1 /* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #define TRACE_TAG AUTH 18 19 #include "adb.h" 20 #include "adb_auth.h" 21 #include "fdevent.h" 22 #include "sysdeps.h" 23 #include "transport.h" 24 25 #include <resolv.h> 26 #include <stdio.h> 27 #include <string.h> 28 29 #include <memory> 30 31 #include <android-base/file.h> 32 #include <android-base/strings.h> 33 #include <crypto_utils/android_pubkey.h> 34 #include <openssl/obj_mac.h> 35 #include <openssl/rsa.h> 36 #include <openssl/sha.h> 37 38 static fdevent listener_fde; 39 static fdevent framework_fde; 40 static int framework_fd = -1; 41 42 static void usb_disconnected(void* unused, atransport* t); 43 static struct adisconnect usb_disconnect = { usb_disconnected, nullptr}; 44 static atransport* usb_transport; 45 static bool needs_retry = false; 46 47 bool auth_required = true; 48 49 bool adbd_auth_verify(const char* token, size_t token_size, const std::string& sig) { 50 static constexpr const char* key_paths[] = { "/adb_keys", "/data/misc/adb/adb_keys", nullptr }; 51 52 for (const auto& path : key_paths) { 53 if (access(path, R_OK) == 0) { 54 LOG(INFO) << "Loading keys from " << path; 55 56 std::string content; 57 if (!android::base::ReadFileToString(path, &content)) { 58 PLOG(ERROR) << "Couldn't read " << path; 59 continue; 60 } 61 62 for (const auto& line : android::base::Split(content, "\n")) { 63 // TODO: do we really have to support both ' ' and '\t'? 64 char* sep = strpbrk(const_cast<char*>(line.c_str()), " \t"); 65 if (sep) *sep = '\0'; 66 67 // b64_pton requires one additional byte in the target buffer for 68 // decoding to succeed. See http://b/28035006 for details. 69 uint8_t keybuf[ANDROID_PUBKEY_ENCODED_SIZE + 1]; 70 if (__b64_pton(line.c_str(), keybuf, sizeof(keybuf)) != ANDROID_PUBKEY_ENCODED_SIZE) { 71 LOG(ERROR) << "Invalid base64 key " << line.c_str() << " in " << path; 72 continue; 73 } 74 75 RSA* key = nullptr; 76 if (!android_pubkey_decode(keybuf, ANDROID_PUBKEY_ENCODED_SIZE, &key)) { 77 LOG(ERROR) << "Failed to parse key " << line.c_str() << " in " << path; 78 continue; 79 } 80 81 bool verified = 82 (RSA_verify(NID_sha1, reinterpret_cast<const uint8_t*>(token), token_size, 83 reinterpret_cast<const uint8_t*>(sig.c_str()), sig.size(), 84 key) == 1); 85 RSA_free(key); 86 if (verified) return true; 87 } 88 } 89 } 90 return false; 91 } 92 93 static bool adbd_auth_generate_token(void* token, size_t token_size) { 94 FILE* fp = fopen("/dev/urandom", "re"); 95 if (!fp) return false; 96 bool okay = (fread(token, token_size, 1, fp) == 1); 97 fclose(fp); 98 return okay; 99 } 100 101 static void usb_disconnected(void* unused, atransport* t) { 102 LOG(INFO) << "USB disconnect"; 103 usb_transport = NULL; 104 needs_retry = false; 105 } 106 107 static void framework_disconnected() { 108 LOG(INFO) << "Framework disconnect"; 109 fdevent_remove(&framework_fde); 110 framework_fd = -1; 111 } 112 113 static void adbd_auth_event(int fd, unsigned events, void*) { 114 if (events & FDE_READ) { 115 char response[2]; 116 int ret = unix_read(fd, response, sizeof(response)); 117 if (ret <= 0) { 118 framework_disconnected(); 119 } else if (ret == 2 && response[0] == 'O' && response[1] == 'K') { 120 if (usb_transport) { 121 adbd_auth_verified(usb_transport); 122 } 123 } 124 } 125 } 126 127 void adbd_auth_confirm_key(const char* key, size_t len, atransport* t) { 128 if (!usb_transport) { 129 usb_transport = t; 130 t->AddDisconnect(&usb_disconnect); 131 } 132 133 if (framework_fd < 0) { 134 LOG(ERROR) << "Client not connected"; 135 needs_retry = true; 136 return; 137 } 138 139 if (key[len - 1] != '\0') { 140 LOG(ERROR) << "Key must be a null-terminated string"; 141 return; 142 } 143 144 char msg[MAX_PAYLOAD_V1]; 145 int msg_len = snprintf(msg, sizeof(msg), "PK%s", key); 146 if (msg_len >= static_cast<int>(sizeof(msg))) { 147 LOG(ERROR) << "Key too long (" << msg_len << ")"; 148 return; 149 } 150 LOG(DEBUG) << "Sending '" << msg << "'"; 151 152 if (unix_write(framework_fd, msg, msg_len) == -1) { 153 PLOG(ERROR) << "Failed to write PK"; 154 return; 155 } 156 } 157 158 static void adbd_auth_listener(int fd, unsigned events, void* data) { 159 int s = adb_socket_accept(fd, nullptr, nullptr); 160 if (s < 0) { 161 PLOG(ERROR) << "Failed to accept"; 162 return; 163 } 164 165 if (framework_fd >= 0) { 166 LOG(WARNING) << "adb received framework auth socket connection again"; 167 framework_disconnected(); 168 } 169 170 framework_fd = s; 171 fdevent_install(&framework_fde, framework_fd, adbd_auth_event, nullptr); 172 fdevent_add(&framework_fde, FDE_READ); 173 174 if (needs_retry) { 175 needs_retry = false; 176 send_auth_request(usb_transport); 177 } 178 } 179 180 void adbd_cloexec_auth_socket() { 181 int fd = android_get_control_socket("adbd"); 182 if (fd == -1) { 183 PLOG(ERROR) << "Failed to get adbd socket"; 184 return; 185 } 186 fcntl(fd, F_SETFD, FD_CLOEXEC); 187 } 188 189 void adbd_auth_init(void) { 190 int fd = android_get_control_socket("adbd"); 191 if (fd == -1) { 192 PLOG(ERROR) << "Failed to get adbd socket"; 193 return; 194 } 195 196 if (listen(fd, 4) == -1) { 197 PLOG(ERROR) << "Failed to listen on '" << fd << "'"; 198 return; 199 } 200 201 fdevent_install(&listener_fde, fd, adbd_auth_listener, NULL); 202 fdevent_add(&listener_fde, FDE_READ); 203 } 204 205 void send_auth_request(atransport* t) { 206 LOG(INFO) << "Calling send_auth_request..."; 207 208 if (!adbd_auth_generate_token(t->token, sizeof(t->token))) { 209 PLOG(ERROR) << "Error generating token"; 210 return; 211 } 212 213 apacket* p = get_apacket(); 214 p->msg.command = A_AUTH; 215 p->msg.arg0 = ADB_AUTH_TOKEN; 216 p->msg.data_length = sizeof(t->token); 217 p->payload.assign(t->token, t->token + sizeof(t->token)); 218 send_packet(p, t); 219 } 220 221 void adbd_auth_verified(atransport* t) { 222 LOG(INFO) << "adb client authorized"; 223 handle_online(t); 224 send_connect(t); 225 } 226
