• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2012 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #define TRACE_TAG AUTH
18 
19 #include "adb.h"
20 #include "adb_auth.h"
21 #include "fdevent.h"
22 #include "sysdeps.h"
23 #include "transport.h"
24 
25 #include <resolv.h>
26 #include <stdio.h>
27 #include <string.h>
28 
29 #include <memory>
30 
31 #include <android-base/file.h>
32 #include <android-base/strings.h>
33 #include <crypto_utils/android_pubkey.h>
34 #include <openssl/obj_mac.h>
35 #include <openssl/rsa.h>
36 #include <openssl/sha.h>
37 
38 static fdevent listener_fde;
39 static fdevent framework_fde;
40 static int framework_fd = -1;
41 
42 static void usb_disconnected(void* unused, atransport* t);
43 static struct adisconnect usb_disconnect = { usb_disconnected, nullptr};
44 static atransport* usb_transport;
45 static bool needs_retry = false;
46 
47 bool auth_required = true;
48 
adbd_auth_verify(const char * token,size_t token_size,const std::string & sig)49 bool adbd_auth_verify(const char* token, size_t token_size, const std::string& sig) {
50     static constexpr const char* key_paths[] = { "/adb_keys", "/data/misc/adb/adb_keys", nullptr };
51 
52     for (const auto& path : key_paths) {
53         if (access(path, R_OK) == 0) {
54             LOG(INFO) << "Loading keys from " << path;
55 
56             std::string content;
57             if (!android::base::ReadFileToString(path, &content)) {
58                 PLOG(ERROR) << "Couldn't read " << path;
59                 continue;
60             }
61 
62             for (const auto& line : android::base::Split(content, "\n")) {
63                 // TODO: do we really have to support both ' ' and '\t'?
64                 char* sep = strpbrk(const_cast<char*>(line.c_str()), " \t");
65                 if (sep) *sep = '\0';
66 
67                 // b64_pton requires one additional byte in the target buffer for
68                 // decoding to succeed. See http://b/28035006 for details.
69                 uint8_t keybuf[ANDROID_PUBKEY_ENCODED_SIZE + 1];
70                 if (__b64_pton(line.c_str(), keybuf, sizeof(keybuf)) != ANDROID_PUBKEY_ENCODED_SIZE) {
71                     LOG(ERROR) << "Invalid base64 key " << line.c_str() << " in " << path;
72                     continue;
73                 }
74 
75                 RSA* key = nullptr;
76                 if (!android_pubkey_decode(keybuf, ANDROID_PUBKEY_ENCODED_SIZE, &key)) {
77                     LOG(ERROR) << "Failed to parse key " << line.c_str() << " in " << path;
78                     continue;
79                 }
80 
81                 bool verified =
82                     (RSA_verify(NID_sha1, reinterpret_cast<const uint8_t*>(token), token_size,
83                                 reinterpret_cast<const uint8_t*>(sig.c_str()), sig.size(),
84                                 key) == 1);
85                 RSA_free(key);
86                 if (verified) return true;
87             }
88         }
89     }
90     return false;
91 }
92 
adbd_auth_generate_token(void * token,size_t token_size)93 static bool adbd_auth_generate_token(void* token, size_t token_size) {
94     FILE* fp = fopen("/dev/urandom", "re");
95     if (!fp) return false;
96     bool okay = (fread(token, token_size, 1, fp) == 1);
97     fclose(fp);
98     return okay;
99 }
100 
usb_disconnected(void * unused,atransport * t)101 static void usb_disconnected(void* unused, atransport* t) {
102     LOG(INFO) << "USB disconnect";
103     usb_transport = NULL;
104     needs_retry = false;
105 }
106 
framework_disconnected()107 static void framework_disconnected() {
108     LOG(INFO) << "Framework disconnect";
109     fdevent_remove(&framework_fde);
110     framework_fd = -1;
111 }
112 
adbd_auth_event(int fd,unsigned events,void *)113 static void adbd_auth_event(int fd, unsigned events, void*) {
114     if (events & FDE_READ) {
115         char response[2];
116         int ret = unix_read(fd, response, sizeof(response));
117         if (ret <= 0) {
118             framework_disconnected();
119         } else if (ret == 2 && response[0] == 'O' && response[1] == 'K') {
120             if (usb_transport) {
121                 adbd_auth_verified(usb_transport);
122             }
123         }
124     }
125 }
126 
adbd_auth_confirm_key(const char * key,size_t len,atransport * t)127 void adbd_auth_confirm_key(const char* key, size_t len, atransport* t) {
128     if (!usb_transport) {
129         usb_transport = t;
130         t->AddDisconnect(&usb_disconnect);
131     }
132 
133     if (framework_fd < 0) {
134         LOG(ERROR) << "Client not connected";
135         needs_retry = true;
136         return;
137     }
138 
139     if (key[len - 1] != '\0') {
140         LOG(ERROR) << "Key must be a null-terminated string";
141         return;
142     }
143 
144     char msg[MAX_PAYLOAD_V1];
145     int msg_len = snprintf(msg, sizeof(msg), "PK%s", key);
146     if (msg_len >= static_cast<int>(sizeof(msg))) {
147         LOG(ERROR) << "Key too long (" << msg_len << ")";
148         return;
149     }
150     LOG(DEBUG) << "Sending '" << msg << "'";
151 
152     if (unix_write(framework_fd, msg, msg_len) == -1) {
153         PLOG(ERROR) << "Failed to write PK";
154         return;
155     }
156 }
157 
adbd_auth_listener(int fd,unsigned events,void * data)158 static void adbd_auth_listener(int fd, unsigned events, void* data) {
159     int s = adb_socket_accept(fd, nullptr, nullptr);
160     if (s < 0) {
161         PLOG(ERROR) << "Failed to accept";
162         return;
163     }
164 
165     if (framework_fd >= 0) {
166         LOG(WARNING) << "adb received framework auth socket connection again";
167         framework_disconnected();
168     }
169 
170     framework_fd = s;
171     fdevent_install(&framework_fde, framework_fd, adbd_auth_event, nullptr);
172     fdevent_add(&framework_fde, FDE_READ);
173 
174     if (needs_retry) {
175         needs_retry = false;
176         send_auth_request(usb_transport);
177     }
178 }
179 
adbd_cloexec_auth_socket()180 void adbd_cloexec_auth_socket() {
181     int fd = android_get_control_socket("adbd");
182     if (fd == -1) {
183         PLOG(ERROR) << "Failed to get adbd socket";
184         return;
185     }
186     fcntl(fd, F_SETFD, FD_CLOEXEC);
187 }
188 
adbd_auth_init(void)189 void adbd_auth_init(void) {
190     int fd = android_get_control_socket("adbd");
191     if (fd == -1) {
192         PLOG(ERROR) << "Failed to get adbd socket";
193         return;
194     }
195 
196     if (listen(fd, 4) == -1) {
197         PLOG(ERROR) << "Failed to listen on '" << fd << "'";
198         return;
199     }
200 
201     fdevent_install(&listener_fde, fd, adbd_auth_listener, NULL);
202     fdevent_add(&listener_fde, FDE_READ);
203 }
204 
send_auth_request(atransport * t)205 void send_auth_request(atransport* t) {
206     LOG(INFO) << "Calling send_auth_request...";
207 
208     if (!adbd_auth_generate_token(t->token, sizeof(t->token))) {
209         PLOG(ERROR) << "Error generating token";
210         return;
211     }
212 
213     apacket* p = get_apacket();
214     p->msg.command = A_AUTH;
215     p->msg.arg0 = ADB_AUTH_TOKEN;
216     p->msg.data_length = sizeof(t->token);
217     p->payload.assign(t->token, t->token + sizeof(t->token));
218     send_packet(p, t);
219 }
220 
adbd_auth_verified(atransport * t)221 void adbd_auth_verified(atransport* t) {
222     LOG(INFO) << "adb client authorized";
223     handle_online(t);
224     send_connect(t);
225 }
226