adb: split up adb_auth.cpp.
All of the functions in adb_auth.cpp were used in only one of
adb/adbd. Split up them up into adb_auth_host.cpp and adbd_auth.cpp
respectively.
Bug: http://b/29273531
Test: built and flashed bullhead, adb still works
Change-Id: Ib610c5157522634cc273511175152f1306cc52a7
diff --git a/adb/adbd_auth.cpp b/adb/adbd_auth.cpp
new file mode 100644
index 0000000..fa76c8d
--- /dev/null
+++ b/adb/adbd_auth.cpp
@@ -0,0 +1,222 @@
+/*
+ * Copyright (C) 2012 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define TRACE_TAG AUTH
+
+#include "adb.h"
+#include "adb_auth.h"
+#include "fdevent.h"
+#include "sysdeps.h"
+#include "transport.h"
+
+#include <resolv.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <memory>
+
+#include <android-base/file.h>
+#include <android-base/strings.h>
+#include <crypto_utils/android_pubkey.h>
+#include <openssl/obj_mac.h>
+#include <openssl/rsa.h>
+#include <openssl/sha.h>
+
+static fdevent listener_fde;
+static fdevent framework_fde;
+static int framework_fd = -1;
+
+static void usb_disconnected(void* unused, atransport* t);
+static struct adisconnect usb_disconnect = { usb_disconnected, nullptr};
+static atransport* usb_transport;
+static bool needs_retry = false;
+
+bool auth_required = true;
+
+bool adbd_auth_verify(uint8_t* token, size_t token_size, uint8_t* sig, int sig_len) {
+ static constexpr const char* key_paths[] = { "/adb_keys", "/data/misc/adb/adb_keys", nullptr };
+
+ for (const auto& path : key_paths) {
+ if (access(path, R_OK) == 0) {
+ LOG(INFO) << "Loading keys from " << path;
+
+ std::string content;
+ if (!android::base::ReadFileToString(path, &content)) {
+ PLOG(ERROR) << "Couldn't read " << path;
+ continue;
+ }
+
+ for (const auto& line : android::base::Split(content, "\n")) {
+ // TODO: do we really have to support both ' ' and '\t'?
+ char* sep = strpbrk(const_cast<char*>(line.c_str()), " \t");
+ if (sep) *sep = '\0';
+
+ // b64_pton requires one additional byte in the target buffer for
+ // decoding to succeed. See http://b/28035006 for details.
+ uint8_t keybuf[ANDROID_PUBKEY_ENCODED_SIZE + 1];
+ if (__b64_pton(line.c_str(), keybuf, sizeof(keybuf)) != ANDROID_PUBKEY_ENCODED_SIZE) {
+ LOG(ERROR) << "Invalid base64 key " << line.c_str() << " in " << path;
+ continue;
+ }
+
+ RSA* key = nullptr;
+ if (!android_pubkey_decode(keybuf, ANDROID_PUBKEY_ENCODED_SIZE, &key)) {
+ LOG(ERROR) << "Failed to parse key " << line.c_str() << " in " << path;
+ continue;
+ }
+
+ bool verified = (RSA_verify(NID_sha1, token, token_size, sig, sig_len, key) == 1);
+ RSA_free(key);
+ if (verified) return true;
+ }
+ }
+ }
+ return false;
+}
+
+static bool adbd_auth_generate_token(void* token, size_t token_size) {
+ FILE* fp = fopen("/dev/urandom", "re");
+ if (!fp) return false;
+ bool okay = (fread(token, token_size, 1, fp) == 1);
+ fclose(fp);
+ return okay;
+}
+
+static void usb_disconnected(void* unused, atransport* t) {
+ LOG(INFO) << "USB disconnect";
+ usb_transport = NULL;
+ needs_retry = false;
+}
+
+static void framework_disconnected() {
+ LOG(INFO) << "Framework disconnect";
+ fdevent_remove(&framework_fde);
+ framework_fd = -1;
+}
+
+static void adbd_auth_event(int fd, unsigned events, void*) {
+ if (events & FDE_READ) {
+ char response[2];
+ int ret = unix_read(fd, response, sizeof(response));
+ if (ret <= 0) {
+ framework_disconnected();
+ } else if (ret == 2 && response[0] == 'O' && response[1] == 'K') {
+ if (usb_transport) {
+ adbd_auth_verified(usb_transport);
+ }
+ }
+ }
+}
+
+void adbd_auth_confirm_key(unsigned char* key, size_t len, atransport* t) {
+ if (!usb_transport) {
+ usb_transport = t;
+ t->AddDisconnect(&usb_disconnect);
+ }
+
+ if (framework_fd < 0) {
+ LOG(ERROR) << "Client not connected";
+ needs_retry = true;
+ return;
+ }
+
+ if (key[len - 1] != '\0') {
+ LOG(ERROR) << "Key must be a null-terminated string";
+ return;
+ }
+
+ char msg[MAX_PAYLOAD_V1];
+ int msg_len = snprintf(msg, sizeof(msg), "PK%s", key);
+ if (msg_len >= static_cast<int>(sizeof(msg))) {
+ LOG(ERROR) << "Key too long (" << msg_len << ")";
+ return;
+ }
+ LOG(DEBUG) << "Sending '" << msg << "'";
+
+ if (unix_write(framework_fd, msg, msg_len) == -1) {
+ PLOG(ERROR) << "Failed to write PK";
+ return;
+ }
+}
+
+static void adbd_auth_listener(int fd, unsigned events, void* data) {
+ int s = adb_socket_accept(fd, nullptr, nullptr);
+ if (s < 0) {
+ PLOG(ERROR) << "Failed to accept";
+ return;
+ }
+
+ if (framework_fd >= 0) {
+ LOG(WARNING) << "adb received framework auth socket connection again";
+ framework_disconnected();
+ }
+
+ framework_fd = s;
+ fdevent_install(&framework_fde, framework_fd, adbd_auth_event, nullptr);
+ fdevent_add(&framework_fde, FDE_READ);
+
+ if (needs_retry) {
+ needs_retry = false;
+ send_auth_request(usb_transport);
+ }
+}
+
+void adbd_cloexec_auth_socket() {
+ int fd = android_get_control_socket("adbd");
+ if (fd == -1) {
+ PLOG(ERROR) << "Failed to get adbd socket";
+ return;
+ }
+ fcntl(fd, F_SETFD, FD_CLOEXEC);
+}
+
+void adbd_auth_init(void) {
+ int fd = android_get_control_socket("adbd");
+ if (fd == -1) {
+ PLOG(ERROR) << "Failed to get adbd socket";
+ return;
+ }
+
+ if (listen(fd, 4) == -1) {
+ PLOG(ERROR) << "Failed to listen on '" << fd << "'";
+ return;
+ }
+
+ fdevent_install(&listener_fde, fd, adbd_auth_listener, NULL);
+ fdevent_add(&listener_fde, FDE_READ);
+}
+
+void send_auth_request(atransport* t) {
+ LOG(INFO) << "Calling send_auth_request...";
+
+ if (!adbd_auth_generate_token(t->token, sizeof(t->token))) {
+ PLOG(ERROR) << "Error generating token";
+ return;
+ }
+
+ apacket* p = get_apacket();
+ memcpy(p->data, t->token, sizeof(t->token));
+ p->msg.command = A_AUTH;
+ p->msg.arg0 = ADB_AUTH_TOKEN;
+ p->msg.data_length = sizeof(t->token);
+ send_packet(p, t);
+}
+
+void adbd_auth_verified(atransport *t)
+{
+ handle_online(t);
+ send_connect(t);
+}