Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / c1460141c0eea24ae004edf7a964078611f45cc6 / . / keystore / keystore_cli_v2.cpp
blob: 6e995e0710e175112c89b4dfb1e651d2ba346670 [file] [log] [blame]
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]1// Copyright 2015 The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15#include <cstdio>
16#include <memory>
17#include <string>
18#include <vector>
19
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame]20#include <base/command_line.h>
21#include <base/files/file_util.h>
22#include <base/strings/string_util.h>
23#include <keystore/keymaster_types.h>
24#include <keystore/keystore_client_impl.h>
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]25
26using base::CommandLine;
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]27using keystore::KeystoreClient;
28
29namespace {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]30using namespace keystore;
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]31
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]32struct TestCase {
33 std::string name;
34 bool required_for_brillo_pts;
35 AuthorizationSet parameters;
36};
37
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]38void PrintUsageAndExit() {
39 printf("Usage: keystore_client_v2 <command> [options]\n");
Darren Krahn82f4f5b2016-03-03 16:21:07 -0800[diff] [blame]40 printf("Commands: brillo-platform-test [--prefix=<test_name_prefix>] [--test_for_0_3]\n"
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]41 " list-brillo-tests\n"
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame^]42 " add-entropy --input=<entropy> [--seclevel=software|strongbox|tee(default)]\n"
43 " generate --name=<key_name> [--seclevel=software|strongbox|tee(default)]\n"
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]44 " get-chars --name=<key_name>\n"
45 " export --name=<key_name>\n"
46 " delete --name=<key_name>\n"
47 " delete-all\n"
48 " exists --name=<key_name>\n"
49 " list [--prefix=<key_name_prefix>]\n"
Darren Krahn251cb282015-09-28 08:51:18 -0700[diff] [blame]50 " sign-verify --name=<key_name>\n"
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame^]51 " [en|de]crypt --name=<key_name> --in=<file> --out=<file>\n"
52 " [--seclevel=software|strongbox|tee(default)]\n");
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]53 exit(1);
54}
55
56std::unique_ptr<KeystoreClient> CreateKeystoreInstance() {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]57 return std::unique_ptr<KeystoreClient>(
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame]58 static_cast<KeystoreClient*>(new keystore::KeystoreClientImpl));
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]59}
60
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]61void PrintTags(const AuthorizationSet& parameters) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]62 for (auto iter = parameters.begin(); iter != parameters.end(); ++iter) {
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame]63 auto tag_str = toString(iter->tag);
64 printf(" %s\n", tag_str.c_str());
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]65 }
66}
67
68void PrintKeyCharacteristics(const AuthorizationSet& hardware_enforced_characteristics,
69 const AuthorizationSet& software_enforced_characteristics) {
70 printf("Hardware:\n");
71 PrintTags(hardware_enforced_characteristics);
72 printf("Software:\n");
73 PrintTags(software_enforced_characteristics);
74}
75
76bool TestKey(const std::string& name, bool required, const AuthorizationSet& parameters) {
77 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
78 AuthorizationSet hardware_enforced_characteristics;
79 AuthorizationSet software_enforced_characteristics;
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame^]80 auto result =
81 keystore->generateKey("tmp", parameters, 0 /*flags*/, &hardware_enforced_characteristics,
82 &software_enforced_characteristics);
Darren Krahn82f4f5b2016-03-03 16:21:07 -0800[diff] [blame]83 const char kBoldRedAbort[] = "\033[1;31mABORT\033[0m";
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]84 if (!result.isOk()) {
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]85 LOG(ERROR) << "Failed to generate key: " << result;
Darren Krahn82f4f5b2016-03-03 16:21:07 -0800[diff] [blame]86 printf("[%s] %s\n", kBoldRedAbort, name.c_str());
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]87 return false;
88 }
89 result = keystore->deleteKey("tmp");
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]90 if (!result.isOk()) {
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]91 LOG(ERROR) << "Failed to delete key: " << result;
Darren Krahn82f4f5b2016-03-03 16:21:07 -0800[diff] [blame]92 printf("[%s] %s\n", kBoldRedAbort, name.c_str());
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]93 return false;
94 }
95 printf("===============================================================\n");
96 printf("%s Key Characteristics:\n", name.c_str());
97 PrintKeyCharacteristics(hardware_enforced_characteristics, software_enforced_characteristics);
98 bool hardware_backed = (hardware_enforced_characteristics.size() > 0);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]99 if (software_enforced_characteristics.GetTagCount(TAG_ALGORITHM) > 0 ||
100 software_enforced_characteristics.GetTagCount(TAG_KEY_SIZE) > 0 ||
101 software_enforced_characteristics.GetTagCount(TAG_RSA_PUBLIC_EXPONENT) > 0) {
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]102 VLOG(1) << "Hardware-backed key but required characteristics enforced in software.";
103 hardware_backed = false;
104 }
105 const char kBoldRedFail[] = "\033[1;31mFAIL\033[0m";
106 const char kBoldGreenPass[] = "\033[1;32mPASS\033[0m";
107 const char kBoldYellowWarn[] = "\033[1;33mWARN\033[0m";
108 printf("[%s] %s\n",
109 hardware_backed ? kBoldGreenPass : (required ? kBoldRedFail : kBoldYellowWarn),
110 name.c_str());
111
112 return (hardware_backed || !required);
113}
114
115AuthorizationSet GetRSASignParameters(uint32_t key_size, bool sha256_only) {
116 AuthorizationSetBuilder parameters;
117 parameters.RsaSigningKey(key_size, 65537)
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]118 .Digest(Digest::SHA_2_256)
119 .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)
120 .Padding(PaddingMode::RSA_PSS)
121 .Authorization(TAG_NO_AUTH_REQUIRED);
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]122 if (!sha256_only) {
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame]123 parameters.Digest(Digest::SHA_2_224).Digest(Digest::SHA_2_384).Digest(Digest::SHA_2_512);
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]124 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]125 return parameters;
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]126}
127
128AuthorizationSet GetRSAEncryptParameters(uint32_t key_size) {
129 AuthorizationSetBuilder parameters;
130 parameters.RsaEncryptionKey(key_size, 65537)
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]131 .Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT)
132 .Padding(PaddingMode::RSA_OAEP)
133 .Authorization(TAG_NO_AUTH_REQUIRED);
134 return parameters;
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]135}
136
137AuthorizationSet GetECDSAParameters(uint32_t key_size, bool sha256_only) {
138 AuthorizationSetBuilder parameters;
139 parameters.EcdsaSigningKey(key_size)
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]140 .Digest(Digest::SHA_2_256)
141 .Authorization(TAG_NO_AUTH_REQUIRED);
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]142 if (!sha256_only) {
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame]143 parameters.Digest(Digest::SHA_2_224).Digest(Digest::SHA_2_384).Digest(Digest::SHA_2_512);
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]144 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]145 return parameters;
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]146}
147
148AuthorizationSet GetAESParameters(uint32_t key_size, bool with_gcm_mode) {
149 AuthorizationSetBuilder parameters;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]150 parameters.AesEncryptionKey(key_size).Authorization(TAG_NO_AUTH_REQUIRED);
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]151 if (with_gcm_mode) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]152 parameters.Authorization(TAG_BLOCK_MODE, BlockMode::GCM)
153 .Authorization(TAG_MIN_MAC_LENGTH, 128);
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]154 } else {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]155 parameters.Authorization(TAG_BLOCK_MODE, BlockMode::ECB);
156 parameters.Authorization(TAG_BLOCK_MODE, BlockMode::CBC);
157 parameters.Authorization(TAG_BLOCK_MODE, BlockMode::CTR);
158 parameters.Padding(PaddingMode::NONE);
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]159 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]160 return parameters;
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]161}
162
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]163AuthorizationSet GetHMACParameters(uint32_t key_size, Digest digest) {
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]164 AuthorizationSetBuilder parameters;
165 parameters.HmacKey(key_size)
166 .Digest(digest)
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]167 .Authorization(TAG_MIN_MAC_LENGTH, 224)
168 .Authorization(TAG_NO_AUTH_REQUIRED);
169 return parameters;
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]170}
171
172std::vector<TestCase> GetTestCases() {
173 TestCase test_cases[] = {
174 {"RSA-2048 Sign", true, GetRSASignParameters(2048, true)},
175 {"RSA-2048 Sign (more digests)", false, GetRSASignParameters(2048, false)},
176 {"RSA-3072 Sign", false, GetRSASignParameters(3072, false)},
177 {"RSA-4096 Sign", false, GetRSASignParameters(4096, false)},
178 {"RSA-2048 Encrypt", true, GetRSAEncryptParameters(2048)},
179 {"RSA-3072 Encrypt", false, GetRSAEncryptParameters(3072)},
180 {"RSA-4096 Encrypt", false, GetRSAEncryptParameters(4096)},
181 {"ECDSA-P256 Sign", true, GetECDSAParameters(256, true)},
182 {"ECDSA-P256 Sign (more digests)", false, GetECDSAParameters(256, false)},
183 {"ECDSA-P224 Sign", false, GetECDSAParameters(224, false)},
184 {"ECDSA-P384 Sign", false, GetECDSAParameters(384, false)},
185 {"ECDSA-P521 Sign", false, GetECDSAParameters(521, false)},
186 {"AES-128", true, GetAESParameters(128, false)},
187 {"AES-256", true, GetAESParameters(256, false)},
188 {"AES-128-GCM", false, GetAESParameters(128, true)},
189 {"AES-256-GCM", false, GetAESParameters(256, true)},
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]190 {"HMAC-SHA256-16", true, GetHMACParameters(16, Digest::SHA_2_256)},
191 {"HMAC-SHA256-32", true, GetHMACParameters(32, Digest::SHA_2_256)},
192 {"HMAC-SHA256-64", false, GetHMACParameters(64, Digest::SHA_2_256)},
193 {"HMAC-SHA224-32", false, GetHMACParameters(32, Digest::SHA_2_224)},
194 {"HMAC-SHA384-32", false, GetHMACParameters(32, Digest::SHA_2_384)},
195 {"HMAC-SHA512-32", false, GetHMACParameters(32, Digest::SHA_2_512)},
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]196 };
197 return std::vector<TestCase>(&test_cases[0], &test_cases[arraysize(test_cases)]);
198}
199
Darren Krahn82f4f5b2016-03-03 16:21:07 -0800[diff] [blame]200int BrilloPlatformTest(const std::string& prefix, bool test_for_0_3) {
201 const char kBoldYellowWarning[] = "\033[1;33mWARNING\033[0m";
202 if (test_for_0_3) {
203 printf("%s: Testing for keymaster v0.3. "
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame]204 "This does not meet Brillo requirements.\n",
205 kBoldYellowWarning);
Darren Krahn82f4f5b2016-03-03 16:21:07 -0800[diff] [blame]206 }
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]207 int test_count = 0;
208 int fail_count = 0;
209 std::vector<TestCase> test_cases = GetTestCases();
210 for (const auto& test_case : test_cases) {
Darren Krahn82f4f5b2016-03-03 16:21:07 -0800[diff] [blame]211 if (!prefix.empty() &&
212 !base::StartsWith(test_case.name, prefix, base::CompareCase::SENSITIVE)) {
213 continue;
214 }
215 if (test_for_0_3 &&
216 (base::StartsWith(test_case.name, "AES", base::CompareCase::SENSITIVE) ||
217 base::StartsWith(test_case.name, "HMAC", base::CompareCase::SENSITIVE))) {
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]218 continue;
219 }
220 ++test_count;
221 if (!TestKey(test_case.name, test_case.required_for_brillo_pts, test_case.parameters)) {
222 VLOG(1) << "Test failed: " << test_case.name;
223 ++fail_count;
224 }
225 }
226 return fail_count;
227}
228
229int ListTestCases() {
230 const char kBoldGreenRequired[] = "\033[1;32mREQUIRED\033[0m";
231 const char kBoldYellowRecommended[] = "\033[1;33mRECOMMENDED\033[0m";
232 std::vector<TestCase> test_cases = GetTestCases();
233 for (const auto& test_case : test_cases) {
234 printf("%s : %s\n", test_case.name.c_str(),
235 test_case.required_for_brillo_pts ? kBoldGreenRequired : kBoldYellowRecommended);
236 }
237 return 0;
238}
239
Darren Krahn251cb282015-09-28 08:51:18 -0700[diff] [blame]240std::string ReadFile(const std::string& filename) {
241 std::string content;
242 base::FilePath path(filename);
243 if (!base::ReadFileToString(path, &content)) {
244 printf("Failed to read file: %s\n", filename.c_str());
245 exit(1);
246 }
247 return content;
248}
249
250void WriteFile(const std::string& filename, const std::string& content) {
251 base::FilePath path(filename);
252 int size = content.size();
253 if (base::WriteFile(path, content.data(), size) != size) {
254 printf("Failed to write file: %s\n", filename.c_str());
255 exit(1);
256 }
257}
258
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame^]259int AddEntropy(const std::string& input, int32_t flags) {
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]260 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame^]261 int32_t result = keystore->addRandomNumberGeneratorEntropy(input, flags);
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]262 printf("AddEntropy: %d\n", result);
263 return result;
264}
265
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame^]266int GenerateKey(const std::string& name, int32_t flags) {
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]267 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
268 AuthorizationSetBuilder params;
269 params.RsaSigningKey(2048, 65537)
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]270 .Digest(Digest::SHA_2_224)
271 .Digest(Digest::SHA_2_256)
272 .Digest(Digest::SHA_2_384)
273 .Digest(Digest::SHA_2_512)
274 .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)
275 .Padding(PaddingMode::RSA_PSS)
276 .Authorization(TAG_NO_AUTH_REQUIRED);
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]277 AuthorizationSet hardware_enforced_characteristics;
278 AuthorizationSet software_enforced_characteristics;
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame^]279 auto result = keystore->generateKey(name, params, flags, &hardware_enforced_characteristics,
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame]280 &software_enforced_characteristics);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]281 printf("GenerateKey: %d\n", int32_t(result));
282 if (result.isOk()) {
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]283 PrintKeyCharacteristics(hardware_enforced_characteristics,
284 software_enforced_characteristics);
285 }
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]286 return result;
287}
288
289int GetCharacteristics(const std::string& name) {
290 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
291 AuthorizationSet hardware_enforced_characteristics;
292 AuthorizationSet software_enforced_characteristics;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]293 auto result = keystore->getKeyCharacteristics(name, &hardware_enforced_characteristics,
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame]294 &software_enforced_characteristics);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]295 printf("GetCharacteristics: %d\n", int32_t(result));
296 if (result.isOk()) {
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]297 PrintKeyCharacteristics(hardware_enforced_characteristics,
298 software_enforced_characteristics);
299 }
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]300 return result;
301}
302
303int ExportKey(const std::string& name) {
304 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
305 std::string data;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]306 int32_t result = keystore->exportKey(KeyFormat::X509, name, &data);
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]307 printf("ExportKey: %d (%zu)\n", result, data.size());
308 return result;
309}
310
311int DeleteKey(const std::string& name) {
312 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
313 int32_t result = keystore->deleteKey(name);
314 printf("DeleteKey: %d\n", result);
315 return result;
316}
317
318int DeleteAllKeys() {
319 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
320 int32_t result = keystore->deleteAllKeys();
321 printf("DeleteAllKeys: %d\n", result);
322 return result;
323}
324
325int DoesKeyExist(const std::string& name) {
326 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
327 printf("DoesKeyExist: %s\n", keystore->doesKeyExist(name) ? "yes" : "no");
328 return 0;
329}
330
331int List(const std::string& prefix) {
332 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
333 std::vector<std::string> key_list;
334 if (!keystore->listKeys(prefix, &key_list)) {
335 printf("ListKeys failed.\n");
336 return 1;
337 }
338 printf("Keys:\n");
339 for (const auto& key_name : key_list) {
340 printf(" %s\n", key_name.c_str());
341 }
342 return 0;
343}
344
345int SignAndVerify(const std::string& name) {
346 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
347 AuthorizationSetBuilder sign_params;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]348 sign_params.Padding(PaddingMode::RSA_PKCS1_1_5_SIGN);
349 sign_params.Digest(Digest::SHA_2_256);
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]350 AuthorizationSet output_params;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]351 uint64_t handle;
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame]352 auto result =
353 keystore->beginOperation(KeyPurpose::SIGN, name, sign_params, &output_params, &handle);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]354 if (!result.isOk()) {
355 printf("Sign: BeginOperation failed: %d\n", int32_t(result));
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]356 return result;
357 }
358 AuthorizationSet empty_params;
359 size_t num_input_bytes_consumed;
360 std::string output_data;
361 result = keystore->updateOperation(handle, empty_params, "data_to_sign",
362 &num_input_bytes_consumed, &output_params, &output_data);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]363 if (!result.isOk()) {
364 printf("Sign: UpdateOperation failed: %d\n", int32_t(result));
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]365 return result;
366 }
367 result = keystore->finishOperation(handle, empty_params, std::string() /*signature_to_verify*/,
368 &output_params, &output_data);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]369 if (!result.isOk()) {
370 printf("Sign: FinishOperation failed: %d\n", int32_t(result));
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]371 return result;
372 }
373 printf("Sign: %zu bytes.\n", output_data.size());
374 // We have a signature, now verify it.
375 std::string signature_to_verify = output_data;
Darren Krahn251cb282015-09-28 08:51:18 -0700[diff] [blame]376 output_data.clear();
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame]377 result =
378 keystore->beginOperation(KeyPurpose::VERIFY, name, sign_params, &output_params, &handle);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]379 if (!result.isOk()) {
380 printf("Verify: BeginOperation failed: %d\n", int32_t(result));
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]381 return result;
382 }
383 result = keystore->updateOperation(handle, empty_params, "data_to_sign",
384 &num_input_bytes_consumed, &output_params, &output_data);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]385 if (!result.isOk()) {
386 printf("Verify: UpdateOperation failed: %d\n", int32_t(result));
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]387 return result;
388 }
389 result = keystore->finishOperation(handle, empty_params, signature_to_verify, &output_params,
390 &output_data);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]391 if (result == ErrorCode::VERIFICATION_FAILED) {
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]392 printf("Verify: Failed to verify signature.\n");
393 return result;
394 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]395 if (!result.isOk()) {
396 printf("Verify: FinishOperation failed: %d\n", int32_t(result));
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]397 return result;
398 }
399 printf("Verify: OK\n");
400 return 0;
401}
402
Darren Krahn251cb282015-09-28 08:51:18 -0700[diff] [blame]403int Encrypt(const std::string& key_name, const std::string& input_filename,
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame^]404 const std::string& output_filename, int32_t flags) {
Darren Krahn251cb282015-09-28 08:51:18 -0700[diff] [blame]405 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
406 std::string input = ReadFile(input_filename);
407 std::string output;
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame^]408 if (!keystore->encryptWithAuthentication(key_name, input, flags, &output)) {
Darren Krahn251cb282015-09-28 08:51:18 -0700[diff] [blame]409 printf("EncryptWithAuthentication failed.\n");
410 return 1;
411 }
412 WriteFile(output_filename, output);
413 return 0;
414}
415
416int Decrypt(const std::string& key_name, const std::string& input_filename,
417 const std::string& output_filename) {
418 std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance();
419 std::string input = ReadFile(input_filename);
420 std::string output;
421 if (!keystore->decryptWithAuthentication(key_name, input, &output)) {
422 printf("DecryptWithAuthentication failed.\n");
423 return 1;
424 }
425 WriteFile(output_filename, output);
426 return 0;
427}
428
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame^]429uint32_t securityLevelOption2Flags(const CommandLine& cmd) {
430 if (cmd.HasSwitch("seclevel")) {
431 auto str = cmd.GetSwitchValueASCII("seclevel");
432 if (str == "strongbox") {
433 return KEYSTORE_FLAG_STRONGBOX;
434 } else if (str == "software") {
435 return KEYSTORE_FLAG_FALLBACK;
436 }
437 }
438 return KEYSTORE_FLAG_NONE;
439}
440
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]441} // namespace
442
443int main(int argc, char** argv) {
444 CommandLine::Init(argc, argv);
445 CommandLine* command_line = CommandLine::ForCurrentProcess();
446 CommandLine::StringVector args = command_line->GetArgs();
447 if (args.empty()) {
448 PrintUsageAndExit();
449 }
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]450 if (args[0] == "brillo-platform-test") {
Darren Krahn82f4f5b2016-03-03 16:21:07 -0800[diff] [blame]451 return BrilloPlatformTest(command_line->GetSwitchValueASCII("prefix"),
452 command_line->HasSwitch("test_for_0_3"));
Darren Krahna9474ab2015-11-03 14:38:53 -0800[diff] [blame]453 } else if (args[0] == "list-brillo-tests") {
454 return ListTestCases();
455 } else if (args[0] == "add-entropy") {
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame^]456 return AddEntropy(command_line->GetSwitchValueASCII("input"),
457 securityLevelOption2Flags(*command_line));
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]458 } else if (args[0] == "generate") {
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame^]459 return GenerateKey(command_line->GetSwitchValueASCII("name"),
460 securityLevelOption2Flags(*command_line));
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]461 } else if (args[0] == "get-chars") {
462 return GetCharacteristics(command_line->GetSwitchValueASCII("name"));
463 } else if (args[0] == "export") {
464 return ExportKey(command_line->GetSwitchValueASCII("name"));
465 } else if (args[0] == "delete") {
466 return DeleteKey(command_line->GetSwitchValueASCII("name"));
467 } else if (args[0] == "delete-all") {
468 return DeleteAllKeys();
469 } else if (args[0] == "exists") {
470 return DoesKeyExist(command_line->GetSwitchValueASCII("name"));
471 } else if (args[0] == "list") {
472 return List(command_line->GetSwitchValueASCII("prefix"));
473 } else if (args[0] == "sign-verify") {
474 return SignAndVerify(command_line->GetSwitchValueASCII("name"));
Darren Krahn251cb282015-09-28 08:51:18 -0700[diff] [blame]475 } else if (args[0] == "encrypt") {
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame^]476 return Encrypt(
477 command_line->GetSwitchValueASCII("name"), command_line->GetSwitchValueASCII("in"),
478 command_line->GetSwitchValueASCII("out"), securityLevelOption2Flags(*command_line));
Darren Krahn251cb282015-09-28 08:51:18 -0700[diff] [blame]479 } else if (args[0] == "decrypt") {
480 return Decrypt(command_line->GetSwitchValueASCII("name"),
481 command_line->GetSwitchValueASCII("in"),
482 command_line->GetSwitchValueASCII("out"));
Darren Krahn69a3dbc2015-09-22 16:21:04 -0700[diff] [blame]483 } else {
484 PrintUsageAndExit();
485 }
486 return 0;
487}