| // Copyright 2015 The Android Open Source Project |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| #include <chrono> |
| #include <cstdio> |
| #include <future> |
| #include <memory> |
| #include <string> |
| #include <vector> |
| |
| #include <base/command_line.h> |
| #include <base/files/file_util.h> |
| #include <base/strings/string_number_conversions.h> |
| #include <base/strings/string_split.h> |
| #include <base/strings/string_util.h> |
| #include <base/strings/utf_string_conversions.h> |
| #include <base/threading/platform_thread.h> |
| #include <keystore/keymaster_types.h> |
| #include <keystore/keystore_client_impl.h> |
| |
| #include <android/hardware/confirmationui/1.0/types.h> |
| #include <android/security/BnConfirmationPromptCallback.h> |
| #include <android/security/keystore/IKeystoreService.h> |
| |
| #include <binder/IPCThreadState.h> |
| #include <binder/IServiceManager.h> |
| |
| //#include <keystore/keystore.h> |
| |
| using base::CommandLine; |
| using keystore::KeystoreClient; |
| |
| using android::sp; |
| using android::String16; |
| using android::security::keystore::IKeystoreService; |
| using base::CommandLine; |
| using ConfirmationResponseCode = android::hardware::confirmationui::V1_0::ResponseCode; |
| |
| namespace { |
| using namespace keystore; |
| |
| struct TestCase { |
| std::string name; |
| bool required_for_brillo_pts; |
| AuthorizationSet parameters; |
| }; |
| |
| void PrintUsageAndExit() { |
| printf("Usage: keystore_client_v2 <command> [options]\n"); |
| printf("Commands: brillo-platform-test [--prefix=<test_name_prefix>] [--test_for_0_3]\n" |
| " list-brillo-tests\n" |
| " add-entropy --input=<entropy> [--seclevel=software|strongbox|tee(default)]\n" |
| " generate --name=<key_name> [--seclevel=software|strongbox|tee(default)]\n" |
| " get-chars --name=<key_name>\n" |
| " export --name=<key_name>\n" |
| " delete --name=<key_name>\n" |
| " delete-all\n" |
| " exists --name=<key_name>\n" |
| " list [--prefix=<key_name_prefix>]\n" |
| " list-apps-with-keys\n" |
| " sign-verify --name=<key_name>\n" |
| " [en|de]crypt --name=<key_name> --in=<file> --out=<file>\n" |
| " [--seclevel=software|strongbox|tee(default)]\n" |
| " confirmation --prompt_text=<PromptText> --extra_data=<hex>\n" |
| " --locale=<locale> [--ui_options=<list_of_ints>]\n" |
| " --cancel_after=<seconds>\n"); |
| exit(1); |
| } |
| |
| std::unique_ptr<KeystoreClient> CreateKeystoreInstance() { |
| return std::unique_ptr<KeystoreClient>( |
| static_cast<KeystoreClient*>(new keystore::KeystoreClientImpl)); |
| } |
| |
| void PrintTags(const AuthorizationSet& parameters) { |
| for (auto iter = parameters.begin(); iter != parameters.end(); ++iter) { |
| auto tag_str = toString(iter->tag); |
| printf(" %s\n", tag_str.c_str()); |
| } |
| } |
| |
| void PrintKeyCharacteristics(const AuthorizationSet& hardware_enforced_characteristics, |
| const AuthorizationSet& software_enforced_characteristics) { |
| printf("Hardware:\n"); |
| PrintTags(hardware_enforced_characteristics); |
| printf("Software:\n"); |
| PrintTags(software_enforced_characteristics); |
| } |
| |
| bool TestKey(const std::string& name, bool required, const AuthorizationSet& parameters) { |
| std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| AuthorizationSet hardware_enforced_characteristics; |
| AuthorizationSet software_enforced_characteristics; |
| auto result = |
| keystore->generateKey("tmp", parameters, 0 /*flags*/, &hardware_enforced_characteristics, |
| &software_enforced_characteristics); |
| const char kBoldRedAbort[] = "\033[1;31mABORT\033[0m"; |
| if (!result.isOk()) { |
| LOG(ERROR) << "Failed to generate key: " << result; |
| printf("[%s] %s\n", kBoldRedAbort, name.c_str()); |
| return false; |
| } |
| result = keystore->deleteKey("tmp"); |
| if (!result.isOk()) { |
| LOG(ERROR) << "Failed to delete key: " << result; |
| printf("[%s] %s\n", kBoldRedAbort, name.c_str()); |
| return false; |
| } |
| printf("===============================================================\n"); |
| printf("%s Key Characteristics:\n", name.c_str()); |
| PrintKeyCharacteristics(hardware_enforced_characteristics, software_enforced_characteristics); |
| bool hardware_backed = (hardware_enforced_characteristics.size() > 0); |
| if (software_enforced_characteristics.GetTagCount(TAG_ALGORITHM) > 0 || |
| software_enforced_characteristics.GetTagCount(TAG_KEY_SIZE) > 0 || |
| software_enforced_characteristics.GetTagCount(TAG_RSA_PUBLIC_EXPONENT) > 0) { |
| VLOG(1) << "Hardware-backed key but required characteristics enforced in software."; |
| hardware_backed = false; |
| } |
| const char kBoldRedFail[] = "\033[1;31mFAIL\033[0m"; |
| const char kBoldGreenPass[] = "\033[1;32mPASS\033[0m"; |
| const char kBoldYellowWarn[] = "\033[1;33mWARN\033[0m"; |
| printf("[%s] %s\n", |
| hardware_backed ? kBoldGreenPass : (required ? kBoldRedFail : kBoldYellowWarn), |
| name.c_str()); |
| |
| return (hardware_backed || !required); |
| } |
| |
| AuthorizationSet GetRSASignParameters(uint32_t key_size, bool sha256_only) { |
| AuthorizationSetBuilder parameters; |
| parameters.RsaSigningKey(key_size, 65537) |
| .Digest(Digest::SHA_2_256) |
| .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN) |
| .Padding(PaddingMode::RSA_PSS) |
| .Authorization(TAG_NO_AUTH_REQUIRED); |
| if (!sha256_only) { |
| parameters.Digest(Digest::SHA_2_224).Digest(Digest::SHA_2_384).Digest(Digest::SHA_2_512); |
| } |
| return std::move(parameters); |
| } |
| |
| AuthorizationSet GetRSAEncryptParameters(uint32_t key_size) { |
| AuthorizationSetBuilder parameters; |
| parameters.RsaEncryptionKey(key_size, 65537) |
| .Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT) |
| .Padding(PaddingMode::RSA_OAEP) |
| .Authorization(TAG_NO_AUTH_REQUIRED); |
| return std::move(parameters); |
| } |
| |
| AuthorizationSet GetECDSAParameters(uint32_t key_size, bool sha256_only) { |
| AuthorizationSetBuilder parameters; |
| parameters.EcdsaSigningKey(key_size) |
| .Digest(Digest::SHA_2_256) |
| .Authorization(TAG_NO_AUTH_REQUIRED); |
| if (!sha256_only) { |
| parameters.Digest(Digest::SHA_2_224).Digest(Digest::SHA_2_384).Digest(Digest::SHA_2_512); |
| } |
| return std::move(parameters); |
| } |
| |
| AuthorizationSet GetAESParameters(uint32_t key_size, bool with_gcm_mode) { |
| AuthorizationSetBuilder parameters; |
| parameters.AesEncryptionKey(key_size).Authorization(TAG_NO_AUTH_REQUIRED); |
| if (with_gcm_mode) { |
| parameters.Authorization(TAG_BLOCK_MODE, BlockMode::GCM) |
| .Authorization(TAG_MIN_MAC_LENGTH, 128); |
| } else { |
| parameters.Authorization(TAG_BLOCK_MODE, BlockMode::ECB); |
| parameters.Authorization(TAG_BLOCK_MODE, BlockMode::CBC); |
| parameters.Authorization(TAG_BLOCK_MODE, BlockMode::CTR); |
| parameters.Padding(PaddingMode::NONE); |
| } |
| return std::move(parameters); |
| } |
| |
| AuthorizationSet GetHMACParameters(uint32_t key_size, Digest digest) { |
| AuthorizationSetBuilder parameters; |
| parameters.HmacKey(key_size) |
| .Digest(digest) |
| .Authorization(TAG_MIN_MAC_LENGTH, 224) |
| .Authorization(TAG_NO_AUTH_REQUIRED); |
| return std::move(parameters); |
| } |
| |
| std::vector<TestCase> GetTestCases() { |
| TestCase test_cases[] = { |
| {"RSA-2048 Sign", true, GetRSASignParameters(2048, true)}, |
| {"RSA-2048 Sign (more digests)", false, GetRSASignParameters(2048, false)}, |
| {"RSA-3072 Sign", false, GetRSASignParameters(3072, false)}, |
| {"RSA-4096 Sign", false, GetRSASignParameters(4096, false)}, |
| {"RSA-2048 Encrypt", true, GetRSAEncryptParameters(2048)}, |
| {"RSA-3072 Encrypt", false, GetRSAEncryptParameters(3072)}, |
| {"RSA-4096 Encrypt", false, GetRSAEncryptParameters(4096)}, |
| {"ECDSA-P256 Sign", true, GetECDSAParameters(256, true)}, |
| {"ECDSA-P256 Sign (more digests)", false, GetECDSAParameters(256, false)}, |
| {"ECDSA-P224 Sign", false, GetECDSAParameters(224, false)}, |
| {"ECDSA-P384 Sign", false, GetECDSAParameters(384, false)}, |
| {"ECDSA-P521 Sign", false, GetECDSAParameters(521, false)}, |
| {"AES-128", true, GetAESParameters(128, false)}, |
| {"AES-256", true, GetAESParameters(256, false)}, |
| {"AES-128-GCM", false, GetAESParameters(128, true)}, |
| {"AES-256-GCM", false, GetAESParameters(256, true)}, |
| {"HMAC-SHA256-16", true, GetHMACParameters(16, Digest::SHA_2_256)}, |
| {"HMAC-SHA256-32", true, GetHMACParameters(32, Digest::SHA_2_256)}, |
| {"HMAC-SHA256-64", false, GetHMACParameters(64, Digest::SHA_2_256)}, |
| {"HMAC-SHA224-32", false, GetHMACParameters(32, Digest::SHA_2_224)}, |
| {"HMAC-SHA384-32", false, GetHMACParameters(32, Digest::SHA_2_384)}, |
| {"HMAC-SHA512-32", false, GetHMACParameters(32, Digest::SHA_2_512)}, |
| }; |
| return std::vector<TestCase>(&test_cases[0], &test_cases[arraysize(test_cases)]); |
| } |
| |
| int BrilloPlatformTest(const std::string& prefix, bool test_for_0_3) { |
| const char kBoldYellowWarning[] = "\033[1;33mWARNING\033[0m"; |
| if (test_for_0_3) { |
| printf("%s: Testing for keymaster v0.3. " |
| "This does not meet Brillo requirements.\n", |
| kBoldYellowWarning); |
| } |
| int test_count = 0; |
| int fail_count = 0; |
| std::vector<TestCase> test_cases = GetTestCases(); |
| for (const auto& test_case : test_cases) { |
| if (!prefix.empty() && |
| !base::StartsWith(test_case.name, prefix, base::CompareCase::SENSITIVE)) { |
| continue; |
| } |
| if (test_for_0_3 && |
| (base::StartsWith(test_case.name, "AES", base::CompareCase::SENSITIVE) || |
| base::StartsWith(test_case.name, "HMAC", base::CompareCase::SENSITIVE))) { |
| continue; |
| } |
| ++test_count; |
| if (!TestKey(test_case.name, test_case.required_for_brillo_pts, test_case.parameters)) { |
| VLOG(1) << "Test failed: " << test_case.name; |
| ++fail_count; |
| } |
| } |
| return fail_count; |
| } |
| |
| int ListTestCases() { |
| const char kBoldGreenRequired[] = "\033[1;32mREQUIRED\033[0m"; |
| const char kBoldYellowRecommended[] = "\033[1;33mRECOMMENDED\033[0m"; |
| std::vector<TestCase> test_cases = GetTestCases(); |
| for (const auto& test_case : test_cases) { |
| printf("%s : %s\n", test_case.name.c_str(), |
| test_case.required_for_brillo_pts ? kBoldGreenRequired : kBoldYellowRecommended); |
| } |
| return 0; |
| } |
| |
| std::string ReadFile(const std::string& filename) { |
| std::string content; |
| base::FilePath path(filename); |
| if (!base::ReadFileToString(path, &content)) { |
| printf("Failed to read file: %s\n", filename.c_str()); |
| exit(1); |
| } |
| return content; |
| } |
| |
| void WriteFile(const std::string& filename, const std::string& content) { |
| base::FilePath path(filename); |
| int size = content.size(); |
| if (base::WriteFile(path, content.data(), size) != size) { |
| printf("Failed to write file: %s\n", filename.c_str()); |
| exit(1); |
| } |
| } |
| |
| int AddEntropy(const std::string& input, int32_t flags) { |
| std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| int32_t result = keystore->addRandomNumberGeneratorEntropy(input, flags).getErrorCode(); |
| printf("AddEntropy: %d\n", result); |
| return result; |
| } |
| |
| // Note: auth_bound keys created with this tool will not be usable. |
| int GenerateKey(const std::string& name, int32_t flags, bool auth_bound) { |
| std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| AuthorizationSetBuilder params; |
| params.RsaSigningKey(2048, 65537) |
| .Digest(Digest::SHA_2_224) |
| .Digest(Digest::SHA_2_256) |
| .Digest(Digest::SHA_2_384) |
| .Digest(Digest::SHA_2_512) |
| .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN) |
| .Padding(PaddingMode::RSA_PSS); |
| if (auth_bound) { |
| // Gatekeeper normally generates the secure user id. |
| // Using zero allows the key to be created, but it will not be usuable. |
| params.Authorization(TAG_USER_SECURE_ID, 0); |
| } else { |
| params.Authorization(TAG_NO_AUTH_REQUIRED); |
| } |
| AuthorizationSet hardware_enforced_characteristics; |
| AuthorizationSet software_enforced_characteristics; |
| auto result = keystore->generateKey(name, params, flags, &hardware_enforced_characteristics, |
| &software_enforced_characteristics); |
| printf("GenerateKey: %d\n", result.getErrorCode()); |
| if (result.isOk()) { |
| PrintKeyCharacteristics(hardware_enforced_characteristics, |
| software_enforced_characteristics); |
| } |
| return result.getErrorCode(); |
| } |
| |
| int GetCharacteristics(const std::string& name) { |
| std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| AuthorizationSet hardware_enforced_characteristics; |
| AuthorizationSet software_enforced_characteristics; |
| auto result = keystore->getKeyCharacteristics(name, &hardware_enforced_characteristics, |
| &software_enforced_characteristics); |
| printf("GetCharacteristics: %d\n", result.getErrorCode()); |
| if (result.isOk()) { |
| PrintKeyCharacteristics(hardware_enforced_characteristics, |
| software_enforced_characteristics); |
| } |
| return result.getErrorCode(); |
| } |
| |
| int ExportKey(const std::string& name) { |
| std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| std::string data; |
| int32_t result = keystore->exportKey(KeyFormat::X509, name, &data).getErrorCode(); |
| printf("ExportKey: %d (%zu)\n", result, data.size()); |
| return result; |
| } |
| |
| int DeleteKey(const std::string& name) { |
| std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| int32_t result = keystore->deleteKey(name).getErrorCode(); |
| printf("DeleteKey: %d\n", result); |
| return result; |
| } |
| |
| int DeleteAllKeys() { |
| std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| int32_t result = keystore->deleteAllKeys().getErrorCode(); |
| printf("DeleteAllKeys: %d\n", result); |
| return result; |
| } |
| |
| int DoesKeyExist(const std::string& name) { |
| std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| printf("DoesKeyExist: %s\n", keystore->doesKeyExist(name) ? "yes" : "no"); |
| return 0; |
| } |
| |
| int List(const std::string& prefix) { |
| std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| std::vector<std::string> key_list; |
| if (!keystore->listKeys(prefix, &key_list)) { |
| printf("ListKeys failed.\n"); |
| return 1; |
| } |
| printf("Keys:\n"); |
| for (const auto& key_name : key_list) { |
| printf(" %s\n", key_name.c_str()); |
| } |
| return 0; |
| } |
| |
| int ListAppsWithKeys() { |
| |
| sp<android::IServiceManager> sm = android::defaultServiceManager(); |
| sp<android::IBinder> binder = sm->getService(String16("android.security.keystore")); |
| sp<IKeystoreService> service = android::interface_cast<IKeystoreService>(binder); |
| if (service == nullptr) { |
| fprintf(stderr, "Error connecting to keystore service.\n"); |
| return 1; |
| } |
| int32_t aidl_return; |
| ::std::vector<::std::string> uids; |
| android::binder::Status status = service->listUidsOfAuthBoundKeys(&uids, &aidl_return); |
| if (!status.isOk()) { |
| fprintf(stderr, "Requesting uids of auth bound keys failed with error %s.\n", |
| status.toString8().c_str()); |
| return 1; |
| } |
| if (!KeyStoreNativeReturnCode(aidl_return).isOk()) { |
| fprintf(stderr, "Requesting uids of auth bound keys failed with code %d.\n", aidl_return); |
| return 1; |
| } |
| printf("Apps with auth bound keys:\n"); |
| for (auto i = uids.begin(); i != uids.end(); ++i) { |
| printf("%s\n", i->c_str()); |
| } |
| return 0; |
| } |
| |
| int SignAndVerify(const std::string& name) { |
| std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| AuthorizationSetBuilder sign_params; |
| sign_params.Padding(PaddingMode::RSA_PKCS1_1_5_SIGN); |
| sign_params.Digest(Digest::SHA_2_256); |
| AuthorizationSet output_params; |
| uint64_t handle; |
| auto result = |
| keystore->beginOperation(KeyPurpose::SIGN, name, sign_params, &output_params, &handle); |
| if (!result.isOk()) { |
| printf("Sign: BeginOperation failed: %d\n", result.getErrorCode()); |
| return result.getErrorCode(); |
| } |
| AuthorizationSet empty_params; |
| std::string output_data; |
| result = keystore->finishOperation(handle, empty_params, "data_to_sign", |
| std::string() /*signature_to_verify*/, &output_params, |
| &output_data); |
| if (!result.isOk()) { |
| printf("Sign: FinishOperation failed: %d\n", result.getErrorCode()); |
| return result.getErrorCode(); |
| } |
| printf("Sign: %zu bytes.\n", output_data.size()); |
| // We have a signature, now verify it. |
| std::string signature_to_verify = output_data; |
| output_data.clear(); |
| result = |
| keystore->beginOperation(KeyPurpose::VERIFY, name, sign_params, &output_params, &handle); |
| result = keystore->finishOperation(handle, empty_params, "data_to_sign", signature_to_verify, |
| &output_params, &output_data); |
| if (result == ErrorCode::VERIFICATION_FAILED) { |
| printf("Verify: Failed to verify signature.\n"); |
| return result.getErrorCode(); |
| } |
| if (!result.isOk()) { |
| printf("Verify: FinishOperation failed: %d\n", result.getErrorCode()); |
| return result.getErrorCode(); |
| } |
| printf("Verify: OK\n"); |
| return 0; |
| } |
| |
| int Encrypt(const std::string& key_name, const std::string& input_filename, |
| const std::string& output_filename, int32_t flags) { |
| std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| std::string input = ReadFile(input_filename); |
| std::string output; |
| if (!keystore->encryptWithAuthentication(key_name, input, flags, &output)) { |
| printf("EncryptWithAuthentication failed.\n"); |
| return 1; |
| } |
| WriteFile(output_filename, output); |
| return 0; |
| } |
| |
| int Decrypt(const std::string& key_name, const std::string& input_filename, |
| const std::string& output_filename) { |
| std::unique_ptr<KeystoreClient> keystore = CreateKeystoreInstance(); |
| std::string input = ReadFile(input_filename); |
| std::string output; |
| if (!keystore->decryptWithAuthentication(key_name, input, &output)) { |
| printf("DecryptWithAuthentication failed.\n"); |
| return 1; |
| } |
| WriteFile(output_filename, output); |
| return 0; |
| } |
| |
| uint32_t securityLevelOption2Flags(const CommandLine& cmd) { |
| if (cmd.HasSwitch("seclevel")) { |
| auto str = cmd.GetSwitchValueASCII("seclevel"); |
| if (str == "strongbox") { |
| return KEYSTORE_FLAG_STRONGBOX; |
| } else if (str == "software") { |
| return KEYSTORE_FLAG_FALLBACK; |
| } |
| } |
| return KEYSTORE_FLAG_NONE; |
| } |
| |
| class ConfirmationListener |
| : public android::security::BnConfirmationPromptCallback, |
| public std::promise<std::tuple<ConfirmationResponseCode, std::vector<uint8_t>>> { |
| public: |
| ConfirmationListener() {} |
| |
| virtual ::android::binder::Status |
| onConfirmationPromptCompleted(int32_t result, |
| const ::std::vector<uint8_t>& dataThatWasConfirmed) override { |
| this->set_value({static_cast<ConfirmationResponseCode>(result), dataThatWasConfirmed}); |
| return ::android::binder::Status::ok(); |
| } |
| }; |
| |
| int Confirmation(const std::string& promptText, const std::string& extraDataHex, |
| const std::string& locale, const std::string& uiOptionsStr, |
| const std::string& cancelAfter) { |
| sp<android::IServiceManager> sm = android::defaultServiceManager(); |
| sp<android::IBinder> binder = sm->getService(String16("android.security.keystore")); |
| sp<IKeystoreService> service = android::interface_cast<IKeystoreService>(binder); |
| if (service == nullptr) { |
| printf("error: could not connect to keystore service.\n"); |
| return 1; |
| } |
| |
| if (promptText.size() == 0) { |
| printf("The --prompt_text parameter cannot be empty.\n"); |
| return 1; |
| } |
| |
| std::vector<uint8_t> extraData; |
| if (!base::HexStringToBytes(extraDataHex, &extraData)) { |
| printf("The --extra_data parameter does not appear to be valid hexadecimal.\n"); |
| return 1; |
| } |
| |
| std::vector<std::string> pieces = |
| base::SplitString(uiOptionsStr, ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY); |
| int uiOptionsAsFlags = 0; |
| for (auto& p : pieces) { |
| int value; |
| if (!base::StringToInt(p, &value)) { |
| printf("Error parsing %s in --ui_options parameter as a number.\n", p.c_str()); |
| return 1; |
| } |
| uiOptionsAsFlags |= (1 << value); |
| } |
| |
| double cancelAfterValue = 0.0; |
| |
| if (cancelAfter.size() > 0 && !base::StringToDouble(cancelAfter, &cancelAfterValue)) { |
| printf("Error parsing %s in --cancel_after parameter as a double.\n", cancelAfter.c_str()); |
| return 1; |
| } |
| |
| String16 promptText16(promptText.data(), promptText.size()); |
| String16 locale16(locale.data(), locale.size()); |
| |
| sp<ConfirmationListener> listener = new ConfirmationListener(); |
| |
| auto future = listener->get_future(); |
| int32_t aidl_return; |
| android::binder::Status status = service->presentConfirmationPrompt( |
| listener, promptText16, extraData, locale16, uiOptionsAsFlags, &aidl_return); |
| if (!status.isOk()) { |
| printf("Presenting confirmation prompt failed with binder status '%s'.\n", |
| status.toString8().c_str()); |
| return 1; |
| } |
| ConfirmationResponseCode responseCode = static_cast<ConfirmationResponseCode>(aidl_return); |
| if (responseCode != ConfirmationResponseCode::OK) { |
| printf("Presenting confirmation prompt failed with response code %d.\n", responseCode); |
| return 1; |
| } |
| printf("Waiting for prompt to complete - use Ctrl+C to abort...\n"); |
| |
| if (cancelAfterValue > 0.0) { |
| printf("Sleeping %.1f seconds before canceling prompt...\n", cancelAfterValue); |
| auto fstatus = |
| future.wait_for(std::chrono::milliseconds(uint64_t(cancelAfterValue * 1000))); |
| if (fstatus == std::future_status::timeout) { |
| status = service->cancelConfirmationPrompt(listener, &aidl_return); |
| if (!status.isOk()) { |
| printf("Canceling confirmation prompt failed with binder status '%s'.\n", |
| status.toString8().c_str()); |
| return 1; |
| } |
| responseCode = static_cast<ConfirmationResponseCode>(aidl_return); |
| if (responseCode == ConfirmationResponseCode::Ignored) { |
| // The confirmation was completed by the user so take the response |
| } else if (responseCode != ConfirmationResponseCode::OK) { |
| printf("Canceling confirmation prompt failed with response code %d.\n", |
| responseCode); |
| return 1; |
| } |
| } |
| } |
| |
| future.wait(); |
| |
| auto [rc, dataThatWasConfirmed] = future.get(); |
| |
| printf("Confirmation prompt completed\n" |
| "responseCode = %d\n", |
| rc); |
| printf("dataThatWasConfirmed[%zd] = {", dataThatWasConfirmed.size()); |
| size_t newLineCountDown = 16; |
| bool hasPrinted = false; |
| for (uint8_t element : dataThatWasConfirmed) { |
| if (hasPrinted) { |
| printf(", "); |
| } |
| if (newLineCountDown == 0) { |
| printf("\n "); |
| newLineCountDown = 32; |
| } |
| printf("0x%02x", element); |
| hasPrinted = true; |
| } |
| printf("}\n"); |
| |
| return 0; |
| } |
| |
| } // namespace |
| |
| int main(int argc, char** argv) { |
| CommandLine::Init(argc, argv); |
| CommandLine* command_line = CommandLine::ForCurrentProcess(); |
| CommandLine::StringVector args = command_line->GetArgs(); |
| |
| android::ProcessState::self()->startThreadPool(); |
| |
| if (args.empty()) { |
| PrintUsageAndExit(); |
| } |
| if (args[0] == "brillo-platform-test") { |
| return BrilloPlatformTest(command_line->GetSwitchValueASCII("prefix"), |
| command_line->HasSwitch("test_for_0_3")); |
| } else if (args[0] == "list-brillo-tests") { |
| return ListTestCases(); |
| } else if (args[0] == "add-entropy") { |
| return AddEntropy(command_line->GetSwitchValueASCII("input"), |
| securityLevelOption2Flags(*command_line)); |
| } else if (args[0] == "generate") { |
| return GenerateKey(command_line->GetSwitchValueASCII("name"), |
| securityLevelOption2Flags(*command_line), |
| command_line->HasSwitch("auth_bound")); |
| } else if (args[0] == "get-chars") { |
| return GetCharacteristics(command_line->GetSwitchValueASCII("name")); |
| } else if (args[0] == "export") { |
| return ExportKey(command_line->GetSwitchValueASCII("name")); |
| } else if (args[0] == "delete") { |
| return DeleteKey(command_line->GetSwitchValueASCII("name")); |
| } else if (args[0] == "delete-all") { |
| return DeleteAllKeys(); |
| } else if (args[0] == "exists") { |
| return DoesKeyExist(command_line->GetSwitchValueASCII("name")); |
| } else if (args[0] == "list") { |
| return List(command_line->GetSwitchValueASCII("prefix")); |
| } else if (args[0] == "list-apps-with-keys") { |
| return ListAppsWithKeys(); |
| } else if (args[0] == "sign-verify") { |
| return SignAndVerify(command_line->GetSwitchValueASCII("name")); |
| } else if (args[0] == "encrypt") { |
| return Encrypt( |
| command_line->GetSwitchValueASCII("name"), command_line->GetSwitchValueASCII("in"), |
| command_line->GetSwitchValueASCII("out"), securityLevelOption2Flags(*command_line)); |
| } else if (args[0] == "decrypt") { |
| return Decrypt(command_line->GetSwitchValueASCII("name"), |
| command_line->GetSwitchValueASCII("in"), |
| command_line->GetSwitchValueASCII("out")); |
| } else if (args[0] == "confirmation") { |
| return Confirmation(command_line->GetSwitchValueNative("prompt_text"), |
| command_line->GetSwitchValueASCII("extra_data"), |
| command_line->GetSwitchValueASCII("locale"), |
| command_line->GetSwitchValueASCII("ui_options"), |
| command_line->GetSwitchValueASCII("cancel_after")); |
| } else { |
| PrintUsageAndExit(); |
| } |
| return 0; |
| } |