Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 250b40b41973fc824316f3c5e3e9053e94281b0f / . / keystore / keystore_cli_v2.cpp
blob: 6c229dba63b7b24efb8a1968127bf5287f16dce3 [file] [log] [blame]
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]1// Copyright 2015 The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15#include <cstdio>
16#include <memory>
17#include <string>
18#include <vector>
19
20#include "base/command_line.h"
Darren Krahn251cb282015-09-28 08:51:18 -0700[diff] [blame]21#include "base/files/file_util.h"
Darren Krahn82f4f5b2016-03-03 16:21:07 -0800[diff] [blame]22#include "base/strings/string_util.h"
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]23#include "keymaster/authorization_set.h"
Shawn Willdend3fac682016-01-26 13:50:17 -0700[diff] [blame]24#include "keymaster/keymaster_tags.h"
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]25#include "keystore/keystore_client_impl.h"
26
27using base::CommandLine;
28using keymaster::AuthorizationSet;
29using keymaster::AuthorizationSetBuilder;
30using keystore::KeystoreClient;
31
32namespace {
33
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]34struct TestCase {
35 std::string name;
36 bool required_for_brillo_pts;
37 AuthorizationSet parameters;
38};
39
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]40void PrintUsageAndExit() {
41 printf("Usage: keystore_client_v2 <command> [options]\n");
Darren Krahn82f4f5b2016-03-03 16:21:07 -0800[diff] [blame]42 printf("Commands: brillo-platform-test [--prefix=<test_name_prefix>] [--test_for_0_3]\n"
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]43 " list-brillo-tests\n"
44 " add-entropy --input=<entropy>\n"
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]45 " generate --name=<key_name>\n"
46 " get-chars --name=<key_name>\n"
47 " export --name=<key_name>\n"
48 " delete --name=<key_name>\n"
49 " delete-all\n"
50 " exists --name=<key_name>\n"
51 " list [--prefix=<key_name_prefix>]\n"
Darren Krahn251cb282015-09-28 08:51:18 -0700[diff] [blame]52 " sign-verify --name=<key_name>\n"
53 " [en|de]crypt --name=<key_name> --in=<file> --out=<file>\n");
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]54 exit(1);
55}
56
57std::unique_ptr<KeystoreClient> CreateKeystoreInstance() {
58 return std::unique_ptr<KeystoreClient>(new keystore::KeystoreClientImpl);
59}
60
Shawn Willdend3fac682016-01-26 13:50:17 -0700[diff] [blame]61#ifndef KEYMASTER_NAME_TAGS
Darren Krahn82f4f5b2016-03-03 16:21:07 -0800[diff] [blame]62#error KEYMASTER_NAME_TAGS must be defined
Shawn Willdend3fac682016-01-26 13:50:17 -0700[diff] [blame]63#endif
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]64
65void PrintTags(const AuthorizationSet& parameters) {
66 const keymaster_key_param_t* iter = nullptr;
67 for (iter = parameters.begin(); iter != parameters.end(); ++iter) {
Shawn Willdend3fac682016-01-26 13:50:17 -0700[diff] [blame]68 printf(" %s\n", keymaster::StringifyTag(iter->tag));
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]69 }
70}
71
72void PrintKeyCharacteristics(const AuthorizationSet& hardware_enforced_characteristics,
73 const AuthorizationSet& software_enforced_characteristics) {
74 printf("Hardware:\n");
75 PrintTags(hardware_enforced_characteristics);
76 printf("Software:\n");
77 PrintTags(software_enforced_characteristics);
78}
79
80bool TestKey(const std::string& name, bool required, const AuthorizationSet& parameters) {
81 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
82 AuthorizationSet hardware_enforced_characteristics;
83 AuthorizationSet software_enforced_characteristics;
84 int32_t result = keystore->generateKey("tmp", parameters, &hardware_enforced_characteristics,
85 &software_enforced_characteristics);
Darren Krahn82f4f5b2016-03-03 16:21:07 -0800[diff] [blame]86 const char kBoldRedAbort[] = "\033[1;31mABORT\033[0m";
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]87 if (result != KM_ERROR_OK) {
88 LOG(ERROR) << "Failed to generate key: " << result;
Darren Krahn82f4f5b2016-03-03 16:21:07 -0800[diff] [blame]89 printf("[%s] %s\n", kBoldRedAbort, name.c_str());
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]90 return false;
91 }
92 result = keystore->deleteKey("tmp");
93 if (result != KM_ERROR_OK) {
94 LOG(ERROR) << "Failed to delete key: " << result;
Darren Krahn82f4f5b2016-03-03 16:21:07 -0800[diff] [blame]95 printf("[%s] %s\n", kBoldRedAbort, name.c_str());
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]96 return false;
97 }
98 printf("===============================================================\n");
99 printf("%s Key Characteristics:\n", name.c_str());
100 PrintKeyCharacteristics(hardware_enforced_characteristics, software_enforced_characteristics);
101 bool hardware_backed = (hardware_enforced_characteristics.size() > 0);
Darren Krahn01fc9a42016-03-04 11:41:23 -0800[diff] [blame]102 if (software_enforced_characteristics.GetTagCount(KM_TAG_ALGORITHM) > 0 ||
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]103 software_enforced_characteristics.GetTagCount(KM_TAG_KEY_SIZE) > 0 ||
Darren Krahn82f4f5b2016-03-03 16:21:07 -0800[diff] [blame]104 software_enforced_characteristics.GetTagCount(KM_TAG_RSA_PUBLIC_EXPONENT) > 0) {
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]105 VLOG(1) << "Hardware-backed key but required characteristics enforced in software.";
106 hardware_backed = false;
107 }
108 const char kBoldRedFail[] = "\033[1;31mFAIL\033[0m";
109 const char kBoldGreenPass[] = "\033[1;32mPASS\033[0m";
110 const char kBoldYellowWarn[] = "\033[1;33mWARN\033[0m";
111 printf("[%s] %s\n",
112 hardware_backed ? kBoldGreenPass : (required ? kBoldRedFail : kBoldYellowWarn),
113 name.c_str());
114
115 return (hardware_backed || !required);
116}
117
118AuthorizationSet GetRSASignParameters(uint32_t key_size, bool sha256_only) {
119 AuthorizationSetBuilder parameters;
120 parameters.RsaSigningKey(key_size, 65537)
121 .Digest(KM_DIGEST_SHA_2_256)
122 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)
123 .Padding(KM_PAD_RSA_PSS)
124 .Authorization(keymaster::TAG_NO_AUTH_REQUIRED);
125 if (!sha256_only) {
126 parameters.Digest(KM_DIGEST_SHA_2_224)
127 .Digest(KM_DIGEST_SHA_2_384)
128 .Digest(KM_DIGEST_SHA_2_512);
129 }
130 return parameters.build();
131}
132
133AuthorizationSet GetRSAEncryptParameters(uint32_t key_size) {
134 AuthorizationSetBuilder parameters;
135 parameters.RsaEncryptionKey(key_size, 65537)
136 .Padding(KM_PAD_RSA_PKCS1_1_5_ENCRYPT)
137 .Padding(KM_PAD_RSA_OAEP)
138 .Authorization(keymaster::TAG_NO_AUTH_REQUIRED);
139 return parameters.build();
140}
141
142AuthorizationSet GetECDSAParameters(uint32_t key_size, bool sha256_only) {
143 AuthorizationSetBuilder parameters;
144 parameters.EcdsaSigningKey(key_size)
145 .Digest(KM_DIGEST_SHA_2_256)
146 .Authorization(keymaster::TAG_NO_AUTH_REQUIRED);
147 if (!sha256_only) {
148 parameters.Digest(KM_DIGEST_SHA_2_224)
149 .Digest(KM_DIGEST_SHA_2_384)
150 .Digest(KM_DIGEST_SHA_2_512);
151 }
152 return parameters.build();
153}
154
155AuthorizationSet GetAESParameters(uint32_t key_size, bool with_gcm_mode) {
156 AuthorizationSetBuilder parameters;
157 parameters.AesEncryptionKey(key_size).Authorization(keymaster::TAG_NO_AUTH_REQUIRED);
158 if (with_gcm_mode) {
159 parameters.Authorization(keymaster::TAG_BLOCK_MODE, KM_MODE_GCM)
160 .Authorization(keymaster::TAG_MIN_MAC_LENGTH, 128);
161 } else {
162 parameters.Authorization(keymaster::TAG_BLOCK_MODE, KM_MODE_ECB);
163 parameters.Authorization(keymaster::TAG_BLOCK_MODE, KM_MODE_CBC);
164 parameters.Authorization(keymaster::TAG_BLOCK_MODE, KM_MODE_CTR);
Sourabh Banerjee250b40b2016-03-17 14:47:31 +0530[diff] [blame^]165 parameters.Padding(KM_PAD_NONE);
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]166 }
167 return parameters.build();
168}
169
170AuthorizationSet GetHMACParameters(uint32_t key_size, keymaster_digest_t digest) {
171 AuthorizationSetBuilder parameters;
172 parameters.HmacKey(key_size)
173 .Digest(digest)
174 .Authorization(keymaster::TAG_MIN_MAC_LENGTH, 224)
175 .Authorization(keymaster::TAG_NO_AUTH_REQUIRED);
176 return parameters.build();
177}
178
179std::vector<TestCase> GetTestCases() {
180 TestCase test_cases[] = {
181 {"RSA-2048 Sign", true, GetRSASignParameters(2048, true)},
182 {"RSA-2048 Sign (more digests)", false, GetRSASignParameters(2048, false)},
183 {"RSA-3072 Sign", false, GetRSASignParameters(3072, false)},
184 {"RSA-4096 Sign", false, GetRSASignParameters(4096, false)},
185 {"RSA-2048 Encrypt", true, GetRSAEncryptParameters(2048)},
186 {"RSA-3072 Encrypt", false, GetRSAEncryptParameters(3072)},
187 {"RSA-4096 Encrypt", false, GetRSAEncryptParameters(4096)},
188 {"ECDSA-P256 Sign", true, GetECDSAParameters(256, true)},
189 {"ECDSA-P256 Sign (more digests)", false, GetECDSAParameters(256, false)},
190 {"ECDSA-P224 Sign", false, GetECDSAParameters(224, false)},
191 {"ECDSA-P384 Sign", false, GetECDSAParameters(384, false)},
192 {"ECDSA-P521 Sign", false, GetECDSAParameters(521, false)},
193 {"AES-128", true, GetAESParameters(128, false)},
194 {"AES-256", true, GetAESParameters(256, false)},
195 {"AES-128-GCM", false, GetAESParameters(128, true)},
196 {"AES-256-GCM", false, GetAESParameters(256, true)},
197 {"HMAC-SHA256-16", true, GetHMACParameters(16, KM_DIGEST_SHA_2_256)},
198 {"HMAC-SHA256-32", true, GetHMACParameters(32, KM_DIGEST_SHA_2_256)},
199 {"HMAC-SHA256-64", false, GetHMACParameters(64, KM_DIGEST_SHA_2_256)},
200 {"HMAC-SHA224-32", false, GetHMACParameters(32, KM_DIGEST_SHA_2_224)},
201 {"HMAC-SHA384-32", false, GetHMACParameters(32, KM_DIGEST_SHA_2_384)},
202 {"HMAC-SHA512-32", false, GetHMACParameters(32, KM_DIGEST_SHA_2_512)},
203 };
204 return std::vector<TestCase>(&test_cases[0], &test_cases[arraysize(test_cases)]);
205}
206
Darren Krahn82f4f5b2016-03-03 16:21:07 -0800[diff] [blame]207int BrilloPlatformTest(const std::string& prefix, bool test_for_0_3) {
208 const char kBoldYellowWarning[] = "\033[1;33mWARNING\033[0m";
209 if (test_for_0_3) {
210 printf("%s: Testing for keymaster v0.3. "
211 "This does not meet Brillo requirements.\n", kBoldYellowWarning);
212 }
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]213 int test_count = 0;
214 int fail_count = 0;
215 std::vector<TestCase> test_cases = GetTestCases();
216 for (const auto& test_case : test_cases) {
Darren Krahn82f4f5b2016-03-03 16:21:07 -0800[diff] [blame]217 if (!prefix.empty() &&
218 !base::StartsWith(test_case.name, prefix, base::CompareCase::SENSITIVE)) {
219 continue;
220 }
221 if (test_for_0_3 &&
222 (base::StartsWith(test_case.name, "AES", base::CompareCase::SENSITIVE) ||
223 base::StartsWith(test_case.name, "HMAC", base::CompareCase::SENSITIVE))) {
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]224 continue;
225 }
226 ++test_count;
227 if (!TestKey(test_case.name, test_case.required_for_brillo_pts, test_case.parameters)) {
228 VLOG(1) << "Test failed: " << test_case.name;
229 ++fail_count;
230 }
231 }
232 return fail_count;
233}
234
235int ListTestCases() {
236 const char kBoldGreenRequired[] = "\033[1;32mREQUIRED\033[0m";
237 const char kBoldYellowRecommended[] = "\033[1;33mRECOMMENDED\033[0m";
238 std::vector<TestCase> test_cases = GetTestCases();
239 for (const auto& test_case : test_cases) {
240 printf("%s : %s\n", test_case.name.c_str(),
241 test_case.required_for_brillo_pts ? kBoldGreenRequired : kBoldYellowRecommended);
242 }
243 return 0;
244}
245
Darren Krahn251cb282015-09-28 08:51:18 -0700[diff] [blame]246std::string ReadFile(const std::string& filename) {
247 std::string content;
248 base::FilePath path(filename);
249 if (!base::ReadFileToString(path, &content)) {
250 printf("Failed to read file: %s\n", filename.c_str());
251 exit(1);
252 }
253 return content;
254}
255
256void WriteFile(const std::string& filename, const std::string& content) {
257 base::FilePath path(filename);
258 int size = content.size();
259 if (base::WriteFile(path, content.data(), size) != size) {
260 printf("Failed to write file: %s\n", filename.c_str());
261 exit(1);
262 }
263}
264
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]265int AddEntropy(const std::string& input) {
266 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
267 int32_t result = keystore->addRandomNumberGeneratorEntropy(input);
268 printf("AddEntropy: %d\n", result);
269 return result;
270}
271
272int GenerateKey(const std::string& name) {
273 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
274 AuthorizationSetBuilder params;
275 params.RsaSigningKey(2048, 65537)
276 .Digest(KM_DIGEST_SHA_2_224)
277 .Digest(KM_DIGEST_SHA_2_256)
278 .Digest(KM_DIGEST_SHA_2_384)
279 .Digest(KM_DIGEST_SHA_2_512)
280 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)
281 .Padding(KM_PAD_RSA_PSS)
282 .Authorization(keymaster::TAG_NO_AUTH_REQUIRED);
283 AuthorizationSet hardware_enforced_characteristics;
284 AuthorizationSet software_enforced_characteristics;
285 int32_t result = keystore->generateKey(name, params.build(), &hardware_enforced_characteristics,
286 &software_enforced_characteristics);
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]287 printf("GenerateKey: %d\n", result);
288 if (result == KM_ERROR_OK) {
289 PrintKeyCharacteristics(hardware_enforced_characteristics,
290 software_enforced_characteristics);
291 }
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]292 return result;
293}
294
295int GetCharacteristics(const std::string& name) {
296 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
297 AuthorizationSet hardware_enforced_characteristics;
298 AuthorizationSet software_enforced_characteristics;
299 int32_t result = keystore->getKeyCharacteristics(name, &hardware_enforced_characteristics,
300 &software_enforced_characteristics);
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]301 printf("GetCharacteristics: %d\n", result);
302 if (result == KM_ERROR_OK) {
303 PrintKeyCharacteristics(hardware_enforced_characteristics,
304 software_enforced_characteristics);
305 }
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]306 return result;
307}
308
309int ExportKey(const std::string& name) {
310 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
311 std::string data;
312 int32_t result = keystore->exportKey(KM_KEY_FORMAT_X509, name, &data);
313 printf("ExportKey: %d (%zu)\n", result, data.size());
314 return result;
315}
316
317int DeleteKey(const std::string& name) {
318 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
319 int32_t result = keystore->deleteKey(name);
320 printf("DeleteKey: %d\n", result);
321 return result;
322}
323
324int DeleteAllKeys() {
325 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
326 int32_t result = keystore->deleteAllKeys();
327 printf("DeleteAllKeys: %d\n", result);
328 return result;
329}
330
331int DoesKeyExist(const std::string& name) {
332 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
333 printf("DoesKeyExist: %s\n", keystore->doesKeyExist(name) ? "yes" : "no");
334 return 0;
335}
336
337int List(const std::string& prefix) {
338 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
339 std::vector<std::string> key_list;
340 if (!keystore->listKeys(prefix, &key_list)) {
341 printf("ListKeys failed.\n");
342 return 1;
343 }
344 printf("Keys:\n");
345 for (const auto& key_name : key_list) {
346 printf(" %s\n", key_name.c_str());
347 }
348 return 0;
349}
350
351int SignAndVerify(const std::string& name) {
352 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
353 AuthorizationSetBuilder sign_params;
354 sign_params.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN);
355 sign_params.Digest(KM_DIGEST_SHA_2_256);
356 AuthorizationSet output_params;
357 keymaster_operation_handle_t handle;
358 int32_t result = keystore->beginOperation(KM_PURPOSE_SIGN, name, sign_params.build(),
359 &output_params, &handle);
360 if (result != KM_ERROR_OK) {
361 printf("Sign: BeginOperation failed: %d\n", result);
362 return result;
363 }
364 AuthorizationSet empty_params;
365 size_t num_input_bytes_consumed;
366 std::string output_data;
367 result = keystore->updateOperation(handle, empty_params, "data_to_sign",
368 &num_input_bytes_consumed, &output_params, &output_data);
369 if (result != KM_ERROR_OK) {
370 printf("Sign: UpdateOperation failed: %d\n", result);
371 return result;
372 }
373 result = keystore->finishOperation(handle, empty_params, std::string() /*signature_to_verify*/,
374 &output_params, &output_data);
375 if (result != KM_ERROR_OK) {
376 printf("Sign: FinishOperation failed: %d\n", result);
377 return result;
378 }
379 printf("Sign: %zu bytes.\n", output_data.size());
380 // We have a signature, now verify it.
381 std::string signature_to_verify = output_data;
Darren Krahn251cb282015-09-28 08:51:18 -0700[diff] [blame]382 output_data.clear();
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]383 result = keystore->beginOperation(KM_PURPOSE_VERIFY, name, sign_params.build(), &output_params,
384 &handle);
385 if (result != KM_ERROR_OK) {
386 printf("Verify: BeginOperation failed: %d\n", result);
387 return result;
388 }
389 result = keystore->updateOperation(handle, empty_params, "data_to_sign",
390 &num_input_bytes_consumed, &output_params, &output_data);
391 if (result != KM_ERROR_OK) {
392 printf("Verify: UpdateOperation failed: %d\n", result);
393 return result;
394 }
395 result = keystore->finishOperation(handle, empty_params, signature_to_verify, &output_params,
396 &output_data);
397 if (result == KM_ERROR_VERIFICATION_FAILED) {
398 printf("Verify: Failed to verify signature.\n");
399 return result;
400 }
401 if (result != KM_ERROR_OK) {
402 printf("Verify: FinishOperation failed: %d\n", result);
403 return result;
404 }
405 printf("Verify: OK\n");
406 return 0;
407}
408
Darren Krahn251cb282015-09-28 08:51:18 -0700[diff] [blame]409int Encrypt(const std::string& key_name, const std::string& input_filename,
410 const std::string& output_filename) {
411 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
412 std::string input = ReadFile(input_filename);
413 std::string output;
414 if (!keystore->encryptWithAuthentication(key_name, input, &output)) {
415 printf("EncryptWithAuthentication failed.\n");
416 return 1;
417 }
418 WriteFile(output_filename, output);
419 return 0;
420}
421
422int Decrypt(const std::string& key_name, const std::string& input_filename,
423 const std::string& output_filename) {
424 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
425 std::string input = ReadFile(input_filename);
426 std::string output;
427 if (!keystore->decryptWithAuthentication(key_name, input, &output)) {
428 printf("DecryptWithAuthentication failed.\n");
429 return 1;
430 }
431 WriteFile(output_filename, output);
432 return 0;
433}
434
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]435} // namespace
436
437int main(int argc, char** argv) {
438 CommandLine::Init(argc, argv);
439 CommandLine* command_line = CommandLine::ForCurrentProcess();
440 CommandLine::StringVector args = command_line->GetArgs();
441 if (args.empty()) {
442 PrintUsageAndExit();
443 }
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]444 if (args[0] == "brillo-platform-test") {
Darren Krahn82f4f5b2016-03-03 16:21:07 -0800[diff] [blame]445 return BrilloPlatformTest(command_line->GetSwitchValueASCII("prefix"),
446 command_line->HasSwitch("test_for_0_3"));
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]447 } else if (args[0] == "list-brillo-tests") {
448 return ListTestCases();
449 } else if (args[0] == "add-entropy") {
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]450 return AddEntropy(command_line->GetSwitchValueASCII("input"));
451 } else if (args[0] == "generate") {
452 return GenerateKey(command_line->GetSwitchValueASCII("name"));
453 } else if (args[0] == "get-chars") {
454 return GetCharacteristics(command_line->GetSwitchValueASCII("name"));
455 } else if (args[0] == "export") {
456 return ExportKey(command_line->GetSwitchValueASCII("name"));
457 } else if (args[0] == "delete") {
458 return DeleteKey(command_line->GetSwitchValueASCII("name"));
459 } else if (args[0] == "delete-all") {
460 return DeleteAllKeys();
461 } else if (args[0] == "exists") {
462 return DoesKeyExist(command_line->GetSwitchValueASCII("name"));
463 } else if (args[0] == "list") {
464 return List(command_line->GetSwitchValueASCII("prefix"));
465 } else if (args[0] == "sign-verify") {
466 return SignAndVerify(command_line->GetSwitchValueASCII("name"));
Darren Krahn251cb282015-09-28 08:51:18 -0700[diff] [blame]467 } else if (args[0] == "encrypt") {
468 return Encrypt(command_line->GetSwitchValueASCII("name"),
469 command_line->GetSwitchValueASCII("in"),
470 command_line->GetSwitchValueASCII("out"));
471 } else if (args[0] == "decrypt") {
472 return Decrypt(command_line->GetSwitchValueASCII("name"),
473 command_line->GetSwitchValueASCII("in"),
474 command_line->GetSwitchValueASCII("out"));
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]475 } else {
476 PrintUsageAndExit();
477 }
478 return 0;
479}