Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_core / 9e96e710670de7dc3abb2de7c681908ea823fc53 / . / adb / client / auth.cpp
blob: e8be784cda2b621a09e24673300b7529e091e99a [file] [log] [blame]
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]1/*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Yabin Cuiaed3c612015-09-22 15:52:57 -0700[diff] [blame]17#define TRACE_TAG AUTH
Dan Albert33134262015-03-19 15:21:08 -0700[diff] [blame]18
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]19#include <dirent.h>
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]20#include <stdio.h>
Christopher Ferris67a7a4a2014-11-06 14:34:24 -0800[diff] [blame]21#include <stdlib.h>
Dan Albert33134262015-03-19 15:21:08 -0700[diff] [blame]22#include <string.h>
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]23#if defined(__linux__)
24#include <sys/inotify.h>
25#endif
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]26
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]27#include <map>
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]28#include <mutex>
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]29#include <set>
30#include <string>
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]31
David Pursell5f787ed2016-01-27 08:52:53 -0800[diff] [blame]32#include <android-base/errors.h>
Elliott Hughese8b663f2016-05-26 22:43:19 -0700[diff] [blame]33#include <android-base/file.h>
Yurii Zubrytskyidace0152016-05-26 09:46:10 -0700[diff] [blame]34#include <android-base/stringprintf.h>
Elliott Hughes4f713192015-12-04 22:00:26 -0800[diff] [blame]35#include <android-base/strings.h>
Mattias Nissler097b6bb2016-03-31 16:32:09 +0200[diff] [blame]36#include <crypto_utils/android_pubkey.h>
Elliott Hughes625faf02016-06-21 16:50:48 -0700[diff] [blame]37#include <openssl/base64.h>
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]38#include <openssl/evp.h>
39#include <openssl/objects.h>
40#include <openssl/pem.h>
41#include <openssl/rsa.h>
42#include <openssl/sha.h>
43
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]44#include "adb.h"
45#include "adb_auth.h"
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]46#include "adb_io.h"
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]47#include "adb_utils.h"
48#include "sysdeps.h"
Josh Gao3bd28792016-10-05 19:02:29 -0700[diff] [blame]49#include "transport.h"
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]50
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]51static std::mutex& g_keys_mutex = *new std::mutex;
52static std::map<std::string, std::shared_ptr<RSA>>& g_keys =
53 *new std::map<std::string, std::shared_ptr<RSA>>;
54static std::map<int, std::string>& g_monitored_paths = *new std::map<int, std::string>;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]55
Josh Gao032989a2019-04-29 12:36:32 -0700[diff] [blame]56static std::string get_user_info() {
57 std::string hostname;
58 if (getenv("HOSTNAME")) hostname = getenv("HOSTNAME");
59#if !defined(_WIN32)
60 char buf[64];
61 if (hostname.empty() && gethostname(buf, sizeof(buf)) != -1) hostname = buf;
62#endif
63 if (hostname.empty()) hostname = "unknown";
64
65 std::string username;
66 if (getenv("LOGNAME")) username = getenv("LOGNAME");
67#if !defined(_WIN32)
68 if (username.empty() && getlogin()) username = getlogin();
69#endif
70 if (username.empty()) hostname = "unknown";
71
72 return " " + username + "@" + hostname;
73}
74
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]75static bool calculate_public_key(std::string* out, RSA* private_key) {
Mattias Nissler097b6bb2016-03-31 16:32:09 +0200[diff] [blame]76 uint8_t binary_key_data[ANDROID_PUBKEY_ENCODED_SIZE];
Elliott Hughes625faf02016-06-21 16:50:48 -0700[diff] [blame]77 if (!android_pubkey_encode(private_key, binary_key_data, sizeof(binary_key_data))) {
78 LOG(ERROR) << "Failed to convert to public key";
79 return false;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]80 }
81
Elliott Hughes0b771b32017-05-01 13:45:30 -0700[diff] [blame]82 size_t expected_length;
83 if (!EVP_EncodedLength(&expected_length, sizeof(binary_key_data))) {
Elliott Hughes625faf02016-06-21 16:50:48 -0700[diff] [blame]84 LOG(ERROR) << "Public key too large to base64 encode";
85 return false;
Adam Langley179d9d62014-09-03 14:34:47 -0700[diff] [blame]86 }
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]87
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]88 out->resize(expected_length);
89 size_t actual_length = EVP_EncodeBlock(reinterpret_cast<uint8_t*>(out->data()), binary_key_data,
Elliott Hughes0b771b32017-05-01 13:45:30 -0700[diff] [blame]90 sizeof(binary_key_data));
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]91 out->resize(actual_length);
Josh Gao032989a2019-04-29 12:36:32 -0700[diff] [blame]92 out->append(get_user_info());
Elliott Hughes625faf02016-06-21 16:50:48 -0700[diff] [blame]93 return true;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]94}
95
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]96static int generate_key(const std::string& file) {
97 LOG(INFO) << "generate_key(" << file << ")...";
98
Benoit Goby64b31032012-08-31 12:14:21 -0700[diff] [blame]99 mode_t old_mask;
Yi Kongaed415c2018-07-13 18:15:16 -0700[diff] [blame]100 FILE *f = nullptr;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]101 int ret = 0;
Josh Gao032989a2019-04-29 12:36:32 -0700[diff] [blame]102 std::string pubkey;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]103
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]104 EVP_PKEY* pkey = EVP_PKEY_new();
105 BIGNUM* exponent = BN_new();
106 RSA* rsa = RSA_new();
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]107 if (!pkey || !exponent || !rsa) {
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]108 LOG(ERROR) << "Failed to allocate key";
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]109 goto out;
110 }
111
112 BN_set_word(exponent, RSA_F4);
Yi Kongaed415c2018-07-13 18:15:16 -0700[diff] [blame]113 RSA_generate_key_ex(rsa, 2048, exponent, nullptr);
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]114 EVP_PKEY_set1_RSA(pkey, rsa);
115
Josh Gao032989a2019-04-29 12:36:32 -0700[diff] [blame]116 if (!calculate_public_key(&pubkey, rsa)) {
117 LOG(ERROR) << "failed to calculate public key";
118 goto out;
119 }
120
Benoit Goby64b31032012-08-31 12:14:21 -0700[diff] [blame]121 old_mask = umask(077);
122
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]123 f = fopen(file.c_str(), "w");
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]124 if (!f) {
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]125 PLOG(ERROR) << "Failed to open " << file;
Benoit Goby64b31032012-08-31 12:14:21 -0700[diff] [blame]126 umask(old_mask);
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]127 goto out;
128 }
129
Benoit Goby64b31032012-08-31 12:14:21 -0700[diff] [blame]130 umask(old_mask);
131
Yi Kongaed415c2018-07-13 18:15:16 -0700[diff] [blame]132 if (!PEM_write_PrivateKey(f, pkey, nullptr, nullptr, 0, nullptr, nullptr)) {
Josh Gao032989a2019-04-29 12:36:32 -0700[diff] [blame]133 LOG(ERROR) << "Failed to write key";
134 goto out;
135 }
136
137 if (!android::base::WriteStringToFile(pubkey, file + ".pub")) {
138 PLOG(ERROR) << "failed to write public key";
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]139 goto out;
140 }
141
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]142 ret = 1;
143
144out:
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]145 if (f) fclose(f);
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]146 EVP_PKEY_free(pkey);
147 RSA_free(rsa);
148 BN_free(exponent);
149 return ret;
150}
151
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]152static std::string hash_key(RSA* key) {
153 unsigned char* pubkey = nullptr;
154 int len = i2d_RSA_PUBKEY(key, &pubkey);
155 if (len < 0) {
156 LOG(ERROR) << "failed to encode RSA public key";
157 return std::string();
158 }
159
160 std::string result;
161 result.resize(SHA256_DIGEST_LENGTH);
162 SHA256(pubkey, len, reinterpret_cast<unsigned char*>(&result[0]));
163 OPENSSL_free(pubkey);
164 return result;
165}
166
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]167static std::shared_ptr<RSA> read_key_file(const std::string& file) {
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]168 std::unique_ptr<FILE, decltype(&fclose)> fp(fopen(file.c_str(), "r"), fclose);
Elliott Hughes8d5fa6d2015-04-24 23:02:00 -0700[diff] [blame]169 if (!fp) {
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]170 PLOG(ERROR) << "Failed to open '" << file << "'";
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]171 return nullptr;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]172 }
173
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]174 RSA* key = RSA_new();
175 if (!PEM_read_RSAPrivateKey(fp.get(), &key, nullptr, nullptr)) {
Elliott Hughes7fb14072019-10-07 08:21:58 -0700[diff] [blame]176 LOG(ERROR) << "Failed to read key from '" << file << "'";
177 ERR_print_errors_fp(stderr);
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]178 RSA_free(key);
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]179 return nullptr;
180 }
181
182 return std::shared_ptr<RSA>(key, RSA_free);
183}
184
185static bool load_key(const std::string& file) {
186 std::shared_ptr<RSA> key = read_key_file(file);
187 if (!key) {
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]188 return false;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]189 }
190
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]191 std::lock_guard<std::mutex> lock(g_keys_mutex);
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]192 std::string fingerprint = hash_key(key.get());
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]193 if (g_keys.find(fingerprint) != g_keys.end()) {
194 LOG(INFO) << "ignoring already-loaded key: " << file;
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]195 } else {
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]196 g_keys[fingerprint] = std::move(key);
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]197 }
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]198 return true;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]199}
200
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]201static bool load_keys(const std::string& path, bool allow_dir = true) {
202 LOG(INFO) << "load_keys '" << path << "'...";
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]203
204 struct stat st;
205 if (stat(path.c_str(), &st) != 0) {
206 PLOG(ERROR) << "failed to stat '" << path << "'";
207 return false;
208 }
209
210 if (S_ISREG(st.st_mode)) {
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]211 return load_key(path);
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]212 } else if (S_ISDIR(st.st_mode)) {
213 if (!allow_dir) {
214 // inotify isn't recursive. It would break expectations to load keys in nested
215 // directories but not monitor them for new keys.
216 LOG(WARNING) << "refusing to recurse into directory '" << path << "'";
217 return false;
218 }
219
220 std::unique_ptr<DIR, decltype(&closedir)> dir(opendir(path.c_str()), closedir);
221 if (!dir) {
222 PLOG(ERROR) << "failed to open directory '" << path << "'";
223 return false;
224 }
225
226 bool result = false;
227 while (struct dirent* dent = readdir(dir.get())) {
228 std::string name = dent->d_name;
229
230 // We can't use dent->d_type here because it's not available on Windows.
231 if (name == "." || name == "..") {
232 continue;
233 }
234
Josh Gaoa27666b2016-12-14 16:59:29 -0800[diff] [blame]235 if (!android::base::EndsWith(name, ".adb_key")) {
236 LOG(INFO) << "skipping non-adb_key '" << path << "/" << name << "'";
237 continue;
238 }
239
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]240 result |= load_key((path + OS_PATH_SEPARATOR + name));
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]241 }
242 return result;
243 }
244
245 LOG(ERROR) << "unexpected type for '" << path << "': 0x" << std::hex << st.st_mode;
246 return false;
247}
248
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]249static std::string get_user_key_path() {
Josh Gaoe0b75022016-08-30 15:23:35 -0700[diff] [blame]250 return adb_get_android_dir_path() + OS_PATH_SEPARATOR + "adbkey";
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]251}
252
Elliott Hughes7fb14072019-10-07 08:21:58 -0700[diff] [blame]253static bool load_userkey() {
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]254 std::string path = get_user_key_path();
255 if (path.empty()) {
256 PLOG(ERROR) << "Error getting user key filename";
257 return false;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]258 }
259
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]260 struct stat buf;
261 if (stat(path.c_str(), &buf) == -1) {
262 LOG(INFO) << "User key '" << path << "' does not exist...";
Dan Albert286bb6d2015-07-09 20:35:09 +0000[diff] [blame]263 if (!generate_key(path)) {
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]264 LOG(ERROR) << "Failed to generate new key";
265 return false;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]266 }
267 }
268
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]269 return load_key(path);
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]270}
271
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]272static std::set<std::string> get_vendor_keys() {
Elliott Hughes8d5fa6d2015-04-24 23:02:00 -0700[diff] [blame]273 const char* adb_keys_path = getenv("ADB_VENDOR_KEYS");
274 if (adb_keys_path == nullptr) {
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]275 return std::set<std::string>();
Elliott Hughes8d5fa6d2015-04-24 23:02:00 -0700[diff] [blame]276 }
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]277
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]278 std::set<std::string> result;
Elliott Hughes65fe2512015-10-07 15:59:35 -0700[diff] [blame]279 for (const auto& path : android::base::Split(adb_keys_path, ENV_PATH_SEPARATOR_STR)) {
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]280 result.emplace(path);
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]281 }
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]282 return result;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]283}
284
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]285std::deque<std::shared_ptr<RSA>> adb_auth_get_private_keys() {
286 std::deque<std::shared_ptr<RSA>> result;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]287
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]288 // Copy all the currently known keys.
289 std::lock_guard<std::mutex> lock(g_keys_mutex);
290 for (const auto& it : g_keys) {
291 result.push_back(it.second);
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]292 }
293
294 // Add a sentinel to the list. Our caller uses this to mean "out of private keys,
295 // but try using the public key" (the empty deque could otherwise mean this _or_
296 // that this function hasn't been called yet to request the keys).
297 result.push_back(nullptr);
298
299 return result;
300}
301
Josh Gaof571fcb2018-02-05 18:49:10 -0800[diff] [blame]302static std::string adb_auth_sign(RSA* key, const char* token, size_t token_size) {
Sami Tolvanen7b9c20d2015-01-27 16:48:35 +0000[diff] [blame]303 if (token_size != TOKEN_SIZE) {
Yabin Cui7a3f8d62015-09-02 17:44:28 -0700[diff] [blame]304 D("Unexpected token size %zd", token_size);
Yi Kongaed415c2018-07-13 18:15:16 -0700[diff] [blame]305 return nullptr;
Sami Tolvanen7b9c20d2015-01-27 16:48:35 +0000[diff] [blame]306 }
307
Josh Gaof571fcb2018-02-05 18:49:10 -0800[diff] [blame]308 std::string result;
309 result.resize(MAX_PAYLOAD);
310
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]311 unsigned int len;
Josh Gao06d61d42016-10-06 13:31:44 -0700[diff] [blame]312 if (!RSA_sign(NID_sha1, reinterpret_cast<const uint8_t*>(token), token_size,
Josh Gaof571fcb2018-02-05 18:49:10 -0800[diff] [blame]313 reinterpret_cast<uint8_t*>(&result[0]), &len, key)) {
314 return std::string();
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]315 }
316
Josh Gaof571fcb2018-02-05 18:49:10 -0800[diff] [blame]317 result.resize(len);
318
Yabin Cui7a3f8d62015-09-02 17:44:28 -0700[diff] [blame]319 D("adb_auth_sign len=%d", len);
Josh Gaof571fcb2018-02-05 18:49:10 -0800[diff] [blame]320 return result;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]321}
322
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]323static bool pubkey_from_privkey(std::string* out, const std::string& path) {
324 std::shared_ptr<RSA> privkey = read_key_file(path);
325 if (!privkey) {
326 return false;
327 }
328 return calculate_public_key(out, privkey.get());
329}
330
Elliott Hughese8b663f2016-05-26 22:43:19 -0700[diff] [blame]331std::string adb_auth_get_userkey() {
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]332 std::string path = get_user_key_path();
333 if (path.empty()) {
334 PLOG(ERROR) << "Error getting user key filename";
Elliott Hughese8b663f2016-05-26 22:43:19 -0700[diff] [blame]335 return "";
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]336 }
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]337
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]338 std::string result;
339 if (!pubkey_from_privkey(&result, path)) {
Elliott Hughese8b663f2016-05-26 22:43:19 -0700[diff] [blame]340 return "";
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]341 }
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]342 return result;
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]343}
344
Nick Kralevichbea3f9c2014-11-13 15:17:29 -0800[diff] [blame]345int adb_auth_keygen(const char* filename) {
Nick Kralevichbea3f9c2014-11-13 15:17:29 -0800[diff] [blame]346 return (generate_key(filename) == 0);
347}
348
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]349int adb_auth_pubkey(const char* filename) {
350 std::string pubkey;
351 if (!pubkey_from_privkey(&pubkey, filename)) {
352 return 1;
353 }
354 pubkey.push_back('\n');
355
356 return WriteFdExactly(STDOUT_FILENO, pubkey.data(), pubkey.size()) ? 0 : 1;
357}
358
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]359#if defined(__linux__)
360static void adb_auth_inotify_update(int fd, unsigned fd_event, void*) {
361 LOG(INFO) << "adb_auth_inotify_update called";
362 if (!(fd_event & FDE_READ)) {
363 return;
364 }
365
366 char buf[sizeof(struct inotify_event) + NAME_MAX + 1];
367 while (true) {
368 ssize_t rc = TEMP_FAILURE_RETRY(unix_read(fd, buf, sizeof(buf)));
369 if (rc == -1) {
370 if (errno == EAGAIN) {
371 LOG(INFO) << "done reading inotify fd";
372 break;
373 }
374 PLOG(FATAL) << "read of inotify event failed";
375 }
376
377 // The read potentially returned multiple events.
378 char* start = buf;
379 char* end = buf + rc;
380
381 while (start < end) {
382 inotify_event* event = reinterpret_cast<inotify_event*>(start);
383 auto root_it = g_monitored_paths.find(event->wd);
384 if (root_it == g_monitored_paths.end()) {
385 LOG(FATAL) << "observed inotify event for unmonitored path, wd = " << event->wd;
386 }
387
388 std::string path = root_it->second;
389 if (event->len > 0) {
390 path += '/';
391 path += event->name;
392 }
393
394 if (event->mask & (IN_CREATE | IN_MOVED_TO)) {
395 if (event->mask & IN_ISDIR) {
396 LOG(INFO) << "ignoring new directory at '" << path << "'";
397 } else {
398 LOG(INFO) << "observed new file at '" << path << "'";
Josh Gao2dc4cab2018-11-15 17:45:46 -0800[diff] [blame]399 load_keys(path, false);
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]400 }
401 } else {
402 LOG(WARNING) << "unmonitored event for " << path << ": 0x" << std::hex
403 << event->mask;
404 }
405
406 start += sizeof(struct inotify_event) + event->len;
407 }
408 }
409}
410
411static void adb_auth_inotify_init(const std::set<std::string>& paths) {
412 LOG(INFO) << "adb_auth_inotify_init...";
Josh Gaofb9a7e52017-01-18 18:14:17 -0800[diff] [blame]413
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]414 int infd = inotify_init1(IN_CLOEXEC | IN_NONBLOCK);
Josh Gaofb9a7e52017-01-18 18:14:17 -0800[diff] [blame]415 if (infd < 0) {
416 PLOG(ERROR) << "failed to create inotify fd";
417 return;
418 }
419
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]420 for (const std::string& path : paths) {
421 int wd = inotify_add_watch(infd, path.c_str(), IN_CREATE | IN_MOVED_TO);
422 if (wd < 0) {
423 PLOG(ERROR) << "failed to inotify_add_watch on path '" << path;
424 continue;
425 }
426
427 g_monitored_paths[wd] = path;
428 LOG(INFO) << "watch descriptor " << wd << " registered for " << path;
429 }
430
431 fdevent* event = fdevent_create(infd, adb_auth_inotify_update, nullptr);
432 fdevent_add(event, FDE_READ);
433}
434#endif
435
Elliott Hughes0aeb5052016-06-29 17:42:01 -0700[diff] [blame]436void adb_auth_init() {
437 LOG(INFO) << "adb_auth_init...";
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]438
Elliott Hughes7fb14072019-10-07 08:21:58 -0700[diff] [blame]439 if (!load_userkey()) {
440 LOG(ERROR) << "Failed to load (or generate) user key";
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]441 return;
442 }
443
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]444 const auto& key_paths = get_vendor_keys();
445
446#if defined(__linux__)
447 adb_auth_inotify_init(key_paths);
448#endif
449
450 for (const std::string& path : key_paths) {
Greg Kaisere2125fd2019-03-26 11:58:53 -0700[diff] [blame]451 load_keys(path);
Josh Gao2e671202016-08-18 22:00:12 -0700[diff] [blame]452 }
Benoit Gobyd5fcafa2012-04-12 12:23:49 -0700[diff] [blame]453}
Josh Gao3bd28792016-10-05 19:02:29 -0700[diff] [blame]454
455static void send_auth_publickey(atransport* t) {
456 LOG(INFO) << "Calling send_auth_publickey";
457
458 std::string key = adb_auth_get_userkey();
459 if (key.empty()) {
460 D("Failed to get user public key");
461 return;
462 }
463
464 if (key.size() >= MAX_PAYLOAD_V1) {
465 D("User public key too large (%zu B)", key.size());
466 return;
467 }
468
469 apacket* p = get_apacket();
Josh Gao3bd28792016-10-05 19:02:29 -0700[diff] [blame]470 p->msg.command = A_AUTH;
471 p->msg.arg0 = ADB_AUTH_RSAPUBLICKEY;
472
473 // adbd expects a null-terminated string.
Josh Gao1ce99572018-03-07 16:52:28 -0800[diff] [blame]474 p->payload.assign(key.data(), key.data() + key.size() + 1);
Josh Gaof571fcb2018-02-05 18:49:10 -0800[diff] [blame]475 p->msg.data_length = p->payload.size();
Josh Gao3bd28792016-10-05 19:02:29 -0700[diff] [blame]476 send_packet(p, t);
477}
478
Josh Gao06d61d42016-10-06 13:31:44 -0700[diff] [blame]479void send_auth_response(const char* token, size_t token_size, atransport* t) {
Josh Gao3bd28792016-10-05 19:02:29 -0700[diff] [blame]480 std::shared_ptr<RSA> key = t->NextKey();
481 if (key == nullptr) {
482 // No more private keys to try, send the public key.
Josh Gao704494b2018-05-04 16:04:49 -0700[diff] [blame]483 t->SetConnectionState(kCsUnauthorized);
Josh Gao362e6962018-08-08 16:20:14 -0700[diff] [blame]484 t->SetConnectionEstablished(true);
Josh Gao3bd28792016-10-05 19:02:29 -0700[diff] [blame]485 send_auth_publickey(t);
486 return;
487 }
488
489 LOG(INFO) << "Calling send_auth_response";
490 apacket* p = get_apacket();
491
Josh Gaof571fcb2018-02-05 18:49:10 -0800[diff] [blame]492 std::string result = adb_auth_sign(key.get(), token, token_size);
493 if (result.empty()) {
Josh Gao3bd28792016-10-05 19:02:29 -0700[diff] [blame]494 D("Error signing the token");
495 put_apacket(p);
496 return;
497 }
498
499 p->msg.command = A_AUTH;
500 p->msg.arg0 = ADB_AUTH_SIGNATURE;
Josh Gao1ce99572018-03-07 16:52:28 -0800[diff] [blame]501 p->payload.assign(result.begin(), result.end());
Josh Gaof571fcb2018-02-05 18:49:10 -0800[diff] [blame]502 p->msg.data_length = p->payload.size();
Josh Gao3bd28792016-10-05 19:02:29 -0700[diff] [blame]503 send_packet(p, t);
504}