Move keystore to system/security repo

#

# Copyright (C) 2009 The Android Open Source Project

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#      http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

#

LOCAL_PATH:= $(call my-dir)

include $(CLEAR_VARS)

LOCAL_SRC_FILES := keystore.cpp

LOCAL_C_INCLUDES := external/openssl/include

LOCAL_SHARED_LIBRARIES := libcutils libcrypto

LOCAL_MODULE:= keystore

include $(BUILD_EXECUTABLE)

include $(CLEAR_VARS)

LOCAL_SRC_FILES := keystore_cli.cpp

LOCAL_C_INCLUDES := external/openssl/include

LOCAL_SHARED_LIBRARIES := libcutils libcrypto

LOCAL_MODULE:= keystore_cli

LOCAL_MODULE_TAGS := debug

include $(BUILD_EXECUTABLE)

/*

 * Copyright (C) 2009 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#ifndef __KEYSTORE_H__

#define __KEYSTORE_H__

// note state values overlap with ResponseCode for the purposes of the state() API

enum State {

    STATE_NO_ERROR      = 1,

    STATE_LOCKED        = 2,

    STATE_UNINITIALIZED = 3,

};

enum ResponseCode {

    NO_ERROR          =  STATE_NO_ERROR, // 1

    LOCKED            =  STATE_LOCKED, // 2

    UNINITIALIZED     =  STATE_UNINITIALIZED, // 3

    SYSTEM_ERROR      =  4,

    PROTOCOL_ERROR    =  5,

    PERMISSION_DENIED =  6,

    KEY_NOT_FOUND     =  7,

    VALUE_CORRUPTED   =  8,

    UNDEFINED_ACTION  =  9,

    WRONG_PASSWORD_0  = 10,

    WRONG_PASSWORD_1  = 11,

    WRONG_PASSWORD_2  = 12,

    WRONG_PASSWORD_3  = 13, // MAX_RETRY = 4

};

#endif

/*

 * Copyright (C) 2009 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#include <stdio.h>

#include <stdint.h>

#include <string.h>

#include <sys/types.h>

#include <sys/socket.h>

#include <cutils/sockets.h>

#include "keystore.h"

static const char* responses[] = {

    NULL,

    /* [NO_ERROR]           = */ "No error",

    /* [LOCKED]             = */ "Locked",

    /* [UNINITIALIZED]      = */ "Uninitialized",

    /* [SYSTEM_ERROR]       = */ "System error",

    /* [PROTOCOL_ERROR]     = */ "Protocol error",

    /* [PERMISSION_DENIED]  = */ "Permission denied",

    /* [KEY_NOT_FOUND]      = */ "Key not found",

    /* [VALUE_CORRUPTED]    = */ "Value corrupted",

    /* [UNDEFINED_ACTION]   = */ "Undefined action",

    /* [WRONG_PASSWORD]     = */ "Wrong password (last chance)",

    /* [WRONG_PASSWORD + 1] = */ "Wrong password (2 tries left)",

    /* [WRONG_PASSWORD + 2] = */ "Wrong password (3 tries left)",

    /* [WRONG_PASSWORD + 3] = */ "Wrong password (4 tries left)",

};

int main(int argc, char* argv[])

{

    if (argc < 2) {

        printf("Usage: %s action [parameter ...]\n", argv[0]);

        return 0;

    }

    int sock = socket_local_client("keystore", ANDROID_SOCKET_NAMESPACE_RESERVED,

                                   SOCK_STREAM);

    if (sock == -1) {

        puts("Failed to connect");

        return 1;

    }

    send(sock, argv[1], 1, 0);

    uint8_t bytes[65536];

    for (int i = 2; i < argc; ++i) {

        uint16_t length = strlen(argv[i]);

        bytes[0] = length >> 8;

        bytes[1] = length;

        send(sock, &bytes, 2, 0);

        send(sock, argv[i], length, 0);

    }

    shutdown(sock, SHUT_WR);

    uint8_t code;

    if (recv(sock, &code, 1, 0) != 1) {

        puts("Failed to receive");

        return 1;

    }

    printf("%d %s\n", code , responses[code] ? responses[code] : "Unknown");

    int i;

    while ((i = recv(sock, &bytes[0], 1, 0)) == 1) {

        int length;

        int offset;

        if ((i = recv(sock, &bytes[1], 1, 0)) != 1) {

            puts("Failed to receive");

            return 1;

        }

        length = bytes[0] << 8 | bytes[1];

        for (offset = 0; offset < length; offset += i) {

            i = recv(sock, &bytes[offset], length - offset, 0);

            if (i <= 0) {

                puts("Failed to receive");

                return 1;

            }

        }

        fwrite(bytes, 1, length, stdout);

        puts("");

    }

    return 0;

}

/*

 * Copyright (C) 2009 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#ifndef __KEYSTORE_GET_H__

#define __KEYSTORE_GET_H__

#include <stdio.h>

#include <stdint.h>

#include <unistd.h>

#include <sys/types.h>

#include <sys/socket.h>

#include <cutils/sockets.h>

#define KEYSTORE_MESSAGE_SIZE 65535

#ifdef __cplusplus

extern "C" {

#endif

/* This function is provided for native components to get values from keystore.

 * Users are required to link against libcutils. Keys and values are 8-bit safe.

 * The first two arguments are the key and its length. The third argument

 * specifies the buffer to store the retrieved value, which must be an array of

 * KEYSTORE_MESSAGE_SIZE bytes. This function returns the length of the value or

 * -1 if an error happens. */

static int keystore_get(const char *key, int length, char *value)

{

    uint8_t bytes[2] = {length >> 8, length};

    uint8_t code = 'g';

    int sock;

    if (length < 0 || length > KEYSTORE_MESSAGE_SIZE) {

        return -1;

    }

    sock = socket_local_client("keystore", ANDROID_SOCKET_NAMESPACE_RESERVED,

                               SOCK_STREAM);

    if (sock == -1) {

        return -1;

    }

    if (send(sock, &code, 1, 0) == 1 && send(sock, bytes, 2, 0) == 2 &&

        send(sock, key, length, 0) == length && shutdown(sock, SHUT_WR) == 0 &&

        recv(sock, &code, 1, 0) == 1 && code == /* NO_ERROR */ 1 &&

        recv(sock, &bytes[0], 1, 0) == 1 && recv(sock, &bytes[1], 1, 0) == 1) {

        int offset = 0;

        length = bytes[0] << 8 | bytes[1];

        while (offset < length) {

            int n = recv(sock, &value[offset], length - offset, 0);

            if (n <= 0) {

                length = -1;

                break;

            }

            offset += n;

        }

    } else {

        length = -1;

    }

    close(sock);

    return length;

}

#ifdef __cplusplus

}

#endif

#endif