Blame - adb/adb_auth_client.cpp - platform/system/core

blob: 415ab8ed317d96e94eaa780f6a718c8c9bc67032 [file] [log] [blame]

Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	1	/*
				2	* Copyright (C) 2012 The Android Open Source Project
				3	*
				4	* Licensed under the Apache License, Version 2.0 (the "License");
				5	* you may not use this file except in compliance with the License.
				6	* You may obtain a copy of the License at
				7	*
				8	* http://www.apache.org/licenses/LICENSE-2.0
				9	*
				10	* Unless required by applicable law or agreed to in writing, software
				11	* distributed under the License is distributed on an "AS IS" BASIS,
				12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	* See the License for the specific language governing permissions and
				14	* limitations under the License.
				15	*/
				16
Yabin Cui	aed3c61	2015-09-22 15:52:57 -0700	[diff] [blame]	17	#define TRACE_TAG AUTH
Dan Albert	3313426	2015-03-19 15:21:08 -0700	[diff] [blame]	18
				19	#include "sysdeps.h"
				20	#include "adb_auth.h"
				21
Dan Albert	7664901	2015-02-24 15:51:19 -0800	[diff] [blame]	22	#include <resolv.h>
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	23	#include <stdio.h>
				24	#include <string.h>
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	25
Mattias Nissler	097b6bb	2016-03-31 16:32:09 +0200	[diff] [blame]	26	#include <openssl/obj_mac.h>
				27	#include <openssl/rsa.h>
				28	#include <openssl/sha.h>
				29
				30	#include <crypto_utils/android_pubkey.h>
				31
Dan Albert	7664901	2015-02-24 15:51:19 -0800	[diff] [blame]	32	#include "cutils/list.h"
				33	#include "cutils/sockets.h"
Dan Albert	3313426	2015-03-19 15:21:08 -0700	[diff] [blame]	34
				35	#include "adb.h"
				36	#include "fdevent.h"
Dan Albert	7664901	2015-02-24 15:51:19 -0800	[diff] [blame]	37	#include "transport.h"
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	38
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	39	struct adb_public_key {
				40	struct listnode node;
Mattias Nissler	097b6bb	2016-03-31 16:32:09 +0200	[diff] [blame]	41	RSA* key;
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	42	};
				43
Dan Albert	bac3474	2015-02-25 17:51:28 -0800	[diff] [blame]	44	static const char *key_paths[] = {
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	45	"/adb_keys",
				46	"/data/misc/adb/adb_keys",
				47	NULL
				48	};
				49
				50	static fdevent listener_fde;
Josh Gao	9f48611	2016-02-23 18:05:57 -0800	[diff] [blame]	51	static fdevent framework_fde;
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	52	static int framework_fd = -1;
				53
Benoit Goby	045a4a9	2013-01-15 19:59:14 -0800	[diff] [blame]	54	static void usb_disconnected(void* unused, atransport* t);
Yabin Cui	b329824	2015-08-28 15:09:44 -0700	[diff] [blame]	55	static struct adisconnect usb_disconnect = { usb_disconnected, nullptr};
Benoit Goby	045a4a9	2013-01-15 19:59:14 -0800	[diff] [blame]	56	static atransport* usb_transport;
				57	static bool needs_retry = false;
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	58
				59	static void read_keys(const char file, struct listnode list)
				60	{
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	61	FILE *f;
Tamas Berghammer	3d2904c	2015-07-13 19:12:28 +0100	[diff] [blame]	62	char buf[MAX_PAYLOAD_V1];
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	63	char *sep;
				64	int ret;
				65
Nick Kralevich	fe8d7f4	2014-07-18 20:57:35 -0700	[diff] [blame]	66	f = fopen(file, "re");
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	67	if (!f) {
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	68	D("Can't open '%s'", file);
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	69	return;
				70	}
				71
				72	while (fgets(buf, sizeof(buf), f)) {
Dan Albert	bac3474	2015-02-25 17:51:28 -0800	[diff] [blame]	73	auto key = reinterpret_cast<adb_public_key*>(
Mattias Nissler	097b6bb	2016-03-31 16:32:09 +0200	[diff] [blame]	74	calloc(1, sizeof(adb_public_key)));
Dan Albert	bac3474	2015-02-25 17:51:28 -0800	[diff] [blame]	75	if (key == nullptr) {
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	76	D("Can't malloc key");
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	77	break;
				78	}
				79
				80	sep = strpbrk(buf, " \t");
				81	if (sep)
				82	*sep = '\0';
				83
Mattias Nissler	097b6bb	2016-03-31 16:32:09 +0200	[diff] [blame]	84	// b64_pton requires one additional byte in the target buffer for
				85	// decoding to succeed. See http://b/28035006 for details.
				86	uint8_t keybuf[ANDROID_PUBKEY_ENCODED_SIZE + 1];
				87	ret = __b64_pton(buf, keybuf, sizeof(keybuf));
				88	if (ret != ANDROID_PUBKEY_ENCODED_SIZE) {
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	89	D("%s: Invalid base64 data ret=%d", file, ret);
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	90	free(key);
				91	continue;
				92	}
				93
Mattias Nissler	097b6bb	2016-03-31 16:32:09 +0200	[diff] [blame]	94	if (!android_pubkey_decode(keybuf, ret, &key->key)) {
				95	D("%s: Failed to parse key", file);
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	96	free(key);
				97	continue;
				98	}
				99
				100	list_add_tail(list, &key->node);
				101	}
				102
				103	fclose(f);
				104	}
				105
				106	static void free_keys(struct listnode *list)
				107	{
				108	struct listnode *item;
				109
				110	while (!list_empty(list)) {
				111	item = list_head(list);
				112	list_remove(item);
Mattias Nissler	097b6bb	2016-03-31 16:32:09 +0200	[diff] [blame]	113	adb_public_key* key = node_to_item(item, struct adb_public_key, node);
				114	RSA_free(key->key);
				115	free(key);
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	116	}
				117	}
				118
Benoit Goby	345cb06	2013-01-14 21:26:30 -0800	[diff] [blame]	119	static void load_keys(struct listnode *list)
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	120	{
Dan Albert	bac3474	2015-02-25 17:51:28 -0800	[diff] [blame]	121	const char* path;
				122	const char** paths = key_paths;
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	123	struct stat buf;
				124
Benoit Goby	345cb06	2013-01-14 21:26:30 -0800	[diff] [blame]	125	list_init(list);
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	126
				127	while ((path = *paths++)) {
				128	if (!stat(path, &buf)) {
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	129	D("Loading keys from '%s'", path);
Benoit Goby	345cb06	2013-01-14 21:26:30 -0800	[diff] [blame]	130	read_keys(path, list);
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	131	}
				132	}
				133	}
				134
				135	int adb_auth_generate_token(void *token, size_t token_size)
				136	{
				137	FILE *f;
				138	int ret;
				139
Nick Kralevich	fe8d7f4	2014-07-18 20:57:35 -0700	[diff] [blame]	140	f = fopen("/dev/urandom", "re");
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	141	if (!f)
				142	return 0;
				143
				144	ret = fread(token, token_size, 1, f);
				145
				146	fclose(f);
				147	return ret * token_size;
				148	}
				149
Mattias Nissler	097b6bb	2016-03-31 16:32:09 +0200	[diff] [blame]	150	int adb_auth_verify(uint8_t* token, size_t token_size, uint8_t* sig, int siglen)
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	151	{
				152	struct listnode *item;
Benoit Goby	345cb06	2013-01-14 21:26:30 -0800	[diff] [blame]	153	struct listnode key_list;
				154	int ret = 0;
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	155
Benoit Goby	345cb06	2013-01-14 21:26:30 -0800	[diff] [blame]	156	load_keys(&key_list);
				157
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	158	list_for_each(item, &key_list) {
Dan Albert	bac3474	2015-02-25 17:51:28 -0800	[diff] [blame]	159	adb_public_key* key = node_to_item(item, struct adb_public_key, node);
Mattias Nissler	097b6bb	2016-03-31 16:32:09 +0200	[diff] [blame]	160	ret = RSA_verify(NID_sha1, token, token_size, sig, siglen, key->key);
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	161	if (ret)
Benoit Goby	345cb06	2013-01-14 21:26:30 -0800	[diff] [blame]	162	break;
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	163	}
				164
Benoit Goby	345cb06	2013-01-14 21:26:30 -0800	[diff] [blame]	165	free_keys(&key_list);
				166
				167	return ret;
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	168	}
				169
Josh Gao	9f48611	2016-02-23 18:05:57 -0800	[diff] [blame]	170	static void usb_disconnected(void* unused, atransport* t) {
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	171	D("USB disconnect");
Benoit Goby	045a4a9	2013-01-15 19:59:14 -0800	[diff] [blame]	172	usb_transport = NULL;
				173	needs_retry = false;
				174	}
				175
Josh Gao	9f48611	2016-02-23 18:05:57 -0800	[diff] [blame]	176	static void framework_disconnected() {
				177	D("Framework disconnect");
				178	fdevent_remove(&framework_fde);
				179	framework_fd = -1;
				180	}
				181
				182	static void adb_auth_event(int fd, unsigned events, void*) {
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	183	char response[2];
				184	int ret;
				185
				186	if (events & FDE_READ) {
				187	ret = unix_read(fd, response, sizeof(response));
Vince Harron	af436b1	2014-09-25 21:51:15 -0700	[diff] [blame]	188	if (ret <= 0) {
Josh Gao	9f48611	2016-02-23 18:05:57 -0800	[diff] [blame]	189	framework_disconnected();
				190	} else if (ret == 2 && response[0] == 'O' && response[1] == 'K') {
				191	if (usb_transport) {
Benoit Goby	045a4a9	2013-01-15 19:59:14 -0800	[diff] [blame]	192	adb_auth_verified(usb_transport);
Josh Gao	9f48611	2016-02-23 18:05:57 -0800	[diff] [blame]	193	}
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	194	}
				195	}
				196	}
				197
				198	void adb_auth_confirm_key(unsigned char key, size_t len, atransport t)
				199	{
Tamas Berghammer	3d2904c	2015-07-13 19:12:28 +0100	[diff] [blame]	200	char msg[MAX_PAYLOAD_V1];
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	201	int ret;
				202
Benoit Goby	b66356c	2013-04-01 17:39:06 -0700	[diff] [blame]	203	if (!usb_transport) {
				204	usb_transport = t;
Yabin Cui	b329824	2015-08-28 15:09:44 -0700	[diff] [blame]	205	t->AddDisconnect(&usb_disconnect);
Benoit Goby	b66356c	2013-04-01 17:39:06 -0700	[diff] [blame]	206	}
Benoit Goby	045a4a9	2013-01-15 19:59:14 -0800	[diff] [blame]	207
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	208	if (framework_fd < 0) {
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	209	D("Client not connected");
Benoit Goby	045a4a9	2013-01-15 19:59:14 -0800	[diff] [blame]	210	needs_retry = true;
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	211	return;
				212	}
				213
				214	if (key[len - 1] != '\0') {
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	215	D("Key must be a null-terminated string");
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	216	return;
				217	}
				218
				219	ret = snprintf(msg, sizeof(msg), "PK%s", key);
				220	if (ret >= (signed)sizeof(msg)) {
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	221	D("Key too long. ret=%d", ret);
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	222	return;
				223	}
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	224	D("Sending '%s'", msg);
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	225
				226	ret = unix_write(framework_fd, msg, ret);
				227	if (ret < 0) {
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	228	D("Failed to write PK, errno=%d", errno);
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	229	return;
				230	}
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	231	}
				232
Josh Gao	9f48611	2016-02-23 18:05:57 -0800	[diff] [blame]	233	static void adb_auth_listener(int fd, unsigned events, void* data) {
Erik Kline	7e16cc1	2015-12-01 17:27:59 +0900	[diff] [blame]	234	sockaddr_storage addr;
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	235	socklen_t alen;
				236	int s;
				237
				238	alen = sizeof(addr);
				239
Erik Kline	7e16cc1	2015-12-01 17:27:59 +0900	[diff] [blame]	240	s = adb_socket_accept(fd, reinterpret_cast<sockaddr*>(&addr), &alen);
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	241	if (s < 0) {
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	242	D("Failed to accept: errno=%d", errno);
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	243	return;
				244	}
				245
Josh Gao	9f48611	2016-02-23 18:05:57 -0800	[diff] [blame]	246	if (framework_fd >= 0) {
Josh Gao	443a52c	2016-02-25 14:11:32 -0800	[diff] [blame]	247	LOG(WARNING) << "adb received framework auth socket connection again";
Josh Gao	9f48611	2016-02-23 18:05:57 -0800	[diff] [blame]	248	framework_disconnected();
				249	}
				250
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	251	framework_fd = s;
Josh Gao	9f48611	2016-02-23 18:05:57 -0800	[diff] [blame]	252	fdevent_install(&framework_fde, framework_fd, adb_auth_event, nullptr);
				253	fdevent_add(&framework_fde, FDE_READ);
Benoit Goby	045a4a9	2013-01-15 19:59:14 -0800	[diff] [blame]	254
				255	if (needs_retry) {
				256	needs_retry = false;
				257	send_auth_request(usb_transport);
				258	}
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	259	}
				260
Pavel Labath	64d9adc	2015-03-17 11:03:36 -0700	[diff] [blame]	261	void adbd_cloexec_auth_socket() {
				262	int fd = android_get_control_socket("adbd");
				263	if (fd == -1) {
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	264	D("Failed to get adbd socket");
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	265	return;
				266	}
Nick Kralevich	fe8d7f4	2014-07-18 20:57:35 -0700	[diff] [blame]	267	fcntl(fd, F_SETFD, FD_CLOEXEC);
Pavel Labath	64d9adc	2015-03-17 11:03:36 -0700	[diff] [blame]	268	}
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	269
Pavel Labath	64d9adc	2015-03-17 11:03:36 -0700	[diff] [blame]	270	void adbd_auth_init(void) {
				271	int fd = android_get_control_socket("adbd");
				272	if (fd == -1) {
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	273	D("Failed to get adbd socket");
Pavel Labath	64d9adc	2015-03-17 11:03:36 -0700	[diff] [blame]	274	return;
				275	}
				276
				277	if (listen(fd, 4) == -1) {
Yabin Cui	7a3f8d6	2015-09-02 17:44:28 -0700	[diff] [blame]	278	D("Failed to listen on '%d'", fd);
Benoit Goby	d5fcafa	2012-04-12 12:23:49 -0700	[diff] [blame]	279	return;
				280	}
				281
				282	fdevent_install(&listener_fde, fd, adb_auth_listener, NULL);
				283	fdevent_add(&listener_fde, FDE_READ);
				284	}