Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / packages / modules / adb / db6fe6428c1ca5f397d3853f2b96c3e3e878b172 / . / adb_auth_host.cpp
blob: 7c2bcfb18b3d004a761e063e5a52e511eed59143 [file] [log] [blame]
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]1/*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Dan Albertdb6fe642015-03-19 15:21:08 -0700[diff] [blame^]17#define TRACE_TAG TRACE_AUTH
18
19#include "sysdeps.h"
20#include "adb_auth.h"
21
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]22#include <stdio.h>
Christopher Ferris054d1702014-11-06 14:34:24 -0800[diff] [blame]23#include <stdlib.h>
Dan Albertdb6fe642015-03-19 15:21:08 -0700[diff] [blame^]24#include <string.h>
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]25
26#ifdef _WIN32
Christopher Ferris054d1702014-11-06 14:34:24 -0800[diff] [blame]27# ifndef WIN32_LEAN_AND_MEAN
28# define WIN32_LEAN_AND_MEAN
29# endif
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]30# include "windows.h"
31# include "shlobj.h"
32#else
33# include <sys/types.h>
34# include <sys/stat.h>
35# include <unistd.h>
36#endif
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]37
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]38#include "adb.h"
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]39
40/* HACK: we need the RSAPublicKey struct
41 * but RSA_verify conflits with openssl */
42#define RSA_verify RSA_verify_mincrypt
43#include "mincrypt/rsa.h"
44#undef RSA_verify
45
46#include <cutils/list.h>
47
48#include <openssl/evp.h>
49#include <openssl/objects.h>
50#include <openssl/pem.h>
51#include <openssl/rsa.h>
52#include <openssl/sha.h>
53
Adam Langley29f6cdb2014-09-03 14:34:47 -0700[diff] [blame]54#if defined(OPENSSL_IS_BORINGSSL)
55#include <openssl/base64.h>
56#endif
57
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]58#define ANDROID_PATH ".android"
Benoit Gobycb37c502012-08-31 12:14:21 -0700[diff] [blame]59#define ADB_KEY_FILE "adbkey"
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]60
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]61struct adb_private_key {
62 struct listnode node;
63 RSA *rsa;
64};
65
66static struct listnode key_list;
67
68
69/* Convert OpenSSL RSA private key to android pre-computed RSAPublicKey format */
70static int RSA_to_RSAPublicKey(RSA *rsa, RSAPublicKey *pkey)
71{
72 int ret = 1;
73 unsigned int i;
74
75 BN_CTX* ctx = BN_CTX_new();
76 BIGNUM* r32 = BN_new();
77 BIGNUM* rr = BN_new();
78 BIGNUM* r = BN_new();
79 BIGNUM* rem = BN_new();
80 BIGNUM* n = BN_new();
81 BIGNUM* n0inv = BN_new();
82
83 if (RSA_size(rsa) != RSANUMBYTES) {
84 ret = 0;
85 goto out;
86 }
87
88 BN_set_bit(r32, 32);
89 BN_copy(n, rsa->n);
90 BN_set_bit(r, RSANUMWORDS * 32);
91 BN_mod_sqr(rr, r, n, ctx);
92 BN_div(NULL, rem, n, r32, ctx);
93 BN_mod_inverse(n0inv, rem, r32, ctx);
94
95 pkey->len = RSANUMWORDS;
96 pkey->n0inv = 0 - BN_get_word(n0inv);
97 for (i = 0; i < RSANUMWORDS; i++) {
98 BN_div(rr, rem, rr, r32, ctx);
99 pkey->rr[i] = BN_get_word(rem);
100 BN_div(n, rem, n, r32, ctx);
101 pkey->n[i] = BN_get_word(rem);
102 }
103 pkey->exponent = BN_get_word(rsa->e);
104
105out:
106 BN_free(n0inv);
107 BN_free(n);
108 BN_free(rem);
109 BN_free(r);
110 BN_free(rr);
111 BN_free(r32);
112 BN_CTX_free(ctx);
113
114 return ret;
115}
116
117static void get_user_info(char *buf, size_t len)
118{
119 char hostname[1024], username[1024];
Nick Kralevich6183c962014-11-13 15:17:29 -0800[diff] [blame]120 int ret = -1;
121
122 if (getenv("HOSTNAME") != NULL) {
123 strncpy(hostname, getenv("HOSTNAME"), sizeof(hostname));
124 hostname[sizeof(hostname)-1] = '\0';
125 ret = 0;
126 }
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]127
128#ifndef _WIN32
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]129 if (ret < 0)
Nick Kralevich6183c962014-11-13 15:17:29 -0800[diff] [blame]130 ret = gethostname(hostname, sizeof(hostname));
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]131#endif
Nick Kralevich6183c962014-11-13 15:17:29 -0800[diff] [blame]132 if (ret < 0)
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]133 strcpy(hostname, "unknown");
134
Nick Kralevich6183c962014-11-13 15:17:29 -0800[diff] [blame]135 ret = -1;
136
137 if (getenv("LOGNAME") != NULL) {
138 strncpy(username, getenv("LOGNAME"), sizeof(username));
139 username[sizeof(username)-1] = '\0';
140 ret = 0;
141 }
142
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]143#if !defined _WIN32 && !defined ADB_HOST_ON_TARGET
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]144 if (ret < 0)
Nick Kralevich6183c962014-11-13 15:17:29 -0800[diff] [blame]145 ret = getlogin_r(username, sizeof(username));
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]146#endif
Nick Kralevich6183c962014-11-13 15:17:29 -0800[diff] [blame]147 if (ret < 0)
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]148 strcpy(username, "unknown");
149
150 ret = snprintf(buf, len, " %s@%s", username, hostname);
151 if (ret >= (signed)len)
152 buf[len - 1] = '\0';
153}
154
155static int write_public_keyfile(RSA *private_key, const char *private_key_path)
156{
157 RSAPublicKey pkey;
Adam Langley29f6cdb2014-09-03 14:34:47 -0700[diff] [blame]158 FILE *outfile = NULL;
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]159 char path[PATH_MAX], info[MAX_PAYLOAD];
Dan Albertf30d73c2015-02-25 17:51:28 -0800[diff] [blame]160 uint8_t* encoded = nullptr;
Adam Langley29f6cdb2014-09-03 14:34:47 -0700[diff] [blame]161 size_t encoded_length;
162 int ret = 0;
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]163
Adam Langley29f6cdb2014-09-03 14:34:47 -0700[diff] [blame]164 if (snprintf(path, sizeof(path), "%s.pub", private_key_path) >=
165 (int)sizeof(path)) {
166 D("Path too long while writing public key\n");
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]167 return 0;
Adam Langley29f6cdb2014-09-03 14:34:47 -0700[diff] [blame]168 }
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]169
Adam Langley29f6cdb2014-09-03 14:34:47 -0700[diff] [blame]170 if (!RSA_to_RSAPublicKey(private_key, &pkey)) {
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]171 D("Failed to convert to publickey\n");
172 return 0;
173 }
174
Adam Langley29f6cdb2014-09-03 14:34:47 -0700[diff] [blame]175 outfile = fopen(path, "w");
176 if (!outfile) {
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]177 D("Failed to open '%s'\n", path);
178 return 0;
179 }
180
181 D("Writing public key to '%s'\n", path);
182
Adam Langley29f6cdb2014-09-03 14:34:47 -0700[diff] [blame]183#if defined(OPENSSL_IS_BORINGSSL)
184 if (!EVP_EncodedLength(&encoded_length, sizeof(pkey))) {
185 D("Public key too large to base64 encode");
186 goto out;
187 }
188#else
189 /* While we switch from OpenSSL to BoringSSL we have to implement
190 * |EVP_EncodedLength| here. */
191 encoded_length = 1 + ((sizeof(pkey) + 2) / 3 * 4);
192#endif
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]193
Dan Albertf30d73c2015-02-25 17:51:28 -0800[diff] [blame]194 encoded = reinterpret_cast<uint8_t*>(malloc(encoded_length));
195 if (encoded == nullptr) {
Adam Langley29f6cdb2014-09-03 14:34:47 -0700[diff] [blame]196 D("Allocation failure");
197 goto out;
198 }
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]199
Adam Langley29f6cdb2014-09-03 14:34:47 -0700[diff] [blame]200 encoded_length = EVP_EncodeBlock(encoded, (uint8_t*) &pkey, sizeof(pkey));
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]201 get_user_info(info, sizeof(info));
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]202
Adam Langley29f6cdb2014-09-03 14:34:47 -0700[diff] [blame]203 if (fwrite(encoded, encoded_length, 1, outfile) != 1 ||
204 fwrite(info, strlen(info), 1, outfile) != 1) {
205 D("Write error while writing public key");
206 goto out;
207 }
208
209 ret = 1;
210
211 out:
212 if (outfile != NULL) {
213 fclose(outfile);
214 }
215 if (encoded != NULL) {
216 free(encoded);
217 }
218 return ret;
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]219}
220
221static int generate_key(const char *file)
222{
223 EVP_PKEY* pkey = EVP_PKEY_new();
224 BIGNUM* exponent = BN_new();
225 RSA* rsa = RSA_new();
Benoit Gobycb37c502012-08-31 12:14:21 -0700[diff] [blame]226 mode_t old_mask;
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]227 FILE *f = NULL;
228 int ret = 0;
229
230 D("generate_key '%s'\n", file);
231
232 if (!pkey || !exponent || !rsa) {
233 D("Failed to allocate key\n");
234 goto out;
235 }
236
237 BN_set_word(exponent, RSA_F4);
238 RSA_generate_key_ex(rsa, 2048, exponent, NULL);
239 EVP_PKEY_set1_RSA(pkey, rsa);
240
Benoit Gobycb37c502012-08-31 12:14:21 -0700[diff] [blame]241 old_mask = umask(077);
242
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]243 f = fopen(file, "w");
244 if (!f) {
245 D("Failed to open '%s'\n", file);
Benoit Gobycb37c502012-08-31 12:14:21 -0700[diff] [blame]246 umask(old_mask);
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]247 goto out;
248 }
249
Benoit Gobycb37c502012-08-31 12:14:21 -0700[diff] [blame]250 umask(old_mask);
251
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]252 if (!PEM_write_PrivateKey(f, pkey, NULL, NULL, 0, NULL, NULL)) {
253 D("Failed to write key\n");
254 goto out;
255 }
256
257 if (!write_public_keyfile(rsa, file)) {
258 D("Failed to write public key\n");
259 goto out;
260 }
261
262 ret = 1;
263
264out:
265 if (f)
266 fclose(f);
267 EVP_PKEY_free(pkey);
268 RSA_free(rsa);
269 BN_free(exponent);
270 return ret;
271}
272
273static int read_key(const char *file, struct listnode *list)
274{
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]275 D("read_key '%s'\n", file);
276
Dan Albertf30d73c2015-02-25 17:51:28 -0800[diff] [blame]277 FILE* f = fopen(file, "r");
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]278 if (!f) {
279 D("Failed to open '%s'\n", file);
280 return 0;
281 }
282
Dan Albertf30d73c2015-02-25 17:51:28 -0800[diff] [blame]283 adb_private_key* key = reinterpret_cast<adb_private_key*>(
284 malloc(sizeof(adb_private_key)));
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]285 if (!key) {
286 D("Failed to alloc key\n");
287 fclose(f);
288 return 0;
289 }
290 key->rsa = RSA_new();
291
292 if (!PEM_read_RSAPrivateKey(f, &key->rsa, NULL, NULL)) {
293 D("Failed to read key\n");
294 fclose(f);
295 RSA_free(key->rsa);
296 free(key);
297 return 0;
298 }
299
300 fclose(f);
301 list_add_tail(list, &key->node);
302 return 1;
303}
304
305static int get_user_keyfilepath(char *filename, size_t len)
306{
307 const char *format, *home;
308 char android_dir[PATH_MAX];
309 struct stat buf;
310#ifdef _WIN32
311 char path[PATH_MAX];
312 home = getenv("ANDROID_SDK_HOME");
313 if (!home) {
314 SHGetFolderPath(NULL, CSIDL_PROFILE, NULL, 0, path);
315 home = path;
316 }
317 format = "%s\\%s";
318#else
319 home = getenv("HOME");
320 if (!home)
321 return -1;
322 format = "%s/%s";
323#endif
324
325 D("home '%s'\n", home);
326
327 if (snprintf(android_dir, sizeof(android_dir), format, home,
328 ANDROID_PATH) >= (int)sizeof(android_dir))
329 return -1;
330
331 if (stat(android_dir, &buf)) {
332 if (adb_mkdir(android_dir, 0750) < 0) {
333 D("Cannot mkdir '%s'", android_dir);
334 return -1;
335 }
336 }
337
338 return snprintf(filename, len, format, android_dir, ADB_KEY_FILE);
339}
340
341static int get_user_key(struct listnode *list)
342{
343 struct stat buf;
344 char path[PATH_MAX];
345 int ret;
346
347 ret = get_user_keyfilepath(path, sizeof(path));
348 if (ret < 0 || ret >= (signed)sizeof(path)) {
349 D("Error getting user key filename");
350 return 0;
351 }
352
353 D("user key '%s'\n", path);
354
355 if (stat(path, &buf) == -1) {
356 if (!generate_key(path)) {
357 D("Failed to generate new key\n");
358 return 0;
359 }
360 }
361
362 return read_key(path, list);
363}
364
365static void get_vendor_keys(struct listnode *list)
366{
367 const char *adb_keys_path;
368 char keys_path[MAX_PAYLOAD];
369 char *path;
370 char *save;
371 struct stat buf;
372
373 adb_keys_path = getenv("ADB_VENDOR_KEYS");
374 if (!adb_keys_path)
375 return;
376 strncpy(keys_path, adb_keys_path, sizeof(keys_path));
377
378 path = adb_strtok_r(keys_path, ENV_PATH_SEPARATOR_STR, &save);
379 while (path) {
380 D("Reading: '%s'\n", path);
381
382 if (stat(path, &buf))
383 D("Can't read '%s'\n", path);
384 else if (!read_key(path, list))
385 D("Failed to read '%s'\n", path);
386
387 path = adb_strtok_r(NULL, ENV_PATH_SEPARATOR_STR, &save);
388 }
389}
390
Dan Albertf30d73c2015-02-25 17:51:28 -0800[diff] [blame]391int adb_auth_sign(void *node, const unsigned char* token, size_t token_size,
392 unsigned char* sig)
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]393{
394 unsigned int len;
395 struct adb_private_key *key = node_to_item(node, struct adb_private_key, node);
396
Sami Tolvanenb92a35c2015-01-27 16:48:35 +0000[diff] [blame]397 if (token_size != TOKEN_SIZE) {
398 D("Unexpected token size %zd\n", token_size);
399 return 0;
400 }
401
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]402 if (!RSA_sign(NID_sha1, token, token_size, sig, &len, key->rsa)) {
403 return 0;
404 }
405
406 D("adb_auth_sign len=%d\n", len);
407 return (int)len;
408}
409
410void *adb_auth_nextkey(void *current)
411{
412 struct listnode *item;
413
414 if (list_empty(&key_list))
415 return NULL;
416
417 if (!current)
418 return list_head(&key_list);
419
420 list_for_each(item, &key_list) {
421 if (item == current) {
422 /* current is the last item, we tried all the keys */
423 if (item->next == &key_list)
424 return NULL;
425 return item->next;
426 }
427 }
428
429 return NULL;
430}
431
432int adb_auth_get_userkey(unsigned char *data, size_t len)
433{
434 char path[PATH_MAX];
Dan Albertf30d73c2015-02-25 17:51:28 -0800[diff] [blame]435 int ret = get_user_keyfilepath(path, sizeof(path) - 4);
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]436 if (ret < 0 || ret >= (signed)(sizeof(path) - 4)) {
437 D("Error getting user key filename");
438 return 0;
439 }
440 strcat(path, ".pub");
441
Dan Albertf30d73c2015-02-25 17:51:28 -0800[diff] [blame]442 // TODO(danalbert): ReadFileToString
443 unsigned size;
444 char* file_data = reinterpret_cast<char*>(load_file(path, &size));
445 if (file_data == nullptr) {
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]446 D("Can't load '%s'\n", path);
447 return 0;
448 }
449
Dan Albertf30d73c2015-02-25 17:51:28 -0800[diff] [blame]450 if (len < (size_t)(size + 1)) {
451 D("%s: Content too large ret=%d\n", path, size);
452 free(file_data);
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]453 return 0;
454 }
455
Dan Albertf30d73c2015-02-25 17:51:28 -0800[diff] [blame]456 memcpy(data, file_data, size);
457 free(file_data);
458 file_data = nullptr;
459 data[size] = '\0';
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]460
Dan Albertf30d73c2015-02-25 17:51:28 -0800[diff] [blame]461 return size + 1;
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]462}
463
Nick Kralevich6183c962014-11-13 15:17:29 -0800[diff] [blame]464int adb_auth_keygen(const char* filename) {
465 adb_trace_mask |= (1 << TRACE_AUTH);
466 return (generate_key(filename) == 0);
467}
468
Benoit Goby2cc19e42012-04-12 12:23:49 -0700[diff] [blame]469void adb_auth_init(void)
470{
471 int ret;
472
473 D("adb_auth_init\n");
474
475 list_init(&key_list);
476
477 ret = get_user_key(&key_list);
478 if (!ret) {
479 D("Failed to get user key\n");
480 return;
481 }
482
483 get_vendor_keys(&key_list);
484}