Blame - adb/adb_auth_client.cpp - platform/system/core

blob: c4ffc85a2383f298c5fbdca405610402222d9188 [file] [log] [blame]

Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	1	/*
				2	* Copyright (C) 2012 The Android Open Source Project
				3	*
				4	* Licensed under the Apache License, Version 2.0 (the "License");
				5	* you may not use this file except in compliance with the License.
				6	* You may obtain a copy of the License at
				7	*
				8	* http://www.apache.org/licenses/LICENSE-2.0
				9	*
				10	* Unless required by applicable law or agreed to in writing, software
				11	* distributed under the License is distributed on an "AS IS" BASIS,
				12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	* See the License for the specific language governing permissions and
				14	* limitations under the License.
				15	*/
				16
Yabin Cui	aed3c61	2015-09-22 15:52:57 -0700	[diff] [blame]	17	#define TRACE_TAG AUTH
Dan Albert	3313426	2015-03-19 15:21:08 -0700	[diff] [blame]	18
				19	#include "sysdeps.h"
				20	#include "adb_auth.h"
				21
Dan Albert	7664901	2015-02-24 15:51:19 -0800	[diff] [blame]	22	#include <resolv.h>
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	23	#include <stdio.h>
				24	#include <string.h>
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	25
Dan Albert	7664901	2015-02-24 15:51:19 -0800	[diff] [blame]	26	#include "cutils/list.h"
				27	#include "cutils/sockets.h"
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	28	#include "mincrypt/rsa.h"
Doug Zongker	515e163	2013-04-10 09:22:02 -0700	[diff] [blame]	29	#include "mincrypt/sha.h"
Dan Albert	3313426	2015-03-19 15:21:08 -0700	[diff] [blame]	30
				31	#include "adb.h"
				32	#include "fdevent.h"
Dan Albert	7664901	2015-02-24 15:51:19 -0800	[diff] [blame]	33	#include "transport.h"
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	34
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	35	struct adb_public_key {
				36	struct listnode node;
				37	RSAPublicKey key;
				38	};
				39
Dan Albert	bac3474	2015-02-25 17:51:28 -0800	[diff] [blame]	40	static const char *key_paths[] = {
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	41	"/adb_keys",
				42	"/data/misc/adb/adb_keys",
				43	NULL
				44	};
				45
				46	static fdevent listener_fde;
				47	static int framework_fd = -1;
				48
Benoit Goby	045a4a9	2013-01-15 19:59:14 -0800	[diff] [blame]	49	static void usb_disconnected(void* unused, atransport* t);
Yabin Cui	b329824	2015-08-28 15:09:44 -0700	[diff] [blame]	50	static struct adisconnect usb_disconnect = { usb_disconnected, nullptr};
Benoit Goby	045a4a9	2013-01-15 19:59:14 -0800	[diff] [blame]	51	static atransport* usb_transport;
				52	static bool needs_retry = false;
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	53
				54	static void read_keys(const char file, struct listnode list)
				55	{
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	56	FILE *f;
Tamas Berghammer	3d2904c	2015-07-13 19:12:28 +0100	[diff] [blame]	57	char buf[MAX_PAYLOAD_V1];
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	58	char *sep;
				59	int ret;
				60
Nick Kralevich	fe8d7f4	2014-07-18 20:57:35 -0700	[diff] [blame]	61	f = fopen(file, "re");
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	62	if (!f) {
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	63	D("Can't open '%s'", file);
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	64	return;
				65	}
				66
				67	while (fgets(buf, sizeof(buf), f)) {
				68	/* Allocate 4 extra bytes to decode the base64 data in-place */
Dan Albert	bac3474	2015-02-25 17:51:28 -0800	[diff] [blame]	69	auto key = reinterpret_cast<adb_public_key*>(
				70	calloc(1, sizeof(adb_public_key) + 4));
				71	if (key == nullptr) {
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	72	D("Can't malloc key");
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	73	break;
				74	}
				75
				76	sep = strpbrk(buf, " \t");
				77	if (sep)
				78	*sep = '\0';
				79
				80	ret = __b64_pton(buf, (u_char *)&key->key, sizeof(key->key) + 4);
				81	if (ret != sizeof(key->key)) {
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	82	D("%s: Invalid base64 data ret=%d", file, ret);
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	83	free(key);
				84	continue;
				85	}
				86
				87	if (key->key.len != RSANUMWORDS) {
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	88	D("%s: Invalid key len %d", file, key->key.len);
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	89	free(key);
				90	continue;
				91	}
				92
				93	list_add_tail(list, &key->node);
				94	}
				95
				96	fclose(f);
				97	}
				98
				99	static void free_keys(struct listnode *list)
				100	{
				101	struct listnode *item;
				102
				103	while (!list_empty(list)) {
				104	item = list_head(list);
				105	list_remove(item);
				106	free(node_to_item(item, struct adb_public_key, node));
				107	}
				108	}
				109
Benoit Goby	345cb06	2013-01-14 21:26:30 -0800	[diff] [blame]	110	static void load_keys(struct listnode *list)
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	111	{
Dan Albert	bac3474	2015-02-25 17:51:28 -0800	[diff] [blame]	112	const char* path;
				113	const char** paths = key_paths;
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	114	struct stat buf;
				115
Benoit Goby	345cb06	2013-01-14 21:26:30 -0800	[diff] [blame]	116	list_init(list);
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	117
				118	while ((path = *paths++)) {
				119	if (!stat(path, &buf)) {
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	120	D("Loading keys from '%s'", path);
Benoit Goby	345cb06	2013-01-14 21:26:30 -0800	[diff] [blame]	121	read_keys(path, list);
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	122	}
				123	}
				124	}
				125
				126	int adb_auth_generate_token(void *token, size_t token_size)
				127	{
				128	FILE *f;
				129	int ret;
				130
Nick Kralevich	fe8d7f4	2014-07-18 20:57:35 -0700	[diff] [blame]	131	f = fopen("/dev/urandom", "re");
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	132	if (!f)
				133	return 0;
				134
				135	ret = fread(token, token_size, 1, f);
				136
				137	fclose(f);
				138	return ret * token_size;
				139	}
				140
Dan Albert	bac3474	2015-02-25 17:51:28 -0800	[diff] [blame]	141	int adb_auth_verify(uint8_t* token, uint8_t* sig, int siglen)
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	142	{
				143	struct listnode *item;
Benoit Goby	345cb06	2013-01-14 21:26:30 -0800	[diff] [blame]	144	struct listnode key_list;
				145	int ret = 0;
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	146
				147	if (siglen != RSANUMBYTES)
				148	return 0;
				149
Benoit Goby	345cb06	2013-01-14 21:26:30 -0800	[diff] [blame]	150	load_keys(&key_list);
				151
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	152	list_for_each(item, &key_list) {
Dan Albert	bac3474	2015-02-25 17:51:28 -0800	[diff] [blame]	153	adb_public_key* key = node_to_item(item, struct adb_public_key, node);
Doug Zongker	515e163	2013-04-10 09:22:02 -0700	[diff] [blame]	154	ret = RSA_verify(&key->key, sig, siglen, token, SHA_DIGEST_SIZE);
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	155	if (ret)
Benoit Goby	345cb06	2013-01-14 21:26:30 -0800	[diff] [blame]	156	break;
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	157	}
				158
Benoit Goby	345cb06	2013-01-14 21:26:30 -0800	[diff] [blame]	159	free_keys(&key_list);
				160
				161	return ret;
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	162	}
				163
Benoit Goby	045a4a9	2013-01-15 19:59:14 -0800	[diff] [blame]	164	static void usb_disconnected(void* unused, atransport* t)
				165	{
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	166	D("USB disconnect");
Benoit Goby	045a4a9	2013-01-15 19:59:14 -0800	[diff] [blame]	167	usb_transport = NULL;
				168	needs_retry = false;
				169	}
				170
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	171	static void adb_auth_event(int fd, unsigned events, void *data)
				172	{
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	173	char response[2];
				174	int ret;
				175
				176	if (events & FDE_READ) {
				177	ret = unix_read(fd, response, sizeof(response));
Vince Harron	af436b1	2014-09-25 21:51:15 -0700	[diff] [blame]	178	if (ret <= 0) {
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	179	D("Framework disconnect");
Benoit Goby	045a4a9	2013-01-15 19:59:14 -0800	[diff] [blame]	180	if (usb_transport)
				181	fdevent_remove(&usb_transport->auth_fde);
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	182	framework_fd = -1;
				183	}
				184	else if (ret == 2 && response[0] == 'O' && response[1] == 'K') {
Benoit Goby	045a4a9	2013-01-15 19:59:14 -0800	[diff] [blame]	185	if (usb_transport)
				186	adb_auth_verified(usb_transport);
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	187	}
				188	}
				189	}
				190
				191	void adb_auth_confirm_key(unsigned char key, size_t len, atransport t)
				192	{
Tamas Berghammer	3d2904c	2015-07-13 19:12:28 +0100	[diff] [blame]	193	char msg[MAX_PAYLOAD_V1];
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	194	int ret;
				195
Benoit Goby	b66356c	2013-04-01 17:39:06 -0700	[diff] [blame]	196	if (!usb_transport) {
				197	usb_transport = t;
Yabin Cui	b329824	2015-08-28 15:09:44 -0700	[diff] [blame]	198	t->AddDisconnect(&usb_disconnect);
Benoit Goby	b66356c	2013-04-01 17:39:06 -0700	[diff] [blame]	199	}
Benoit Goby	045a4a9	2013-01-15 19:59:14 -0800	[diff] [blame]	200
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	201	if (framework_fd < 0) {
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	202	D("Client not connected");
Benoit Goby	045a4a9	2013-01-15 19:59:14 -0800	[diff] [blame]	203	needs_retry = true;
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	204	return;
				205	}
				206
				207	if (key[len - 1] != '\0') {
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	208	D("Key must be a null-terminated string");
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	209	return;
				210	}
				211
				212	ret = snprintf(msg, sizeof(msg), "PK%s", key);
				213	if (ret >= (signed)sizeof(msg)) {
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	214	D("Key too long. ret=%d", ret);
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	215	return;
				216	}
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	217	D("Sending '%s'", msg);
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	218
				219	ret = unix_write(framework_fd, msg, ret);
				220	if (ret < 0) {
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	221	D("Failed to write PK, errno=%d", errno);
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	222	return;
				223	}
				224
				225	fdevent_install(&t->auth_fde, framework_fd, adb_auth_event, t);
				226	fdevent_add(&t->auth_fde, FDE_READ);
				227	}
				228
				229	static void adb_auth_listener(int fd, unsigned events, void *data)
				230	{
Erik Kline	7e16cc1	2015-12-01 17:27:59 +0900	[diff] [blame]	231	sockaddr_storage addr;
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	232	socklen_t alen;
				233	int s;
				234
				235	alen = sizeof(addr);
				236
Erik Kline	7e16cc1	2015-12-01 17:27:59 +0900	[diff] [blame]	237	s = adb_socket_accept(fd, reinterpret_cast<sockaddr*>(&addr), &alen);
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	238	if (s < 0) {
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	239	D("Failed to accept: errno=%d", errno);
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	240	return;
				241	}
				242
				243	framework_fd = s;
Benoit Goby	045a4a9	2013-01-15 19:59:14 -0800	[diff] [blame]	244
				245	if (needs_retry) {
				246	needs_retry = false;
				247	send_auth_request(usb_transport);
				248	}
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	249	}
				250
Pavel Labath	64d9adc	2015-03-17 11:03:36 -0700	[diff] [blame]	251	void adbd_cloexec_auth_socket() {
				252	int fd = android_get_control_socket("adbd");
				253	if (fd == -1) {
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	254	D("Failed to get adbd socket");
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	255	return;
				256	}
Nick Kralevich	fe8d7f4	2014-07-18 20:57:35 -0700	[diff] [blame]	257	fcntl(fd, F_SETFD, FD_CLOEXEC);
Pavel Labath	64d9adc	2015-03-17 11:03:36 -0700	[diff] [blame]	258	}
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	259
Pavel Labath	64d9adc	2015-03-17 11:03:36 -0700	[diff] [blame]	260	void adbd_auth_init(void) {
				261	int fd = android_get_control_socket("adbd");
				262	if (fd == -1) {
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	263	D("Failed to get adbd socket");
Pavel Labath	64d9adc	2015-03-17 11:03:36 -0700	[diff] [blame]	264	return;
				265	}
				266
				267	if (listen(fd, 4) == -1) {
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	268	D("Failed to listen on '%d'", fd);
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	269	return;
				270	}
				271
				272	fdevent_install(&listener_fde, fd, adb_auth_listener, NULL);
				273	fdevent_add(&listener_fde, FDE_READ);
				274	}