Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2012 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
Yabin Cui | aed3c61 | 2015-09-22 15:52:57 -0700 | [diff] [blame] | 17 | #define TRACE_TAG AUTH |
Dan Albert | 3313426 | 2015-03-19 15:21:08 -0700 | [diff] [blame] | 18 | |
Josh Gao | 2e67120 | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 19 | #include <dirent.h> |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 20 | #include <stdio.h> |
Christopher Ferris | 67a7a4a | 2014-11-06 14:34:24 -0800 | [diff] [blame] | 21 | #include <stdlib.h> |
Dan Albert | 3313426 | 2015-03-19 15:21:08 -0700 | [diff] [blame] | 22 | #include <string.h> |
Josh Gao | 2e67120 | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 23 | #if defined(__linux__) |
| 24 | #include <sys/inotify.h> |
| 25 | #endif |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 26 | |
Josh Gao | 2e67120 | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 27 | #include <map> |
Elliott Hughes | 0aeb505 | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 28 | #include <mutex> |
Josh Gao | 2e67120 | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 29 | #include <set> |
| 30 | #include <string> |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 31 | |
David Pursell | 5f787ed | 2016-01-27 08:52:53 -0800 | [diff] [blame] | 32 | #include <android-base/errors.h> |
Elliott Hughes | e8b663f | 2016-05-26 22:43:19 -0700 | [diff] [blame] | 33 | #include <android-base/file.h> |
Yurii Zubrytskyi | dace015 | 2016-05-26 09:46:10 -0700 | [diff] [blame] | 34 | #include <android-base/stringprintf.h> |
Elliott Hughes | 4f71319 | 2015-12-04 22:00:26 -0800 | [diff] [blame] | 35 | #include <android-base/strings.h> |
Mattias Nissler | 097b6bb | 2016-03-31 16:32:09 +0200 | [diff] [blame] | 36 | #include <crypto_utils/android_pubkey.h> |
Elliott Hughes | 625faf0 | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 37 | #include <openssl/base64.h> |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 38 | #include <openssl/evp.h> |
| 39 | #include <openssl/objects.h> |
| 40 | #include <openssl/pem.h> |
| 41 | #include <openssl/rsa.h> |
| 42 | #include <openssl/sha.h> |
| 43 | |
Josh Gao | 2e67120 | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 44 | #include "adb.h" |
| 45 | #include "adb_auth.h" |
| 46 | #include "adb_utils.h" |
| 47 | #include "sysdeps.h" |
Elliott Hughes | 0aeb505 | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 48 | #include "sysdeps/mutex.h" |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 49 | |
Josh Gao | 2e67120 | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 50 | static std::mutex& g_keys_mutex = *new std::mutex; |
| 51 | static std::map<std::string, std::shared_ptr<RSA>>& g_keys = |
| 52 | *new std::map<std::string, std::shared_ptr<RSA>>; |
| 53 | static std::map<int, std::string>& g_monitored_paths = *new std::map<int, std::string>; |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 54 | |
Elliott Hughes | 625faf0 | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 55 | static std::string get_user_info() { |
Elliott Hughes | 0aeb505 | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 56 | LOG(INFO) << "get_user_info..."; |
| 57 | |
Elliott Hughes | 625faf0 | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 58 | std::string hostname; |
| 59 | if (getenv("HOSTNAME")) hostname = getenv("HOSTNAME"); |
| 60 | #if !defined(_WIN32) |
| 61 | char buf[64]; |
| 62 | if (hostname.empty() && gethostname(buf, sizeof(buf)) != -1) hostname = buf; |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 63 | #endif |
Elliott Hughes | 625faf0 | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 64 | if (hostname.empty()) hostname = "unknown"; |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 65 | |
Elliott Hughes | 625faf0 | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 66 | std::string username; |
| 67 | if (getenv("LOGNAME")) username = getenv("LOGNAME"); |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 68 | #if !defined _WIN32 && !defined ADB_HOST_ON_TARGET |
Elliott Hughes | 625faf0 | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 69 | if (username.empty() && getlogin()) username = getlogin(); |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 70 | #endif |
Elliott Hughes | 625faf0 | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 71 | if (username.empty()) hostname = "unknown"; |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 72 | |
Elliott Hughes | 625faf0 | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 73 | return " " + username + "@" + hostname; |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 74 | } |
| 75 | |
Elliott Hughes | 625faf0 | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 76 | static bool write_public_keyfile(RSA* private_key, const std::string& private_key_path) { |
Elliott Hughes | 0aeb505 | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 77 | LOG(INFO) << "write_public_keyfile..."; |
| 78 | |
Mattias Nissler | 097b6bb | 2016-03-31 16:32:09 +0200 | [diff] [blame] | 79 | uint8_t binary_key_data[ANDROID_PUBKEY_ENCODED_SIZE]; |
Elliott Hughes | 625faf0 | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 80 | if (!android_pubkey_encode(private_key, binary_key_data, sizeof(binary_key_data))) { |
| 81 | LOG(ERROR) << "Failed to convert to public key"; |
| 82 | return false; |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 83 | } |
| 84 | |
Elliott Hughes | 625faf0 | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 85 | size_t base64_key_length; |
Mattias Nissler | 097b6bb | 2016-03-31 16:32:09 +0200 | [diff] [blame] | 86 | if (!EVP_EncodedLength(&base64_key_length, sizeof(binary_key_data))) { |
Elliott Hughes | 625faf0 | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 87 | LOG(ERROR) << "Public key too large to base64 encode"; |
| 88 | return false; |
Adam Langley | 179d9d6 | 2014-09-03 14:34:47 -0700 | [diff] [blame] | 89 | } |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 90 | |
Elliott Hughes | 625faf0 | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 91 | std::string content; |
| 92 | content.resize(base64_key_length); |
| 93 | base64_key_length = EVP_EncodeBlock(reinterpret_cast<uint8_t*>(&content[0]), binary_key_data, |
Mattias Nissler | 097b6bb | 2016-03-31 16:32:09 +0200 | [diff] [blame] | 94 | sizeof(binary_key_data)); |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 95 | |
Elliott Hughes | 625faf0 | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 96 | content += get_user_info(); |
| 97 | |
| 98 | std::string path(private_key_path + ".pub"); |
| 99 | if (!android::base::WriteStringToFile(content, path)) { |
| 100 | PLOG(ERROR) << "Failed to write public key to '" << path << "'"; |
| 101 | return false; |
Mattias Nissler | 097b6bb | 2016-03-31 16:32:09 +0200 | [diff] [blame] | 102 | } |
| 103 | |
Elliott Hughes | 625faf0 | 2016-06-21 16:50:48 -0700 | [diff] [blame] | 104 | return true; |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 105 | } |
| 106 | |
Elliott Hughes | 0aeb505 | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 107 | static int generate_key(const std::string& file) { |
| 108 | LOG(INFO) << "generate_key(" << file << ")..."; |
| 109 | |
Benoit Goby | 64b3103 | 2012-08-31 12:14:21 -0700 | [diff] [blame] | 110 | mode_t old_mask; |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 111 | FILE *f = NULL; |
| 112 | int ret = 0; |
| 113 | |
Elliott Hughes | 0aeb505 | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 114 | EVP_PKEY* pkey = EVP_PKEY_new(); |
| 115 | BIGNUM* exponent = BN_new(); |
| 116 | RSA* rsa = RSA_new(); |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 117 | if (!pkey || !exponent || !rsa) { |
Elliott Hughes | 0aeb505 | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 118 | LOG(ERROR) << "Failed to allocate key"; |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 119 | goto out; |
| 120 | } |
| 121 | |
| 122 | BN_set_word(exponent, RSA_F4); |
| 123 | RSA_generate_key_ex(rsa, 2048, exponent, NULL); |
| 124 | EVP_PKEY_set1_RSA(pkey, rsa); |
| 125 | |
Benoit Goby | 64b3103 | 2012-08-31 12:14:21 -0700 | [diff] [blame] | 126 | old_mask = umask(077); |
| 127 | |
Elliott Hughes | 0aeb505 | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 128 | f = fopen(file.c_str(), "w"); |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 129 | if (!f) { |
Elliott Hughes | 0aeb505 | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 130 | PLOG(ERROR) << "Failed to open " << file; |
Benoit Goby | 64b3103 | 2012-08-31 12:14:21 -0700 | [diff] [blame] | 131 | umask(old_mask); |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 132 | goto out; |
| 133 | } |
| 134 | |
Benoit Goby | 64b3103 | 2012-08-31 12:14:21 -0700 | [diff] [blame] | 135 | umask(old_mask); |
| 136 | |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 137 | if (!PEM_write_PrivateKey(f, pkey, NULL, NULL, 0, NULL, NULL)) { |
Yabin Cui | 7a3f8d6 | 2015-09-02 17:44:28 -0700 | [diff] [blame] | 138 | D("Failed to write key"); |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 139 | goto out; |
| 140 | } |
| 141 | |
| 142 | if (!write_public_keyfile(rsa, file)) { |
Yabin Cui | 7a3f8d6 | 2015-09-02 17:44:28 -0700 | [diff] [blame] | 143 | D("Failed to write public key"); |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 144 | goto out; |
| 145 | } |
| 146 | |
| 147 | ret = 1; |
| 148 | |
| 149 | out: |
Elliott Hughes | 0aeb505 | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 150 | if (f) fclose(f); |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 151 | EVP_PKEY_free(pkey); |
| 152 | RSA_free(rsa); |
| 153 | BN_free(exponent); |
| 154 | return ret; |
| 155 | } |
| 156 | |
Josh Gao | 2e67120 | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 157 | static std::string hash_key(RSA* key) { |
| 158 | unsigned char* pubkey = nullptr; |
| 159 | int len = i2d_RSA_PUBKEY(key, &pubkey); |
| 160 | if (len < 0) { |
| 161 | LOG(ERROR) << "failed to encode RSA public key"; |
| 162 | return std::string(); |
| 163 | } |
| 164 | |
| 165 | std::string result; |
| 166 | result.resize(SHA256_DIGEST_LENGTH); |
| 167 | SHA256(pubkey, len, reinterpret_cast<unsigned char*>(&result[0])); |
| 168 | OPENSSL_free(pubkey); |
| 169 | return result; |
| 170 | } |
| 171 | |
| 172 | static bool read_key_file(const std::string& file) { |
| 173 | LOG(INFO) << "read_key_file '" << file << "'..."; |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 174 | |
Elliott Hughes | 0aeb505 | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 175 | std::unique_ptr<FILE, decltype(&fclose)> fp(fopen(file.c_str(), "r"), fclose); |
Elliott Hughes | 8d5fa6d | 2015-04-24 23:02:00 -0700 | [diff] [blame] | 176 | if (!fp) { |
Elliott Hughes | 0aeb505 | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 177 | PLOG(ERROR) << "Failed to open '" << file << "'"; |
| 178 | return false; |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 179 | } |
| 180 | |
Elliott Hughes | 0aeb505 | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 181 | RSA* key = RSA_new(); |
| 182 | if (!PEM_read_RSAPrivateKey(fp.get(), &key, nullptr, nullptr)) { |
| 183 | LOG(ERROR) << "Failed to read key"; |
| 184 | RSA_free(key); |
| 185 | return false; |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 186 | } |
| 187 | |
Josh Gao | 2e67120 | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 188 | std::lock_guard<std::mutex> lock(g_keys_mutex); |
| 189 | std::string fingerprint = hash_key(key); |
| 190 | if (g_keys.find(fingerprint) != g_keys.end()) { |
| 191 | LOG(INFO) << "ignoring already-loaded key: " << file; |
| 192 | RSA_free(key); |
| 193 | } else { |
| 194 | g_keys[fingerprint] = std::shared_ptr<RSA>(key, RSA_free); |
| 195 | } |
| 196 | |
Elliott Hughes | 0aeb505 | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 197 | return true; |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 198 | } |
| 199 | |
Josh Gao | 2e67120 | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 200 | static bool read_keys(const std::string& path, bool allow_dir = true) { |
| 201 | LOG(INFO) << "read_keys '" << path << "'..."; |
| 202 | |
| 203 | struct stat st; |
| 204 | if (stat(path.c_str(), &st) != 0) { |
| 205 | PLOG(ERROR) << "failed to stat '" << path << "'"; |
| 206 | return false; |
| 207 | } |
| 208 | |
| 209 | if (S_ISREG(st.st_mode)) { |
| 210 | if (!android::base::EndsWith(path, ".adb_key")) { |
| 211 | LOG(INFO) << "skipping non-adb_key '" << path << "'"; |
| 212 | return false; |
| 213 | } |
| 214 | |
| 215 | return read_key_file(path); |
| 216 | } else if (S_ISDIR(st.st_mode)) { |
| 217 | if (!allow_dir) { |
| 218 | // inotify isn't recursive. It would break expectations to load keys in nested |
| 219 | // directories but not monitor them for new keys. |
| 220 | LOG(WARNING) << "refusing to recurse into directory '" << path << "'"; |
| 221 | return false; |
| 222 | } |
| 223 | |
| 224 | std::unique_ptr<DIR, decltype(&closedir)> dir(opendir(path.c_str()), closedir); |
| 225 | if (!dir) { |
| 226 | PLOG(ERROR) << "failed to open directory '" << path << "'"; |
| 227 | return false; |
| 228 | } |
| 229 | |
| 230 | bool result = false; |
| 231 | while (struct dirent* dent = readdir(dir.get())) { |
| 232 | std::string name = dent->d_name; |
| 233 | |
| 234 | // We can't use dent->d_type here because it's not available on Windows. |
| 235 | if (name == "." || name == "..") { |
| 236 | continue; |
| 237 | } |
| 238 | |
| 239 | result |= read_keys((path + OS_PATH_SEPARATOR + name).c_str(), false); |
| 240 | } |
| 241 | return result; |
| 242 | } |
| 243 | |
| 244 | LOG(ERROR) << "unexpected type for '" << path << "': 0x" << std::hex << st.st_mode; |
| 245 | return false; |
| 246 | } |
| 247 | |
Elliott Hughes | 0aeb505 | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 248 | static std::string get_user_key_path() { |
Josh Gao | e0b7502 | 2016-08-30 15:23:35 -0700 | [diff] [blame] | 249 | return adb_get_android_dir_path() + OS_PATH_SEPARATOR + "adbkey"; |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 250 | } |
| 251 | |
Elliott Hughes | 0aeb505 | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 252 | static bool get_user_key() { |
| 253 | std::string path = get_user_key_path(); |
| 254 | if (path.empty()) { |
| 255 | PLOG(ERROR) << "Error getting user key filename"; |
| 256 | return false; |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 257 | } |
| 258 | |
Elliott Hughes | 0aeb505 | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 259 | struct stat buf; |
| 260 | if (stat(path.c_str(), &buf) == -1) { |
| 261 | LOG(INFO) << "User key '" << path << "' does not exist..."; |
Dan Albert | 286bb6d | 2015-07-09 20:35:09 +0000 | [diff] [blame] | 262 | if (!generate_key(path)) { |
Elliott Hughes | 0aeb505 | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 263 | LOG(ERROR) << "Failed to generate new key"; |
| 264 | return false; |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 265 | } |
| 266 | } |
| 267 | |
Josh Gao | 2e67120 | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 268 | return read_key_file(path); |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 269 | } |
| 270 | |
Josh Gao | 2e67120 | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 271 | static std::set<std::string> get_vendor_keys() { |
Elliott Hughes | 8d5fa6d | 2015-04-24 23:02:00 -0700 | [diff] [blame] | 272 | const char* adb_keys_path = getenv("ADB_VENDOR_KEYS"); |
| 273 | if (adb_keys_path == nullptr) { |
Josh Gao | 2e67120 | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 274 | return std::set<std::string>(); |
Elliott Hughes | 8d5fa6d | 2015-04-24 23:02:00 -0700 | [diff] [blame] | 275 | } |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 276 | |
Josh Gao | 2e67120 | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 277 | std::set<std::string> result; |
Elliott Hughes | 65fe251 | 2015-10-07 15:59:35 -0700 | [diff] [blame] | 278 | for (const auto& path : android::base::Split(adb_keys_path, ENV_PATH_SEPARATOR_STR)) { |
Josh Gao | 2e67120 | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 279 | result.emplace(path); |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 280 | } |
Josh Gao | 2e67120 | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 281 | return result; |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 282 | } |
| 283 | |
Josh Gao | 2e67120 | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 284 | std::deque<std::shared_ptr<RSA>> adb_auth_get_private_keys() { |
| 285 | std::deque<std::shared_ptr<RSA>> result; |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 286 | |
Josh Gao | 2e67120 | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 287 | // Copy all the currently known keys. |
| 288 | std::lock_guard<std::mutex> lock(g_keys_mutex); |
| 289 | for (const auto& it : g_keys) { |
| 290 | result.push_back(it.second); |
Elliott Hughes | 0aeb505 | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 291 | } |
| 292 | |
| 293 | // Add a sentinel to the list. Our caller uses this to mean "out of private keys, |
| 294 | // but try using the public key" (the empty deque could otherwise mean this _or_ |
| 295 | // that this function hasn't been called yet to request the keys). |
| 296 | result.push_back(nullptr); |
| 297 | |
| 298 | return result; |
| 299 | } |
| 300 | |
| 301 | int adb_auth_sign(RSA* key, const unsigned char* token, size_t token_size, unsigned char* sig) { |
Sami Tolvanen | 7b9c20d | 2015-01-27 16:48:35 +0000 | [diff] [blame] | 302 | if (token_size != TOKEN_SIZE) { |
Yabin Cui | 7a3f8d6 | 2015-09-02 17:44:28 -0700 | [diff] [blame] | 303 | D("Unexpected token size %zd", token_size); |
Sami Tolvanen | 7b9c20d | 2015-01-27 16:48:35 +0000 | [diff] [blame] | 304 | return 0; |
| 305 | } |
| 306 | |
Elliott Hughes | 0aeb505 | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 307 | unsigned int len; |
| 308 | if (!RSA_sign(NID_sha1, token, token_size, sig, &len, key)) { |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 309 | return 0; |
| 310 | } |
| 311 | |
Yabin Cui | 7a3f8d6 | 2015-09-02 17:44:28 -0700 | [diff] [blame] | 312 | D("adb_auth_sign len=%d", len); |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 313 | return (int)len; |
| 314 | } |
| 315 | |
Elliott Hughes | e8b663f | 2016-05-26 22:43:19 -0700 | [diff] [blame] | 316 | std::string adb_auth_get_userkey() { |
Elliott Hughes | 0aeb505 | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 317 | std::string path = get_user_key_path(); |
| 318 | if (path.empty()) { |
| 319 | PLOG(ERROR) << "Error getting user key filename"; |
Elliott Hughes | e8b663f | 2016-05-26 22:43:19 -0700 | [diff] [blame] | 320 | return ""; |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 321 | } |
Elliott Hughes | 0aeb505 | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 322 | path += ".pub"; |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 323 | |
Elliott Hughes | e8b663f | 2016-05-26 22:43:19 -0700 | [diff] [blame] | 324 | std::string content; |
| 325 | if (!android::base::ReadFileToString(path, &content)) { |
Elliott Hughes | 0aeb505 | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 326 | PLOG(ERROR) << "Can't load '" << path << "'"; |
Elliott Hughes | e8b663f | 2016-05-26 22:43:19 -0700 | [diff] [blame] | 327 | return ""; |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 328 | } |
Elliott Hughes | e8b663f | 2016-05-26 22:43:19 -0700 | [diff] [blame] | 329 | return content; |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 330 | } |
| 331 | |
Nick Kralevich | bea3f9c | 2014-11-13 15:17:29 -0800 | [diff] [blame] | 332 | int adb_auth_keygen(const char* filename) { |
Nick Kralevich | bea3f9c | 2014-11-13 15:17:29 -0800 | [diff] [blame] | 333 | return (generate_key(filename) == 0); |
| 334 | } |
| 335 | |
Josh Gao | 2e67120 | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 336 | #if defined(__linux__) |
| 337 | static void adb_auth_inotify_update(int fd, unsigned fd_event, void*) { |
| 338 | LOG(INFO) << "adb_auth_inotify_update called"; |
| 339 | if (!(fd_event & FDE_READ)) { |
| 340 | return; |
| 341 | } |
| 342 | |
| 343 | char buf[sizeof(struct inotify_event) + NAME_MAX + 1]; |
| 344 | while (true) { |
| 345 | ssize_t rc = TEMP_FAILURE_RETRY(unix_read(fd, buf, sizeof(buf))); |
| 346 | if (rc == -1) { |
| 347 | if (errno == EAGAIN) { |
| 348 | LOG(INFO) << "done reading inotify fd"; |
| 349 | break; |
| 350 | } |
| 351 | PLOG(FATAL) << "read of inotify event failed"; |
| 352 | } |
| 353 | |
| 354 | // The read potentially returned multiple events. |
| 355 | char* start = buf; |
| 356 | char* end = buf + rc; |
| 357 | |
| 358 | while (start < end) { |
| 359 | inotify_event* event = reinterpret_cast<inotify_event*>(start); |
| 360 | auto root_it = g_monitored_paths.find(event->wd); |
| 361 | if (root_it == g_monitored_paths.end()) { |
| 362 | LOG(FATAL) << "observed inotify event for unmonitored path, wd = " << event->wd; |
| 363 | } |
| 364 | |
| 365 | std::string path = root_it->second; |
| 366 | if (event->len > 0) { |
| 367 | path += '/'; |
| 368 | path += event->name; |
| 369 | } |
| 370 | |
| 371 | if (event->mask & (IN_CREATE | IN_MOVED_TO)) { |
| 372 | if (event->mask & IN_ISDIR) { |
| 373 | LOG(INFO) << "ignoring new directory at '" << path << "'"; |
| 374 | } else { |
| 375 | LOG(INFO) << "observed new file at '" << path << "'"; |
| 376 | read_keys(path, false); |
| 377 | } |
| 378 | } else { |
| 379 | LOG(WARNING) << "unmonitored event for " << path << ": 0x" << std::hex |
| 380 | << event->mask; |
| 381 | } |
| 382 | |
| 383 | start += sizeof(struct inotify_event) + event->len; |
| 384 | } |
| 385 | } |
| 386 | } |
| 387 | |
| 388 | static void adb_auth_inotify_init(const std::set<std::string>& paths) { |
| 389 | LOG(INFO) << "adb_auth_inotify_init..."; |
| 390 | int infd = inotify_init1(IN_CLOEXEC | IN_NONBLOCK); |
| 391 | for (const std::string& path : paths) { |
| 392 | int wd = inotify_add_watch(infd, path.c_str(), IN_CREATE | IN_MOVED_TO); |
| 393 | if (wd < 0) { |
| 394 | PLOG(ERROR) << "failed to inotify_add_watch on path '" << path; |
| 395 | continue; |
| 396 | } |
| 397 | |
| 398 | g_monitored_paths[wd] = path; |
| 399 | LOG(INFO) << "watch descriptor " << wd << " registered for " << path; |
| 400 | } |
| 401 | |
| 402 | fdevent* event = fdevent_create(infd, adb_auth_inotify_update, nullptr); |
| 403 | fdevent_add(event, FDE_READ); |
| 404 | } |
| 405 | #endif |
| 406 | |
Elliott Hughes | 0aeb505 | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 407 | void adb_auth_init() { |
| 408 | LOG(INFO) << "adb_auth_init..."; |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 409 | |
Elliott Hughes | 0aeb505 | 2016-06-29 17:42:01 -0700 | [diff] [blame] | 410 | if (!get_user_key()) { |
| 411 | LOG(ERROR) << "Failed to get user key"; |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 412 | return; |
| 413 | } |
| 414 | |
Josh Gao | 2e67120 | 2016-08-18 22:00:12 -0700 | [diff] [blame] | 415 | const auto& key_paths = get_vendor_keys(); |
| 416 | |
| 417 | #if defined(__linux__) |
| 418 | adb_auth_inotify_init(key_paths); |
| 419 | #endif |
| 420 | |
| 421 | for (const std::string& path : key_paths) { |
| 422 | read_keys(path.c_str()); |
| 423 | } |
Benoit Goby | d5fcafa | 2012-04-12 12:23:49 -0700 | [diff] [blame] | 424 | } |