| /* |
| * Copyright (C) 2009 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| #include <stdio.h> |
| #include <stdint.h> |
| #include <string.h> |
| #include <sys/types.h> |
| |
| #include <keystore/IKeystoreService.h> |
| #include <binder/IPCThreadState.h> |
| #include <binder/IServiceManager.h> |
| |
| #include <keystore/keystore.h> |
| |
| using namespace android; |
| |
| static const char* responses[] = { |
| NULL, |
| /* [NO_ERROR] = */ "No error", |
| /* [LOCKED] = */ "Locked", |
| /* [UNINITIALIZED] = */ "Uninitialized", |
| /* [SYSTEM_ERROR] = */ "System error", |
| /* [PROTOCOL_ERROR] = */ "Protocol error", |
| /* [PERMISSION_DENIED] = */ "Permission denied", |
| /* [KEY_NOT_FOUND] = */ "Key not found", |
| /* [VALUE_CORRUPTED] = */ "Value corrupted", |
| /* [UNDEFINED_ACTION] = */ "Undefined action", |
| /* [WRONG_PASSWORD] = */ "Wrong password (last chance)", |
| /* [WRONG_PASSWORD + 1] = */ "Wrong password (2 tries left)", |
| /* [WRONG_PASSWORD + 2] = */ "Wrong password (3 tries left)", |
| /* [WRONG_PASSWORD + 3] = */ "Wrong password (4 tries left)", |
| }; |
| |
| #define NO_ARG_INT_RETURN(cmd) \ |
| do { \ |
| if (strcmp(argv[1], #cmd) == 0) { \ |
| int32_t ret = service->cmd(); \ |
| if (ret < 0) { \ |
| fprintf(stderr, "%s: could not connect: %d\n", argv[0], ret); \ |
| return 1; \ |
| } else { \ |
| printf(#cmd ": %s (%d)\n", responses[ret], ret); \ |
| return 0; \ |
| } \ |
| } \ |
| } while (0) |
| |
| #define SINGLE_ARG_INT_RETURN(cmd) \ |
| do { \ |
| if (strcmp(argv[1], #cmd) == 0) { \ |
| if (argc < 3) { \ |
| fprintf(stderr, "Usage: %s " #cmd " <name>\n", argv[0]); \ |
| return 1; \ |
| } \ |
| int32_t ret = service->cmd(String16(argv[2])); \ |
| if (ret < 0) { \ |
| fprintf(stderr, "%s: could not connect: %d\n", argv[0], ret); \ |
| return 1; \ |
| } else { \ |
| printf(#cmd ": %s (%d)\n", responses[ret], ret); \ |
| return 0; \ |
| } \ |
| } \ |
| } while (0) |
| |
| #define SINGLE_ARG_PLUS_UID_INT_RETURN(cmd) \ |
| do { \ |
| if (strcmp(argv[1], #cmd) == 0) { \ |
| if (argc < 3) { \ |
| fprintf(stderr, "Usage: %s " #cmd " <name> <uid>\n", argv[0]); \ |
| return 1; \ |
| } \ |
| int uid = -1; \ |
| if (argc > 3) { \ |
| uid = atoi(argv[3]); \ |
| fprintf(stderr, "Running as uid %d\n", uid); \ |
| } \ |
| int32_t ret = service->cmd(String16(argv[2]), uid); \ |
| if (ret < 0) { \ |
| fprintf(stderr, "%s: could not connect: %d\n", argv[0], ret); \ |
| return 1; \ |
| } else { \ |
| printf(#cmd ": %s (%d)\n", responses[ret], ret); \ |
| return 0; \ |
| } \ |
| } \ |
| } while (0) |
| |
| #define STING_ARG_DATA_STDIN_INT_RETURN(cmd) \ |
| do { \ |
| if (strcmp(argv[1], #cmd) == 0) { \ |
| if (argc < 3) { \ |
| fprintf(stderr, "Usage: %s " #cmd " <name>\n", argv[0]); \ |
| return 1; \ |
| } \ |
| uint8_t* data; \ |
| size_t dataSize; \ |
| read_input(&data, &dataSize); \ |
| int32_t ret = service->cmd(String16(argv[2]), data, dataSize); \ |
| if (ret < 0) { \ |
| fprintf(stderr, "%s: could not connect: %d\n", argv[0], ret); \ |
| return 1; \ |
| } else { \ |
| printf(#cmd ": %s (%d)\n", responses[ret], ret); \ |
| return 0; \ |
| } \ |
| } \ |
| } while (0) |
| |
| #define SINGLE_ARG_DATA_RETURN(cmd) \ |
| do { \ |
| if (strcmp(argv[1], #cmd) == 0) { \ |
| if (argc < 3) { \ |
| fprintf(stderr, "Usage: %s " #cmd " <name>\n", argv[0]); \ |
| return 1; \ |
| } \ |
| uint8_t* data; \ |
| size_t dataSize; \ |
| int32_t ret = service->cmd(String16(argv[2]), &data, &dataSize); \ |
| if (ret < 0) { \ |
| fprintf(stderr, "%s: could not connect: %d\n", argv[0], ret); \ |
| return 1; \ |
| } else if (ret != ::NO_ERROR) { \ |
| fprintf(stderr, "%s: " #cmd ": %s (%d)\n", argv[0], responses[ret], ret); \ |
| return 1; \ |
| } else { \ |
| fwrite(data, dataSize, 1, stdout); \ |
| fflush(stdout); \ |
| free(data); \ |
| return 0; \ |
| } \ |
| } \ |
| } while (0) |
| |
| static int saw(sp<IKeystoreService> service, const String16& name, int uid) { |
| Vector<String16> matches; |
| int32_t ret = service->saw(name, uid, &matches); |
| if (ret < 0) { |
| fprintf(stderr, "saw: could not connect: %d\n", ret); |
| return 1; |
| } else if (ret != ::NO_ERROR) { |
| fprintf(stderr, "saw: %s (%d)\n", responses[ret], ret); |
| return 1; |
| } else { |
| Vector<String16>::const_iterator it = matches.begin(); |
| for (; it != matches.end(); ++it) { |
| printf("%s\n", String8(*it).string()); |
| } |
| return 0; |
| } |
| } |
| |
| int main(int argc, char* argv[]) |
| { |
| if (argc < 2) { |
| fprintf(stderr, "Usage: %s action [parameter ...]\n", argv[0]); |
| return 1; |
| } |
| |
| sp<IServiceManager> sm = defaultServiceManager(); |
| sp<IBinder> binder = sm->getService(String16("android.security.keystore")); |
| sp<IKeystoreService> service = interface_cast<IKeystoreService>(binder); |
| |
| if (service == NULL) { |
| fprintf(stderr, "%s: error: could not connect to keystore service\n", argv[0]); |
| return 1; |
| } |
| |
| /* |
| * All the commands should return a value |
| */ |
| |
| NO_ARG_INT_RETURN(test); |
| |
| SINGLE_ARG_DATA_RETURN(get); |
| |
| // TODO: insert |
| |
| SINGLE_ARG_PLUS_UID_INT_RETURN(del); |
| |
| SINGLE_ARG_PLUS_UID_INT_RETURN(exist); |
| |
| if (strcmp(argv[1], "saw") == 0) { |
| return saw(service, argc < 3 ? String16("") : String16(argv[2]), |
| argc < 4 ? -1 : atoi(argv[3])); |
| } |
| |
| NO_ARG_INT_RETURN(reset); |
| |
| SINGLE_ARG_INT_RETURN(password); |
| |
| NO_ARG_INT_RETURN(lock); |
| |
| SINGLE_ARG_INT_RETURN(unlock); |
| |
| NO_ARG_INT_RETURN(zero); |
| |
| // TODO: generate |
| |
| SINGLE_ARG_DATA_RETURN(get_pubkey); |
| |
| SINGLE_ARG_PLUS_UID_INT_RETURN(del_key); |
| |
| // TODO: grant |
| |
| // TODO: ungrant |
| |
| // TODO: getmtime |
| |
| fprintf(stderr, "%s: unknown command: %s\n", argv[0], argv[1]); |
| return 1; |
| } |