Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_core / 16d5bc6ed5433a8b50ec8ecb9fa5a3364ce72628 / . / adb / client / auth.cpp
blob: dcf4bc0ad794b516d8d1104c3cd82f5442c1cf50 [file] [log] [blame]
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]1/*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Yabin Cuiaed3c612015-09-22 15:52:57 -0700[diff] [blame]17#define TRACE_TAG AUTH
Dan Albert33134262015-03-19 15:21:08 -0700[diff] [blame]18
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]19#include <dirent.h>
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]20#include <stdio.h>
Christopher Ferris67a7a4a2014-11-06 14:34:24 -0800[diff] [blame]21#include <stdlib.h>
Dan Albert33134262015-03-19 15:21:08 -0700[diff] [blame]22#include <string.h>
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]23#if defined(__linux__)
24#include <sys/inotify.h>
25#endif
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]26
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]27#include <map>
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]28#include <mutex>
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]29#include <set>
30#include <string>
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]31
Joshua Duongef28ca42019-12-19 16:36:30 -0800[diff] [blame]32#include <adb/crypto/rsa_2048_key.h>
David Pursell5f787ed2016-01-27 08:52:53 -0800[diff] [blame]33#include <android-base/errors.h>
Elliott Hughese8b663f2016-05-26 22:43:19 -0700[diff] [blame]34#include <android-base/file.h>
Yurii Zubrytskyidace0152016-05-26 09:46:10 -0700[diff] [blame]35#include <android-base/stringprintf.h>
Elliott Hughes4f713192015-12-04 22:00:26 -0800[diff] [blame]36#include <android-base/strings.h>
Mattias Nissler097b6bb2016-03-31 16:32:09 +0200[diff] [blame]37#include <crypto_utils/android_pubkey.h>
Elliott Hughes625faf02016-06-21 16:50:48 -0700[diff] [blame]38#include <openssl/base64.h>
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]39#include <openssl/evp.h>
40#include <openssl/objects.h>
41#include <openssl/pem.h>
42#include <openssl/rsa.h>
43#include <openssl/sha.h>
44
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]45#include "adb.h"
46#include "adb_auth.h"
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]47#include "adb_io.h"
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]48#include "adb_utils.h"
49#include "sysdeps.h"
Josh Gao3bd28792016-10-05 19:02:29 -0700[diff] [blame]50#include "transport.h"
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]51
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]52static std::mutex& g_keys_mutex = *new std::mutex;
53static std::map<std::string, std::shared_ptr<RSA>>& g_keys =
54 *new std::map<std::string, std::shared_ptr<RSA>>;
55static std::map<int, std::string>& g_monitored_paths = *new std::map<int, std::string>;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]56
Joshua Duongef28ca42019-12-19 16:36:30 -0800[diff] [blame]57using namespace adb::crypto;
Josh Gao032989a2019-04-29 12:36:32 -0700[diff] [blame]58
Joshua Duongef28ca42019-12-19 16:36:30 -0800[diff] [blame]59static bool generate_key(const std::string& file) {
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]60 LOG(INFO) << "generate_key(" << file << ")...";
61
Joshua Duongef28ca42019-12-19 16:36:30 -0800[diff] [blame]62 auto rsa_2048 = CreateRSA2048Key();
63 if (!rsa_2048) {
64 LOG(ERROR) << "Unable to create key";
65 return false;
66 }
Josh Gao032989a2019-04-29 12:36:32 -0700[diff] [blame]67 std::string pubkey;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]68
Joshua Duongef28ca42019-12-19 16:36:30 -0800[diff] [blame]69 RSA* rsa = EVP_PKEY_get0_RSA(rsa_2048->GetEvpPkey());
70 CHECK(rsa);
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]71
Joshua Duongef28ca42019-12-19 16:36:30 -0800[diff] [blame]72 if (!CalculatePublicKey(&pubkey, rsa)) {
Josh Gao032989a2019-04-29 12:36:32 -0700[diff] [blame]73 LOG(ERROR) << "failed to calculate public key";
Joshua Duongef28ca42019-12-19 16:36:30 -0800[diff] [blame]74 return false;
Josh Gao032989a2019-04-29 12:36:32 -0700[diff] [blame]75 }
76
Joshua Duongef28ca42019-12-19 16:36:30 -0800[diff] [blame]77 mode_t old_mask = umask(077);
Benoit Goby64b31032012-08-31 12:14:21 -0700[diff] [blame]78
Joshua Duongef28ca42019-12-19 16:36:30 -0800[diff] [blame]79 std::unique_ptr<FILE, decltype(&fclose)> f(nullptr, &fclose);
80 f.reset(fopen(file.c_str(), "w"));
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]81 if (!f) {
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]82 PLOG(ERROR) << "Failed to open " << file;
Benoit Goby64b31032012-08-31 12:14:21 -0700[diff] [blame]83 umask(old_mask);
Joshua Duongef28ca42019-12-19 16:36:30 -0800[diff] [blame]84 return false;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]85 }
86
Benoit Goby64b31032012-08-31 12:14:21 -0700[diff] [blame]87 umask(old_mask);
88
Joshua Duongef28ca42019-12-19 16:36:30 -0800[diff] [blame]89 if (!PEM_write_PrivateKey(f.get(), rsa_2048->GetEvpPkey(), nullptr, nullptr, 0, nullptr,
90 nullptr)) {
Josh Gao032989a2019-04-29 12:36:32 -0700[diff] [blame]91 LOG(ERROR) << "Failed to write key";
Joshua Duongef28ca42019-12-19 16:36:30 -0800[diff] [blame]92 return false;
Josh Gao032989a2019-04-29 12:36:32 -0700[diff] [blame]93 }
94
95 if (!android::base::WriteStringToFile(pubkey, file + ".pub")) {
96 PLOG(ERROR) << "failed to write public key";
Joshua Duongef28ca42019-12-19 16:36:30 -0800[diff] [blame]97 return false;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]98 }
99
Joshua Duongef28ca42019-12-19 16:36:30 -0800[diff] [blame]100 return true;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]101}
102
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]103static std::string hash_key(RSA* key) {
104 unsigned char* pubkey = nullptr;
105 int len = i2d_RSA_PUBKEY(key, &pubkey);
106 if (len < 0) {
107 LOG(ERROR) << "failed to encode RSA public key";
108 return std::string();
109 }
110
111 std::string result;
112 result.resize(SHA256_DIGEST_LENGTH);
113 SHA256(pubkey, len, reinterpret_cast<unsigned char*>(&result[0]));
114 OPENSSL_free(pubkey);
115 return result;
116}
117
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]118static std::shared_ptr<RSA> read_key_file(const std::string& file) {
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]119 std::unique_ptr<FILE, decltype(&fclose)> fp(fopen(file.c_str(), "r"), fclose);
Elliott Hughes8d5fa6d2015-04-24 23:02:00 -0700[diff] [blame]120 if (!fp) {
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]121 PLOG(ERROR) << "Failed to open '" << file << "'";
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]122 return nullptr;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]123 }
124
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]125 RSA* key = RSA_new();
126 if (!PEM_read_RSAPrivateKey(fp.get(), &key, nullptr, nullptr)) {
Elliott Hughes7fb14072019-10-07 08:21:58 -0700[diff] [blame]127 LOG(ERROR) << "Failed to read key from '" << file << "'";
128 ERR_print_errors_fp(stderr);
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]129 RSA_free(key);
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]130 return nullptr;
131 }
132
133 return std::shared_ptr<RSA>(key, RSA_free);
134}
135
136static bool load_key(const std::string& file) {
137 std::shared_ptr<RSA> key = read_key_file(file);
138 if (!key) {
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]139 return false;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]140 }
141
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]142 std::lock_guard<std::mutex> lock(g_keys_mutex);
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]143 std::string fingerprint = hash_key(key.get());
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]144 if (g_keys.find(fingerprint) != g_keys.end()) {
145 LOG(INFO) << "ignoring already-loaded key: " << file;
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]146 } else {
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]147 g_keys[fingerprint] = std::move(key);
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]148 }
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]149 return true;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]150}
151
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]152static bool load_keys(const std::string& path, bool allow_dir = true) {
153 LOG(INFO) << "load_keys '" << path << "'...";
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]154
155 struct stat st;
156 if (stat(path.c_str(), &st) != 0) {
157 PLOG(ERROR) << "failed to stat '" << path << "'";
158 return false;
159 }
160
161 if (S_ISREG(st.st_mode)) {
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]162 return load_key(path);
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]163 } else if (S_ISDIR(st.st_mode)) {
164 if (!allow_dir) {
165 // inotify isn't recursive. It would break expectations to load keys in nested
166 // directories but not monitor them for new keys.
167 LOG(WARNING) << "refusing to recurse into directory '" << path << "'";
168 return false;
169 }
170
171 std::unique_ptr<DIR, decltype(&closedir)> dir(opendir(path.c_str()), closedir);
172 if (!dir) {
173 PLOG(ERROR) << "failed to open directory '" << path << "'";
174 return false;
175 }
176
177 bool result = false;
178 while (struct dirent* dent = readdir(dir.get())) {
179 std::string name = dent->d_name;
180
181 // We can't use dent->d_type here because it's not available on Windows.
182 if (name == "." || name == "..") {
183 continue;
184 }
185
Josh Gaoa27666b2016-12-14 16:59:29 -0800[diff] [blame]186 if (!android::base::EndsWith(name, ".adb_key")) {
187 LOG(INFO) << "skipping non-adb_key '" << path << "/" << name << "'";
188 continue;
189 }
190
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]191 result |= load_key((path + OS_PATH_SEPARATOR + name));
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]192 }
193 return result;
194 }
195
196 LOG(ERROR) << "unexpected type for '" << path << "': 0x" << std::hex << st.st_mode;
197 return false;
198}
199
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]200static std::string get_user_key_path() {
Josh Gaoe0b75022016-08-30 15:23:35 -0700[diff] [blame]201 return adb_get_android_dir_path() + OS_PATH_SEPARATOR + "adbkey";
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]202}
203
Elliott Hughes7fb14072019-10-07 08:21:58 -0700[diff] [blame]204static bool load_userkey() {
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]205 std::string path = get_user_key_path();
206 if (path.empty()) {
207 PLOG(ERROR) << "Error getting user key filename";
208 return false;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]209 }
210
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]211 struct stat buf;
212 if (stat(path.c_str(), &buf) == -1) {
213 LOG(INFO) << "User key '" << path << "' does not exist...";
Dan Albert286bb6d2015-07-09 20:35:09 +0000[diff] [blame]214 if (!generate_key(path)) {
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]215 LOG(ERROR) << "Failed to generate new key";
216 return false;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]217 }
218 }
219
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]220 return load_key(path);
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]221}
222
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]223static std::set<std::string> get_vendor_keys() {
Elliott Hughes8d5fa6d2015-04-24 23:02:00 -0700[diff] [blame]224 const char* adb_keys_path = getenv("ADB_VENDOR_KEYS");
225 if (adb_keys_path == nullptr) {
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]226 return std::set<std::string>();
Elliott Hughes8d5fa6d2015-04-24 23:02:00 -0700[diff] [blame]227 }
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]228
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]229 std::set<std::string> result;
Elliott Hughes65fe2512015-10-07 15:59:35 -0700[diff] [blame]230 for (const auto& path : android::base::Split(adb_keys_path, ENV_PATH_SEPARATOR_STR)) {
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]231 result.emplace(path);
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]232 }
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]233 return result;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]234}
235
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]236std::deque<std::shared_ptr<RSA>> adb_auth_get_private_keys() {
237 std::deque<std::shared_ptr<RSA>> result;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]238
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]239 // Copy all the currently known keys.
240 std::lock_guard<std::mutex> lock(g_keys_mutex);
241 for (const auto& it : g_keys) {
242 result.push_back(it.second);
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]243 }
244
245 // Add a sentinel to the list. Our caller uses this to mean "out of private keys,
246 // but try using the public key" (the empty deque could otherwise mean this _or_
247 // that this function hasn't been called yet to request the keys).
248 result.push_back(nullptr);
249
250 return result;
251}
252
Josh Gaof571fcb2018-02-05 18:49:10 -0800[diff] [blame]253static std::string adb_auth_sign(RSA* key, const char* token, size_t token_size) {
Sami Tolvanen7b9c20d2015-01-27 16:48:35 +0000[diff] [blame]254 if (token_size != TOKEN_SIZE) {
Yabin Cui7a3f8d62015-09-02 17:44:28 -0700[diff] [blame]255 D("Unexpected token size %zd", token_size);
Yi Kongaed415c2018-07-13 18:15:16 -0700[diff] [blame]256 return nullptr;
Sami Tolvanen7b9c20d2015-01-27 16:48:35 +0000[diff] [blame]257 }
258
Josh Gaof571fcb2018-02-05 18:49:10 -0800[diff] [blame]259 std::string result;
260 result.resize(MAX_PAYLOAD);
261
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]262 unsigned int len;
Josh Gao06d61d42016-10-06 13:31:44 -0700[diff] [blame]263 if (!RSA_sign(NID_sha1, reinterpret_cast<const uint8_t*>(token), token_size,
Josh Gaof571fcb2018-02-05 18:49:10 -0800[diff] [blame]264 reinterpret_cast<uint8_t*>(&result[0]), &len, key)) {
265 return std::string();
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]266 }
267
Josh Gaof571fcb2018-02-05 18:49:10 -0800[diff] [blame]268 result.resize(len);
269
Yabin Cui7a3f8d62015-09-02 17:44:28 -0700[diff] [blame]270 D("adb_auth_sign len=%d", len);
Josh Gaof571fcb2018-02-05 18:49:10 -0800[diff] [blame]271 return result;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]272}
273
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]274static bool pubkey_from_privkey(std::string* out, const std::string& path) {
275 std::shared_ptr<RSA> privkey = read_key_file(path);
276 if (!privkey) {
277 return false;
278 }
Joshua Duongef28ca42019-12-19 16:36:30 -0800[diff] [blame]279 return CalculatePublicKey(out, privkey.get());
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]280}
281
Elliott Hughese8b663f2016-05-26 22:43:19 -0700[diff] [blame]282std::string adb_auth_get_userkey() {
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]283 std::string path = get_user_key_path();
284 if (path.empty()) {
285 PLOG(ERROR) << "Error getting user key filename";
Elliott Hughese8b663f2016-05-26 22:43:19 -0700[diff] [blame]286 return "";
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]287 }
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]288
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]289 std::string result;
290 if (!pubkey_from_privkey(&result, path)) {
Elliott Hughese8b663f2016-05-26 22:43:19 -0700[diff] [blame]291 return "";
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]292 }
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]293 return result;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]294}
295
Nick Kralevichbea3f9c2014-11-13 15:17:29 -0800[diff] [blame]296int adb_auth_keygen(const char* filename) {
Joshua Duongef28ca42019-12-19 16:36:30 -0800[diff] [blame]297 return !generate_key(filename);
Nick Kralevichbea3f9c2014-11-13 15:17:29 -0800[diff] [blame]298}
299
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]300int adb_auth_pubkey(const char* filename) {
301 std::string pubkey;
302 if (!pubkey_from_privkey(&pubkey, filename)) {
303 return 1;
304 }
305 pubkey.push_back('\n');
306
307 return WriteFdExactly(STDOUT_FILENO, pubkey.data(), pubkey.size()) ? 0 : 1;
308}
309
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]310#if defined(__linux__)
311static void adb_auth_inotify_update(int fd, unsigned fd_event, void*) {
312 LOG(INFO) << "adb_auth_inotify_update called";
313 if (!(fd_event & FDE_READ)) {
314 return;
315 }
316
317 char buf[sizeof(struct inotify_event) + NAME_MAX + 1];
318 while (true) {
319 ssize_t rc = TEMP_FAILURE_RETRY(unix_read(fd, buf, sizeof(buf)));
320 if (rc == -1) {
321 if (errno == EAGAIN) {
322 LOG(INFO) << "done reading inotify fd";
323 break;
324 }
325 PLOG(FATAL) << "read of inotify event failed";
326 }
327
328 // The read potentially returned multiple events.
329 char* start = buf;
330 char* end = buf + rc;
331
332 while (start < end) {
333 inotify_event* event = reinterpret_cast<inotify_event*>(start);
334 auto root_it = g_monitored_paths.find(event->wd);
335 if (root_it == g_monitored_paths.end()) {
336 LOG(FATAL) << "observed inotify event for unmonitored path, wd = " << event->wd;
337 }
338
339 std::string path = root_it->second;
340 if (event->len > 0) {
341 path += '/';
342 path += event->name;
343 }
344
345 if (event->mask & (IN_CREATE | IN_MOVED_TO)) {
346 if (event->mask & IN_ISDIR) {
347 LOG(INFO) << "ignoring new directory at '" << path << "'";
348 } else {
349 LOG(INFO) << "observed new file at '" << path << "'";
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]350 load_keys(path, false);
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]351 }
352 } else {
353 LOG(WARNING) << "unmonitored event for " << path << ": 0x" << std::hex
354 << event->mask;
355 }
356
357 start += sizeof(struct inotify_event) + event->len;
358 }
359 }
360}
361
362static void adb_auth_inotify_init(const std::set<std::string>& paths) {
363 LOG(INFO) << "adb_auth_inotify_init...";
Josh Gaofb9a7e52017-01-18 18:14:17 -0800[diff] [blame]364
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]365 int infd = inotify_init1(IN_CLOEXEC | IN_NONBLOCK);
Josh Gaofb9a7e52017-01-18 18:14:17 -0800[diff] [blame]366 if (infd < 0) {
367 PLOG(ERROR) << "failed to create inotify fd";
368 return;
369 }
370
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]371 for (const std::string& path : paths) {
372 int wd = inotify_add_watch(infd, path.c_str(), IN_CREATE | IN_MOVED_TO);
373 if (wd < 0) {
374 PLOG(ERROR) << "failed to inotify_add_watch on path '" << path;
375 continue;
376 }
377
378 g_monitored_paths[wd] = path;
379 LOG(INFO) << "watch descriptor " << wd << " registered for " << path;
380 }
381
382 fdevent* event = fdevent_create(infd, adb_auth_inotify_update, nullptr);
383 fdevent_add(event, FDE_READ);
384}
385#endif
386
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]387void adb_auth_init() {
388 LOG(INFO) << "adb_auth_init...";
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]389
Elliott Hughes7fb14072019-10-07 08:21:58 -0700[diff] [blame]390 if (!load_userkey()) {
391 LOG(ERROR) << "Failed to load (or generate) user key";
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]392 return;
393 }
394
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]395 const auto& key_paths = get_vendor_keys();
396
397#if defined(__linux__)
398 adb_auth_inotify_init(key_paths);
399#endif
400
401 for (const std::string& path : key_paths) {
Greg Kaisere2125fd2019-03-26 11:58:53 -0700[diff] [blame]402 load_keys(path);
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]403 }
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]404}
Josh Gao3bd28792016-10-05 19:02:29 -0700[diff] [blame]405
406static void send_auth_publickey(atransport* t) {
407 LOG(INFO) << "Calling send_auth_publickey";
408
409 std::string key = adb_auth_get_userkey();
410 if (key.empty()) {
411 D("Failed to get user public key");
412 return;
413 }
414
415 if (key.size() >= MAX_PAYLOAD_V1) {
416 D("User public key too large (%zu B)", key.size());
417 return;
418 }
419
420 apacket* p = get_apacket();
Josh Gao3bd28792016-10-05 19:02:29 -0700[diff] [blame]421 p->msg.command = A_AUTH;
422 p->msg.arg0 = ADB_AUTH_RSAPUBLICKEY;
423
424 // adbd expects a null-terminated string.
Josh Gao1ce99572018-03-07 16:52:28 -0800[diff] [blame]425 p->payload.assign(key.data(), key.data() + key.size() + 1);
Josh Gaof571fcb2018-02-05 18:49:10 -0800[diff] [blame]426 p->msg.data_length = p->payload.size();
Josh Gao3bd28792016-10-05 19:02:29 -0700[diff] [blame]427 send_packet(p, t);
428}
429
Josh Gao06d61d42016-10-06 13:31:44 -0700[diff] [blame]430void send_auth_response(const char* token, size_t token_size, atransport* t) {
Josh Gao3bd28792016-10-05 19:02:29 -0700[diff] [blame]431 std::shared_ptr<RSA> key = t->NextKey();
432 if (key == nullptr) {
433 // No more private keys to try, send the public key.
Josh Gao704494b2018-05-04 16:04:49 -0700[diff] [blame]434 t->SetConnectionState(kCsUnauthorized);
Josh Gao362e6962018-08-08 16:20:14 -0700[diff] [blame]435 t->SetConnectionEstablished(true);
Josh Gao3bd28792016-10-05 19:02:29 -0700[diff] [blame]436 send_auth_publickey(t);
437 return;
438 }
439
440 LOG(INFO) << "Calling send_auth_response";
441 apacket* p = get_apacket();
442
Josh Gaof571fcb2018-02-05 18:49:10 -0800[diff] [blame]443 std::string result = adb_auth_sign(key.get(), token, token_size);
444 if (result.empty()) {
Josh Gao3bd28792016-10-05 19:02:29 -0700[diff] [blame]445 D("Error signing the token");
446 put_apacket(p);
447 return;
448 }
449
450 p->msg.command = A_AUTH;
451 p->msg.arg0 = ADB_AUTH_SIGNATURE;
Josh Gao1ce99572018-03-07 16:52:28 -0800[diff] [blame]452 p->payload.assign(result.begin(), result.end());
Josh Gaof571fcb2018-02-05 18:49:10 -0800[diff] [blame]453 p->msg.data_length = p->payload.size();
Josh Gao3bd28792016-10-05 19:02:29 -0700[diff] [blame]454 send_packet(p, t);
455}