/*
* Copyright (C) 2012 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#define TRACE_TAG AUTH
#include "adb.h"
#include "adb_auth.h"
#include "adb_io.h"
#include "fdevent.h"
#include "sysdeps.h"
#include "transport.h"
#include <resolv.h>
#include <stdio.h>
#include <string.h>
#include <iomanip>
#include <algorithm>
#include <memory>
#include <android-base/file.h>
#include <android-base/strings.h>
#include <crypto_utils/android_pubkey.h>
#include <openssl/obj_mac.h>
#include <openssl/rsa.h>
#include <openssl/sha.h>
static fdevent* listener_fde = nullptr;
static fdevent* framework_fde = nullptr;
static auto& framework_mutex = *new std::mutex();
static int framework_fd GUARDED_BY(framework_mutex) = -1;
static auto& connected_keys GUARDED_BY(framework_mutex) = *new std::vector<std::string>;
static void adb_disconnected(void* unused, atransport* t);
static struct adisconnect adb_disconnect = {adb_disconnected, nullptr};
static atransport* adb_transport;
static bool needs_retry = false;
bool auth_required = true;
bool adbd_auth_verify(const char* token, size_t token_size, const std::string& sig,
std::string* auth_key) {
static constexpr const char* key_paths[] = { "/adb_keys", "/data/misc/adb/adb_keys", nullptr };
for (const auto& path : key_paths) {
if (access(path, R_OK) == 0) {
LOG(INFO) << "Loading keys from " << path;
std::string content;
if (!android::base::ReadFileToString(path, &content)) {
PLOG(ERROR) << "Couldn't read " << path;
continue;
}
for (const auto& line : android::base::Split(content, "\n")) {
if (line.empty()) continue;
*auth_key = line;
// TODO: do we really have to support both ' ' and '\t'?
char* sep = strpbrk(const_cast<char*>(line.c_str()), " \t");
if (sep) *sep = '\0';
// b64_pton requires one additional byte in the target buffer for
// decoding to succeed. See http://b/28035006 for details.
uint8_t keybuf[ANDROID_PUBKEY_ENCODED_SIZE + 1];
if (b64_pton(line.c_str(), keybuf, sizeof(keybuf)) != ANDROID_PUBKEY_ENCODED_SIZE) {
LOG(ERROR) << "Invalid base64 key " << line.c_str() << " in " << path;
continue;
}
RSA* key = nullptr;
if (!android_pubkey_decode(keybuf, ANDROID_PUBKEY_ENCODED_SIZE, &key)) {
LOG(ERROR) << "Failed to parse key " << line.c_str() << " in " << path;
continue;
}
bool verified =
(RSA_verify(NID_sha1, reinterpret_cast<const uint8_t*>(token), token_size,
reinterpret_cast<const uint8_t*>(sig.c_str()), sig.size(),
key) == 1);
RSA_free(key);
if (verified) return true;
}
}
}
auth_key->clear();
return false;
}
static bool adbd_send_key_message_locked(std::string_view msg_type, std::string_view key)
REQUIRES(framework_mutex) {
if (framework_fd < 0) {
LOG(ERROR) << "Client not connected to send msg_type " << msg_type;
return false;
}
std::string msg = std::string(msg_type) + std::string(key);
int msg_len = msg.length();
if (msg_len >= static_cast<int>(MAX_FRAMEWORK_PAYLOAD)) {
LOG(ERROR) << "Key too long (" << msg_len << ")";
return false;
}
LOG(DEBUG) << "Sending '" << msg << "'";
if (!WriteFdExactly(framework_fd, msg.c_str(), msg_len)) {
PLOG(ERROR) << "Failed to write " << msg_type;
return false;
}
return true;
}
static bool adbd_auth_generate_token(void* token, size_t token_size) {
FILE* fp = fopen("/dev/urandom", "re");
if (!fp) return false;
bool okay = (fread(token, token_size, 1, fp) == 1);
fclose(fp);
return okay;
}
static void adb_disconnected(void* unused, atransport* t) {
LOG(INFO) << "ADB disconnect";
adb_transport = nullptr;
needs_retry = false;
{
std::lock_guard<std::mutex> lock(framework_mutex);
if (framework_fd >= 0) {
adbd_send_key_message_locked("DC", t->auth_key);
}
connected_keys.erase(std::remove(connected_keys.begin(), connected_keys.end(), t->auth_key),
connected_keys.end());
}
}
static void framework_disconnected() {
LOG(INFO) << "Framework disconnect";
if (framework_fde) {
fdevent_destroy(framework_fde);
{
std::lock_guard<std::mutex> lock(framework_mutex);
framework_fd = -1;
}
}
}
static void adbd_auth_event(int fd, unsigned events, void*) {
if (events & FDE_READ) {
char response[2];
int ret = unix_read(fd, response, sizeof(response));
if (ret <= 0) {
framework_disconnected();
} else if (ret == 2 && response[0] == 'O' && response[1] == 'K') {
if (adb_transport) {
adbd_auth_verified(adb_transport);
}
}
}
}
void adbd_auth_confirm_key(atransport* t) {
if (!adb_transport) {
adb_transport = t;
t->AddDisconnect(&adb_disconnect);
}
{
std::lock_guard<std::mutex> lock(framework_mutex);
if (framework_fd < 0) {
LOG(ERROR) << "Client not connected";
needs_retry = true;
return;
}
adbd_send_key_message_locked("PK", t->auth_key);
}
}
static void adbd_auth_listener(int fd, unsigned events, void* data) {
int s = adb_socket_accept(fd, nullptr, nullptr);
if (s < 0) {
PLOG(ERROR) << "Failed to accept";
return;
}
{
std::lock_guard<std::mutex> lock(framework_mutex);
if (framework_fd >= 0) {
LOG(WARNING) << "adb received framework auth socket connection again";
framework_disconnected();
}
framework_fd = s;
framework_fde = fdevent_create(framework_fd, adbd_auth_event, nullptr);
fdevent_add(framework_fde, FDE_READ);
if (needs_retry) {
needs_retry = false;
send_auth_request(adb_transport);
}
// if a client connected before the framework was available notify the framework of the
// connected key now.
if (!connected_keys.empty()) {
for (const auto& key : connected_keys) {
adbd_send_key_message_locked("CK", key);
}
}
}
}
void adbd_notify_framework_connected_key(atransport* t) {
if (!adb_transport) {
adb_transport = t;
t->AddDisconnect(&adb_disconnect);
}
{
std::lock_guard<std::mutex> lock(framework_mutex);
if (std::find(connected_keys.begin(), connected_keys.end(), t->auth_key) ==
connected_keys.end()) {
connected_keys.push_back(t->auth_key);
}
if (framework_fd >= 0) {
adbd_send_key_message_locked("CK", t->auth_key);
}
}
}
void adbd_cloexec_auth_socket() {
int fd = android_get_control_socket("adbd");
if (fd == -1) {
PLOG(ERROR) << "Failed to get adbd socket";
return;
}
fcntl(fd, F_SETFD, FD_CLOEXEC);
}
void adbd_auth_init(void) {
int fd = android_get_control_socket("adbd");
if (fd == -1) {
PLOG(ERROR) << "Failed to get adbd socket";
return;
}
if (listen(fd, 4) == -1) {
PLOG(ERROR) << "Failed to listen on '" << fd << "'";
return;
}
listener_fde = fdevent_create(fd, adbd_auth_listener, nullptr);
fdevent_add(listener_fde, FDE_READ);
}
void send_auth_request(atransport* t) {
LOG(INFO) << "Calling send_auth_request...";
if (!adbd_auth_generate_token(t->token, sizeof(t->token))) {
PLOG(ERROR) << "Error generating token";
return;
}
apacket* p = get_apacket();
p->msg.command = A_AUTH;
p->msg.arg0 = ADB_AUTH_TOKEN;
p->msg.data_length = sizeof(t->token);
p->payload.assign(t->token, t->token + sizeof(t->token));
send_packet(p, t);
}
void adbd_auth_verified(atransport* t) {
LOG(INFO) << "adb client authorized";
handle_online(t);
send_connect(t);
}