Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / a9474ab90fcda96d6d798ace3fd9027ae61141e1 / . / keystore / keystore_cli_v2.cpp
blob: 3f5feb774dd18cb52d798d66cc8a35a03c02768b [file] [log] [blame]
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]1// Copyright 2015 The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15#include <cstdio>
16#include <memory>
17#include <string>
18#include <vector>
19
20#include "base/command_line.h"
Darren Krahn251cb282015-09-28 08:51:18 -0700[diff] [blame]21#include "base/files/file_util.h"
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]22#include "keymaster/authorization_set.h"
23#include "keystore/keystore_client_impl.h"
24
25using base::CommandLine;
26using keymaster::AuthorizationSet;
27using keymaster::AuthorizationSetBuilder;
28using keystore::KeystoreClient;
29
30namespace {
31
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame^]32struct TestCase {
33 std::string name;
34 bool required_for_brillo_pts;
35 AuthorizationSet parameters;
36};
37
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]38void PrintUsageAndExit() {
39 printf("Usage: keystore_client_v2 <command> [options]\n");
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame^]40 printf("Commands: brillo-platform-test [--prefix=<test_name_prefix>]\n"
41 " list-brillo-tests\n"
42 " add-entropy --input=<entropy>\n"
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]43 " generate --name=<key_name>\n"
44 " get-chars --name=<key_name>\n"
45 " export --name=<key_name>\n"
46 " delete --name=<key_name>\n"
47 " delete-all\n"
48 " exists --name=<key_name>\n"
49 " list [--prefix=<key_name_prefix>]\n"
Darren Krahn251cb282015-09-28 08:51:18 -0700[diff] [blame]50 " sign-verify --name=<key_name>\n"
51 " [en|de]crypt --name=<key_name> --in=<file> --out=<file>\n");
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]52 exit(1);
53}
54
55std::unique_ptr<KeystoreClient> CreateKeystoreInstance() {
56 return std::unique_ptr<KeystoreClient>(new keystore::KeystoreClientImpl);
57}
58
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame^]59const char* StringifyTag(keymaster_tag_t tag) {
60 switch (tag) {
61 case KM_TAG_INVALID:
62 return "KM_TAG_INVALID";
63 case KM_TAG_PURPOSE:
64 return "KM_TAG_PURPOSE";
65 case KM_TAG_ALGORITHM:
66 return "KM_TAG_ALGORITHM";
67 case KM_TAG_KEY_SIZE:
68 return "KM_TAG_KEY_SIZE";
69 case KM_TAG_BLOCK_MODE:
70 return "KM_TAG_BLOCK_MODE";
71 case KM_TAG_DIGEST:
72 return "KM_TAG_DIGEST";
73 case KM_TAG_PADDING:
74 return "KM_TAG_PADDING";
75 case KM_TAG_CALLER_NONCE:
76 return "KM_TAG_CALLER_NONCE";
77 case KM_TAG_MIN_MAC_LENGTH:
78 return "KM_TAG_MIN_MAC_LENGTH";
79 case KM_TAG_RSA_PUBLIC_EXPONENT:
80 return "KM_TAG_RSA_PUBLIC_EXPONENT";
81 case KM_TAG_BLOB_USAGE_REQUIREMENTS:
82 return "KM_TAG_BLOB_USAGE_REQUIREMENTS";
83 case KM_TAG_BOOTLOADER_ONLY:
84 return "KM_TAG_BOOTLOADER_ONLY";
85 case KM_TAG_ACTIVE_DATETIME:
86 return "KM_TAG_ACTIVE_DATETIME";
87 case KM_TAG_ORIGINATION_EXPIRE_DATETIME:
88 return "KM_TAG_ORIGINATION_EXPIRE_DATETIME";
89 case KM_TAG_USAGE_EXPIRE_DATETIME:
90 return "KM_TAG_USAGE_EXPIRE_DATETIME";
91 case KM_TAG_MIN_SECONDS_BETWEEN_OPS:
92 return "KM_TAG_MIN_SECONDS_BETWEEN_OPS";
93 case KM_TAG_MAX_USES_PER_BOOT:
94 return "KM_TAG_MAX_USES_PER_BOOT";
95 case KM_TAG_ALL_USERS:
96 return "KM_TAG_ALL_USERS";
97 case KM_TAG_USER_ID:
98 return "KM_TAG_USER_ID";
99 case KM_TAG_USER_SECURE_ID:
100 return "KM_TAG_USER_SECURE_ID";
101 case KM_TAG_NO_AUTH_REQUIRED:
102 return "KM_TAG_NO_AUTH_REQUIRED";
103 case KM_TAG_USER_AUTH_TYPE:
104 return "KM_TAG_USER_AUTH_TYPE";
105 case KM_TAG_AUTH_TIMEOUT:
106 return "KM_TAG_AUTH_TIMEOUT";
107 case KM_TAG_ALL_APPLICATIONS:
108 return "KM_TAG_ALL_APPLICATIONS";
109 case KM_TAG_APPLICATION_ID:
110 return "KM_TAG_APPLICATION_ID";
111 case KM_TAG_APPLICATION_DATA:
112 return "KM_TAG_APPLICATION_DATA";
113 case KM_TAG_CREATION_DATETIME:
114 return "KM_TAG_CREATION_DATETIME";
115 case KM_TAG_ORIGIN:
116 return "KM_TAG_ORIGIN";
117 case KM_TAG_ROLLBACK_RESISTANT:
118 return "KM_TAG_ROLLBACK_RESISTANT";
119 case KM_TAG_ROOT_OF_TRUST:
120 return "KM_TAG_ROOT_OF_TRUST";
121 case KM_TAG_ASSOCIATED_DATA:
122 return "KM_TAG_ASSOCIATED_DATA";
123 case KM_TAG_NONCE:
124 return "KM_TAG_NONCE";
125 case KM_TAG_AUTH_TOKEN:
126 return "KM_TAG_AUTH_TOKEN";
127 case KM_TAG_MAC_LENGTH:
128 return "KM_TAG_MAC_LENGTH";
129 }
130 return "<Unknown>";
131}
132
133void PrintTags(const AuthorizationSet& parameters) {
134 const keymaster_key_param_t* iter = nullptr;
135 for (iter = parameters.begin(); iter != parameters.end(); ++iter) {
136 printf(" %s\n", StringifyTag(iter->tag));
137 }
138}
139
140void PrintKeyCharacteristics(const AuthorizationSet& hardware_enforced_characteristics,
141 const AuthorizationSet& software_enforced_characteristics) {
142 printf("Hardware:\n");
143 PrintTags(hardware_enforced_characteristics);
144 printf("Software:\n");
145 PrintTags(software_enforced_characteristics);
146}
147
148bool TestKey(const std::string& name, bool required, const AuthorizationSet& parameters) {
149 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
150 AuthorizationSet hardware_enforced_characteristics;
151 AuthorizationSet software_enforced_characteristics;
152 int32_t result = keystore->generateKey("tmp", parameters, &hardware_enforced_characteristics,
153 &software_enforced_characteristics);
154 if (result != KM_ERROR_OK) {
155 LOG(ERROR) << "Failed to generate key: " << result;
156 printf("%s Result: ABORT\n", name.c_str());
157 return false;
158 }
159 result = keystore->deleteKey("tmp");
160 if (result != KM_ERROR_OK) {
161 LOG(ERROR) << "Failed to delete key: " << result;
162 printf("%s Result: ABORT\n", name.c_str());
163 return false;
164 }
165 printf("===============================================================\n");
166 printf("%s Key Characteristics:\n", name.c_str());
167 PrintKeyCharacteristics(hardware_enforced_characteristics, software_enforced_characteristics);
168 bool hardware_backed = (hardware_enforced_characteristics.size() > 0);
169 if (software_enforced_characteristics.GetTagCount(KM_TAG_PURPOSE) > 0 ||
170 software_enforced_characteristics.GetTagCount(KM_TAG_ALGORITHM) > 0 ||
171 software_enforced_characteristics.GetTagCount(KM_TAG_KEY_SIZE) > 0 ||
172 software_enforced_characteristics.GetTagCount(KM_TAG_RSA_PUBLIC_EXPONENT) > 0 ||
173 software_enforced_characteristics.GetTagCount(KM_TAG_DIGEST) > 0 ||
174 software_enforced_characteristics.GetTagCount(KM_TAG_PADDING) > 0 ||
175 software_enforced_characteristics.GetTagCount(KM_TAG_BLOCK_MODE) > 0) {
176 VLOG(1) << "Hardware-backed key but required characteristics enforced in software.";
177 hardware_backed = false;
178 }
179 const char kBoldRedFail[] = "\033[1;31mFAIL\033[0m";
180 const char kBoldGreenPass[] = "\033[1;32mPASS\033[0m";
181 const char kBoldYellowWarn[] = "\033[1;33mWARN\033[0m";
182 printf("[%s] %s\n",
183 hardware_backed ? kBoldGreenPass : (required ? kBoldRedFail : kBoldYellowWarn),
184 name.c_str());
185
186 return (hardware_backed || !required);
187}
188
189AuthorizationSet GetRSASignParameters(uint32_t key_size, bool sha256_only) {
190 AuthorizationSetBuilder parameters;
191 parameters.RsaSigningKey(key_size, 65537)
192 .Digest(KM_DIGEST_SHA_2_256)
193 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)
194 .Padding(KM_PAD_RSA_PSS)
195 .Authorization(keymaster::TAG_NO_AUTH_REQUIRED);
196 if (!sha256_only) {
197 parameters.Digest(KM_DIGEST_SHA_2_224)
198 .Digest(KM_DIGEST_SHA_2_384)
199 .Digest(KM_DIGEST_SHA_2_512);
200 }
201 return parameters.build();
202}
203
204AuthorizationSet GetRSAEncryptParameters(uint32_t key_size) {
205 AuthorizationSetBuilder parameters;
206 parameters.RsaEncryptionKey(key_size, 65537)
207 .Padding(KM_PAD_RSA_PKCS1_1_5_ENCRYPT)
208 .Padding(KM_PAD_RSA_OAEP)
209 .Authorization(keymaster::TAG_NO_AUTH_REQUIRED);
210 return parameters.build();
211}
212
213AuthorizationSet GetECDSAParameters(uint32_t key_size, bool sha256_only) {
214 AuthorizationSetBuilder parameters;
215 parameters.EcdsaSigningKey(key_size)
216 .Digest(KM_DIGEST_SHA_2_256)
217 .Authorization(keymaster::TAG_NO_AUTH_REQUIRED);
218 if (!sha256_only) {
219 parameters.Digest(KM_DIGEST_SHA_2_224)
220 .Digest(KM_DIGEST_SHA_2_384)
221 .Digest(KM_DIGEST_SHA_2_512);
222 }
223 return parameters.build();
224}
225
226AuthorizationSet GetAESParameters(uint32_t key_size, bool with_gcm_mode) {
227 AuthorizationSetBuilder parameters;
228 parameters.AesEncryptionKey(key_size).Authorization(keymaster::TAG_NO_AUTH_REQUIRED);
229 if (with_gcm_mode) {
230 parameters.Authorization(keymaster::TAG_BLOCK_MODE, KM_MODE_GCM)
231 .Authorization(keymaster::TAG_MIN_MAC_LENGTH, 128);
232 } else {
233 parameters.Authorization(keymaster::TAG_BLOCK_MODE, KM_MODE_ECB);
234 parameters.Authorization(keymaster::TAG_BLOCK_MODE, KM_MODE_CBC);
235 parameters.Authorization(keymaster::TAG_BLOCK_MODE, KM_MODE_CTR);
236 }
237 return parameters.build();
238}
239
240AuthorizationSet GetHMACParameters(uint32_t key_size, keymaster_digest_t digest) {
241 AuthorizationSetBuilder parameters;
242 parameters.HmacKey(key_size)
243 .Digest(digest)
244 .Authorization(keymaster::TAG_MIN_MAC_LENGTH, 224)
245 .Authorization(keymaster::TAG_NO_AUTH_REQUIRED);
246 return parameters.build();
247}
248
249std::vector<TestCase> GetTestCases() {
250 TestCase test_cases[] = {
251 {"RSA-2048 Sign", true, GetRSASignParameters(2048, true)},
252 {"RSA-2048 Sign (more digests)", false, GetRSASignParameters(2048, false)},
253 {"RSA-3072 Sign", false, GetRSASignParameters(3072, false)},
254 {"RSA-4096 Sign", false, GetRSASignParameters(4096, false)},
255 {"RSA-2048 Encrypt", true, GetRSAEncryptParameters(2048)},
256 {"RSA-3072 Encrypt", false, GetRSAEncryptParameters(3072)},
257 {"RSA-4096 Encrypt", false, GetRSAEncryptParameters(4096)},
258 {"ECDSA-P256 Sign", true, GetECDSAParameters(256, true)},
259 {"ECDSA-P256 Sign (more digests)", false, GetECDSAParameters(256, false)},
260 {"ECDSA-P224 Sign", false, GetECDSAParameters(224, false)},
261 {"ECDSA-P384 Sign", false, GetECDSAParameters(384, false)},
262 {"ECDSA-P521 Sign", false, GetECDSAParameters(521, false)},
263 {"AES-128", true, GetAESParameters(128, false)},
264 {"AES-256", true, GetAESParameters(256, false)},
265 {"AES-128-GCM", false, GetAESParameters(128, true)},
266 {"AES-256-GCM", false, GetAESParameters(256, true)},
267 {"HMAC-SHA256-16", true, GetHMACParameters(16, KM_DIGEST_SHA_2_256)},
268 {"HMAC-SHA256-32", true, GetHMACParameters(32, KM_DIGEST_SHA_2_256)},
269 {"HMAC-SHA256-64", false, GetHMACParameters(64, KM_DIGEST_SHA_2_256)},
270 {"HMAC-SHA224-32", false, GetHMACParameters(32, KM_DIGEST_SHA_2_224)},
271 {"HMAC-SHA384-32", false, GetHMACParameters(32, KM_DIGEST_SHA_2_384)},
272 {"HMAC-SHA512-32", false, GetHMACParameters(32, KM_DIGEST_SHA_2_512)},
273 };
274 return std::vector<TestCase>(&test_cases[0], &test_cases[arraysize(test_cases)]);
275}
276
277int BrilloPlatformTest(const std::string& prefix) {
278 int test_count = 0;
279 int fail_count = 0;
280 std::vector<TestCase> test_cases = GetTestCases();
281 for (const auto& test_case : test_cases) {
282 if (!prefix.empty() && test_case.name.find(prefix) != 0) {
283 continue;
284 }
285 ++test_count;
286 if (!TestKey(test_case.name, test_case.required_for_brillo_pts, test_case.parameters)) {
287 VLOG(1) << "Test failed: " << test_case.name;
288 ++fail_count;
289 }
290 }
291 return fail_count;
292}
293
294int ListTestCases() {
295 const char kBoldGreenRequired[] = "\033[1;32mREQUIRED\033[0m";
296 const char kBoldYellowRecommended[] = "\033[1;33mRECOMMENDED\033[0m";
297 std::vector<TestCase> test_cases = GetTestCases();
298 for (const auto& test_case : test_cases) {
299 printf("%s : %s\n", test_case.name.c_str(),
300 test_case.required_for_brillo_pts ? kBoldGreenRequired : kBoldYellowRecommended);
301 }
302 return 0;
303}
304
Darren Krahn251cb282015-09-28 08:51:18 -0700[diff] [blame]305std::string ReadFile(const std::string& filename) {
306 std::string content;
307 base::FilePath path(filename);
308 if (!base::ReadFileToString(path, &content)) {
309 printf("Failed to read file: %s\n", filename.c_str());
310 exit(1);
311 }
312 return content;
313}
314
315void WriteFile(const std::string& filename, const std::string& content) {
316 base::FilePath path(filename);
317 int size = content.size();
318 if (base::WriteFile(path, content.data(), size) != size) {
319 printf("Failed to write file: %s\n", filename.c_str());
320 exit(1);
321 }
322}
323
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]324int AddEntropy(const std::string& input) {
325 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
326 int32_t result = keystore->addRandomNumberGeneratorEntropy(input);
327 printf("AddEntropy: %d\n", result);
328 return result;
329}
330
331int GenerateKey(const std::string& name) {
332 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
333 AuthorizationSetBuilder params;
334 params.RsaSigningKey(2048, 65537)
335 .Digest(KM_DIGEST_SHA_2_224)
336 .Digest(KM_DIGEST_SHA_2_256)
337 .Digest(KM_DIGEST_SHA_2_384)
338 .Digest(KM_DIGEST_SHA_2_512)
339 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)
340 .Padding(KM_PAD_RSA_PSS)
341 .Authorization(keymaster::TAG_NO_AUTH_REQUIRED);
342 AuthorizationSet hardware_enforced_characteristics;
343 AuthorizationSet software_enforced_characteristics;
344 int32_t result = keystore->generateKey(name, params.build(), &hardware_enforced_characteristics,
345 &software_enforced_characteristics);
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame^]346 printf("GenerateKey: %d\n", result);
347 if (result == KM_ERROR_OK) {
348 PrintKeyCharacteristics(hardware_enforced_characteristics,
349 software_enforced_characteristics);
350 }
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]351 return result;
352}
353
354int GetCharacteristics(const std::string& name) {
355 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
356 AuthorizationSet hardware_enforced_characteristics;
357 AuthorizationSet software_enforced_characteristics;
358 int32_t result = keystore->getKeyCharacteristics(name, &hardware_enforced_characteristics,
359 &software_enforced_characteristics);
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame^]360 printf("GetCharacteristics: %d\n", result);
361 if (result == KM_ERROR_OK) {
362 PrintKeyCharacteristics(hardware_enforced_characteristics,
363 software_enforced_characteristics);
364 }
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]365 return result;
366}
367
368int ExportKey(const std::string& name) {
369 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
370 std::string data;
371 int32_t result = keystore->exportKey(KM_KEY_FORMAT_X509, name, &data);
372 printf("ExportKey: %d (%zu)\n", result, data.size());
373 return result;
374}
375
376int DeleteKey(const std::string& name) {
377 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
378 int32_t result = keystore->deleteKey(name);
379 printf("DeleteKey: %d\n", result);
380 return result;
381}
382
383int DeleteAllKeys() {
384 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
385 int32_t result = keystore->deleteAllKeys();
386 printf("DeleteAllKeys: %d\n", result);
387 return result;
388}
389
390int DoesKeyExist(const std::string& name) {
391 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
392 printf("DoesKeyExist: %s\n", keystore->doesKeyExist(name) ? "yes" : "no");
393 return 0;
394}
395
396int List(const std::string& prefix) {
397 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
398 std::vector<std::string> key_list;
399 if (!keystore->listKeys(prefix, &key_list)) {
400 printf("ListKeys failed.\n");
401 return 1;
402 }
403 printf("Keys:\n");
404 for (const auto& key_name : key_list) {
405 printf(" %s\n", key_name.c_str());
406 }
407 return 0;
408}
409
410int SignAndVerify(const std::string& name) {
411 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
412 AuthorizationSetBuilder sign_params;
413 sign_params.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN);
414 sign_params.Digest(KM_DIGEST_SHA_2_256);
415 AuthorizationSet output_params;
416 keymaster_operation_handle_t handle;
417 int32_t result = keystore->beginOperation(KM_PURPOSE_SIGN, name, sign_params.build(),
418 &output_params, &handle);
419 if (result != KM_ERROR_OK) {
420 printf("Sign: BeginOperation failed: %d\n", result);
421 return result;
422 }
423 AuthorizationSet empty_params;
424 size_t num_input_bytes_consumed;
425 std::string output_data;
426 result = keystore->updateOperation(handle, empty_params, "data_to_sign",
427 &num_input_bytes_consumed, &output_params, &output_data);
428 if (result != KM_ERROR_OK) {
429 printf("Sign: UpdateOperation failed: %d\n", result);
430 return result;
431 }
432 result = keystore->finishOperation(handle, empty_params, std::string() /*signature_to_verify*/,
433 &output_params, &output_data);
434 if (result != KM_ERROR_OK) {
435 printf("Sign: FinishOperation failed: %d\n", result);
436 return result;
437 }
438 printf("Sign: %zu bytes.\n", output_data.size());
439 // We have a signature, now verify it.
440 std::string signature_to_verify = output_data;
Darren Krahn251cb282015-09-28 08:51:18 -0700[diff] [blame]441 output_data.clear();
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]442 result = keystore->beginOperation(KM_PURPOSE_VERIFY, name, sign_params.build(), &output_params,
443 &handle);
444 if (result != KM_ERROR_OK) {
445 printf("Verify: BeginOperation failed: %d\n", result);
446 return result;
447 }
448 result = keystore->updateOperation(handle, empty_params, "data_to_sign",
449 &num_input_bytes_consumed, &output_params, &output_data);
450 if (result != KM_ERROR_OK) {
451 printf("Verify: UpdateOperation failed: %d\n", result);
452 return result;
453 }
454 result = keystore->finishOperation(handle, empty_params, signature_to_verify, &output_params,
455 &output_data);
456 if (result == KM_ERROR_VERIFICATION_FAILED) {
457 printf("Verify: Failed to verify signature.\n");
458 return result;
459 }
460 if (result != KM_ERROR_OK) {
461 printf("Verify: FinishOperation failed: %d\n", result);
462 return result;
463 }
464 printf("Verify: OK\n");
465 return 0;
466}
467
Darren Krahn251cb282015-09-28 08:51:18 -0700[diff] [blame]468int Encrypt(const std::string& key_name, const std::string& input_filename,
469 const std::string& output_filename) {
470 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
471 std::string input = ReadFile(input_filename);
472 std::string output;
473 if (!keystore->encryptWithAuthentication(key_name, input, &output)) {
474 printf("EncryptWithAuthentication failed.\n");
475 return 1;
476 }
477 WriteFile(output_filename, output);
478 return 0;
479}
480
481int Decrypt(const std::string& key_name, const std::string& input_filename,
482 const std::string& output_filename) {
483 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
484 std::string input = ReadFile(input_filename);
485 std::string output;
486 if (!keystore->decryptWithAuthentication(key_name, input, &output)) {
487 printf("DecryptWithAuthentication failed.\n");
488 return 1;
489 }
490 WriteFile(output_filename, output);
491 return 0;
492}
493
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]494} // namespace
495
496int main(int argc, char** argv) {
497 CommandLine::Init(argc, argv);
498 CommandLine* command_line = CommandLine::ForCurrentProcess();
499 CommandLine::StringVector args = command_line->GetArgs();
500 if (args.empty()) {
501 PrintUsageAndExit();
502 }
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame^]503 if (args[0] == "brillo-platform-test") {
504 return BrilloPlatformTest(command_line->GetSwitchValueASCII("prefix"));
505 } else if (args[0] == "list-brillo-tests") {
506 return ListTestCases();
507 } else if (args[0] == "add-entropy") {
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]508 return AddEntropy(command_line->GetSwitchValueASCII("input"));
509 } else if (args[0] == "generate") {
510 return GenerateKey(command_line->GetSwitchValueASCII("name"));
511 } else if (args[0] == "get-chars") {
512 return GetCharacteristics(command_line->GetSwitchValueASCII("name"));
513 } else if (args[0] == "export") {
514 return ExportKey(command_line->GetSwitchValueASCII("name"));
515 } else if (args[0] == "delete") {
516 return DeleteKey(command_line->GetSwitchValueASCII("name"));
517 } else if (args[0] == "delete-all") {
518 return DeleteAllKeys();
519 } else if (args[0] == "exists") {
520 return DoesKeyExist(command_line->GetSwitchValueASCII("name"));
521 } else if (args[0] == "list") {
522 return List(command_line->GetSwitchValueASCII("prefix"));
523 } else if (args[0] == "sign-verify") {
524 return SignAndVerify(command_line->GetSwitchValueASCII("name"));
Darren Krahn251cb282015-09-28 08:51:18 -0700[diff] [blame]525 } else if (args[0] == "encrypt") {
526 return Encrypt(command_line->GetSwitchValueASCII("name"),
527 command_line->GetSwitchValueASCII("in"),
528 command_line->GetSwitchValueASCII("out"));
529 } else if (args[0] == "decrypt") {
530 return Decrypt(command_line->GetSwitchValueASCII("name"),
531 command_line->GetSwitchValueASCII("in"),
532 command_line->GetSwitchValueASCII("out"));
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]533 } else {
534 PrintUsageAndExit();
535 }
536 return 0;
537}