1 /*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define TRACE_TAG AUTH
18
19 #include "sysdeps.h"
20
21 #include <resolv.h>
22 #include <stdio.h>
23 #include <string.h>
24
25 #include <algorithm>
26 #include <chrono>
27 #include <iomanip>
28 #include <map>
29 #include <memory>
30 #include <thread>
31
32 #include <adb/crypto/rsa_2048_key.h>
33 #include <adb/tls/adb_ca_list.h>
34 #include <adbd_auth.h>
35 #include <android-base/file.h>
36 #include <android-base/no_destructor.h>
37 #include <android-base/strings.h>
38 #include <crypto_utils/android_pubkey.h>
39 #include <openssl/obj_mac.h>
40 #include <openssl/rsa.h>
41 #include <openssl/sha.h>
42 #include <openssl/ssl.h>
43
44 #include "adb.h"
45 #include "adb_auth.h"
46 #include "adb_io.h"
47 #include "adb_wifi.h"
48 #include "fdevent/fdevent.h"
49 #include "transport.h"
50 #include "types.h"
51
52 using namespace adb::crypto;
53 using namespace adb::tls;
54 using namespace std::chrono_literals;
55
56 static AdbdAuthContext* auth_ctx;
57
58 static RSA* rsa_pkey = nullptr;
59
60 static void adb_disconnected(void* unused, atransport* t);
61 static struct adisconnect adb_disconnect = {adb_disconnected, nullptr};
62
63 static android::base::NoDestructor<std::map<uint32_t, weak_ptr<atransport>>> transports;
64 static uint32_t transport_auth_id = 0;
65
66 bool auth_required = true;
67 bool socket_access_allowed = true;
68
transport_to_callback_arg(atransport * transport)69 static void* transport_to_callback_arg(atransport* transport) {
70 uint32_t id = transport_auth_id++;
71 (*transports)[id] = transport->weak();
72 return reinterpret_cast<void*>(id);
73 }
74
transport_from_callback_arg(void * id)75 static atransport* transport_from_callback_arg(void* id) {
76 uint64_t id_u64 = reinterpret_cast<uint64_t>(id);
77 if (id_u64 > std::numeric_limits<uint32_t>::max()) {
78 LOG(FATAL) << "transport_from_callback_arg called on out of range value: " << id_u64;
79 }
80
81 uint32_t id_u32 = static_cast<uint32_t>(id_u64);
82 auto it = transports->find(id_u32);
83 if (it == transports->end()) {
84 LOG(ERROR) << "transport_from_callback_arg failed to find transport for id " << id_u32;
85 return nullptr;
86 }
87
88 atransport* t = it->second.get();
89 if (!t) {
90 LOG(WARNING) << "transport_from_callback_arg found already destructed transport";
91 return nullptr;
92 }
93
94 transports->erase(it);
95 return t;
96 }
97
IteratePublicKeys(std::function<bool (std::string_view public_key)> f)98 static void IteratePublicKeys(std::function<bool(std::string_view public_key)> f) {
99 adbd_auth_get_public_keys(
100 auth_ctx,
101 [](void* opaque, const char* public_key, size_t len) {
102 return (*static_cast<decltype(f)*>(opaque))(std::string_view(public_key, len));
103 },
104 &f);
105 }
106
adbd_tls_client_ca_list()107 bssl::UniquePtr<STACK_OF(X509_NAME)> adbd_tls_client_ca_list() {
108 if (!auth_required) {
109 return nullptr;
110 }
111
112 bssl::UniquePtr<STACK_OF(X509_NAME)> ca_list(sk_X509_NAME_new_null());
113
114 IteratePublicKeys([&](std::string_view public_key) {
115 // TODO: do we really have to support both ' ' and '\t'?
116 std::vector<std::string> split = android::base::Split(std::string(public_key), " \t");
117 uint8_t keybuf[ANDROID_PUBKEY_ENCODED_SIZE + 1];
118 const std::string& pubkey = split[0];
119 if (b64_pton(pubkey.c_str(), keybuf, sizeof(keybuf)) != ANDROID_PUBKEY_ENCODED_SIZE) {
120 LOG(ERROR) << "Invalid base64 key " << pubkey;
121 return true;
122 }
123
124 RSA* key = nullptr;
125 if (!android_pubkey_decode(keybuf, ANDROID_PUBKEY_ENCODED_SIZE, &key)) {
126 LOG(ERROR) << "Failed to parse key " << pubkey;
127 return true;
128 }
129 bssl::UniquePtr<RSA> rsa_key(key);
130
131 unsigned char* dkey = nullptr;
132 int len = i2d_RSA_PUBKEY(rsa_key.get(), &dkey);
133 if (len <= 0 || dkey == nullptr) {
134 LOG(ERROR) << "Failed to encode RSA public key";
135 return true;
136 }
137
138 uint8_t digest[SHA256_DIGEST_LENGTH];
139 // Put the encoded key in the commonName attribute of the issuer name.
140 // Note that the commonName has a max length of 64 bytes, which is less
141 // than the SHA256_DIGEST_LENGTH.
142 SHA256(dkey, len, digest);
143 OPENSSL_free(dkey);
144
145 auto digest_str = SHA256BitsToHexString(
146 std::string_view(reinterpret_cast<const char*>(&digest[0]), sizeof(digest)));
147 LOG(INFO) << "fingerprint=[" << digest_str << "]";
148 auto issuer = CreateCAIssuerFromEncodedKey(digest_str);
149 CHECK(bssl::PushToStack(ca_list.get(), std::move(issuer)));
150 return true;
151 });
152
153 return ca_list;
154 }
155
adbd_auth_verify(const char * token,size_t token_size,const std::string & sig,std::string * auth_key)156 bool adbd_auth_verify(const char* token, size_t token_size, const std::string& sig,
157 std::string* auth_key) {
158 bool authorized = false;
159 auth_key->clear();
160
161 IteratePublicKeys([&](std::string_view public_key) {
162 // TODO: do we really have to support both ' ' and '\t'?
163 std::vector<std::string> split = android::base::Split(std::string(public_key), " \t");
164 uint8_t keybuf[ANDROID_PUBKEY_ENCODED_SIZE + 1];
165 const std::string& pubkey = split[0];
166 if (b64_pton(pubkey.c_str(), keybuf, sizeof(keybuf)) != ANDROID_PUBKEY_ENCODED_SIZE) {
167 LOG(ERROR) << "Invalid base64 key " << pubkey;
168 return true;
169 }
170
171 RSA* key = nullptr;
172 if (!android_pubkey_decode(keybuf, ANDROID_PUBKEY_ENCODED_SIZE, &key)) {
173 LOG(ERROR) << "Failed to parse key " << pubkey;
174 return true;
175 }
176
177 bool verified =
178 (RSA_verify(NID_sha1, reinterpret_cast<const uint8_t*>(token), token_size,
179 reinterpret_cast<const uint8_t*>(sig.c_str()), sig.size(), key) == 1);
180 RSA_free(key);
181 if (verified) {
182 *auth_key = public_key;
183 authorized = true;
184 return false;
185 }
186
187 return true;
188 });
189
190 return authorized;
191 }
192
adbd_auth_generate_token(void * token,size_t token_size)193 static bool adbd_auth_generate_token(void* token, size_t token_size) {
194 FILE* fp = fopen("/dev/urandom", "re");
195 if (!fp) return false;
196 bool okay = (fread(token, token_size, 1, fp) == 1);
197 fclose(fp);
198 return okay;
199 }
200
adbd_cloexec_auth_socket()201 void adbd_cloexec_auth_socket() {
202 int fd = android_get_control_socket("adbd");
203 if (fd == -1) {
204 PLOG(ERROR) << "Failed to get adbd socket";
205 return;
206 }
207 fcntl(fd, F_SETFD, FD_CLOEXEC);
208 }
209
adbd_auth_key_authorized(void * arg,uint64_t id)210 static void adbd_auth_key_authorized(void* arg, uint64_t id) {
211 LOG(INFO) << "adb client " << id << " authorized";
212 fdevent_run_on_main_thread([=]() {
213 auto* transport = transport_from_callback_arg(arg);
214 if (!transport) {
215 LOG(ERROR) << "authorization received for deleted transport (" << id << "), ignoring";
216 return;
217 }
218
219 if (transport->auth_id.has_value()) {
220 if (transport->auth_id.value() != id) {
221 LOG(ERROR)
222 << "authorization received, but auth id doesn't match, ignoring (expected "
223 << transport->auth_id.value() << ", got " << id << ")";
224 return;
225 }
226 } else {
227 // Older versions (i.e. dogfood/beta builds) of libadbd_auth didn't pass the initial
228 // auth id to us, so we'll just have to trust it until R ships and we can retcon this.
229 transport->auth_id = id;
230 }
231
232 adbd_auth_verified(transport);
233 });
234 }
235
adbd_key_removed(const char * public_key,size_t len)236 static void adbd_key_removed(const char* public_key, size_t len) {
237 // The framework removed the key from its keystore. We need to disconnect all
238 // devices using that key. Search by t->auth_key
239 std::string_view auth_key(public_key, len);
240 kick_all_transports_by_auth_key(auth_key);
241 }
242
adbd_auth_init(void)243 void adbd_auth_init(void) {
244 AdbdAuthCallbacksV1 cb;
245 cb.version = 1;
246 cb.key_authorized = adbd_auth_key_authorized;
247 cb.key_removed = adbd_key_removed;
248 auth_ctx = adbd_auth_new(&cb);
249 adbd_wifi_init(auth_ctx);
250 std::thread([]() {
251 adb_thread_setname("adbd auth");
252 adbd_auth_run(auth_ctx);
253 LOG(FATAL) << "auth thread terminated";
254 }).detach();
255 }
256
send_auth_request(atransport * t)257 void send_auth_request(atransport* t) {
258 LOG(INFO) << "Calling send_auth_request...";
259
260 if (!adbd_auth_generate_token(t->token, sizeof(t->token))) {
261 PLOG(ERROR) << "Error generating token";
262 return;
263 }
264
265 apacket* p = get_apacket();
266 p->msg.command = A_AUTH;
267 p->msg.arg0 = ADB_AUTH_TOKEN;
268 p->msg.data_length = sizeof(t->token);
269 p->payload.assign(t->token, t->token + sizeof(t->token));
270 send_packet(p, t);
271 }
272
adbd_auth_verified(atransport * t)273 void adbd_auth_verified(atransport* t) {
274 LOG(INFO) << "adb client authorized";
275 handle_online(t);
276 send_connect(t);
277 }
278
adb_disconnected(void * unused,atransport * t)279 static void adb_disconnected(void* unused, atransport* t) {
280 LOG(INFO) << "ADB disconnect";
281 CHECK(t->auth_id.has_value());
282 adbd_auth_notify_disconnect(auth_ctx, t->auth_id.value());
283 }
284
adbd_auth_confirm_key(atransport * t)285 void adbd_auth_confirm_key(atransport* t) {
286 LOG(INFO) << "prompting user to authorize key";
287 t->AddDisconnect(&adb_disconnect);
288 if (adbd_auth_prompt_user_with_id) {
289 t->auth_id = adbd_auth_prompt_user_with_id(auth_ctx, t->auth_key.data(), t->auth_key.size(),
290 transport_to_callback_arg(t));
291 } else {
292 adbd_auth_prompt_user(auth_ctx, t->auth_key.data(), t->auth_key.size(),
293 transport_to_callback_arg(t));
294 }
295 }
296
adbd_notify_framework_connected_key(atransport * t)297 void adbd_notify_framework_connected_key(atransport* t) {
298 t->auth_id = adbd_auth_notify_auth(auth_ctx, t->auth_key.data(), t->auth_key.size());
299 }
300
adbd_tls_verify_cert(X509_STORE_CTX * ctx,std::string * auth_key)301 int adbd_tls_verify_cert(X509_STORE_CTX* ctx, std::string* auth_key) {
302 if (!auth_required) {
303 // Any key will do.
304 LOG(INFO) << __func__ << ": auth not required";
305 return 1;
306 }
307
308 bool authorized = false;
309 X509* cert = X509_STORE_CTX_get0_cert(ctx);
310 if (cert == nullptr) {
311 LOG(INFO) << "got null x509 certificate";
312 return 0;
313 }
314 bssl::UniquePtr<EVP_PKEY> evp_pkey(X509_get_pubkey(cert));
315 if (evp_pkey == nullptr) {
316 LOG(INFO) << "got null evp_pkey from x509 certificate";
317 return 0;
318 }
319
320 IteratePublicKeys([&](std::string_view public_key) {
321 // TODO: do we really have to support both ' ' and '\t'?
322 std::vector<std::string> split = android::base::Split(std::string(public_key), " \t");
323 uint8_t keybuf[ANDROID_PUBKEY_ENCODED_SIZE + 1];
324 const std::string& pubkey = split[0];
325 if (b64_pton(pubkey.c_str(), keybuf, sizeof(keybuf)) != ANDROID_PUBKEY_ENCODED_SIZE) {
326 LOG(ERROR) << "Invalid base64 key " << pubkey;
327 return true;
328 }
329
330 RSA* key = nullptr;
331 if (!android_pubkey_decode(keybuf, ANDROID_PUBKEY_ENCODED_SIZE, &key)) {
332 LOG(ERROR) << "Failed to parse key " << pubkey;
333 return true;
334 }
335
336 bool verified = false;
337 bssl::UniquePtr<EVP_PKEY> known_evp(EVP_PKEY_new());
338 EVP_PKEY_set1_RSA(known_evp.get(), key);
339 if (EVP_PKEY_cmp(known_evp.get(), evp_pkey.get())) {
340 LOG(INFO) << "Matched auth_key=" << public_key;
341 verified = true;
342 } else {
343 LOG(INFO) << "auth_key doesn't match [" << public_key << "]";
344 }
345 RSA_free(key);
346 if (verified) {
347 *auth_key = public_key;
348 authorized = true;
349 return false;
350 }
351
352 return true;
353 });
354
355 return authorized ? 1 : 0;
356 }
357
adbd_auth_tls_handshake(atransport * t)358 void adbd_auth_tls_handshake(atransport* t) {
359 if (rsa_pkey == nullptr) {
360 // Generate a random RSA key to feed into the X509 certificate
361 auto rsa_2048 = CreateRSA2048Key();
362 CHECK(rsa_2048.has_value());
363 rsa_pkey = EVP_PKEY_get1_RSA(rsa_2048->GetEvpPkey());
364 CHECK(rsa_pkey);
365 }
366
367 std::thread([t]() {
368 std::string auth_key;
369 if (t->connection()->DoTlsHandshake(rsa_pkey, &auth_key)) {
370 LOG(INFO) << "auth_key=" << auth_key;
371 if (t->IsTcpDevice()) {
372 t->auth_key = auth_key;
373 adbd_wifi_secure_connect(t);
374 } else {
375 adbd_auth_verified(t);
376 adbd_notify_framework_connected_key(t);
377 }
378 } else {
379 // Only allow one attempt at the handshake.
380 t->Kick();
381 }
382 }).detach();
383 }
384