1 /*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define TRACE_TAG AUTH
18
19 #include "sysdeps.h"
20
21 #include <resolv.h>
22 #include <stdio.h>
23 #include <string.h>
24
25 #include <algorithm>
26 #include <chrono>
27 #include <iomanip>
28 #include <map>
29 #include <memory>
30 #include <thread>
31
32 #include <adb/crypto/rsa_2048_key.h>
33 #include <adb/tls/adb_ca_list.h>
34 #include <adbd_auth.h>
35 #include <android-base/file.h>
36 #include <android-base/no_destructor.h>
37 #include <android-base/strings.h>
38 #include <crypto_utils/android_pubkey.h>
39 #include <openssl/obj_mac.h>
40 #include <openssl/rsa.h>
41 #include <openssl/sha.h>
42 #include <openssl/ssl.h>
43
44 #include "adb.h"
45 #include "adb_auth.h"
46 #include "adb_io.h"
47 #include "adb_wifi.h"
48 #include "fdevent/fdevent.h"
49 #include "transport.h"
50 #include "types.h"
51
52 using namespace adb::crypto;
53 using namespace adb::tls;
54 using namespace std::chrono_literals;
55
56 static AdbdAuthContext* auth_ctx;
57
58 static RSA* rsa_pkey = nullptr;
59
60 static void adb_disconnected(void* unused, atransport* t);
61 static struct adisconnect adb_disconnect = {adb_disconnected, nullptr};
62
63 static android::base::NoDestructor<std::map<uint32_t, weak_ptr<atransport>>> transports;
64 static uint32_t transport_auth_id = 0;
65
66 bool auth_required = true;
67
transport_to_callback_arg(atransport * transport)68 static void* transport_to_callback_arg(atransport* transport) {
69 uint32_t id = transport_auth_id++;
70 (*transports)[id] = transport->weak();
71 return reinterpret_cast<void*>(id);
72 }
73
transport_from_callback_arg(void * id)74 static atransport* transport_from_callback_arg(void* id) {
75 uint64_t id_u64 = reinterpret_cast<uint64_t>(id);
76 if (id_u64 > std::numeric_limits<uint32_t>::max()) {
77 LOG(FATAL) << "transport_from_callback_arg called on out of range value: " << id_u64;
78 }
79
80 uint32_t id_u32 = static_cast<uint32_t>(id_u64);
81 auto it = transports->find(id_u32);
82 if (it == transports->end()) {
83 LOG(ERROR) << "transport_from_callback_arg failed to find transport for id " << id_u32;
84 return nullptr;
85 }
86
87 atransport* t = it->second.get();
88 if (!t) {
89 LOG(WARNING) << "transport_from_callback_arg found already destructed transport";
90 return nullptr;
91 }
92
93 transports->erase(it);
94 return t;
95 }
96
IteratePublicKeys(std::function<bool (std::string_view public_key)> f)97 static void IteratePublicKeys(std::function<bool(std::string_view public_key)> f) {
98 adbd_auth_get_public_keys(
99 auth_ctx,
100 [](void* opaque, const char* public_key, size_t len) {
101 return (*static_cast<decltype(f)*>(opaque))(std::string_view(public_key, len));
102 },
103 &f);
104 }
105
adbd_tls_client_ca_list()106 bssl::UniquePtr<STACK_OF(X509_NAME)> adbd_tls_client_ca_list() {
107 if (!auth_required) {
108 return nullptr;
109 }
110
111 bssl::UniquePtr<STACK_OF(X509_NAME)> ca_list(sk_X509_NAME_new_null());
112
113 IteratePublicKeys([&](std::string_view public_key) {
114 // TODO: do we really have to support both ' ' and '\t'?
115 std::vector<std::string> split = android::base::Split(std::string(public_key), " \t");
116 uint8_t keybuf[ANDROID_PUBKEY_ENCODED_SIZE + 1];
117 const std::string& pubkey = split[0];
118 if (b64_pton(pubkey.c_str(), keybuf, sizeof(keybuf)) != ANDROID_PUBKEY_ENCODED_SIZE) {
119 LOG(ERROR) << "Invalid base64 key " << pubkey;
120 return true;
121 }
122
123 RSA* key = nullptr;
124 if (!android_pubkey_decode(keybuf, ANDROID_PUBKEY_ENCODED_SIZE, &key)) {
125 LOG(ERROR) << "Failed to parse key " << pubkey;
126 return true;
127 }
128 bssl::UniquePtr<RSA> rsa_key(key);
129
130 unsigned char* dkey = nullptr;
131 int len = i2d_RSA_PUBKEY(rsa_key.get(), &dkey);
132 if (len <= 0 || dkey == nullptr) {
133 LOG(ERROR) << "Failed to encode RSA public key";
134 return true;
135 }
136
137 uint8_t digest[SHA256_DIGEST_LENGTH];
138 // Put the encoded key in the commonName attribute of the issuer name.
139 // Note that the commonName has a max length of 64 bytes, which is less
140 // than the SHA256_DIGEST_LENGTH.
141 SHA256(dkey, len, digest);
142 OPENSSL_free(dkey);
143
144 auto digest_str = SHA256BitsToHexString(
145 std::string_view(reinterpret_cast<const char*>(&digest[0]), sizeof(digest)));
146 LOG(INFO) << "fingerprint=[" << digest_str << "]";
147 auto issuer = CreateCAIssuerFromEncodedKey(digest_str);
148 CHECK(bssl::PushToStack(ca_list.get(), std::move(issuer)));
149 return true;
150 });
151
152 return ca_list;
153 }
154
adbd_auth_verify(const char * token,size_t token_size,const std::string & sig,std::string * auth_key)155 bool adbd_auth_verify(const char* token, size_t token_size, const std::string& sig,
156 std::string* auth_key) {
157 bool authorized = false;
158 auth_key->clear();
159
160 IteratePublicKeys([&](std::string_view public_key) {
161 // TODO: do we really have to support both ' ' and '\t'?
162 std::vector<std::string> split = android::base::Split(std::string(public_key), " \t");
163 uint8_t keybuf[ANDROID_PUBKEY_ENCODED_SIZE + 1];
164 const std::string& pubkey = split[0];
165 if (b64_pton(pubkey.c_str(), keybuf, sizeof(keybuf)) != ANDROID_PUBKEY_ENCODED_SIZE) {
166 LOG(ERROR) << "Invalid base64 key " << pubkey;
167 return true;
168 }
169
170 RSA* key = nullptr;
171 if (!android_pubkey_decode(keybuf, ANDROID_PUBKEY_ENCODED_SIZE, &key)) {
172 LOG(ERROR) << "Failed to parse key " << pubkey;
173 return true;
174 }
175
176 bool verified =
177 (RSA_verify(NID_sha1, reinterpret_cast<const uint8_t*>(token), token_size,
178 reinterpret_cast<const uint8_t*>(sig.c_str()), sig.size(), key) == 1);
179 RSA_free(key);
180 if (verified) {
181 *auth_key = public_key;
182 authorized = true;
183 return false;
184 }
185
186 return true;
187 });
188
189 return authorized;
190 }
191
adbd_auth_generate_token(void * token,size_t token_size)192 static bool adbd_auth_generate_token(void* token, size_t token_size) {
193 FILE* fp = fopen("/dev/urandom", "re");
194 if (!fp) return false;
195 bool okay = (fread(token, token_size, 1, fp) == 1);
196 fclose(fp);
197 return okay;
198 }
199
adbd_cloexec_auth_socket()200 void adbd_cloexec_auth_socket() {
201 int fd = android_get_control_socket("adbd");
202 if (fd == -1) {
203 PLOG(ERROR) << "Failed to get adbd socket";
204 return;
205 }
206 fcntl(fd, F_SETFD, FD_CLOEXEC);
207 }
208
adbd_auth_key_authorized(void * arg,uint64_t id)209 static void adbd_auth_key_authorized(void* arg, uint64_t id) {
210 LOG(INFO) << "adb client " << id << " authorized";
211 fdevent_run_on_main_thread([=]() {
212 auto* transport = transport_from_callback_arg(arg);
213 if (!transport) {
214 LOG(ERROR) << "authorization received for deleted transport (" << id << "), ignoring";
215 return;
216 }
217
218 if (transport->auth_id.has_value()) {
219 if (transport->auth_id.value() != id) {
220 LOG(ERROR)
221 << "authorization received, but auth id doesn't match, ignoring (expected "
222 << transport->auth_id.value() << ", got " << id << ")";
223 return;
224 }
225 } else {
226 // Older versions (i.e. dogfood/beta builds) of libadbd_auth didn't pass the initial
227 // auth id to us, so we'll just have to trust it until R ships and we can retcon this.
228 transport->auth_id = id;
229 }
230
231 adbd_auth_verified(transport);
232 });
233 }
234
adbd_key_removed(const char * public_key,size_t len)235 static void adbd_key_removed(const char* public_key, size_t len) {
236 // The framework removed the key from its keystore. We need to disconnect all
237 // devices using that key. Search by t->auth_key
238 std::string_view auth_key(public_key, len);
239 kick_all_transports_by_auth_key(auth_key);
240 }
241
adbd_auth_init(void)242 void adbd_auth_init(void) {
243 AdbdAuthCallbacksV1 cb;
244 cb.version = 1;
245 cb.key_authorized = adbd_auth_key_authorized;
246 cb.key_removed = adbd_key_removed;
247 auth_ctx = adbd_auth_new(&cb);
248 adbd_wifi_init(auth_ctx);
249 std::thread([]() {
250 adb_thread_setname("adbd auth");
251 adbd_auth_run(auth_ctx);
252 LOG(FATAL) << "auth thread terminated";
253 }).detach();
254 }
255
send_auth_request(atransport * t)256 void send_auth_request(atransport* t) {
257 LOG(INFO) << "Calling send_auth_request...";
258
259 if (!adbd_auth_generate_token(t->token, sizeof(t->token))) {
260 PLOG(ERROR) << "Error generating token";
261 return;
262 }
263
264 apacket* p = get_apacket();
265 p->msg.command = A_AUTH;
266 p->msg.arg0 = ADB_AUTH_TOKEN;
267 p->msg.data_length = sizeof(t->token);
268 p->payload.assign(t->token, t->token + sizeof(t->token));
269 send_packet(p, t);
270 }
271
adbd_auth_verified(atransport * t)272 void adbd_auth_verified(atransport* t) {
273 LOG(INFO) << "adb client authorized";
274 handle_online(t);
275 send_connect(t);
276 }
277
adb_disconnected(void * unused,atransport * t)278 static void adb_disconnected(void* unused, atransport* t) {
279 LOG(INFO) << "ADB disconnect";
280 CHECK(t->auth_id.has_value());
281 adbd_auth_notify_disconnect(auth_ctx, t->auth_id.value());
282 }
283
adbd_auth_confirm_key(atransport * t)284 void adbd_auth_confirm_key(atransport* t) {
285 LOG(INFO) << "prompting user to authorize key";
286 t->AddDisconnect(&adb_disconnect);
287 if (adbd_auth_prompt_user_with_id) {
288 t->auth_id = adbd_auth_prompt_user_with_id(auth_ctx, t->auth_key.data(), t->auth_key.size(),
289 transport_to_callback_arg(t));
290 } else {
291 adbd_auth_prompt_user(auth_ctx, t->auth_key.data(), t->auth_key.size(),
292 transport_to_callback_arg(t));
293 }
294 }
295
adbd_notify_framework_connected_key(atransport * t)296 void adbd_notify_framework_connected_key(atransport* t) {
297 t->auth_id = adbd_auth_notify_auth(auth_ctx, t->auth_key.data(), t->auth_key.size());
298 }
299
adbd_tls_verify_cert(X509_STORE_CTX * ctx,std::string * auth_key)300 int adbd_tls_verify_cert(X509_STORE_CTX* ctx, std::string* auth_key) {
301 if (!auth_required) {
302 // Any key will do.
303 LOG(INFO) << __func__ << ": auth not required";
304 return 1;
305 }
306
307 bool authorized = false;
308 X509* cert = X509_STORE_CTX_get0_cert(ctx);
309 if (cert == nullptr) {
310 LOG(INFO) << "got null x509 certificate";
311 return 0;
312 }
313 bssl::UniquePtr<EVP_PKEY> evp_pkey(X509_get_pubkey(cert));
314 if (evp_pkey == nullptr) {
315 LOG(INFO) << "got null evp_pkey from x509 certificate";
316 return 0;
317 }
318
319 IteratePublicKeys([&](std::string_view public_key) {
320 // TODO: do we really have to support both ' ' and '\t'?
321 std::vector<std::string> split = android::base::Split(std::string(public_key), " \t");
322 uint8_t keybuf[ANDROID_PUBKEY_ENCODED_SIZE + 1];
323 const std::string& pubkey = split[0];
324 if (b64_pton(pubkey.c_str(), keybuf, sizeof(keybuf)) != ANDROID_PUBKEY_ENCODED_SIZE) {
325 LOG(ERROR) << "Invalid base64 key " << pubkey;
326 return true;
327 }
328
329 RSA* key = nullptr;
330 if (!android_pubkey_decode(keybuf, ANDROID_PUBKEY_ENCODED_SIZE, &key)) {
331 LOG(ERROR) << "Failed to parse key " << pubkey;
332 return true;
333 }
334
335 bool verified = false;
336 bssl::UniquePtr<EVP_PKEY> known_evp(EVP_PKEY_new());
337 EVP_PKEY_set1_RSA(known_evp.get(), key);
338 if (EVP_PKEY_cmp(known_evp.get(), evp_pkey.get())) {
339 LOG(INFO) << "Matched auth_key=" << public_key;
340 verified = true;
341 } else {
342 LOG(INFO) << "auth_key doesn't match [" << public_key << "]";
343 }
344 RSA_free(key);
345 if (verified) {
346 *auth_key = public_key;
347 authorized = true;
348 return false;
349 }
350
351 return true;
352 });
353
354 return authorized ? 1 : 0;
355 }
356
adbd_auth_tls_handshake(atransport * t)357 void adbd_auth_tls_handshake(atransport* t) {
358 if (rsa_pkey == nullptr) {
359 // Generate a random RSA key to feed into the X509 certificate
360 auto rsa_2048 = CreateRSA2048Key();
361 CHECK(rsa_2048.has_value());
362 rsa_pkey = EVP_PKEY_get1_RSA(rsa_2048->GetEvpPkey());
363 CHECK(rsa_pkey);
364 }
365
366 std::thread([t]() {
367 std::string auth_key;
368 if (t->connection()->DoTlsHandshake(rsa_pkey, &auth_key)) {
369 LOG(INFO) << "auth_key=" << auth_key;
370 if (t->IsTcpDevice()) {
371 t->auth_key = auth_key;
372 adbd_wifi_secure_connect(t);
373 } else {
374 adbd_auth_verified(t);
375 adbd_notify_framework_connected_key(t);
376 }
377 } else {
378 // Only allow one attempt at the handshake.
379 t->Kick();
380 }
381 }).detach();
382 }
383