Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_core / 2dc4cabe0639c71014d729dd92eff19289429c89 / . / adb / client / auth.cpp
blob: bcb829b1c3ddbbfdb421b744818d610dbf2826cb [file] [log] [blame]
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]1/*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Yabin Cuiaed3c612015-09-22 15:52:57 -0700[diff] [blame]17#define TRACE_TAG AUTH
Dan Albert33134262015-03-19 15:21:08 -0700[diff] [blame]18
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]19#include <dirent.h>
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]20#include <stdio.h>
Christopher Ferris67a7a4a2014-11-06 14:34:24 -0800[diff] [blame]21#include <stdlib.h>
Dan Albert33134262015-03-19 15:21:08 -0700[diff] [blame]22#include <string.h>
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]23#if defined(__linux__)
24#include <sys/inotify.h>
25#endif
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]26
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]27#include <map>
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]28#include <mutex>
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]29#include <set>
30#include <string>
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]31
David Pursell5f787ed2016-01-27 08:52:53 -0800[diff] [blame]32#include <android-base/errors.h>
Elliott Hughese8b663f2016-05-26 22:43:19 -0700[diff] [blame]33#include <android-base/file.h>
Yurii Zubrytskyidace0152016-05-26 09:46:10 -0700[diff] [blame]34#include <android-base/stringprintf.h>
Elliott Hughes4f713192015-12-04 22:00:26 -0800[diff] [blame]35#include <android-base/strings.h>
Mattias Nissler097b6bb2016-03-31 16:32:09 +0200[diff] [blame]36#include <crypto_utils/android_pubkey.h>
Elliott Hughes625faf02016-06-21 16:50:48 -0700[diff] [blame]37#include <openssl/base64.h>
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]38#include <openssl/evp.h>
39#include <openssl/objects.h>
40#include <openssl/pem.h>
41#include <openssl/rsa.h>
42#include <openssl/sha.h>
43
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]44#include "adb.h"
45#include "adb_auth.h"
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame^]46#include "adb_io.h"
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]47#include "adb_utils.h"
48#include "sysdeps.h"
Josh Gao3bd28792016-10-05 19:02:29 -0700[diff] [blame]49#include "transport.h"
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]50
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]51static std::mutex& g_keys_mutex = *new std::mutex;
52static std::map<std::string, std::shared_ptr<RSA>>& g_keys =
53 *new std::map<std::string, std::shared_ptr<RSA>>;
54static std::map<int, std::string>& g_monitored_paths = *new std::map<int, std::string>;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]55
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame^]56static bool calculate_public_key(std::string* out, RSA* private_key) {
Mattias Nissler097b6bb2016-03-31 16:32:09 +0200[diff] [blame]57 uint8_t binary_key_data[ANDROID_PUBKEY_ENCODED_SIZE];
Elliott Hughes625faf02016-06-21 16:50:48 -0700[diff] [blame]58 if (!android_pubkey_encode(private_key, binary_key_data, sizeof(binary_key_data))) {
59 LOG(ERROR) << "Failed to convert to public key";
60 return false;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]61 }
62
Elliott Hughes0b771b32017-05-01 13:45:30 -0700[diff] [blame]63 size_t expected_length;
64 if (!EVP_EncodedLength(&expected_length, sizeof(binary_key_data))) {
Elliott Hughes625faf02016-06-21 16:50:48 -0700[diff] [blame]65 LOG(ERROR) << "Public key too large to base64 encode";
66 return false;
Adam Langley179d9d62014-09-03 14:34:47 -0700[diff] [blame]67 }
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]68
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame^]69 out->resize(expected_length);
70 size_t actual_length = EVP_EncodeBlock(reinterpret_cast<uint8_t*>(out->data()), binary_key_data,
Elliott Hughes0b771b32017-05-01 13:45:30 -0700[diff] [blame]71 sizeof(binary_key_data));
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame^]72 out->resize(actual_length);
Elliott Hughes625faf02016-06-21 16:50:48 -0700[diff] [blame]73 return true;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]74}
75
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]76static int generate_key(const std::string& file) {
77 LOG(INFO) << "generate_key(" << file << ")...";
78
Benoit Goby64b31032012-08-31 12:14:21 -0700[diff] [blame]79 mode_t old_mask;
Yi Kongaed415c2018-07-13 18:15:16 -0700[diff] [blame]80 FILE *f = nullptr;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]81 int ret = 0;
82
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]83 EVP_PKEY* pkey = EVP_PKEY_new();
84 BIGNUM* exponent = BN_new();
85 RSA* rsa = RSA_new();
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]86 if (!pkey || !exponent || !rsa) {
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]87 LOG(ERROR) << "Failed to allocate key";
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]88 goto out;
89 }
90
91 BN_set_word(exponent, RSA_F4);
Yi Kongaed415c2018-07-13 18:15:16 -0700[diff] [blame]92 RSA_generate_key_ex(rsa, 2048, exponent, nullptr);
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]93 EVP_PKEY_set1_RSA(pkey, rsa);
94
Benoit Goby64b31032012-08-31 12:14:21 -0700[diff] [blame]95 old_mask = umask(077);
96
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]97 f = fopen(file.c_str(), "w");
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]98 if (!f) {
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]99 PLOG(ERROR) << "Failed to open " << file;
Benoit Goby64b31032012-08-31 12:14:21 -0700[diff] [blame]100 umask(old_mask);
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]101 goto out;
102 }
103
Benoit Goby64b31032012-08-31 12:14:21 -0700[diff] [blame]104 umask(old_mask);
105
Yi Kongaed415c2018-07-13 18:15:16 -0700[diff] [blame]106 if (!PEM_write_PrivateKey(f, pkey, nullptr, nullptr, 0, nullptr, nullptr)) {
Yabin Cui7a3f8d62015-09-02 17:44:28 -0700[diff] [blame]107 D("Failed to write key");
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]108 goto out;
109 }
110
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]111 ret = 1;
112
113out:
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]114 if (f) fclose(f);
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]115 EVP_PKEY_free(pkey);
116 RSA_free(rsa);
117 BN_free(exponent);
118 return ret;
119}
120
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]121static std::string hash_key(RSA* key) {
122 unsigned char* pubkey = nullptr;
123 int len = i2d_RSA_PUBKEY(key, &pubkey);
124 if (len < 0) {
125 LOG(ERROR) << "failed to encode RSA public key";
126 return std::string();
127 }
128
129 std::string result;
130 result.resize(SHA256_DIGEST_LENGTH);
131 SHA256(pubkey, len, reinterpret_cast<unsigned char*>(&result[0]));
132 OPENSSL_free(pubkey);
133 return result;
134}
135
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame^]136static std::shared_ptr<RSA> read_key_file(const std::string& file) {
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]137 std::unique_ptr<FILE, decltype(&fclose)> fp(fopen(file.c_str(), "r"), fclose);
Elliott Hughes8d5fa6d2015-04-24 23:02:00 -0700[diff] [blame]138 if (!fp) {
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]139 PLOG(ERROR) << "Failed to open '" << file << "'";
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame^]140 return nullptr;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]141 }
142
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]143 RSA* key = RSA_new();
144 if (!PEM_read_RSAPrivateKey(fp.get(), &key, nullptr, nullptr)) {
145 LOG(ERROR) << "Failed to read key";
146 RSA_free(key);
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame^]147 return nullptr;
148 }
149
150 return std::shared_ptr<RSA>(key, RSA_free);
151}
152
153static bool load_key(const std::string& file) {
154 std::shared_ptr<RSA> key = read_key_file(file);
155 if (!key) {
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]156 return false;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]157 }
158
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]159 std::lock_guard<std::mutex> lock(g_keys_mutex);
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame^]160 std::string fingerprint = hash_key(key.get());
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]161 if (g_keys.find(fingerprint) != g_keys.end()) {
162 LOG(INFO) << "ignoring already-loaded key: " << file;
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]163 } else {
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame^]164 g_keys[fingerprint] = std::move(key);
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]165 }
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]166 return true;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]167}
168
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame^]169static bool load_keys(const std::string& path, bool allow_dir = true) {
170 LOG(INFO) << "load_keys '" << path << "'...";
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]171
172 struct stat st;
173 if (stat(path.c_str(), &st) != 0) {
174 PLOG(ERROR) << "failed to stat '" << path << "'";
175 return false;
176 }
177
178 if (S_ISREG(st.st_mode)) {
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame^]179 return load_key(path);
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]180 } else if (S_ISDIR(st.st_mode)) {
181 if (!allow_dir) {
182 // inotify isn't recursive. It would break expectations to load keys in nested
183 // directories but not monitor them for new keys.
184 LOG(WARNING) << "refusing to recurse into directory '" << path << "'";
185 return false;
186 }
187
188 std::unique_ptr<DIR, decltype(&closedir)> dir(opendir(path.c_str()), closedir);
189 if (!dir) {
190 PLOG(ERROR) << "failed to open directory '" << path << "'";
191 return false;
192 }
193
194 bool result = false;
195 while (struct dirent* dent = readdir(dir.get())) {
196 std::string name = dent->d_name;
197
198 // We can't use dent->d_type here because it's not available on Windows.
199 if (name == "." || name == "..") {
200 continue;
201 }
202
Josh Gaoa27666b2016-12-14 16:59:29 -0800[diff] [blame]203 if (!android::base::EndsWith(name, ".adb_key")) {
204 LOG(INFO) << "skipping non-adb_key '" << path << "/" << name << "'";
205 continue;
206 }
207
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame^]208 result |= load_key((path + OS_PATH_SEPARATOR + name));
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]209 }
210 return result;
211 }
212
213 LOG(ERROR) << "unexpected type for '" << path << "': 0x" << std::hex << st.st_mode;
214 return false;
215}
216
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]217static std::string get_user_key_path() {
Josh Gaoe0b75022016-08-30 15:23:35 -0700[diff] [blame]218 return adb_get_android_dir_path() + OS_PATH_SEPARATOR + "adbkey";
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]219}
220
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame^]221static bool generate_userkey() {
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]222 std::string path = get_user_key_path();
223 if (path.empty()) {
224 PLOG(ERROR) << "Error getting user key filename";
225 return false;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]226 }
227
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]228 struct stat buf;
229 if (stat(path.c_str(), &buf) == -1) {
230 LOG(INFO) << "User key '" << path << "' does not exist...";
Dan Albert286bb6d2015-07-09 20:35:09 +0000[diff] [blame]231 if (!generate_key(path)) {
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]232 LOG(ERROR) << "Failed to generate new key";
233 return false;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]234 }
235 }
236
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame^]237 return load_key(path);
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]238}
239
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]240static std::set<std::string> get_vendor_keys() {
Elliott Hughes8d5fa6d2015-04-24 23:02:00 -0700[diff] [blame]241 const char* adb_keys_path = getenv("ADB_VENDOR_KEYS");
242 if (adb_keys_path == nullptr) {
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]243 return std::set<std::string>();
Elliott Hughes8d5fa6d2015-04-24 23:02:00 -0700[diff] [blame]244 }
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]245
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]246 std::set<std::string> result;
Elliott Hughes65fe2512015-10-07 15:59:35 -0700[diff] [blame]247 for (const auto& path : android::base::Split(adb_keys_path, ENV_PATH_SEPARATOR_STR)) {
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]248 result.emplace(path);
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]249 }
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]250 return result;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]251}
252
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]253std::deque<std::shared_ptr<RSA>> adb_auth_get_private_keys() {
254 std::deque<std::shared_ptr<RSA>> result;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]255
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]256 // Copy all the currently known keys.
257 std::lock_guard<std::mutex> lock(g_keys_mutex);
258 for (const auto& it : g_keys) {
259 result.push_back(it.second);
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]260 }
261
262 // Add a sentinel to the list. Our caller uses this to mean "out of private keys,
263 // but try using the public key" (the empty deque could otherwise mean this _or_
264 // that this function hasn't been called yet to request the keys).
265 result.push_back(nullptr);
266
267 return result;
268}
269
Josh Gaof571fcb2018-02-05 18:49:10 -0800[diff] [blame]270static std::string adb_auth_sign(RSA* key, const char* token, size_t token_size) {
Sami Tolvanen7b9c20d2015-01-27 16:48:35 +0000[diff] [blame]271 if (token_size != TOKEN_SIZE) {
Yabin Cui7a3f8d62015-09-02 17:44:28 -0700[diff] [blame]272 D("Unexpected token size %zd", token_size);
Yi Kongaed415c2018-07-13 18:15:16 -0700[diff] [blame]273 return nullptr;
Sami Tolvanen7b9c20d2015-01-27 16:48:35 +0000[diff] [blame]274 }
275
Josh Gaof571fcb2018-02-05 18:49:10 -0800[diff] [blame]276 std::string result;
277 result.resize(MAX_PAYLOAD);
278
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]279 unsigned int len;
Josh Gao06d61d42016-10-06 13:31:44 -0700[diff] [blame]280 if (!RSA_sign(NID_sha1, reinterpret_cast<const uint8_t*>(token), token_size,
Josh Gaof571fcb2018-02-05 18:49:10 -0800[diff] [blame]281 reinterpret_cast<uint8_t*>(&result[0]), &len, key)) {
282 return std::string();
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]283 }
284
Josh Gaof571fcb2018-02-05 18:49:10 -0800[diff] [blame]285 result.resize(len);
286
Yabin Cui7a3f8d62015-09-02 17:44:28 -0700[diff] [blame]287 D("adb_auth_sign len=%d", len);
Josh Gaof571fcb2018-02-05 18:49:10 -0800[diff] [blame]288 return result;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]289}
290
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame^]291static bool pubkey_from_privkey(std::string* out, const std::string& path) {
292 std::shared_ptr<RSA> privkey = read_key_file(path);
293 if (!privkey) {
294 return false;
295 }
296 return calculate_public_key(out, privkey.get());
297}
298
Elliott Hughese8b663f2016-05-26 22:43:19 -0700[diff] [blame]299std::string adb_auth_get_userkey() {
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]300 std::string path = get_user_key_path();
301 if (path.empty()) {
302 PLOG(ERROR) << "Error getting user key filename";
Elliott Hughese8b663f2016-05-26 22:43:19 -0700[diff] [blame]303 return "";
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]304 }
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]305
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame^]306 std::string result;
307 if (!pubkey_from_privkey(&result, path)) {
Elliott Hughese8b663f2016-05-26 22:43:19 -0700[diff] [blame]308 return "";
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]309 }
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame^]310 return result;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]311}
312
Nick Kralevichbea3f9c2014-11-13 15:17:29 -0800[diff] [blame]313int adb_auth_keygen(const char* filename) {
Nick Kralevichbea3f9c2014-11-13 15:17:29 -0800[diff] [blame]314 return (generate_key(filename) == 0);
315}
316
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame^]317int adb_auth_pubkey(const char* filename) {
318 std::string pubkey;
319 if (!pubkey_from_privkey(&pubkey, filename)) {
320 return 1;
321 }
322 pubkey.push_back('\n');
323
324 return WriteFdExactly(STDOUT_FILENO, pubkey.data(), pubkey.size()) ? 0 : 1;
325}
326
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]327#if defined(__linux__)
328static void adb_auth_inotify_update(int fd, unsigned fd_event, void*) {
329 LOG(INFO) << "adb_auth_inotify_update called";
330 if (!(fd_event & FDE_READ)) {
331 return;
332 }
333
334 char buf[sizeof(struct inotify_event) + NAME_MAX + 1];
335 while (true) {
336 ssize_t rc = TEMP_FAILURE_RETRY(unix_read(fd, buf, sizeof(buf)));
337 if (rc == -1) {
338 if (errno == EAGAIN) {
339 LOG(INFO) << "done reading inotify fd";
340 break;
341 }
342 PLOG(FATAL) << "read of inotify event failed";
343 }
344
345 // The read potentially returned multiple events.
346 char* start = buf;
347 char* end = buf + rc;
348
349 while (start < end) {
350 inotify_event* event = reinterpret_cast<inotify_event*>(start);
351 auto root_it = g_monitored_paths.find(event->wd);
352 if (root_it == g_monitored_paths.end()) {
353 LOG(FATAL) << "observed inotify event for unmonitored path, wd = " << event->wd;
354 }
355
356 std::string path = root_it->second;
357 if (event->len > 0) {
358 path += '/';
359 path += event->name;
360 }
361
362 if (event->mask & (IN_CREATE | IN_MOVED_TO)) {
363 if (event->mask & IN_ISDIR) {
364 LOG(INFO) << "ignoring new directory at '" << path << "'";
365 } else {
366 LOG(INFO) << "observed new file at '" << path << "'";
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame^]367 load_keys(path, false);
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]368 }
369 } else {
370 LOG(WARNING) << "unmonitored event for " << path << ": 0x" << std::hex
371 << event->mask;
372 }
373
374 start += sizeof(struct inotify_event) + event->len;
375 }
376 }
377}
378
379static void adb_auth_inotify_init(const std::set<std::string>& paths) {
380 LOG(INFO) << "adb_auth_inotify_init...";
Josh Gaofb9a7e52017-01-18 18:14:17 -0800[diff] [blame]381
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]382 int infd = inotify_init1(IN_CLOEXEC | IN_NONBLOCK);
Josh Gaofb9a7e52017-01-18 18:14:17 -0800[diff] [blame]383 if (infd < 0) {
384 PLOG(ERROR) << "failed to create inotify fd";
385 return;
386 }
387
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]388 for (const std::string& path : paths) {
389 int wd = inotify_add_watch(infd, path.c_str(), IN_CREATE | IN_MOVED_TO);
390 if (wd < 0) {
391 PLOG(ERROR) << "failed to inotify_add_watch on path '" << path;
392 continue;
393 }
394
395 g_monitored_paths[wd] = path;
396 LOG(INFO) << "watch descriptor " << wd << " registered for " << path;
397 }
398
399 fdevent* event = fdevent_create(infd, adb_auth_inotify_update, nullptr);
400 fdevent_add(event, FDE_READ);
401}
402#endif
403
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]404void adb_auth_init() {
405 LOG(INFO) << "adb_auth_init...";
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]406
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame^]407 if (!generate_userkey()) {
408 LOG(ERROR) << "Failed to generate user key";
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]409 return;
410 }
411
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]412 const auto& key_paths = get_vendor_keys();
413
414#if defined(__linux__)
415 adb_auth_inotify_init(key_paths);
416#endif
417
418 for (const std::string& path : key_paths) {
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame^]419 load_keys(path.c_str());
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]420 }
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]421}
Josh Gao3bd28792016-10-05 19:02:29 -0700[diff] [blame]422
423static void send_auth_publickey(atransport* t) {
424 LOG(INFO) << "Calling send_auth_publickey";
425
426 std::string key = adb_auth_get_userkey();
427 if (key.empty()) {
428 D("Failed to get user public key");
429 return;
430 }
431
432 if (key.size() >= MAX_PAYLOAD_V1) {
433 D("User public key too large (%zu B)", key.size());
434 return;
435 }
436
437 apacket* p = get_apacket();
Josh Gao3bd28792016-10-05 19:02:29 -0700[diff] [blame]438 p->msg.command = A_AUTH;
439 p->msg.arg0 = ADB_AUTH_RSAPUBLICKEY;
440
441 // adbd expects a null-terminated string.
Josh Gao1ce99572018-03-07 16:52:28 -0800[diff] [blame]442 p->payload.assign(key.data(), key.data() + key.size() + 1);
Josh Gaof571fcb2018-02-05 18:49:10 -0800[diff] [blame]443 p->msg.data_length = p->payload.size();
Josh Gao3bd28792016-10-05 19:02:29 -0700[diff] [blame]444 send_packet(p, t);
445}
446
Josh Gao06d61d42016-10-06 13:31:44 -0700[diff] [blame]447void send_auth_response(const char* token, size_t token_size, atransport* t) {
Josh Gao3bd28792016-10-05 19:02:29 -0700[diff] [blame]448 std::shared_ptr<RSA> key = t->NextKey();
449 if (key == nullptr) {
450 // No more private keys to try, send the public key.
Josh Gao704494b2018-05-04 16:04:49 -0700[diff] [blame]451 t->SetConnectionState(kCsUnauthorized);
Josh Gao362e6962018-08-08 16:20:14 -0700[diff] [blame]452 t->SetConnectionEstablished(true);
Josh Gao3bd28792016-10-05 19:02:29 -0700[diff] [blame]453 send_auth_publickey(t);
454 return;
455 }
456
457 LOG(INFO) << "Calling send_auth_response";
458 apacket* p = get_apacket();
459
Josh Gaof571fcb2018-02-05 18:49:10 -0800[diff] [blame]460 std::string result = adb_auth_sign(key.get(), token, token_size);
461 if (result.empty()) {
Josh Gao3bd28792016-10-05 19:02:29 -0700[diff] [blame]462 D("Error signing the token");
463 put_apacket(p);
464 return;
465 }
466
467 p->msg.command = A_AUTH;
468 p->msg.arg0 = ADB_AUTH_SIGNATURE;
Josh Gao1ce99572018-03-07 16:52:28 -0800[diff] [blame]469 p->payload.assign(result.begin(), result.end());
Josh Gaof571fcb2018-02-05 18:49:10 -0800[diff] [blame]470 p->msg.data_length = p->payload.size();
Josh Gao3bd28792016-10-05 19:02:29 -0700[diff] [blame]471 send_packet(p, t);
472}