Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / packages / modules / adb / 6183c964468851f49683534af0dc542cb23f89de / . / adb_auth_host.c
blob: 4c33d147481b1de9f2801fa4337824afd9e63ff3 [file] [log] [blame]
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]1/*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <stdio.h>
18
19#ifdef _WIN32
20# define WIN32_LEAN_AND_MEAN
21# include "windows.h"
22# include "shlobj.h"
23#else
24# include <sys/types.h>
25# include <sys/stat.h>
26# include <unistd.h>
27#endif
28#include <string.h>
29
30#include "sysdeps.h"
31#include "adb.h"
32#include "adb_auth.h"
33
34/* HACK: we need the RSAPublicKey struct
35 * but RSA_verify conflits with openssl */
36#define RSA_verify RSA_verify_mincrypt
37#include "mincrypt/rsa.h"
38#undef RSA_verify
39
40#include <cutils/list.h>
41
42#include <openssl/evp.h>
43#include <openssl/objects.h>
44#include <openssl/pem.h>
45#include <openssl/rsa.h>
46#include <openssl/sha.h>
47
Adam Langley29f6cdb2014-09-03 14:34:47 -0700[diff] [blame]48#if defined(OPENSSL_IS_BORINGSSL)
49#include <openssl/base64.h>
50#endif
51
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]52#define TRACE_TAG TRACE_AUTH
53
54#define ANDROID_PATH ".android"
Benoit Gobycb37c502012-08-31 12:14:21 -0700[diff] [blame]55#define ADB_KEY_FILE "adbkey"
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]56
57
58struct adb_private_key {
59 struct listnode node;
60 RSA *rsa;
61};
62
63static struct listnode key_list;
64
65
66/* Convert OpenSSL RSA private key to android pre-computed RSAPublicKey format */
67static int RSA_to_RSAPublicKey(RSA *rsa, RSAPublicKey *pkey)
68{
69 int ret = 1;
70 unsigned int i;
71
72 BN_CTX* ctx = BN_CTX_new();
73 BIGNUM* r32 = BN_new();
74 BIGNUM* rr = BN_new();
75 BIGNUM* r = BN_new();
76 BIGNUM* rem = BN_new();
77 BIGNUM* n = BN_new();
78 BIGNUM* n0inv = BN_new();
79
80 if (RSA_size(rsa) != RSANUMBYTES) {
81 ret = 0;
82 goto out;
83 }
84
85 BN_set_bit(r32, 32);
86 BN_copy(n, rsa->n);
87 BN_set_bit(r, RSANUMWORDS * 32);
88 BN_mod_sqr(rr, r, n, ctx);
89 BN_div(NULL, rem, n, r32, ctx);
90 BN_mod_inverse(n0inv, rem, r32, ctx);
91
92 pkey->len = RSANUMWORDS;
93 pkey->n0inv = 0 - BN_get_word(n0inv);
94 for (i = 0; i < RSANUMWORDS; i++) {
95 BN_div(rr, rem, rr, r32, ctx);
96 pkey->rr[i] = BN_get_word(rem);
97 BN_div(n, rem, n, r32, ctx);
98 pkey->n[i] = BN_get_word(rem);
99 }
100 pkey->exponent = BN_get_word(rsa->e);
101
102out:
103 BN_free(n0inv);
104 BN_free(n);
105 BN_free(rem);
106 BN_free(r);
107 BN_free(rr);
108 BN_free(r32);
109 BN_CTX_free(ctx);
110
111 return ret;
112}
113
114static void get_user_info(char *buf, size_t len)
115{
116 char hostname[1024], username[1024];
Nick Kralevich6183c962014-11-13 15:17:29 -0800[diff] [blame^]117 int ret = -1;
118
119 if (getenv("HOSTNAME") != NULL) {
120 strncpy(hostname, getenv("HOSTNAME"), sizeof(hostname));
121 hostname[sizeof(hostname)-1] = '\0';
122 ret = 0;
123 }
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]124
125#ifndef _WIN32
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]126 if (ret < 0)
Nick Kralevich6183c962014-11-13 15:17:29 -0800[diff] [blame^]127 ret = gethostname(hostname, sizeof(hostname));
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]128#endif
Nick Kralevich6183c962014-11-13 15:17:29 -0800[diff] [blame^]129 if (ret < 0)
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]130 strcpy(hostname, "unknown");
131
Nick Kralevich6183c962014-11-13 15:17:29 -0800[diff] [blame^]132 ret = -1;
133
134 if (getenv("LOGNAME") != NULL) {
135 strncpy(username, getenv("LOGNAME"), sizeof(username));
136 username[sizeof(username)-1] = '\0';
137 ret = 0;
138 }
139
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]140#if !defined _WIN32 && !defined ADB_HOST_ON_TARGET
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]141 if (ret < 0)
Nick Kralevich6183c962014-11-13 15:17:29 -0800[diff] [blame^]142 ret = getlogin_r(username, sizeof(username));
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]143#endif
Nick Kralevich6183c962014-11-13 15:17:29 -0800[diff] [blame^]144 if (ret < 0)
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]145 strcpy(username, "unknown");
146
147 ret = snprintf(buf, len, " %s@%s", username, hostname);
148 if (ret >= (signed)len)
149 buf[len - 1] = '\0';
150}
151
152static int write_public_keyfile(RSA *private_key, const char *private_key_path)
153{
154 RSAPublicKey pkey;
Adam Langley29f6cdb2014-09-03 14:34:47 -0700[diff] [blame]155 FILE *outfile = NULL;
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]156 char path[PATH_MAX], info[MAX_PAYLOAD];
Adam Langley29f6cdb2014-09-03 14:34:47 -0700[diff] [blame]157 uint8_t *encoded = NULL;
158 size_t encoded_length;
159 int ret = 0;
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]160
Adam Langley29f6cdb2014-09-03 14:34:47 -0700[diff] [blame]161 if (snprintf(path, sizeof(path), "%s.pub", private_key_path) >=
162 (int)sizeof(path)) {
163 D("Path too long while writing public key\n");
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]164 return 0;
Adam Langley29f6cdb2014-09-03 14:34:47 -0700[diff] [blame]165 }
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]166
Adam Langley29f6cdb2014-09-03 14:34:47 -0700[diff] [blame]167 if (!RSA_to_RSAPublicKey(private_key, &pkey)) {
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]168 D("Failed to convert to publickey\n");
169 return 0;
170 }
171
Adam Langley29f6cdb2014-09-03 14:34:47 -0700[diff] [blame]172 outfile = fopen(path, "w");
173 if (!outfile) {
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]174 D("Failed to open '%s'\n", path);
175 return 0;
176 }
177
178 D("Writing public key to '%s'\n", path);
179
Adam Langley29f6cdb2014-09-03 14:34:47 -0700[diff] [blame]180#if defined(OPENSSL_IS_BORINGSSL)
181 if (!EVP_EncodedLength(&encoded_length, sizeof(pkey))) {
182 D("Public key too large to base64 encode");
183 goto out;
184 }
185#else
186 /* While we switch from OpenSSL to BoringSSL we have to implement
187 * |EVP_EncodedLength| here. */
188 encoded_length = 1 + ((sizeof(pkey) + 2) / 3 * 4);
189#endif
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]190
Adam Langley29f6cdb2014-09-03 14:34:47 -0700[diff] [blame]191 encoded = malloc(encoded_length);
192 if (encoded == NULL) {
193 D("Allocation failure");
194 goto out;
195 }
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]196
Adam Langley29f6cdb2014-09-03 14:34:47 -0700[diff] [blame]197 encoded_length = EVP_EncodeBlock(encoded, (uint8_t*) &pkey, sizeof(pkey));
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]198 get_user_info(info, sizeof(info));
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]199
Adam Langley29f6cdb2014-09-03 14:34:47 -0700[diff] [blame]200 if (fwrite(encoded, encoded_length, 1, outfile) != 1 ||
201 fwrite(info, strlen(info), 1, outfile) != 1) {
202 D("Write error while writing public key");
203 goto out;
204 }
205
206 ret = 1;
207
208 out:
209 if (outfile != NULL) {
210 fclose(outfile);
211 }
212 if (encoded != NULL) {
213 free(encoded);
214 }
215 return ret;
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]216}
217
218static int generate_key(const char *file)
219{
220 EVP_PKEY* pkey = EVP_PKEY_new();
221 BIGNUM* exponent = BN_new();
222 RSA* rsa = RSA_new();
Benoit Gobycb37c502012-08-31 12:14:21 -0700[diff] [blame]223 mode_t old_mask;
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]224 FILE *f = NULL;
225 int ret = 0;
226
227 D("generate_key '%s'\n", file);
228
229 if (!pkey || !exponent || !rsa) {
230 D("Failed to allocate key\n");
231 goto out;
232 }
233
234 BN_set_word(exponent, RSA_F4);
235 RSA_generate_key_ex(rsa, 2048, exponent, NULL);
236 EVP_PKEY_set1_RSA(pkey, rsa);
237
Benoit Gobycb37c502012-08-31 12:14:21 -0700[diff] [blame]238 old_mask = umask(077);
239
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]240 f = fopen(file, "w");
241 if (!f) {
242 D("Failed to open '%s'\n", file);
Benoit Gobycb37c502012-08-31 12:14:21 -0700[diff] [blame]243 umask(old_mask);
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]244 goto out;
245 }
246
Benoit Gobycb37c502012-08-31 12:14:21 -0700[diff] [blame]247 umask(old_mask);
248
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]249 if (!PEM_write_PrivateKey(f, pkey, NULL, NULL, 0, NULL, NULL)) {
250 D("Failed to write key\n");
251 goto out;
252 }
253
254 if (!write_public_keyfile(rsa, file)) {
255 D("Failed to write public key\n");
256 goto out;
257 }
258
259 ret = 1;
260
261out:
262 if (f)
263 fclose(f);
264 EVP_PKEY_free(pkey);
265 RSA_free(rsa);
266 BN_free(exponent);
267 return ret;
268}
269
270static int read_key(const char *file, struct listnode *list)
271{
272 struct adb_private_key *key;
273 FILE *f;
274
275 D("read_key '%s'\n", file);
276
277 f = fopen(file, "r");
278 if (!f) {
279 D("Failed to open '%s'\n", file);
280 return 0;
281 }
282
283 key = malloc(sizeof(*key));
284 if (!key) {
285 D("Failed to alloc key\n");
286 fclose(f);
287 return 0;
288 }
289 key->rsa = RSA_new();
290
291 if (!PEM_read_RSAPrivateKey(f, &key->rsa, NULL, NULL)) {
292 D("Failed to read key\n");
293 fclose(f);
294 RSA_free(key->rsa);
295 free(key);
296 return 0;
297 }
298
299 fclose(f);
300 list_add_tail(list, &key->node);
301 return 1;
302}
303
304static int get_user_keyfilepath(char *filename, size_t len)
305{
306 const char *format, *home;
307 char android_dir[PATH_MAX];
308 struct stat buf;
309#ifdef _WIN32
310 char path[PATH_MAX];
311 home = getenv("ANDROID_SDK_HOME");
312 if (!home) {
313 SHGetFolderPath(NULL, CSIDL_PROFILE, NULL, 0, path);
314 home = path;
315 }
316 format = "%s\\%s";
317#else
318 home = getenv("HOME");
319 if (!home)
320 return -1;
321 format = "%s/%s";
322#endif
323
324 D("home '%s'\n", home);
325
326 if (snprintf(android_dir, sizeof(android_dir), format, home,
327 ANDROID_PATH) >= (int)sizeof(android_dir))
328 return -1;
329
330 if (stat(android_dir, &buf)) {
331 if (adb_mkdir(android_dir, 0750) < 0) {
332 D("Cannot mkdir '%s'", android_dir);
333 return -1;
334 }
335 }
336
337 return snprintf(filename, len, format, android_dir, ADB_KEY_FILE);
338}
339
340static int get_user_key(struct listnode *list)
341{
342 struct stat buf;
343 char path[PATH_MAX];
344 int ret;
345
346 ret = get_user_keyfilepath(path, sizeof(path));
347 if (ret < 0 || ret >= (signed)sizeof(path)) {
348 D("Error getting user key filename");
349 return 0;
350 }
351
352 D("user key '%s'\n", path);
353
354 if (stat(path, &buf) == -1) {
355 if (!generate_key(path)) {
356 D("Failed to generate new key\n");
357 return 0;
358 }
359 }
360
361 return read_key(path, list);
362}
363
364static void get_vendor_keys(struct listnode *list)
365{
366 const char *adb_keys_path;
367 char keys_path[MAX_PAYLOAD];
368 char *path;
369 char *save;
370 struct stat buf;
371
372 adb_keys_path = getenv("ADB_VENDOR_KEYS");
373 if (!adb_keys_path)
374 return;
375 strncpy(keys_path, adb_keys_path, sizeof(keys_path));
376
377 path = adb_strtok_r(keys_path, ENV_PATH_SEPARATOR_STR, &save);
378 while (path) {
379 D("Reading: '%s'\n", path);
380
381 if (stat(path, &buf))
382 D("Can't read '%s'\n", path);
383 else if (!read_key(path, list))
384 D("Failed to read '%s'\n", path);
385
386 path = adb_strtok_r(NULL, ENV_PATH_SEPARATOR_STR, &save);
387 }
388}
389
390int adb_auth_sign(void *node, void *token, size_t token_size, void *sig)
391{
392 unsigned int len;
393 struct adb_private_key *key = node_to_item(node, struct adb_private_key, node);
394
395 if (!RSA_sign(NID_sha1, token, token_size, sig, &len, key->rsa)) {
396 return 0;
397 }
398
399 D("adb_auth_sign len=%d\n", len);
400 return (int)len;
401}
402
403void *adb_auth_nextkey(void *current)
404{
405 struct listnode *item;
406
407 if (list_empty(&key_list))
408 return NULL;
409
410 if (!current)
411 return list_head(&key_list);
412
413 list_for_each(item, &key_list) {
414 if (item == current) {
415 /* current is the last item, we tried all the keys */
416 if (item->next == &key_list)
417 return NULL;
418 return item->next;
419 }
420 }
421
422 return NULL;
423}
424
425int adb_auth_get_userkey(unsigned char *data, size_t len)
426{
427 char path[PATH_MAX];
428 char *file;
429 int ret;
430
431 ret = get_user_keyfilepath(path, sizeof(path) - 4);
432 if (ret < 0 || ret >= (signed)(sizeof(path) - 4)) {
433 D("Error getting user key filename");
434 return 0;
435 }
436 strcat(path, ".pub");
437
438 file = load_file(path, (unsigned*)&ret);
439 if (!file) {
440 D("Can't load '%s'\n", path);
441 return 0;
442 }
443
444 if (len < (size_t)(ret + 1)) {
445 D("%s: Content too large ret=%d\n", path, ret);
446 return 0;
447 }
448
449 memcpy(data, file, ret);
450 data[ret] = '\0';
451
452 return ret + 1;
453}
454
Nick Kralevich6183c962014-11-13 15:17:29 -0800[diff] [blame^]455int adb_auth_keygen(const char* filename) {
456 adb_trace_mask |= (1 << TRACE_AUTH);
457 return (generate_key(filename) == 0);
458}
459
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]460void adb_auth_init(void)
461{
462 int ret;
463
464 D("adb_auth_init\n");
465
466 list_init(&key_list);
467
468 ret = get_user_key(&key_list);
469 if (!ret) {
470 D("Failed to get user key\n");
471 return;
472 }
473
474 get_vendor_keys(&key_list);
475}