Implement the generic mini-keystore for security.

1. We will progressively migrate to this implementation.
2. For richc to have a quick review on the keymgmt part.
3. Add remove_key and make sure all functions are working.
4. Add permission check for get operation.
5. Return the retry count if unlock failed.
6. Add the reset operation for keystore reset.
7. Add the putfile shell command for putting the key value from file.
8. Fix the boundary issue during parsing command.
9. Use the ' ' as delimiter and reset the reply structure for each request.
10. Add change password retry count check.
11. Extract the read_marshal/write_marshal for certtool.h.
12. Remove the old implementation.

1 files changed, 0 insertions, 315 deletions

diff --git a/cmds/keystore/keystore.c b/cmds/keystore/keystore.c
deleted file mode 100644
index df8d832..0000000
--- a/cmds/keystore/keystore.c
+++ /dev/null
@@ -1,315 +0,0 @@
-/*
-** Copyright 2009, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
-**
-**     http://www.apache.org/licenses/LICENSE-2.0
-**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
-** limitations under the License.
-*/
-
-#include "keystore.h"
-
-static inline int has_whitespace(char *name)
-{
-    if((strrchr(name, ' ') != NULL)) {
-        LOGE("'%s' contains whitespace character\n", name);
-        return 1;
-    }
-    return 0;
-}
-
-static int do_list_user_certs(char **arg, char reply[REPLY_MAX])
-{
-    return list_user_certs(reply);
-}
-
-static int do_list_ca_certs(char **arg, char reply[REPLY_MAX])
-{
-    return list_ca_certs(reply);
-}
-
-static int do_install_user_cert(char **arg, char reply[REPLY_MAX])
-{
-    if (has_whitespace(arg[0])) return -1;
-    /* copy the certificate and key to keystore */
-    return install_user_cert(arg[0], arg[1], arg[2]);
-}
-
-static int do_install_p12_cert(char **arg, char reply[REPLY_MAX])
-{
-    if (has_whitespace(arg[0])) return -1;
-    return install_p12_cert(arg[0], arg[1]);
-}
-
-static int do_install_ca_cert(char **arg, char reply[REPLY_MAX])
-{
-    if (has_whitespace(arg[0])) return -1;
-    /* copy the certificate and key to keystore */
-    return install_ca_cert(arg[0], arg[1]);
-}
-
-static int do_add_ca_cert(char **arg, char reply[REPLY_MAX])
-{
-    if (has_whitespace(arg[0])) return -1;
-    return add_ca_cert(arg[0], arg[1]);
-}
-
-static int do_add_user_cert(char **arg, char reply[REPLY_MAX])
-{
-    if (has_whitespace(arg[0])) return -1;
-    return add_user_cert(arg[0], arg[1]);
-}
-
-static int do_add_user_key(char **arg, char reply[REPLY_MAX])
-{
-    if (has_whitespace(arg[0])) return -1;
-    return add_user_key(arg[0], arg[1]);
-}
-
-static int do_get_ca_cert(char **arg, char reply[REPLY_MAX])
-{
-    return get_ca_cert(arg[0], reply);
-}
-
-static int do_get_user_cert(char **arg, char reply[REPLY_MAX])
-{
-    return get_user_cert(arg[0], reply);
-}
-
-static int do_get_user_key(char **arg, char reply[REPLY_MAX])
-{
-    return get_user_key(arg[0], reply);
-}
-
-static int do_remove_user_cert(char **arg, char reply[REPLY_MAX])
-{
-    return remove_user_cert(arg[0]);
-}
-
-static int do_remove_ca_cert(char **arg, char reply[REPLY_MAX])
-{
-    return remove_ca_cert(arg[0]);
-}
-
-
-struct cmdinfo {
-    const char *name;
-    unsigned numargs;
-    int (*func)(char **arg, char reply[REPLY_MAX]);
-};
-
-
-struct cmdinfo cmds[] = {
-    { "listcacerts",        0, do_list_ca_certs },
-    { "listusercerts",      0, do_list_user_certs },
-    { "installusercert",    3, do_install_user_cert },
-    { "installcacert",      2, do_install_ca_cert },
-    { "installp12cert",     2, do_install_p12_cert },
-    { "addusercert",        2, do_add_user_cert },
-    { "adduserkey",         2, do_add_user_key },
-    { "addcacert",          2, do_add_ca_cert },
-    { "getusercert",        1, do_get_user_cert },
-    { "getuserkey",         1, do_get_user_key },
-    { "getcacert",          1, do_get_ca_cert },
-    { "removecacert",       1, do_remove_ca_cert },
-    { "removeusercert",     1, do_remove_user_cert },
-};
-
-static int readx(int s, void *_buf, int count)
-{
-    char *buf = _buf;
-    int n = 0, r;
-    if (count < 0) return -1;
-    while (n < count) {
-        r = read(s, buf + n, count - n);
-        if (r < 0) {
-            if (errno == EINTR) continue;
-            LOGE("read error: %s\n", strerror(errno));
-            return -1;
-        }
-        if (r == 0) {
-            LOGE("eof\n");
-            return -1; /* EOF */
-        }
-        n += r;
-    }
-    return 0;
-}
-
-static int writex(int s, const void *_buf, int count)
-{
-    const char *buf = _buf;
-    int n = 0, r;
-    if (count < 0) return -1;
-    while (n < count) {
-        r = write(s, buf + n, count - n);
-        if (r < 0) {
-            if (errno == EINTR) continue;
-            LOGE("write error: %s\n", strerror(errno));
-            return -1;
-        }
-        n += r;
-    }
-    return 0;
-}
-
-
-/* Tokenize the command buffer, locate a matching command,
- * ensure that the required number of arguments are provided,
- * call the function(), return the result.
- */
-static int execute(int s, char cmd[BUFFER_MAX])
-{
-    char reply[REPLY_MAX];
-    char *arg[TOKEN_MAX+1];
-    unsigned i;
-    unsigned n = 0;
-    unsigned short count;
-    short ret = -1;
-
-    /* default reply is "" */
-    reply[0] = 0;
-
-    /* n is number of args (not counting arg[0]) */
-    arg[0] = cmd;
-    while (*cmd) {
-        if (*cmd == CMD_DELIMITER) {
-            *cmd++ = 0;
-            n++;
-            arg[n] = cmd;
-            if (n == TOKEN_MAX) {
-                LOGE("too many arguments\n");
-                goto done;
-            }
-        }
-        cmd++;
-    }
-
-    for (i = 0; i < sizeof(cmds) / sizeof(cmds[0]); i++) {
-        if (!strcmp(cmds[i].name,arg[0])) {
-            if (n != cmds[i].numargs) {
-                LOGE("%s requires %d arguments (%d given)\n",
-                     cmds[i].name, cmds[i].numargs, n);
-            } else {
-                ret = (short) cmds[i].func(arg + 1, reply);
-            }
-            goto done;
-        }
-    }
-    LOGE("unsupported command '%s'\n", arg[0]);
-
-done:
-    if (reply[0]) {
-        strlcpy(cmd, reply, BUFFER_MAX);
-        count = strlen(cmd);
-    } else {
-        count = 0;
-    }
-    if (writex(s, &ret, sizeof(ret))) return -1;
-    if (ret == 0) {
-        if (writex(s, &count, sizeof(count))) return -1;
-        if (writex(s, cmd, count)) return -1;
-    }
-
-    return 0;
-}
-
-int shell_command(const int argc, const char **argv)
-{
-    int fd, i;
-    short ret;
-    unsigned short count;
-    char delimiter[2] = { CMD_DELIMITER, 0 };
-    char buf[BUFFER_MAX]="";
-
-    fd = socket_local_client(SOCKET_PATH,
-                             ANDROID_SOCKET_NAMESPACE_RESERVED,
-                             SOCK_STREAM);
-    if (fd == -1) {
-        fprintf(stderr, "Keystore service is not up and running\n");
-        exit(1);
-    }
-    for(i = 0; i < argc; i++) {
-        if (i > 0) strlcat(buf, delimiter, BUFFER_MAX);
-        if(strlcat(buf, argv[i], BUFFER_MAX) >= BUFFER_MAX) {
-            fprintf(stderr, "Arguments are too long\n");
-            exit(1);
-        }
-    }
-    count = strlen(buf);
-    if (writex(fd, &count, sizeof(count))) return -1;
-    if (writex(fd, buf, strlen(buf))) return -1;
-    if (readx(fd, &ret, sizeof(ret))) return -1;
-    if (ret == 0) {
-        if (readx(fd, &count, sizeof(count))) return -1;
-        if (readx(fd, buf, count)) return -1;
-        buf[count]=0;
-        fprintf(stdout, "%s\n", buf);
-    } else {
-        fprintf(stderr, "Failed, please check log!\n");
-    }
-    return 0;
-}
-
-int main(const int argc, const char *argv[])
-{
-    char buf[BUFFER_MAX];
-    struct sockaddr addr;
-    socklen_t alen;
-    int lsocket, s, count;
-
-    if (argc > 1) {
-        return shell_command(argc - 1, argv + 1);
-    }
-
-    lsocket = android_get_control_socket(SOCKET_PATH);
-    if (lsocket < 0) {
-        LOGE("Failed to get socket from environment: %s\n", strerror(errno));
-        exit(1);
-    }
-    if (listen(lsocket, 5)) {
-        LOGE("Listen on socket failed: %s\n", strerror(errno));
-        exit(1);
-    }
-    fcntl(lsocket, F_SETFD, FD_CLOEXEC);
-
-    for (;;) {
-        alen = sizeof(addr);
-        s = accept(lsocket, &addr, &alen);
-        if (s < 0) {
-            LOGE("Accept failed: %s\n", strerror(errno));
-            continue;
-        }
-        fcntl(s, F_SETFD, FD_CLOEXEC);
-
-        LOGI("new connection\n");
-        for (;;) {
-            unsigned short count;
-            if (readx(s, &count, sizeof(count))) {
-                LOGE("failed to read size\n");
-                break;
-            }
-            if ((count < 1) || (count >= BUFFER_MAX)) {
-                LOGE("invalid size %d\n", count);
-                break;
-            }
-            if (readx(s, buf, count)) {
-                LOGE("failed to read command\n");
-                break;
-            }
-            buf[count] = 0;
-            if (execute(s, buf)) break;
-        }
-        LOGI("closing connection\n");
-        close(s);
-    }
-
-    return 0;
-}