Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / packages / modules / adb / 5ca49dbcab7f47e320791af2a229d5840a595fde / . / adb_auth_client.cpp
blob: 128c3dffee8bc7c0ae1e13a52aab3623f7f71b2a [file] [log] [blame]
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]1/*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Yabin Cui19bec5b2015-09-22 15:52:57 -0700[diff] [blame]17#define TRACE_TAG AUTH
Dan Albertdb6fe642015-03-19 15:21:08 -0700[diff] [blame]18
19#include "sysdeps.h"
20#include "adb_auth.h"
21
Dan Albertb302d122015-02-24 15:51:19 -0800[diff] [blame]22#include <resolv.h>
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]23#include <stdio.h>
24#include <string.h>
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]25
Dan Albertb302d122015-02-24 15:51:19 -0800[diff] [blame]26#include "cutils/list.h"
27#include "cutils/sockets.h"
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]28#include "mincrypt/rsa.h"
Doug Zongker25129a52013-04-10 09:22:02 -0700[diff] [blame]29#include "mincrypt/sha.h"
Dan Albertdb6fe642015-03-19 15:21:08 -0700[diff] [blame]30
31#include "adb.h"
32#include "fdevent.h"
Dan Albertb302d122015-02-24 15:51:19 -0800[diff] [blame]33#include "transport.h"
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]34
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]35struct adb_public_key {
36 struct listnode node;
37 RSAPublicKey key;
38};
39
Dan Albertf30d73c2015-02-25 17:51:28 -0800[diff] [blame]40static const char *key_paths[] = {
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]41 "/adb_keys",
42 "/data/misc/adb/adb_keys",
43 NULL
44};
45
46static fdevent listener_fde;
Josh Gao7a8c7cb2016-02-23 18:05:57 -0800[diff] [blame]47static fdevent framework_fde;
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]48static int framework_fd = -1;
49
Benoit Gobyd592d6c2013-01-15 19:59:14 -0800[diff] [blame]50static void usb_disconnected(void* unused, atransport* t);
Yabin Cui2d4c1982015-08-28 15:09:44 -0700[diff] [blame]51static struct adisconnect usb_disconnect = { usb_disconnected, nullptr};
Benoit Gobyd592d6c2013-01-15 19:59:14 -0800[diff] [blame]52static atransport* usb_transport;
53static bool needs_retry = false;
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]54
55static void read_keys(const char *file, struct listnode *list)
56{
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]57 FILE *f;
Tamas Berghammera1c60c02015-07-13 19:12:28 +0100[diff] [blame]58 char buf[MAX_PAYLOAD_V1];
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]59 char *sep;
60 int ret;
61
Nick Kralevich777523e2014-07-18 20:57:35 -0700[diff] [blame]62 f = fopen(file, "re");
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]63 if (!f) {
Yabin Cui815ad882015-09-02 17:44:28 -0700[diff] [blame]64 D("Can't open '%s'", file);
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]65 return;
66 }
67
68 while (fgets(buf, sizeof(buf), f)) {
69 /* Allocate 4 extra bytes to decode the base64 data in-place */
Dan Albertf30d73c2015-02-25 17:51:28 -0800[diff] [blame]70 auto key = reinterpret_cast<adb_public_key*>(
71 calloc(1, sizeof(adb_public_key) + 4));
72 if (key == nullptr) {
Yabin Cui815ad882015-09-02 17:44:28 -0700[diff] [blame]73 D("Can't malloc key");
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]74 break;
75 }
76
77 sep = strpbrk(buf, " \t");
78 if (sep)
79 *sep = '\0';
80
81 ret = __b64_pton(buf, (u_char *)&key->key, sizeof(key->key) + 4);
82 if (ret != sizeof(key->key)) {
Yabin Cui815ad882015-09-02 17:44:28 -0700[diff] [blame]83 D("%s: Invalid base64 data ret=%d", file, ret);
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]84 free(key);
85 continue;
86 }
87
88 if (key->key.len != RSANUMWORDS) {
Yabin Cui815ad882015-09-02 17:44:28 -0700[diff] [blame]89 D("%s: Invalid key len %d", file, key->key.len);
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]90 free(key);
91 continue;
92 }
93
94 list_add_tail(list, &key->node);
95 }
96
97 fclose(f);
98}
99
100static void free_keys(struct listnode *list)
101{
102 struct listnode *item;
103
104 while (!list_empty(list)) {
105 item = list_head(list);
106 list_remove(item);
107 free(node_to_item(item, struct adb_public_key, node));
108 }
109}
110
Benoit Gobyd84bc662013-01-14 21:26:30 -0800[diff] [blame]111static void load_keys(struct listnode *list)
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]112{
Dan Albertf30d73c2015-02-25 17:51:28 -0800[diff] [blame]113 const char* path;
114 const char** paths = key_paths;
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]115 struct stat buf;
116
Benoit Gobyd84bc662013-01-14 21:26:30 -0800[diff] [blame]117 list_init(list);
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]118
119 while ((path = *paths++)) {
120 if (!stat(path, &buf)) {
Yabin Cui815ad882015-09-02 17:44:28 -0700[diff] [blame]121 D("Loading keys from '%s'", path);
Benoit Gobyd84bc662013-01-14 21:26:30 -0800[diff] [blame]122 read_keys(path, list);
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]123 }
124 }
125}
126
127int adb_auth_generate_token(void *token, size_t token_size)
128{
129 FILE *f;
130 int ret;
131
Nick Kralevich777523e2014-07-18 20:57:35 -0700[diff] [blame]132 f = fopen("/dev/urandom", "re");
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]133 if (!f)
134 return 0;
135
136 ret = fread(token, token_size, 1, f);
137
138 fclose(f);
139 return ret * token_size;
140}
141
Dan Albertf30d73c2015-02-25 17:51:28 -0800[diff] [blame]142int adb_auth_verify(uint8_t* token, uint8_t* sig, int siglen)
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]143{
144 struct listnode *item;
Benoit Gobyd84bc662013-01-14 21:26:30 -0800[diff] [blame]145 struct listnode key_list;
146 int ret = 0;
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]147
148 if (siglen != RSANUMBYTES)
149 return 0;
150
Benoit Gobyd84bc662013-01-14 21:26:30 -0800[diff] [blame]151 load_keys(&key_list);
152
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]153 list_for_each(item, &key_list) {
Dan Albertf30d73c2015-02-25 17:51:28 -0800[diff] [blame]154 adb_public_key* key = node_to_item(item, struct adb_public_key, node);
Doug Zongker25129a52013-04-10 09:22:02 -0700[diff] [blame]155 ret = RSA_verify(&key->key, sig, siglen, token, SHA_DIGEST_SIZE);
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]156 if (ret)
Benoit Gobyd84bc662013-01-14 21:26:30 -0800[diff] [blame]157 break;
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]158 }
159
Benoit Gobyd84bc662013-01-14 21:26:30 -0800[diff] [blame]160 free_keys(&key_list);
161
162 return ret;
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]163}
164
Josh Gao7a8c7cb2016-02-23 18:05:57 -0800[diff] [blame]165static void usb_disconnected(void* unused, atransport* t) {
Yabin Cui815ad882015-09-02 17:44:28 -0700[diff] [blame]166 D("USB disconnect");
Benoit Gobyd592d6c2013-01-15 19:59:14 -0800[diff] [blame]167 usb_transport = NULL;
168 needs_retry = false;
169}
170
Josh Gao7a8c7cb2016-02-23 18:05:57 -0800[diff] [blame]171static void framework_disconnected() {
172 D("Framework disconnect");
173 fdevent_remove(&framework_fde);
174 framework_fd = -1;
175}
176
177static void adb_auth_event(int fd, unsigned events, void*) {
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]178 char response[2];
179 int ret;
180
181 if (events & FDE_READ) {
182 ret = unix_read(fd, response, sizeof(response));
Vince Harron82125422014-09-25 21:51:15 -0700[diff] [blame]183 if (ret <= 0) {
Josh Gao7a8c7cb2016-02-23 18:05:57 -0800[diff] [blame]184 framework_disconnected();
185 } else if (ret == 2 && response[0] == 'O' && response[1] == 'K') {
186 if (usb_transport) {
Benoit Gobyd592d6c2013-01-15 19:59:14 -0800[diff] [blame]187 adb_auth_verified(usb_transport);
Josh Gao7a8c7cb2016-02-23 18:05:57 -0800[diff] [blame]188 }
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]189 }
190 }
191}
192
193void adb_auth_confirm_key(unsigned char *key, size_t len, atransport *t)
194{
Tamas Berghammera1c60c02015-07-13 19:12:28 +0100[diff] [blame]195 char msg[MAX_PAYLOAD_V1];
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]196 int ret;
197
Benoit Gobyc0028882013-04-01 17:39:06 -0700[diff] [blame]198 if (!usb_transport) {
199 usb_transport = t;
Yabin Cui2d4c1982015-08-28 15:09:44 -0700[diff] [blame]200 t->AddDisconnect(&usb_disconnect);
Benoit Gobyc0028882013-04-01 17:39:06 -0700[diff] [blame]201 }
Benoit Gobyd592d6c2013-01-15 19:59:14 -0800[diff] [blame]202
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]203 if (framework_fd < 0) {
Yabin Cui815ad882015-09-02 17:44:28 -0700[diff] [blame]204 D("Client not connected");
Benoit Gobyd592d6c2013-01-15 19:59:14 -0800[diff] [blame]205 needs_retry = true;
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]206 return;
207 }
208
209 if (key[len - 1] != '\0') {
Yabin Cui815ad882015-09-02 17:44:28 -0700[diff] [blame]210 D("Key must be a null-terminated string");
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]211 return;
212 }
213
214 ret = snprintf(msg, sizeof(msg), "PK%s", key);
215 if (ret >= (signed)sizeof(msg)) {
Yabin Cui815ad882015-09-02 17:44:28 -0700[diff] [blame]216 D("Key too long. ret=%d", ret);
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]217 return;
218 }
Yabin Cui815ad882015-09-02 17:44:28 -0700[diff] [blame]219 D("Sending '%s'", msg);
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]220
221 ret = unix_write(framework_fd, msg, ret);
222 if (ret < 0) {
Yabin Cui815ad882015-09-02 17:44:28 -0700[diff] [blame]223 D("Failed to write PK, errno=%d", errno);
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]224 return;
225 }
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]226}
227
Josh Gao7a8c7cb2016-02-23 18:05:57 -0800[diff] [blame]228static void adb_auth_listener(int fd, unsigned events, void* data) {
Erik Kline3c8d44d2015-12-01 17:27:59 +0900[diff] [blame]229 sockaddr_storage addr;
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]230 socklen_t alen;
231 int s;
232
233 alen = sizeof(addr);
234
Erik Kline3c8d44d2015-12-01 17:27:59 +0900[diff] [blame]235 s = adb_socket_accept(fd, reinterpret_cast<sockaddr*>(&addr), &alen);
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]236 if (s < 0) {
Yabin Cui815ad882015-09-02 17:44:28 -0700[diff] [blame]237 D("Failed to accept: errno=%d", errno);
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]238 return;
239 }
240
Josh Gao7a8c7cb2016-02-23 18:05:57 -0800[diff] [blame]241 if (framework_fd >= 0) {
Josh Gao5ca49db2016-02-25 14:11:32 -0800[diff] [blame^]242 LOG(WARNING) << "adb received framework auth socket connection again";
Josh Gao7a8c7cb2016-02-23 18:05:57 -0800[diff] [blame]243 framework_disconnected();
244 }
245
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]246 framework_fd = s;
Josh Gao7a8c7cb2016-02-23 18:05:57 -0800[diff] [blame]247 fdevent_install(&framework_fde, framework_fd, adb_auth_event, nullptr);
248 fdevent_add(&framework_fde, FDE_READ);
Benoit Gobyd592d6c2013-01-15 19:59:14 -0800[diff] [blame]249
250 if (needs_retry) {
251 needs_retry = false;
252 send_auth_request(usb_transport);
253 }
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]254}
255
Pavel Labath0bdb8672015-03-17 11:03:36 -0700[diff] [blame]256void adbd_cloexec_auth_socket() {
257 int fd = android_get_control_socket("adbd");
258 if (fd == -1) {
Yabin Cui815ad882015-09-02 17:44:28 -0700[diff] [blame]259 D("Failed to get adbd socket");
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]260 return;
261 }
Nick Kralevich777523e2014-07-18 20:57:35 -0700[diff] [blame]262 fcntl(fd, F_SETFD, FD_CLOEXEC);
Pavel Labath0bdb8672015-03-17 11:03:36 -0700[diff] [blame]263}
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]264
Pavel Labath0bdb8672015-03-17 11:03:36 -0700[diff] [blame]265void adbd_auth_init(void) {
266 int fd = android_get_control_socket("adbd");
267 if (fd == -1) {
Yabin Cui815ad882015-09-02 17:44:28 -0700[diff] [blame]268 D("Failed to get adbd socket");
Pavel Labath0bdb8672015-03-17 11:03:36 -0700[diff] [blame]269 return;
270 }
271
272 if (listen(fd, 4) == -1) {
Yabin Cui815ad882015-09-02 17:44:28 -0700[diff] [blame]273 D("Failed to listen on '%d'", fd);
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]274 return;
275 }
276
277 fdevent_install(&listener_fde, fd, adb_auth_listener, NULL);
278 fdevent_add(&listener_fde, FDE_READ);
279}