Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2012 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
Yabin Cui | 19bec5b | 2015-09-22 15:52:57 -0700 | [diff] [blame] | 17 | #define TRACE_TAG AUTH |
Dan Albert | db6fe64 | 2015-03-19 15:21:08 -0700 | [diff] [blame] | 18 | |
Josh Gao | 22cb70b | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 19 | #include <dirent.h> |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 20 | #include <stdio.h> |
Christopher Ferris | 054d170 | 2014-11-06 14:34:24 -0800 | [diff] [blame] | 21 | #include <stdlib.h> |
Dan Albert | db6fe64 | 2015-03-19 15:21:08 -0700 | [diff] [blame] | 22 | #include <string.h> |
Josh Gao | 22cb70b | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 23 | #if defined(__linux__) |
| 24 | #include <sys/inotify.h> |
| 25 | #endif |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 26 | |
Josh Gao | 22cb70b | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 27 | #include <map> |
Elliott Hughes | 801066a | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 28 | #include <mutex> |
Josh Gao | 22cb70b | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 29 | #include <set> |
| 30 | #include <string> |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 31 | |
David Pursell | c573d52 | 2016-01-27 08:52:53 -0800 | [diff] [blame] | 32 | #include <android-base/errors.h> |
Elliott Hughes | e0a6e2a | 2016-05-26 22:43:19 -0700 | [diff] [blame] | 33 | #include <android-base/file.h> |
Yurii Zubrytskyi | 09ecaa5 | 2016-05-26 09:46:10 -0700 | [diff] [blame] | 34 | #include <android-base/stringprintf.h> |
Elliott Hughes | f55ead9 | 2015-12-04 22:00:26 -0800 | [diff] [blame] | 35 | #include <android-base/strings.h> |
Mattias Nissler | a947b49 | 2016-03-31 16:32:09 +0200 | [diff] [blame] | 36 | #include <crypto_utils/android_pubkey.h> |
Elliott Hughes | ab942fd | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 37 | #include <openssl/base64.h> |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 38 | #include <openssl/evp.h> |
| 39 | #include <openssl/objects.h> |
| 40 | #include <openssl/pem.h> |
| 41 | #include <openssl/rsa.h> |
| 42 | #include <openssl/sha.h> |
| 43 | |
Josh Gao | 22cb70b | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 44 | #include "adb.h" |
| 45 | #include "adb_auth.h" |
| 46 | #include "adb_utils.h" |
| 47 | #include "sysdeps.h" |
Josh Gao | eac2058 | 2016-10-05 19:02:29 -0700 | [diff] [blame] | 48 | #include "transport.h" |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 49 | |
Josh Gao | 22cb70b | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 50 | static std::mutex& g_keys_mutex = *new std::mutex; |
| 51 | static std::map<std::string, std::shared_ptr<RSA>>& g_keys = |
| 52 | *new std::map<std::string, std::shared_ptr<RSA>>; |
| 53 | static std::map<int, std::string>& g_monitored_paths = *new std::map<int, std::string>; |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 54 | |
Elliott Hughes | ab942fd | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 55 | static std::string get_user_info() { |
Elliott Hughes | 801066a | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 56 | LOG(INFO) << "get_user_info..."; |
| 57 | |
Elliott Hughes | ab942fd | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 58 | std::string hostname; |
| 59 | if (getenv("HOSTNAME")) hostname = getenv("HOSTNAME"); |
| 60 | #if !defined(_WIN32) |
| 61 | char buf[64]; |
| 62 | if (hostname.empty() && gethostname(buf, sizeof(buf)) != -1) hostname = buf; |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 63 | #endif |
Elliott Hughes | ab942fd | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 64 | if (hostname.empty()) hostname = "unknown"; |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 65 | |
Elliott Hughes | ab942fd | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 66 | std::string username; |
| 67 | if (getenv("LOGNAME")) username = getenv("LOGNAME"); |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 68 | #if !defined _WIN32 && !defined ADB_HOST_ON_TARGET |
Elliott Hughes | ab942fd | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 69 | if (username.empty() && getlogin()) username = getlogin(); |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 70 | #endif |
Elliott Hughes | ab942fd | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 71 | if (username.empty()) hostname = "unknown"; |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 72 | |
Elliott Hughes | ab942fd | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 73 | return " " + username + "@" + hostname; |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 74 | } |
| 75 | |
Elliott Hughes | ab942fd | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 76 | static bool write_public_keyfile(RSA* private_key, const std::string& private_key_path) { |
Elliott Hughes | 801066a | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 77 | LOG(INFO) << "write_public_keyfile..."; |
| 78 | |
Mattias Nissler | a947b49 | 2016-03-31 16:32:09 +0200 | [diff] [blame] | 79 | uint8_t binary_key_data[ANDROID_PUBKEY_ENCODED_SIZE]; |
Elliott Hughes | ab942fd | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 80 | if (!android_pubkey_encode(private_key, binary_key_data, sizeof(binary_key_data))) { |
| 81 | LOG(ERROR) << "Failed to convert to public key"; |
| 82 | return false; |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 83 | } |
| 84 | |
Elliott Hughes | ab942fd | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 85 | size_t base64_key_length; |
Mattias Nissler | a947b49 | 2016-03-31 16:32:09 +0200 | [diff] [blame] | 86 | if (!EVP_EncodedLength(&base64_key_length, sizeof(binary_key_data))) { |
Elliott Hughes | ab942fd | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 87 | LOG(ERROR) << "Public key too large to base64 encode"; |
| 88 | return false; |
Adam Langley | 29f6cdb | 2014-09-03 14:34:47 -0700 | [diff] [blame] | 89 | } |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 90 | |
Elliott Hughes | ab942fd | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 91 | std::string content; |
| 92 | content.resize(base64_key_length); |
| 93 | base64_key_length = EVP_EncodeBlock(reinterpret_cast<uint8_t*>(&content[0]), binary_key_data, |
Mattias Nissler | a947b49 | 2016-03-31 16:32:09 +0200 | [diff] [blame] | 94 | sizeof(binary_key_data)); |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 95 | |
Elliott Hughes | ab942fd | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 96 | content += get_user_info(); |
| 97 | |
| 98 | std::string path(private_key_path + ".pub"); |
| 99 | if (!android::base::WriteStringToFile(content, path)) { |
| 100 | PLOG(ERROR) << "Failed to write public key to '" << path << "'"; |
| 101 | return false; |
Mattias Nissler | a947b49 | 2016-03-31 16:32:09 +0200 | [diff] [blame] | 102 | } |
| 103 | |
Elliott Hughes | ab942fd | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 104 | return true; |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 105 | } |
| 106 | |
Elliott Hughes | 801066a | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 107 | static int generate_key(const std::string& file) { |
| 108 | LOG(INFO) << "generate_key(" << file << ")..."; |
| 109 | |
Benoit Goby | cb37c50 | 2012-08-31 12:14:21 -0700 | [diff] [blame] | 110 | mode_t old_mask; |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 111 | FILE *f = NULL; |
| 112 | int ret = 0; |
| 113 | |
Elliott Hughes | 801066a | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 114 | EVP_PKEY* pkey = EVP_PKEY_new(); |
| 115 | BIGNUM* exponent = BN_new(); |
| 116 | RSA* rsa = RSA_new(); |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 117 | if (!pkey || !exponent || !rsa) { |
Elliott Hughes | 801066a | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 118 | LOG(ERROR) << "Failed to allocate key"; |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 119 | goto out; |
| 120 | } |
| 121 | |
| 122 | BN_set_word(exponent, RSA_F4); |
| 123 | RSA_generate_key_ex(rsa, 2048, exponent, NULL); |
| 124 | EVP_PKEY_set1_RSA(pkey, rsa); |
| 125 | |
Benoit Goby | cb37c50 | 2012-08-31 12:14:21 -0700 | [diff] [blame] | 126 | old_mask = umask(077); |
| 127 | |
Elliott Hughes | 801066a | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 128 | f = fopen(file.c_str(), "w"); |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 129 | if (!f) { |
Elliott Hughes | 801066a | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 130 | PLOG(ERROR) << "Failed to open " << file; |
Benoit Goby | cb37c50 | 2012-08-31 12:14:21 -0700 | [diff] [blame] | 131 | umask(old_mask); |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 132 | goto out; |
| 133 | } |
| 134 | |
Benoit Goby | cb37c50 | 2012-08-31 12:14:21 -0700 | [diff] [blame] | 135 | umask(old_mask); |
| 136 | |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 137 | if (!PEM_write_PrivateKey(f, pkey, NULL, NULL, 0, NULL, NULL)) { |
Yabin Cui | 815ad88 | 2015-09-02 17:44:28 -0700 | [diff] [blame] | 138 | D("Failed to write key"); |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 139 | goto out; |
| 140 | } |
| 141 | |
| 142 | if (!write_public_keyfile(rsa, file)) { |
Yabin Cui | 815ad88 | 2015-09-02 17:44:28 -0700 | [diff] [blame] | 143 | D("Failed to write public key"); |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 144 | goto out; |
| 145 | } |
| 146 | |
| 147 | ret = 1; |
| 148 | |
| 149 | out: |
Elliott Hughes | 801066a | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 150 | if (f) fclose(f); |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 151 | EVP_PKEY_free(pkey); |
| 152 | RSA_free(rsa); |
| 153 | BN_free(exponent); |
| 154 | return ret; |
| 155 | } |
| 156 | |
Josh Gao | 22cb70b | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 157 | static std::string hash_key(RSA* key) { |
| 158 | unsigned char* pubkey = nullptr; |
| 159 | int len = i2d_RSA_PUBKEY(key, &pubkey); |
| 160 | if (len < 0) { |
| 161 | LOG(ERROR) << "failed to encode RSA public key"; |
| 162 | return std::string(); |
| 163 | } |
| 164 | |
| 165 | std::string result; |
| 166 | result.resize(SHA256_DIGEST_LENGTH); |
| 167 | SHA256(pubkey, len, reinterpret_cast<unsigned char*>(&result[0])); |
| 168 | OPENSSL_free(pubkey); |
| 169 | return result; |
| 170 | } |
| 171 | |
| 172 | static bool read_key_file(const std::string& file) { |
| 173 | LOG(INFO) << "read_key_file '" << file << "'..."; |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 174 | |
Elliott Hughes | 801066a | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 175 | std::unique_ptr<FILE, decltype(&fclose)> fp(fopen(file.c_str(), "r"), fclose); |
Elliott Hughes | fb2ba51 | 2015-04-24 23:02:00 -0700 | [diff] [blame] | 176 | if (!fp) { |
Elliott Hughes | 801066a | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 177 | PLOG(ERROR) << "Failed to open '" << file << "'"; |
| 178 | return false; |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 179 | } |
| 180 | |
Elliott Hughes | 801066a | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 181 | RSA* key = RSA_new(); |
| 182 | if (!PEM_read_RSAPrivateKey(fp.get(), &key, nullptr, nullptr)) { |
| 183 | LOG(ERROR) << "Failed to read key"; |
| 184 | RSA_free(key); |
| 185 | return false; |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 186 | } |
| 187 | |
Josh Gao | 22cb70b | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 188 | std::lock_guard<std::mutex> lock(g_keys_mutex); |
| 189 | std::string fingerprint = hash_key(key); |
| 190 | if (g_keys.find(fingerprint) != g_keys.end()) { |
| 191 | LOG(INFO) << "ignoring already-loaded key: " << file; |
| 192 | RSA_free(key); |
| 193 | } else { |
| 194 | g_keys[fingerprint] = std::shared_ptr<RSA>(key, RSA_free); |
| 195 | } |
| 196 | |
Elliott Hughes | 801066a | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 197 | return true; |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 198 | } |
| 199 | |
Josh Gao | 22cb70b | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 200 | static bool read_keys(const std::string& path, bool allow_dir = true) { |
| 201 | LOG(INFO) << "read_keys '" << path << "'..."; |
| 202 | |
| 203 | struct stat st; |
| 204 | if (stat(path.c_str(), &st) != 0) { |
| 205 | PLOG(ERROR) << "failed to stat '" << path << "'"; |
| 206 | return false; |
| 207 | } |
| 208 | |
| 209 | if (S_ISREG(st.st_mode)) { |
| 210 | if (!android::base::EndsWith(path, ".adb_key")) { |
| 211 | LOG(INFO) << "skipping non-adb_key '" << path << "'"; |
| 212 | return false; |
| 213 | } |
| 214 | |
| 215 | return read_key_file(path); |
| 216 | } else if (S_ISDIR(st.st_mode)) { |
| 217 | if (!allow_dir) { |
| 218 | // inotify isn't recursive. It would break expectations to load keys in nested |
| 219 | // directories but not monitor them for new keys. |
| 220 | LOG(WARNING) << "refusing to recurse into directory '" << path << "'"; |
| 221 | return false; |
| 222 | } |
| 223 | |
| 224 | std::unique_ptr<DIR, decltype(&closedir)> dir(opendir(path.c_str()), closedir); |
| 225 | if (!dir) { |
| 226 | PLOG(ERROR) << "failed to open directory '" << path << "'"; |
| 227 | return false; |
| 228 | } |
| 229 | |
| 230 | bool result = false; |
| 231 | while (struct dirent* dent = readdir(dir.get())) { |
| 232 | std::string name = dent->d_name; |
| 233 | |
| 234 | // We can't use dent->d_type here because it's not available on Windows. |
| 235 | if (name == "." || name == "..") { |
| 236 | continue; |
| 237 | } |
| 238 | |
| 239 | result |= read_keys((path + OS_PATH_SEPARATOR + name).c_str(), false); |
| 240 | } |
| 241 | return result; |
| 242 | } |
| 243 | |
| 244 | LOG(ERROR) << "unexpected type for '" << path << "': 0x" << std::hex << st.st_mode; |
| 245 | return false; |
| 246 | } |
| 247 | |
Elliott Hughes | 801066a | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 248 | static std::string get_user_key_path() { |
Josh Gao | 62ff9d4 | 2016-08-30 15:23:35 -0700 | [diff] [blame] | 249 | return adb_get_android_dir_path() + OS_PATH_SEPARATOR + "adbkey"; |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 250 | } |
| 251 | |
Elliott Hughes | 801066a | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 252 | static bool get_user_key() { |
| 253 | std::string path = get_user_key_path(); |
| 254 | if (path.empty()) { |
| 255 | PLOG(ERROR) << "Error getting user key filename"; |
| 256 | return false; |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 257 | } |
| 258 | |
Elliott Hughes | 801066a | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 259 | struct stat buf; |
| 260 | if (stat(path.c_str(), &buf) == -1) { |
| 261 | LOG(INFO) << "User key '" << path << "' does not exist..."; |
Dan Albert | 3d978e6 | 2015-07-09 20:35:09 +0000 | [diff] [blame] | 262 | if (!generate_key(path)) { |
Elliott Hughes | 801066a | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 263 | LOG(ERROR) << "Failed to generate new key"; |
| 264 | return false; |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 265 | } |
| 266 | } |
| 267 | |
Josh Gao | 22cb70b | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 268 | return read_key_file(path); |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 269 | } |
| 270 | |
Josh Gao | 22cb70b | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 271 | static std::set<std::string> get_vendor_keys() { |
Elliott Hughes | fb2ba51 | 2015-04-24 23:02:00 -0700 | [diff] [blame] | 272 | const char* adb_keys_path = getenv("ADB_VENDOR_KEYS"); |
| 273 | if (adb_keys_path == nullptr) { |
Josh Gao | 22cb70b | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 274 | return std::set<std::string>(); |
Elliott Hughes | fb2ba51 | 2015-04-24 23:02:00 -0700 | [diff] [blame] | 275 | } |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 276 | |
Josh Gao | 22cb70b | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 277 | std::set<std::string> result; |
Elliott Hughes | 8595283 | 2015-10-07 15:59:35 -0700 | [diff] [blame] | 278 | for (const auto& path : android::base::Split(adb_keys_path, ENV_PATH_SEPARATOR_STR)) { |
Josh Gao | 22cb70b | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 279 | result.emplace(path); |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 280 | } |
Josh Gao | 22cb70b | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 281 | return result; |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 282 | } |
| 283 | |
Josh Gao | 22cb70b | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 284 | std::deque<std::shared_ptr<RSA>> adb_auth_get_private_keys() { |
| 285 | std::deque<std::shared_ptr<RSA>> result; |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 286 | |
Josh Gao | 22cb70b | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 287 | // Copy all the currently known keys. |
| 288 | std::lock_guard<std::mutex> lock(g_keys_mutex); |
| 289 | for (const auto& it : g_keys) { |
| 290 | result.push_back(it.second); |
Elliott Hughes | 801066a | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 291 | } |
| 292 | |
| 293 | // Add a sentinel to the list. Our caller uses this to mean "out of private keys, |
| 294 | // but try using the public key" (the empty deque could otherwise mean this _or_ |
| 295 | // that this function hasn't been called yet to request the keys). |
| 296 | result.push_back(nullptr); |
| 297 | |
| 298 | return result; |
| 299 | } |
| 300 | |
Josh Gao | 67ac379 | 2016-10-06 13:31:44 -0700 | [diff] [blame] | 301 | static int adb_auth_sign(RSA* key, const char* token, size_t token_size, char* sig) { |
Sami Tolvanen | b92a35c | 2015-01-27 16:48:35 +0000 | [diff] [blame] | 302 | if (token_size != TOKEN_SIZE) { |
Yabin Cui | 815ad88 | 2015-09-02 17:44:28 -0700 | [diff] [blame] | 303 | D("Unexpected token size %zd", token_size); |
Sami Tolvanen | b92a35c | 2015-01-27 16:48:35 +0000 | [diff] [blame] | 304 | return 0; |
| 305 | } |
| 306 | |
Elliott Hughes | 801066a | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 307 | unsigned int len; |
Josh Gao | 67ac379 | 2016-10-06 13:31:44 -0700 | [diff] [blame] | 308 | if (!RSA_sign(NID_sha1, reinterpret_cast<const uint8_t*>(token), token_size, |
| 309 | reinterpret_cast<uint8_t*>(sig), &len, key)) { |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 310 | return 0; |
| 311 | } |
| 312 | |
Yabin Cui | 815ad88 | 2015-09-02 17:44:28 -0700 | [diff] [blame] | 313 | D("adb_auth_sign len=%d", len); |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 314 | return (int)len; |
| 315 | } |
| 316 | |
Elliott Hughes | e0a6e2a | 2016-05-26 22:43:19 -0700 | [diff] [blame] | 317 | std::string adb_auth_get_userkey() { |
Elliott Hughes | 801066a | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 318 | std::string path = get_user_key_path(); |
| 319 | if (path.empty()) { |
| 320 | PLOG(ERROR) << "Error getting user key filename"; |
Elliott Hughes | e0a6e2a | 2016-05-26 22:43:19 -0700 | [diff] [blame] | 321 | return ""; |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 322 | } |
Elliott Hughes | 801066a | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 323 | path += ".pub"; |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 324 | |
Elliott Hughes | e0a6e2a | 2016-05-26 22:43:19 -0700 | [diff] [blame] | 325 | std::string content; |
| 326 | if (!android::base::ReadFileToString(path, &content)) { |
Elliott Hughes | 801066a | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 327 | PLOG(ERROR) << "Can't load '" << path << "'"; |
Elliott Hughes | e0a6e2a | 2016-05-26 22:43:19 -0700 | [diff] [blame] | 328 | return ""; |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 329 | } |
Elliott Hughes | e0a6e2a | 2016-05-26 22:43:19 -0700 | [diff] [blame] | 330 | return content; |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 331 | } |
| 332 | |
Nick Kralevich | 6183c96 | 2014-11-13 15:17:29 -0800 | [diff] [blame] | 333 | int adb_auth_keygen(const char* filename) { |
Nick Kralevich | 6183c96 | 2014-11-13 15:17:29 -0800 | [diff] [blame] | 334 | return (generate_key(filename) == 0); |
| 335 | } |
| 336 | |
Josh Gao | 22cb70b | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 337 | #if defined(__linux__) |
| 338 | static void adb_auth_inotify_update(int fd, unsigned fd_event, void*) { |
| 339 | LOG(INFO) << "adb_auth_inotify_update called"; |
| 340 | if (!(fd_event & FDE_READ)) { |
| 341 | return; |
| 342 | } |
| 343 | |
| 344 | char buf[sizeof(struct inotify_event) + NAME_MAX + 1]; |
| 345 | while (true) { |
| 346 | ssize_t rc = TEMP_FAILURE_RETRY(unix_read(fd, buf, sizeof(buf))); |
| 347 | if (rc == -1) { |
| 348 | if (errno == EAGAIN) { |
| 349 | LOG(INFO) << "done reading inotify fd"; |
| 350 | break; |
| 351 | } |
| 352 | PLOG(FATAL) << "read of inotify event failed"; |
| 353 | } |
| 354 | |
| 355 | // The read potentially returned multiple events. |
| 356 | char* start = buf; |
| 357 | char* end = buf + rc; |
| 358 | |
| 359 | while (start < end) { |
| 360 | inotify_event* event = reinterpret_cast<inotify_event*>(start); |
| 361 | auto root_it = g_monitored_paths.find(event->wd); |
| 362 | if (root_it == g_monitored_paths.end()) { |
| 363 | LOG(FATAL) << "observed inotify event for unmonitored path, wd = " << event->wd; |
| 364 | } |
| 365 | |
| 366 | std::string path = root_it->second; |
| 367 | if (event->len > 0) { |
| 368 | path += '/'; |
| 369 | path += event->name; |
| 370 | } |
| 371 | |
| 372 | if (event->mask & (IN_CREATE | IN_MOVED_TO)) { |
| 373 | if (event->mask & IN_ISDIR) { |
| 374 | LOG(INFO) << "ignoring new directory at '" << path << "'"; |
| 375 | } else { |
| 376 | LOG(INFO) << "observed new file at '" << path << "'"; |
| 377 | read_keys(path, false); |
| 378 | } |
| 379 | } else { |
| 380 | LOG(WARNING) << "unmonitored event for " << path << ": 0x" << std::hex |
| 381 | << event->mask; |
| 382 | } |
| 383 | |
| 384 | start += sizeof(struct inotify_event) + event->len; |
| 385 | } |
| 386 | } |
| 387 | } |
| 388 | |
| 389 | static void adb_auth_inotify_init(const std::set<std::string>& paths) { |
| 390 | LOG(INFO) << "adb_auth_inotify_init..."; |
| 391 | int infd = inotify_init1(IN_CLOEXEC | IN_NONBLOCK); |
| 392 | for (const std::string& path : paths) { |
| 393 | int wd = inotify_add_watch(infd, path.c_str(), IN_CREATE | IN_MOVED_TO); |
| 394 | if (wd < 0) { |
| 395 | PLOG(ERROR) << "failed to inotify_add_watch on path '" << path; |
| 396 | continue; |
| 397 | } |
| 398 | |
| 399 | g_monitored_paths[wd] = path; |
| 400 | LOG(INFO) << "watch descriptor " << wd << " registered for " << path; |
| 401 | } |
| 402 | |
| 403 | fdevent* event = fdevent_create(infd, adb_auth_inotify_update, nullptr); |
| 404 | fdevent_add(event, FDE_READ); |
| 405 | } |
| 406 | #endif |
| 407 | |
Elliott Hughes | 801066a | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 408 | void adb_auth_init() { |
| 409 | LOG(INFO) << "adb_auth_init..."; |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 410 | |
Elliott Hughes | 801066a | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 411 | if (!get_user_key()) { |
| 412 | LOG(ERROR) << "Failed to get user key"; |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 413 | return; |
| 414 | } |
| 415 | |
Josh Gao | 22cb70b | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 416 | const auto& key_paths = get_vendor_keys(); |
| 417 | |
| 418 | #if defined(__linux__) |
| 419 | adb_auth_inotify_init(key_paths); |
| 420 | #endif |
| 421 | |
| 422 | for (const std::string& path : key_paths) { |
| 423 | read_keys(path.c_str()); |
| 424 | } |
Benoit Goby | 2cc19e4 | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 425 | } |
Josh Gao | eac2058 | 2016-10-05 19:02:29 -0700 | [diff] [blame] | 426 | |
| 427 | static void send_auth_publickey(atransport* t) { |
| 428 | LOG(INFO) << "Calling send_auth_publickey"; |
| 429 | |
| 430 | std::string key = adb_auth_get_userkey(); |
| 431 | if (key.empty()) { |
| 432 | D("Failed to get user public key"); |
| 433 | return; |
| 434 | } |
| 435 | |
| 436 | if (key.size() >= MAX_PAYLOAD_V1) { |
| 437 | D("User public key too large (%zu B)", key.size()); |
| 438 | return; |
| 439 | } |
| 440 | |
| 441 | apacket* p = get_apacket(); |
| 442 | memcpy(p->data, key.c_str(), key.size() + 1); |
| 443 | |
| 444 | p->msg.command = A_AUTH; |
| 445 | p->msg.arg0 = ADB_AUTH_RSAPUBLICKEY; |
| 446 | |
| 447 | // adbd expects a null-terminated string. |
| 448 | p->msg.data_length = key.size() + 1; |
| 449 | send_packet(p, t); |
| 450 | } |
| 451 | |
Josh Gao | 67ac379 | 2016-10-06 13:31:44 -0700 | [diff] [blame] | 452 | void send_auth_response(const char* token, size_t token_size, atransport* t) { |
Josh Gao | eac2058 | 2016-10-05 19:02:29 -0700 | [diff] [blame] | 453 | std::shared_ptr<RSA> key = t->NextKey(); |
| 454 | if (key == nullptr) { |
| 455 | // No more private keys to try, send the public key. |
| 456 | send_auth_publickey(t); |
| 457 | return; |
| 458 | } |
| 459 | |
| 460 | LOG(INFO) << "Calling send_auth_response"; |
| 461 | apacket* p = get_apacket(); |
| 462 | |
| 463 | int ret = adb_auth_sign(key.get(), token, token_size, p->data); |
| 464 | if (!ret) { |
| 465 | D("Error signing the token"); |
| 466 | put_apacket(p); |
| 467 | return; |
| 468 | } |
| 469 | |
| 470 | p->msg.command = A_AUTH; |
| 471 | p->msg.arg0 = ADB_AUTH_SIGNATURE; |
| 472 | p->msg.data_length = ret; |
| 473 | send_packet(p, t); |
| 474 | } |