | {"RSA-3072 Encrypt", false, GetRSAEncryptParameters(3072)}, |
| 205 | {"RSA-4096 Encrypt", false, GetRSAEncryptParameters(4096)}, |
| 206 | {"ECDSA-P256 Sign", true, GetECDSAParameters(256, true)}, |
| 207 | {"ECDSA-P256 Sign (more digests)", false, GetECDSAParameters(256, false)}, |
| 208 | {"ECDSA-P224 Sign", false, GetECDSAParameters(224, false)}, |
| 209 | {"ECDSA-P384 Sign", false, GetECDSAParameters(384, false)}, |
| 210 | {"ECDSA-P521 Sign", false, GetECDSAParameters(521, false)}, |
| 211 | {"AES-128", true, GetAESParameters(128, false)}, |
| 212 | {"AES-256", true, GetAESParameters(256, false)}, |
| 213 | {"AES-128-GCM", false, GetAESParameters(128, true)}, |
| 214 | {"AES-256-GCM", false, GetAESParameters(256, true)}, |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 215 | {"HMAC-SHA256-16", true, GetHMACParameters(16, Digest::SHA_2_256)}, |
| 216 | {"HMAC-SHA256-32", true, GetHMACParameters(32, Digest::SHA_2_256)}, |
| 217 | {"HMAC-SHA256-64", false, GetHMACParameters(64, Digest::SHA_2_256)}, |
| 218 | {"HMAC-SHA224-32", false, GetHMACParameters(32, Digest::SHA_2_224)}, |
| 219 | {"HMAC-SHA384-32", false, GetHMACParameters(32, Digest::SHA_2_384)}, |
| 220 | {"HMAC-SHA512-32", false, GetHMACParameters(32, Digest::SHA_2_512)}, |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 221 | }; |
| 222 | return std::vector<TestCase>(&test_cases[0], &test_cases[arraysize(test_cases)]); |
| 223 | } |
| 224 | |
Darren Krahn | 82f4f5b | 2016-03-03 16:21:07 -0800 | [diff] [blame] | 225 | int BrilloPlatformTest(const std::string& prefix, bool test_for_0_3) { |
| 226 | const char kBoldYellowWarning[] = "\033[1;33mWARNING\033[0m"; |
| 227 | if (test_for_0_3) { |
| 228 | printf("%s: Testing for keymaster v0.3. " |
Shawn Willden | bb22a6c | 2017-12-06 19:35:28 -0700 | [diff] [blame] | 229 | "This does not meet Brillo requirements.\n", |
| 230 | kBoldYellowWarning); |
Darren Krahn | 82f4f5b | 2016-03-03 16:21:07 -0800 | [diff] [blame] | 231 | } |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 232 | int test_count = 0; |
| 233 | int fail_count = 0; |
| 234 | std::vector<TestCase> test_cases = GetTestCases(); |
| 235 | for (const auto& test_case : test_cases) { |
Darren Krahn | 82f4f5b | 2016-03-03 16:21:07 -0800 | [diff] [blame] | 236 | if (!prefix.empty() && |
| 237 | !base::StartsWith(test_case.name, prefix, base::CompareCase::SENSITIVE)) { |
| 238 | continue; |
| 239 | } |
| 240 | if (test_for_0_3 && |
| 241 | (base::StartsWith(test_case.name, "AES", base::CompareCase::SENSITIVE) || |
| 242 | base::StartsWith(test_case.name, "HMAC", base::CompareCase::SENSITIVE))) { |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 243 | continue; |
| 244 | } |
| 245 | ++test_count; |
| 246 | if (!TestKey(test_case.name, test_case.required_for_brillo_pts, test_case.parameters)) { |
| 247 | VLOG(1) << "Test failed: " << test_case.name; |
| 248 | ++fail_count; |
| 249 | } |
| 250 | } |
| 251 | return fail_count; |
| 252 | } |
| 253 | |
| 254 | int ListTestCases() { |
| 255 | const char kBoldGreenRequired[] = "\033[1;32mREQUIRED\033[0m"; |
| 256 | const char kBoldYellowRecommended[] = "\033[1;33mRECOMMENDED\033[0m"; |
| 257 | std::vector<TestCase> test_cases = GetTestCases(); |
| 258 | for (const auto& test_case : test_cases) { |
| 259 | printf("%s : %s\n", test_case.name.c_str(), |
| 260 | test_case.required_for_brillo_pts ? kBoldGreenRequired : kBoldYellowRecommended); |
| 261 | } |
| 262 | return 0; |
| 263 | } |
| 264 | |
Darren Krahn | 251cb28 | 2015-09-28 08:51:18 -0700 | [diff] [blame] | 265 | std::string ReadFile(const std::string& filename) { |
| 266 | std::string content; |
| 267 | base::FilePath path(filename); |
| 268 | if (!base::ReadFileToString(path, &content)) { |
| 269 | printf("Failed to read file: %s\n", filename.c_str()); |
| 270 | exit(1); |
| 271 | } |
| 272 | return content; |
| 273 | } |
| 274 | |
| 275 | void WriteFile(const std::string& filename, const std::string& content) { |
| 276 | base::FilePath path(filename); |
| 277 | int size = content.size(); |
| 278 | if (base::WriteFile(path, content.data(), size) != size) { |
| 279 | printf("Failed to write file: %s\n", filename.c_str()); |
| 280 | exit(1); |
| 281 | } |
| 282 | } |
| 283 | |
Janis Danisevskis | c146014 | 2017-12-18 16:48:46 -0800 | [diff] [blame] | 284 | int AddEntropy(const std::string& input, int32_t flags) { |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 285 | std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
Branden Archer | 7008074 | 2018-11-20 11:04:11 -0800 | [diff] [blame] | 286 | int32_t result = keystore->addRandomNumberGeneratorEntropy(input, flags).getErrorCode(); |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 287 | printf("AddEntropy: %d\n", result); |
| 288 | return result; |
| 289 | } |
| 290 | |
Rob Barnes | eb7f79b | 2018-11-08 15:44:10 -0700 | [diff] [blame] | 291 | // Note: auth_bound keys created with this tool will not be usable. |
| 292 | int GenerateKey(const std::string& name, int32_t flags, bool auth_bound) { |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 293 | std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| 294 | AuthorizationSetBuilder params; |
| 295 | params.RsaSigningKey(2048, 65537) |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 296 | .Digest(Digest::SHA_2_224) |
| 297 | .Digest(Digest::SHA_2_256) |
| 298 | .Digest(Digest::SHA_2_384) |
| 299 | .Digest(Digest::SHA_2_512) |
| 300 | .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN) |
Rob Barnes | eb7f79b | 2018-11-08 15:44:10 -0700 | [diff] [blame] | 301 | .Padding(PaddingMode::RSA_PSS); |
| 302 | if (auth_bound) { |
| 303 | // Gatekeeper normally generates the secure user id. |
| 304 | // Using zero allows the key to be created, but it will not be usuable. |
| 305 | params.Authorization(TAG_USER_SECURE_ID, 0); |
| 306 | } else { |
| 307 | params.Authorization(TAG_NO_AUTH_REQUIRED); |
| 308 | } |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 309 | AuthorizationSet hardware_enforced_characteristics; |
| 310 | AuthorizationSet software_enforced_characteristics; |
Janis Danisevskis | c146014 | 2017-12-18 16:48:46 -0800 | [diff] [blame] | 311 | auto result = keystore->generateKey(name, params, flags, &hardware_enforced_characteristics, |
Shawn Willden | bb22a6c | 2017-12-06 19:35:28 -0700 | [diff] [blame] | 312 | &software_enforced_characteristics); |
Branden Archer | 7008074 | 2018-11-20 11:04:11 -0800 | [diff] [blame] | 313 | printf("GenerateKey: %d\n", result.getErrorCode()); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 314 | if (result.isOk()) { |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 315 | PrintKeyCharacteristics(hardware_enforced_characteristics, |
| 316 | software_enforced_characteristics); |
| 317 | } |
Branden Archer | 7008074 | 2018-11-20 11:04:11 -0800 | [diff] [blame] | 318 | return result.getErrorCode(); |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 319 | } |
| 320 | |
| 321 | int GetCharacteristics(const std::string& name) { |
| 322 | std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| 323 | AuthorizationSet hardware_enforced_characteristics; |
| 324 | AuthorizationSet software_enforced_characteristics; |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 325 | auto result = keystore->getKeyCharacteristics(name, &hardware_enforced_characteristics, |
Shawn Willden | bb22a6c | 2017-12-06 19:35:28 -0700 | [diff] [blame] | 326 | &software_enforced_characteristics); |
Branden Archer | 7008074 | 2018-11-20 11:04:11 -0800 | [diff] [blame] | 327 | printf("GetCharacteristics: %d\n", result.getErrorCode()); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 328 | if (result.isOk()) { |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 329 | PrintKeyCharacteristics(hardware_enforced_characteristics, |
| 330 | software_enforced_characteristics); |
| 331 | } |
Branden Archer | 7008074 | 2018-11-20 11:04:11 -0800 | [diff] [blame] | 332 | return result.getErrorCode(); |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 333 | } |
| 334 | |
| 335 | int ExportKey(const std::string& name) { |
| 336 | std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| 337 | std::string data; |
Branden Archer | 7008074 | 2018-11-20 11:04:11 -0800 | [diff] [blame] | 338 | int32_t result = keystore->exportKey(KeyFormat::X509, name, &data).getErrorCode(); |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 339 | printf("ExportKey: %d (%zu)\n", result, data.size()); |
| 340 | return result; |
| 341 | } |
| 342 | |
| 343 | int DeleteKey(const std::string& name) { |
| 344 | std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
Branden Archer | 7008074 | 2018-11-20 11:04:11 -0800 | [diff] [blame] | 345 | int32_t result = keystore->deleteKey(name).getErrorCode(); |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 346 | printf("DeleteKey: %d\n", result); |
| 347 | return result; |
| 348 | } |
| 349 | |
| 350 | int DeleteAllKeys() { |
| 351 | std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
Branden Archer | 7008074 | 2018-11-20 11:04:11 -0800 | [diff] [blame] | 352 | int32_t result = keystore->deleteAllKeys().getErrorCode(); |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 353 | printf("DeleteAllKeys: %d\n", result); |
| 354 | return result; |
| 355 | } |
| 356 | |
| 357 | int DoesKeyExist(const std::string& name) { |
| 358 | std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| 359 | printf("DoesKeyExist: %s\n", keystore->doesKeyExist(name) ? "yes" : "no"); |
| 360 | return 0; |
| 361 | } |
| 362 | |
| 363 | int List(const std::string& prefix) { |
| 364 | std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| 365 | std::vector<std::string> key_list; |
| 366 | if (!keystore->listKeys(prefix, &key_list)) { |
| 367 | printf("ListKeys failed.\n"); |
| 368 | return 1; |
| 369 | } |
| 370 | printf("Keys:\n"); |
| 371 | for (const auto& key_name : key_list) { |
| 372 | printf(" %s\n", key_name.c_str()); |
| 373 | } |
| 374 | return 0; |
| 375 | } |
| 376 | |
Rob Barnes | eb7f79b | 2018-11-08 15:44:10 -0700 | [diff] [blame] | 377 | int ListAppsWithKeys() { |
| 378 | |
| 379 | sp<android::IServiceManager> sm = android::defaultServiceManager(); |
| 380 | sp<android::IBinder> binder = sm->getService(String16("android.security.keystore")); |
| 381 | sp<IKeystoreService> service = android::interface_cast<IKeystoreService>(binder); |
| 382 | if (service == nullptr) { |
| 383 | fprintf(stderr, "Error connecting to keystore service.\n"); |
| 384 | return 1; |
| 385 | } |
| 386 | int32_t aidl_return; |
Rob Barnes | 5d59e63 | 2018-12-07 16:09:02 -0700 | [diff] [blame] | 387 | ::std::vector<::std::string> uids; |
Rob Barnes | eb7f79b | 2018-11-08 15:44:10 -0700 | [diff] [blame] | 388 | android::binder::Status status = service->listUidsOfAuthBoundKeys(&uids, &aidl_return); |
| 389 | if (!status.isOk()) { |
| 390 | fprintf(stderr, "Requesting uids of auth bound keys failed with error %s.\n", |
| 391 | status.toString8().c_str()); |
| 392 | return 1; |
| 393 | } |
| 394 | if (!KeyStoreNativeReturnCode(aidl_return).isOk()) { |
| 395 | fprintf(stderr, "Requesting uids of auth bound keys failed with code %d.\n", aidl_return); |
| 396 | return 1; |
| 397 | } |
| 398 | printf("Apps with auth bound keys:\n"); |
| 399 | for (auto i = uids.begin(); i != uids.end(); ++i) { |
Rob Barnes | 5d59e63 | 2018-12-07 16:09:02 -0700 | [diff] [blame] | 400 | printf("%s\n", i->c_str()); |
Rob Barnes | eb7f79b | 2018-11-08 15:44:10 -0700 | [diff] [blame] | 401 | } |
| 402 | return 0; |
| 403 | } |
| 404 | |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 405 | int SignAndVerify(const std::string& name) { |
| 406 | std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| 407 | AuthorizationSetBuilder sign_params; |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 408 | sign_params.Padding(PaddingMode::RSA_PKCS1_1_5_SIGN); |
| 409 | sign_params.Digest(Digest::SHA_2_256); |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 410 | AuthorizationSet output_params; |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 411 | uint64_t handle; |
Shawn Willden | bb22a6c | 2017-12-06 19:35:28 -0700 | [diff] [blame] | 412 | auto result = |
| 413 | keystore->beginOperation(KeyPurpose::SIGN, name, sign_params, &output_params, &handle); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 414 | if (!result.isOk()) { |
Branden Archer | 7008074 | 2018-11-20 11:04:11 -0800 | [diff] [blame] | 415 | printf("Sign: BeginOperation failed: %d\n", result.getErrorCode()); |
| 416 | return result.getErrorCode(); |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 417 | } |
| 418 | AuthorizationSet empty_params; |
| 419 | size_t num_input_bytes_consumed; |
| 420 | std::string output_data; |
| 421 | result = keystore->updateOperation(handle, empty_params, "data_to_sign", |
| 422 | &num_input_bytes_consumed, &output_params, &output_data); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 423 | if (!result.isOk()) { |
Branden Archer | 7008074 | 2018-11-20 11:04:11 -0800 | [diff] [blame] | 424 | printf("Sign: UpdateOperation failed: %d\n", result.getErrorCode()); |
| 425 | return result.getErrorCode(); |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 426 | } |
| 427 | result = keystore->finishOperation(handle, empty_params, std::string() /*signature_to_verify*/, |
| 428 | &output_params, &output_data); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 429 | if (!result.isOk()) { |
Branden Archer | 7008074 | 2018-11-20 11:04:11 -0800 | [diff] [blame] | 430 | printf("Sign: FinishOperation failed: %d\n", result.getErrorCode()); |
| 431 | return result.getErrorCode(); |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 432 | } |
| 433 | printf("Sign: %zu bytes.\n", output_data.size()); |
| 434 | // We have a signature, now verify it. |
| 435 | std::string signature_to_verify = output_data; |
Darren Krahn | 251cb28 | 2015-09-28 08:51:18 -0700 | [diff] [blame] | 436 | output_data.clear(); |
Shawn Willden | bb22a6c | 2017-12-06 19:35:28 -0700 | [diff] [blame] | 437 | result = |
| 438 | keystore->beginOperation(KeyPurpose::VERIFY, name, sign_params, &output_params, &handle); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 439 | if (!result.isOk()) { |
Branden Archer | 7008074 | 2018-11-20 11:04:11 -0800 | [diff] [blame] | 440 | printf("Verify: BeginOperation failed: %d\n", result.getErrorCode()); |
| 441 | return result.getErrorCode(); |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 442 | } |
| 443 | result = keystore->updateOperation(handle, empty_params, "data_to_sign", |
| 444 | &num_input_bytes_consumed, &output_params, &output_data); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 445 | if (!result.isOk()) { |
Branden Archer | 7008074 | 2018-11-20 11:04:11 -0800 | [diff] [blame] | 446 | printf("Verify: UpdateOperation failed: %d\n", result.getErrorCode()); |
| 447 | return result.getErrorCode(); |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 448 | } |
| 449 | result = keystore->finishOperation(handle, empty_params, signature_to_verify, &output_params, |
| 450 | &output_data); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 451 | if (result == ErrorCode::VERIFICATION_FAILED) { |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 452 | printf("Verify: Failed to verify signature.\n"); |
Branden Archer | 7008074 | 2018-11-20 11:04:11 -0800 | [diff] [blame] | 453 | return result.getErrorCode(); |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 454 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 455 | if (!result.isOk()) { |
Branden Archer | 7008074 | 2018-11-20 11:04:11 -0800 | [diff] [blame] | 456 | printf("Verify: FinishOperation failed: %d\n", result.getErrorCode()); |
| 457 | return result.getErrorCode(); |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 458 | } |
| 459 | printf("Verify: OK\n"); |
| 460 | return 0; |
| 461 | } |
| 462 | |
Darren Krahn | 251cb28 | 2015-09-28 08:51:18 -0700 | [diff] [blame] | 463 | int Encrypt(const std::string& key_name, const std::string& input_filename, |
Janis Danisevskis | c146014 | 2017-12-18 16:48:46 -0800 | [diff] [blame] | 464 | const std::string& output_filename, int32_t flags) { |
Darren Krahn | 251cb28 | 2015-09-28 08:51:18 -0700 | [diff] [blame] | 465 | std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| 466 | std::string input = ReadFile(input_filename); |
| 467 | std::string output; |
Janis Danisevskis | c146014 | 2017-12-18 16:48:46 -0800 | [diff] [blame] | 468 | if (!keystore->encryptWithAuthentication(key_name, input, flags, &output)) { |
Darren Krahn | 251cb28 | 2015-09-28 08:51:18 -0700 | [diff] [blame] | 469 | printf("EncryptWithAuthentication failed.\n"); |
| 470 | return 1; |
| 471 | } |
| 472 | WriteFile(output_filename, output); |
| 473 | return 0; |
| 474 | } |
| 475 | |
| 476 | int Decrypt(const std::string& key_name, const std::string& input_filename, |
| 477 | const std::string& output_filename) { |
| 478 | std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| 479 | std::string input = ReadFile(input_filename); |
| 480 | std::string output; |
| 481 | if (!keystore->decryptWithAuthentication(key_name, input, &output)) { |
| 482 | printf("DecryptWithAuthentication failed.\n"); |
| 483 | return 1; |
| 484 | } |
| 485 | WriteFile(output_filename, output); |
| 486 | return 0; |
| 487 | } |
| 488 | |
Janis Danisevskis | c146014 | 2017-12-18 16:48:46 -0800 | [diff] [blame] | 489 | uint32_t securityLevelOption2Flags(const CommandLine& cmd) { |
| 490 | if (cmd.HasSwitch("seclevel")) { |
| 491 | auto str = cmd.GetSwitchValueASCII("seclevel"); |
| 492 | if (str == "strongbox") { |
| 493 | return KEYSTORE_FLAG_STRONGBOX; |
| 494 | } else if (str == "software") { |
| 495 | return KEYSTORE_FLAG_FALLBACK; |
| 496 | } |
| 497 | } |
| 498 | return KEYSTORE_FLAG_NONE; |
| 499 | } |
| 500 | |
Janis Danisevskis | 4aec5bc | 2018-11-14 20:36:55 -0800 | [diff] [blame] | 501 | class ConfirmationListener |
| 502 | : public android::security::BnConfirmationPromptCallback, |
| 503 | public std::promise<std::tuple<ConfirmationResponseCode, std::vector<uint8_t>>> { |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 504 | public: |
| 505 | ConfirmationListener() {} |
| 506 | |
| 507 | virtual ::android::binder::Status |
| 508 | onConfirmationPromptCompleted(int32_t result, |
| 509 | const ::std::vector<uint8_t>& dataThatWasConfirmed) override { |
Janis Danisevskis | 4aec5bc | 2018-11-14 20:36:55 -0800 | [diff] [blame] | 510 | this->set_value({static_cast<ConfirmationResponseCode>(result), dataThatWasConfirmed}); |
| 511 | return ::android::binder::Status::ok(); |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 512 | } |
| 513 | }; |
| 514 | |
| 515 | int Confirmation(const std::string& promptText, const std::string& extraDataHex, |
| 516 | const std::string& locale, const std::string& uiOptionsStr, |
| 517 | const std::string& cancelAfter) { |
| 518 | sp<android::IServiceManager> sm = android::defaultServiceManager(); |
| 519 | sp<android::IBinder> binder = sm->getService(String16("android.security.keystore")); |
| 520 | sp<IKeystoreService> service = android::interface_cast<IKeystoreService>(binder); |
Yi Kong | e353f25 | 2018-07-30 01:38:39 -0700 | [diff] [blame] | 521 | if (service == nullptr) { |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 522 | printf("error: could not connect to keystore service.\n"); |
| 523 | return 1; |
| 524 | } |
| 525 | |
| 526 | if (promptText.size() == 0) { |
Janis Danisevskis | 1a8d580 | 2018-03-14 13:38:07 -0700 | [diff] [blame] | 527 | printf("The --prompt_text parameter cannot be empty.\n"); |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 528 | return 1; |
| 529 | } |
| 530 | |
| 531 | std::vector<uint8_t> extraData; |
| 532 | if (!base::HexStringToBytes(extraDataHex, &extraData)) { |
| 533 | printf("The --extra_data parameter does not appear to be valid hexadecimal.\n"); |
| 534 | return 1; |
| 535 | } |
| 536 | |
| 537 | std::vector<std::string> pieces = |
| 538 | base::SplitString(uiOptionsStr, ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY); |
| 539 | int uiOptionsAsFlags = 0; |
| 540 | for (auto& p : pieces) { |
| 541 | int value; |
| 542 | if (!base::StringToInt(p, &value)) { |
| 543 | printf("Error parsing %s in --ui_options parameter as a number.\n", p.c_str()); |
| 544 | return 1; |
| 545 | } |
| 546 | uiOptionsAsFlags |= (1 << value); |
| 547 | } |
| 548 | |
| 549 | double cancelAfterValue = 0.0; |
| 550 | |
| 551 | if (cancelAfter.size() > 0 && !base::StringToDouble(cancelAfter, &cancelAfterValue)) { |
| 552 | printf("Error parsing %s in --cancel_after parameter as a double.\n", cancelAfter.c_str()); |
| 553 | return 1; |
| 554 | } |
| 555 | |
| 556 | String16 promptText16(promptText.data(), promptText.size()); |
| 557 | String16 locale16(locale.data(), locale.size()); |
| 558 | |
| 559 | sp<ConfirmationListener> listener = new ConfirmationListener(); |
| 560 | |
Janis Danisevskis | 4aec5bc | 2018-11-14 20:36:55 -0800 | [diff] [blame] | 561 | auto future = listener->get_future(); |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 562 | int32_t aidl_return; |
| 563 | android::binder::Status status = service->presentConfirmationPrompt( |
| 564 | listener, promptText16, extraData, locale16, uiOptionsAsFlags, &aidl_return); |
| 565 | if (!status.isOk()) { |
| 566 | printf("Presenting confirmation prompt failed with binder status '%s'.\n", |
| 567 | status.toString8().c_str()); |
| 568 | return 1; |
| 569 | } |
| 570 | ConfirmationResponseCode responseCode = static_cast<ConfirmationResponseCode>(aidl_return); |
| 571 | if (responseCode != ConfirmationResponseCode::OK) { |
| 572 | printf("Presenting confirmation prompt failed with response code %d.\n", responseCode); |
| 573 | return 1; |
| 574 | } |
Janis Danisevskis | 4aec5bc | 2018-11-14 20:36:55 -0800 | [diff] [blame] | 575 | printf("Waiting for prompt to complete - use Ctrl+C to abort...\n"); |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 576 | |
| 577 | if (cancelAfterValue > 0.0) { |
| 578 | printf("Sleeping %.1f seconds before canceling prompt...\n", cancelAfterValue); |
Janis Danisevskis | 4aec5bc | 2018-11-14 20:36:55 -0800 | [diff] [blame] | 579 | auto fstatus = |
| 580 | future.wait_for(std::chrono::milliseconds(uint64_t(cancelAfterValue * 1000))); |
| 581 | if (fstatus == std::future_status::timeout) { |
| 582 | status = service->cancelConfirmationPrompt(listener, &aidl_return); |
| 583 | if (!status.isOk()) { |
| 584 | printf("Canceling confirmation prompt failed with binder status '%s'.\n", |
| 585 | status.toString8().c_str()); |
| 586 | return 1; |
| 587 | } |
| 588 | responseCode = static_cast<ConfirmationResponseCode>(aidl_return); |
| 589 | if (responseCode == ConfirmationResponseCode::Ignored) { |
| 590 | // The confirmation was completed by the user so take the response |
| 591 | } else if (responseCode != ConfirmationResponseCode::OK) { |
| 592 | printf("Canceling confirmation prompt failed with response code %d.\n", |
| 593 | responseCode); |
| 594 | return 1; |
| 595 | } |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 596 | } |
| 597 | } |
| 598 | |
Janis Danisevskis | 4aec5bc | 2018-11-14 20:36:55 -0800 | [diff] [blame] | 599 | future.wait(); |
| 600 | |
| 601 | auto [rc, dataThatWasConfirmed] = future.get(); |
| 602 | |
| 603 | printf("Confirmation prompt completed\n" |
| 604 | "responseCode = %d\n", |
| 605 | rc); |
| 606 | printf("dataThatWasConfirmed[%zd] = {", dataThatWasConfirmed.size()); |
| 607 | size_t newLineCountDown = 16; |
| 608 | bool hasPrinted = false; |
| 609 | for (uint8_t element : dataThatWasConfirmed) { |
| 610 | if (hasPrinted) { |
| 611 | printf(", "); |
| 612 | } |
| 613 | if (newLineCountDown == 0) { |
| 614 | printf("\n "); |
| 615 | newLineCountDown = 32; |
| 616 | } |
| 617 | printf("0x%02x", element); |
| 618 | hasPrinted = true; |
| 619 | } |
| 620 | printf("}\n"); |
| 621 | |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 622 | return 0; |
| 623 | } |
| 624 | |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 625 | } // namespace |
| 626 | |
| 627 | int main(int argc, char** argv) { |
| 628 | CommandLine::Init(argc, argv); |
| 629 | CommandLine* command_line = CommandLine::ForCurrentProcess(); |
| 630 | CommandLine::StringVector args = command_line->GetArgs(); |
Janis Danisevskis | 4aec5bc | 2018-11-14 20:36:55 -0800 | [diff] [blame] | 631 | |
Janis Danisevskis | ba2985a | 2018-11-14 21:10:39 -0800 | [diff] [blame] | 632 | android::ProcessState::self()->startThreadPool(); |
Janis Danisevskis | 4aec5bc | 2018-11-14 20:36:55 -0800 | [diff] [blame] | 633 | |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 634 | if (args.empty()) { |
| 635 | PrintUsageAndExit(); |
| 636 | } |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 637 | if (args[0] == "brillo-platform-test") { |
Darren Krahn | 82f4f5b | 2016-03-03 16:21:07 -0800 | [diff] [blame] | 638 | return BrilloPlatformTest(command_line->GetSwitchValueASCII("prefix"), |
| 639 | command_line->HasSwitch("test_for_0_3")); |
Darren Krahn | a9474ab | 2015-11-03 14:38:53 -0800 | [diff] [blame] | 640 | } else if (args[0] == "list-brillo-tests") { |
| 641 | return ListTestCases(); |
| 642 | } else if (args[0] == "add-entropy") { |
Janis Danisevskis | c146014 | 2017-12-18 16:48:46 -0800 | [diff] [blame] | 643 | return AddEntropy(command_line->GetSwitchValueASCII("input"), |
| 644 | securityLevelOption2Flags(*command_line)); |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 645 | } else if (args[0] == "generate") { |
Janis Danisevskis | c146014 | 2017-12-18 16:48:46 -0800 | [diff] [blame] | 646 | return GenerateKey(command_line->GetSwitchValueASCII("name"), |
Rob Barnes | eb7f79b | 2018-11-08 15:44:10 -0700 | [diff] [blame] | 647 | securityLevelOption2Flags(*command_line), |
| 648 | command_line->HasSwitch("auth_bound")); |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 649 | } else if (args[0] == "get-chars") { |
| 650 | return GetCharacteristics(command_line->GetSwitchValueASCII("name")); |
| 651 | } else if (args[0] == "export") { |
| 652 | return ExportKey(command_line->GetSwitchValueASCII("name")); |
| 653 | } else if (args[0] == "delete") { |
| 654 | return DeleteKey(command_line->GetSwitchValueASCII("name")); |
| 655 | } else if (args[0] == "delete-all") { |
| 656 | return DeleteAllKeys(); |
| 657 | } else if (args[0] == "exists") { |
| 658 | return DoesKeyExist(command_line->GetSwitchValueASCII("name")); |
| 659 | } else if (args[0] == "list") { |
| 660 | return List(command_line->GetSwitchValueASCII("prefix")); |
Rob Barnes | eb7f79b | 2018-11-08 15:44:10 -0700 | [diff] [blame] | 661 | } else if (args[0] == "list-apps-with-keys") { |
| 662 | return ListAppsWithKeys(); |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 663 | } else if (args[0] == "sign-verify") { |
| 664 | return SignAndVerify(command_line->GetSwitchValueASCII("name")); |
Darren Krahn | 251cb28 | 2015-09-28 08:51:18 -0700 | [diff] [blame] | 665 | } else if (args[0] == "encrypt") { |
Janis Danisevskis | c146014 | 2017-12-18 16:48:46 -0800 | [diff] [blame] | 666 | return Encrypt( |
| 667 | command_line->GetSwitchValueASCII("name"), command_line->GetSwitchValueASCII("in"), |
| 668 | command_line->GetSwitchValueASCII("out"), securityLevelOption2Flags(*command_line)); |
Darren Krahn | 251cb28 | 2015-09-28 08:51:18 -0700 | [diff] [blame] | 669 | } else if (args[0] == "decrypt") { |
| 670 | return Decrypt(command_line->GetSwitchValueASCII("name"), |
| 671 | command_line->GetSwitchValueASCII("in"), |
| 672 | command_line->GetSwitchValueASCII("out")); |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 673 | } else if (args[0] == "confirmation") { |
Janis Danisevskis | 1a8d580 | 2018-03-14 13:38:07 -0700 | [diff] [blame] | 674 | return Confirmation(command_line->GetSwitchValueNative("prompt_text"), |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 675 | command_line->GetSwitchValueASCII("extra_data"), |
| 676 | command_line->GetSwitchValueASCII("locale"), |
| 677 | command_line->GetSwitchValueASCII("ui_options"), |
| 678 | command_line->GetSwitchValueASCII("cancel_after")); |
Darren Krahn | 69a3dbc | 2015-09-22 16:21:04 -0700 | [diff] [blame] | 679 | } else { |
| 680 | PrintUsageAndExit(); |
| 681 | } |
| 682 | return 0; |
| 683 | } |