Merge "Clean up key handling in adb."
This commit is contained in:
commit
b859830450
14
adb/adb.cpp
14
adb/adb.cpp
|
@ -354,21 +354,13 @@ void handle_packet(apacket *p, atransport *t)
|
|||
case A_AUTH:
|
||||
if (p->msg.arg0 == ADB_AUTH_TOKEN) {
|
||||
t->connection_state = kCsUnauthorized;
|
||||
t->key = adb_auth_nextkey(t->key);
|
||||
if (t->key) {
|
||||
send_auth_response(p->data, p->msg.data_length, t);
|
||||
} else {
|
||||
/* No more private keys to try, send the public key */
|
||||
send_auth_publickey(t);
|
||||
}
|
||||
send_auth_response(p->data, p->msg.data_length, t);
|
||||
} else if (p->msg.arg0 == ADB_AUTH_SIGNATURE) {
|
||||
if (adb_auth_verify(t->token, sizeof(t->token),
|
||||
p->data, p->msg.data_length)) {
|
||||
if (adb_auth_verify(t->token, sizeof(t->token), p->data, p->msg.data_length)) {
|
||||
adb_auth_verified(t);
|
||||
t->failed_auth_attempts = 0;
|
||||
} else {
|
||||
if (t->failed_auth_attempts++ > 10)
|
||||
adb_sleep_ms(1000);
|
||||
if (t->failed_auth_attempts++ > 10) adb_sleep_ms(1000);
|
||||
send_auth_request(t);
|
||||
}
|
||||
} else if (p->msg.arg0 == ADB_AUTH_RSAPUBLICKEY) {
|
||||
|
|
|
@ -16,8 +16,9 @@
|
|||
|
||||
#define TRACE_TAG ADB
|
||||
|
||||
#include "sysdeps.h"
|
||||
#include "adb.h"
|
||||
#include "adb_auth.h"
|
||||
#include "transport.h"
|
||||
|
||||
#include <errno.h>
|
||||
#include <stdio.h>
|
||||
|
@ -25,53 +26,28 @@
|
|||
#include <sys/types.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "adb.h"
|
||||
#include "transport.h"
|
||||
|
||||
bool auth_required = true;
|
||||
|
||||
void send_auth_request(atransport *t)
|
||||
{
|
||||
D("Calling send_auth_request");
|
||||
apacket *p;
|
||||
int ret;
|
||||
LOG(INFO) << "Calling send_auth_request...";
|
||||
|
||||
ret = adb_auth_generate_token(t->token, sizeof(t->token));
|
||||
if (ret != sizeof(t->token)) {
|
||||
D("Error generating token ret=%d", ret);
|
||||
if (!adb_auth_generate_token(t->token, sizeof(t->token))) {
|
||||
PLOG(ERROR) << "Error generating token";
|
||||
return;
|
||||
}
|
||||
|
||||
p = get_apacket();
|
||||
memcpy(p->data, t->token, ret);
|
||||
apacket* p = get_apacket();
|
||||
memcpy(p->data, t->token, sizeof(t->token));
|
||||
p->msg.command = A_AUTH;
|
||||
p->msg.arg0 = ADB_AUTH_TOKEN;
|
||||
p->msg.data_length = ret;
|
||||
p->msg.data_length = sizeof(t->token);
|
||||
send_packet(p, t);
|
||||
}
|
||||
|
||||
void send_auth_response(uint8_t *token, size_t token_size, atransport *t)
|
||||
{
|
||||
D("Calling send_auth_response");
|
||||
apacket *p = get_apacket();
|
||||
int ret;
|
||||
static void send_auth_publickey(atransport* t) {
|
||||
LOG(INFO) << "Calling send_auth_publickey";
|
||||
|
||||
ret = adb_auth_sign(t->key, token, token_size, p->data);
|
||||
if (!ret) {
|
||||
D("Error signing the token");
|
||||
put_apacket(p);
|
||||
return;
|
||||
}
|
||||
|
||||
p->msg.command = A_AUTH;
|
||||
p->msg.arg0 = ADB_AUTH_SIGNATURE;
|
||||
p->msg.data_length = ret;
|
||||
send_packet(p, t);
|
||||
}
|
||||
|
||||
void send_auth_publickey(atransport *t)
|
||||
{
|
||||
D("Calling send_auth_publickey");
|
||||
std::string key = adb_auth_get_userkey();
|
||||
if (key.empty()) {
|
||||
D("Failed to get user public key");
|
||||
|
@ -92,6 +68,35 @@ void send_auth_publickey(atransport *t)
|
|||
send_packet(p, t);
|
||||
}
|
||||
|
||||
void send_auth_response(uint8_t* token, size_t token_size, atransport* t) {
|
||||
RSA* key = t->NextKey();
|
||||
if (key == nullptr) {
|
||||
// No more private keys to try, send the public key.
|
||||
send_auth_publickey(t);
|
||||
return;
|
||||
}
|
||||
|
||||
LOG(INFO) << "Calling send_auth_response";
|
||||
apacket* p = get_apacket();
|
||||
|
||||
int ret = adb_auth_sign(key, token, token_size, p->data);
|
||||
|
||||
// Stop sharing this key.
|
||||
RSA_free(key);
|
||||
key = nullptr;
|
||||
|
||||
if (!ret) {
|
||||
D("Error signing the token");
|
||||
put_apacket(p);
|
||||
return;
|
||||
}
|
||||
|
||||
p->msg.command = A_AUTH;
|
||||
p->msg.arg0 = ADB_AUTH_SIGNATURE;
|
||||
p->msg.data_length = ret;
|
||||
send_packet(p, t);
|
||||
}
|
||||
|
||||
void adb_auth_verified(atransport *t)
|
||||
{
|
||||
handle_online(t);
|
||||
|
|
|
@ -19,6 +19,10 @@
|
|||
|
||||
#include "adb.h"
|
||||
|
||||
#include <deque>
|
||||
|
||||
#include <openssl/rsa.h>
|
||||
|
||||
extern bool auth_required;
|
||||
|
||||
int adb_auth_keygen(const char* filename);
|
||||
|
@ -26,7 +30,6 @@ void adb_auth_verified(atransport *t);
|
|||
|
||||
void send_auth_request(atransport *t);
|
||||
void send_auth_response(uint8_t *token, size_t token_size, atransport *t);
|
||||
void send_auth_publickey(atransport *t);
|
||||
|
||||
/* AUTH packets first argument */
|
||||
/* Request */
|
||||
|
@ -37,36 +40,25 @@ void send_auth_publickey(atransport *t);
|
|||
|
||||
#if ADB_HOST
|
||||
|
||||
void adb_auth_init(void);
|
||||
int adb_auth_sign(void *key, const unsigned char* token, size_t token_size,
|
||||
unsigned char* sig);
|
||||
void *adb_auth_nextkey(void *current);
|
||||
void adb_auth_init();
|
||||
int adb_auth_sign(RSA* key, const unsigned char* token, size_t token_size, unsigned char* sig);
|
||||
std::string adb_auth_get_userkey();
|
||||
std::deque<RSA*> adb_auth_get_private_keys();
|
||||
|
||||
static inline int adb_auth_generate_token(void *token, size_t token_size) {
|
||||
return 0;
|
||||
}
|
||||
static inline int adb_auth_verify(void *token, size_t token_size,
|
||||
void *sig, int siglen) {
|
||||
return 0;
|
||||
}
|
||||
static inline void adb_auth_confirm_key(unsigned char *data, size_t len,
|
||||
atransport *t) {}
|
||||
static inline bool adb_auth_generate_token(void*, size_t) { abort(); }
|
||||
static inline bool adb_auth_verify(void*, size_t, void*, int) { abort(); }
|
||||
static inline void adb_auth_confirm_key(unsigned char*, size_t, atransport*) { abort(); }
|
||||
|
||||
#else // !ADB_HOST
|
||||
|
||||
static inline int adb_auth_sign(void* key, const unsigned char* token,
|
||||
size_t token_size, unsigned char* sig) {
|
||||
return 0;
|
||||
}
|
||||
static inline void *adb_auth_nextkey(void *current) { return NULL; }
|
||||
static inline std::string adb_auth_get_userkey() { return ""; }
|
||||
static inline int adb_auth_sign(void*, const unsigned char*, size_t, unsigned char*) { abort(); }
|
||||
static inline std::string adb_auth_get_userkey() { abort(); }
|
||||
static inline std::deque<RSA*> adb_auth_get_private_keys() { abort(); }
|
||||
|
||||
void adbd_auth_init(void);
|
||||
void adbd_cloexec_auth_socket();
|
||||
int adb_auth_generate_token(void *token, size_t token_size);
|
||||
int adb_auth_verify(uint8_t* token, size_t token_size,
|
||||
uint8_t* sig, int siglen);
|
||||
bool adb_auth_generate_token(void* token, size_t token_size);
|
||||
bool adb_auth_verify(uint8_t* token, size_t token_size, uint8_t* sig, int sig_len);
|
||||
void adb_auth_confirm_key(unsigned char *data, size_t len, atransport *t);
|
||||
|
||||
#endif // ADB_HOST
|
||||
|
|
|
@ -16,37 +16,25 @@
|
|||
|
||||
#define TRACE_TAG AUTH
|
||||
|
||||
#include "sysdeps.h"
|
||||
#include "adb.h"
|
||||
#include "adb_auth.h"
|
||||
#include "fdevent.h"
|
||||
#include "sysdeps.h"
|
||||
#include "transport.h"
|
||||
|
||||
#include <resolv.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <memory>
|
||||
|
||||
#include <android-base/file.h>
|
||||
#include <android-base/strings.h>
|
||||
#include <crypto_utils/android_pubkey.h>
|
||||
#include <openssl/obj_mac.h>
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/sha.h>
|
||||
|
||||
#include <crypto_utils/android_pubkey.h>
|
||||
|
||||
#include "cutils/list.h"
|
||||
#include "cutils/sockets.h"
|
||||
|
||||
#include "adb.h"
|
||||
#include "fdevent.h"
|
||||
#include "transport.h"
|
||||
|
||||
struct adb_public_key {
|
||||
struct listnode node;
|
||||
RSA* key;
|
||||
};
|
||||
|
||||
static const char *key_paths[] = {
|
||||
"/adb_keys",
|
||||
"/data/misc/adb/adb_keys",
|
||||
NULL
|
||||
};
|
||||
|
||||
static fdevent listener_fde;
|
||||
static fdevent framework_fde;
|
||||
static int framework_fd = -1;
|
||||
|
@ -56,135 +44,71 @@ static struct adisconnect usb_disconnect = { usb_disconnected, nullptr};
|
|||
static atransport* usb_transport;
|
||||
static bool needs_retry = false;
|
||||
|
||||
static void read_keys(const char *file, struct listnode *list)
|
||||
{
|
||||
FILE *f;
|
||||
char buf[MAX_PAYLOAD_V1];
|
||||
char *sep;
|
||||
int ret;
|
||||
bool adb_auth_verify(uint8_t* token, size_t token_size, uint8_t* sig, int sig_len) {
|
||||
static constexpr const char* key_paths[] = { "/adb_keys", "/data/misc/adb/adb_keys", nullptr };
|
||||
|
||||
f = fopen(file, "re");
|
||||
if (!f) {
|
||||
D("Can't open '%s'", file);
|
||||
return;
|
||||
}
|
||||
for (const auto& path : key_paths) {
|
||||
if (access(path, R_OK) == 0) {
|
||||
LOG(INFO) << "Loading keys from " << path;
|
||||
|
||||
while (fgets(buf, sizeof(buf), f)) {
|
||||
auto key = reinterpret_cast<adb_public_key*>(
|
||||
calloc(1, sizeof(adb_public_key)));
|
||||
if (key == nullptr) {
|
||||
D("Can't malloc key");
|
||||
break;
|
||||
}
|
||||
std::string content;
|
||||
if (!android::base::ReadFileToString(path, &content)) {
|
||||
PLOG(ERROR) << "Couldn't read " << path;
|
||||
continue;
|
||||
}
|
||||
|
||||
sep = strpbrk(buf, " \t");
|
||||
if (sep)
|
||||
*sep = '\0';
|
||||
for (const auto& line : android::base::Split(content, "\n")) {
|
||||
// TODO: do we really have to support both ' ' and '\t'?
|
||||
char* sep = strpbrk(const_cast<char*>(line.c_str()), " \t");
|
||||
if (sep) *sep = '\0';
|
||||
|
||||
// b64_pton requires one additional byte in the target buffer for
|
||||
// decoding to succeed. See http://b/28035006 for details.
|
||||
uint8_t keybuf[ANDROID_PUBKEY_ENCODED_SIZE + 1];
|
||||
ret = __b64_pton(buf, keybuf, sizeof(keybuf));
|
||||
if (ret != ANDROID_PUBKEY_ENCODED_SIZE) {
|
||||
D("%s: Invalid base64 data ret=%d", file, ret);
|
||||
free(key);
|
||||
continue;
|
||||
}
|
||||
// b64_pton requires one additional byte in the target buffer for
|
||||
// decoding to succeed. See http://b/28035006 for details.
|
||||
uint8_t keybuf[ANDROID_PUBKEY_ENCODED_SIZE + 1];
|
||||
if (__b64_pton(line.c_str(), keybuf, sizeof(keybuf)) != ANDROID_PUBKEY_ENCODED_SIZE) {
|
||||
LOG(ERROR) << "Invalid base64 key " << line.c_str() << " in " << path;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!android_pubkey_decode(keybuf, ret, &key->key)) {
|
||||
D("%s: Failed to parse key", file);
|
||||
free(key);
|
||||
continue;
|
||||
}
|
||||
RSA* key = nullptr;
|
||||
if (!android_pubkey_decode(keybuf, ANDROID_PUBKEY_ENCODED_SIZE, &key)) {
|
||||
LOG(ERROR) << "Failed to parse key " << line.c_str() << " in " << path;
|
||||
continue;
|
||||
}
|
||||
|
||||
list_add_tail(list, &key->node);
|
||||
}
|
||||
|
||||
fclose(f);
|
||||
}
|
||||
|
||||
static void free_keys(struct listnode *list)
|
||||
{
|
||||
struct listnode *item;
|
||||
|
||||
while (!list_empty(list)) {
|
||||
item = list_head(list);
|
||||
list_remove(item);
|
||||
adb_public_key* key = node_to_item(item, struct adb_public_key, node);
|
||||
RSA_free(key->key);
|
||||
free(key);
|
||||
}
|
||||
}
|
||||
|
||||
static void load_keys(struct listnode *list)
|
||||
{
|
||||
const char* path;
|
||||
const char** paths = key_paths;
|
||||
struct stat buf;
|
||||
|
||||
list_init(list);
|
||||
|
||||
while ((path = *paths++)) {
|
||||
if (!stat(path, &buf)) {
|
||||
D("Loading keys from '%s'", path);
|
||||
read_keys(path, list);
|
||||
bool verified = (RSA_verify(NID_sha1, token, token_size, sig, sig_len, key) == 1);
|
||||
RSA_free(key);
|
||||
if (verified) return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
int adb_auth_generate_token(void *token, size_t token_size)
|
||||
{
|
||||
FILE *f;
|
||||
int ret;
|
||||
|
||||
f = fopen("/dev/urandom", "re");
|
||||
if (!f)
|
||||
return 0;
|
||||
|
||||
ret = fread(token, token_size, 1, f);
|
||||
|
||||
fclose(f);
|
||||
return ret * token_size;
|
||||
}
|
||||
|
||||
int adb_auth_verify(uint8_t* token, size_t token_size, uint8_t* sig, int siglen)
|
||||
{
|
||||
struct listnode *item;
|
||||
struct listnode key_list;
|
||||
int ret = 0;
|
||||
|
||||
load_keys(&key_list);
|
||||
|
||||
list_for_each(item, &key_list) {
|
||||
adb_public_key* key = node_to_item(item, struct adb_public_key, node);
|
||||
ret = RSA_verify(NID_sha1, token, token_size, sig, siglen, key->key);
|
||||
if (ret)
|
||||
break;
|
||||
}
|
||||
|
||||
free_keys(&key_list);
|
||||
|
||||
return ret;
|
||||
bool adb_auth_generate_token(void* token, size_t token_size) {
|
||||
FILE* fp = fopen("/dev/urandom", "re");
|
||||
if (!fp) return false;
|
||||
bool okay = (fread(token, token_size, 1, fp) == 1);
|
||||
fclose(fp);
|
||||
return okay;
|
||||
}
|
||||
|
||||
static void usb_disconnected(void* unused, atransport* t) {
|
||||
D("USB disconnect");
|
||||
LOG(INFO) << "USB disconnect";
|
||||
usb_transport = NULL;
|
||||
needs_retry = false;
|
||||
}
|
||||
|
||||
static void framework_disconnected() {
|
||||
D("Framework disconnect");
|
||||
LOG(INFO) << "Framework disconnect";
|
||||
fdevent_remove(&framework_fde);
|
||||
framework_fd = -1;
|
||||
}
|
||||
|
||||
static void adb_auth_event(int fd, unsigned events, void*) {
|
||||
char response[2];
|
||||
int ret;
|
||||
|
||||
if (events & FDE_READ) {
|
||||
ret = unix_read(fd, response, sizeof(response));
|
||||
char response[2];
|
||||
int ret = unix_read(fd, response, sizeof(response));
|
||||
if (ret <= 0) {
|
||||
framework_disconnected();
|
||||
} else if (ret == 2 && response[0] == 'O' && response[1] == 'K') {
|
||||
|
@ -195,51 +119,43 @@ static void adb_auth_event(int fd, unsigned events, void*) {
|
|||
}
|
||||
}
|
||||
|
||||
void adb_auth_confirm_key(unsigned char *key, size_t len, atransport *t)
|
||||
{
|
||||
char msg[MAX_PAYLOAD_V1];
|
||||
int ret;
|
||||
|
||||
void adb_auth_confirm_key(unsigned char* key, size_t len, atransport* t) {
|
||||
if (!usb_transport) {
|
||||
usb_transport = t;
|
||||
t->AddDisconnect(&usb_disconnect);
|
||||
}
|
||||
|
||||
if (framework_fd < 0) {
|
||||
D("Client not connected");
|
||||
LOG(ERROR) << "Client not connected";
|
||||
needs_retry = true;
|
||||
return;
|
||||
}
|
||||
|
||||
if (key[len - 1] != '\0') {
|
||||
D("Key must be a null-terminated string");
|
||||
LOG(ERROR) << "Key must be a null-terminated string";
|
||||
return;
|
||||
}
|
||||
|
||||
ret = snprintf(msg, sizeof(msg), "PK%s", key);
|
||||
if (ret >= (signed)sizeof(msg)) {
|
||||
D("Key too long. ret=%d", ret);
|
||||
char msg[MAX_PAYLOAD_V1];
|
||||
int msg_len = snprintf(msg, sizeof(msg), "PK%s", key);
|
||||
if (msg_len >= static_cast<int>(sizeof(msg))) {
|
||||
LOG(ERROR) << "Key too long (" << msg_len << ")";
|
||||
return;
|
||||
}
|
||||
D("Sending '%s'", msg);
|
||||
LOG(DEBUG) << "Sending '" << msg << "'";
|
||||
|
||||
ret = unix_write(framework_fd, msg, ret);
|
||||
if (ret < 0) {
|
||||
D("Failed to write PK, errno=%d", errno);
|
||||
if (unix_write(framework_fd, msg, msg_len) == -1) {
|
||||
PLOG(ERROR) << "Failed to write PK";
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
static void adb_auth_listener(int fd, unsigned events, void* data) {
|
||||
sockaddr_storage addr;
|
||||
socklen_t alen;
|
||||
int s;
|
||||
|
||||
alen = sizeof(addr);
|
||||
|
||||
s = adb_socket_accept(fd, reinterpret_cast<sockaddr*>(&addr), &alen);
|
||||
socklen_t alen = sizeof(addr);
|
||||
int s = adb_socket_accept(fd, reinterpret_cast<sockaddr*>(&addr), &alen);
|
||||
if (s < 0) {
|
||||
D("Failed to accept: errno=%d", errno);
|
||||
PLOG(ERROR) << "Failed to accept";
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -261,7 +177,7 @@ static void adb_auth_listener(int fd, unsigned events, void* data) {
|
|||
void adbd_cloexec_auth_socket() {
|
||||
int fd = android_get_control_socket("adbd");
|
||||
if (fd == -1) {
|
||||
D("Failed to get adbd socket");
|
||||
PLOG(ERROR) << "Failed to get adbd socket";
|
||||
return;
|
||||
}
|
||||
fcntl(fd, F_SETFD, FD_CLOEXEC);
|
||||
|
@ -270,12 +186,12 @@ void adbd_cloexec_auth_socket() {
|
|||
void adbd_auth_init(void) {
|
||||
int fd = android_get_control_socket("adbd");
|
||||
if (fd == -1) {
|
||||
D("Failed to get adbd socket");
|
||||
PLOG(ERROR) << "Failed to get adbd socket";
|
||||
return;
|
||||
}
|
||||
|
||||
if (listen(fd, 4) == -1) {
|
||||
D("Failed to listen on '%d'", fd);
|
||||
PLOG(ERROR) << "Failed to listen on '" << fd << "'";
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
|
@ -16,23 +16,22 @@
|
|||
|
||||
#define TRACE_TAG AUTH
|
||||
|
||||
#include "sysdeps.h"
|
||||
#include "adb_auth.h"
|
||||
#include "adb.h"
|
||||
#include "adb_utils.h"
|
||||
#include "sysdeps.h"
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "adb.h"
|
||||
#include <mutex>
|
||||
|
||||
#include <android-base/errors.h>
|
||||
#include <android-base/file.h>
|
||||
#include <android-base/stringprintf.h>
|
||||
#include <android-base/strings.h>
|
||||
#include <crypto_utils/android_pubkey.h>
|
||||
#include <cutils/list.h>
|
||||
|
||||
#include <openssl/base64.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/objects.h>
|
||||
|
@ -40,18 +39,14 @@
|
|||
#include <openssl/rsa.h>
|
||||
#include <openssl/sha.h>
|
||||
|
||||
#define ANDROID_PATH ".android"
|
||||
#define ADB_KEY_FILE "adbkey"
|
||||
|
||||
struct adb_private_key {
|
||||
struct listnode node;
|
||||
RSA *rsa;
|
||||
};
|
||||
|
||||
static struct listnode key_list;
|
||||
#include "sysdeps/mutex.h"
|
||||
|
||||
static std::mutex& g_key_list_mutex = *new std::mutex;
|
||||
static std::deque<RSA*>& g_key_list = *new std::deque<RSA*>;
|
||||
|
||||
static std::string get_user_info() {
|
||||
LOG(INFO) << "get_user_info...";
|
||||
|
||||
std::string hostname;
|
||||
if (getenv("HOSTNAME")) hostname = getenv("HOSTNAME");
|
||||
#if !defined(_WIN32)
|
||||
|
@ -71,6 +66,8 @@ static std::string get_user_info() {
|
|||
}
|
||||
|
||||
static bool write_public_keyfile(RSA* private_key, const std::string& private_key_path) {
|
||||
LOG(INFO) << "write_public_keyfile...";
|
||||
|
||||
uint8_t binary_key_data[ANDROID_PUBKEY_ENCODED_SIZE];
|
||||
if (!android_pubkey_encode(private_key, binary_key_data, sizeof(binary_key_data))) {
|
||||
LOG(ERROR) << "Failed to convert to public key";
|
||||
|
@ -99,19 +96,18 @@ static bool write_public_keyfile(RSA* private_key, const std::string& private_ke
|
|||
return true;
|
||||
}
|
||||
|
||||
static int generate_key(const char *file)
|
||||
{
|
||||
EVP_PKEY* pkey = EVP_PKEY_new();
|
||||
BIGNUM* exponent = BN_new();
|
||||
RSA* rsa = RSA_new();
|
||||
static int generate_key(const std::string& file) {
|
||||
LOG(INFO) << "generate_key(" << file << ")...";
|
||||
|
||||
mode_t old_mask;
|
||||
FILE *f = NULL;
|
||||
int ret = 0;
|
||||
|
||||
D("generate_key '%s'", file);
|
||||
|
||||
EVP_PKEY* pkey = EVP_PKEY_new();
|
||||
BIGNUM* exponent = BN_new();
|
||||
RSA* rsa = RSA_new();
|
||||
if (!pkey || !exponent || !rsa) {
|
||||
D("Failed to allocate key");
|
||||
LOG(ERROR) << "Failed to allocate key";
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -121,9 +117,9 @@ static int generate_key(const char *file)
|
|||
|
||||
old_mask = umask(077);
|
||||
|
||||
f = fopen(file, "w");
|
||||
f = fopen(file.c_str(), "w");
|
||||
if (!f) {
|
||||
D("Failed to open '%s'", file);
|
||||
PLOG(ERROR) << "Failed to open " << file;
|
||||
umask(old_mask);
|
||||
goto out;
|
||||
}
|
||||
|
@ -143,110 +139,110 @@ static int generate_key(const char *file)
|
|||
ret = 1;
|
||||
|
||||
out:
|
||||
if (f)
|
||||
fclose(f);
|
||||
if (f) fclose(f);
|
||||
EVP_PKEY_free(pkey);
|
||||
RSA_free(rsa);
|
||||
BN_free(exponent);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int read_key(const char *file, struct listnode *list)
|
||||
{
|
||||
D("read_key '%s'", file);
|
||||
static bool read_key(const std::string& file) {
|
||||
LOG(INFO) << "read_key '" << file << "'...";
|
||||
|
||||
FILE* fp = fopen(file, "r");
|
||||
std::unique_ptr<FILE, decltype(&fclose)> fp(fopen(file.c_str(), "r"), fclose);
|
||||
if (!fp) {
|
||||
D("Failed to open '%s': %s", file, strerror(errno));
|
||||
return 0;
|
||||
PLOG(ERROR) << "Failed to open '" << file << "'";
|
||||
return false;
|
||||
}
|
||||
|
||||
adb_private_key* key = new adb_private_key;
|
||||
key->rsa = RSA_new();
|
||||
|
||||
if (!PEM_read_RSAPrivateKey(fp, &key->rsa, NULL, NULL)) {
|
||||
D("Failed to read key");
|
||||
fclose(fp);
|
||||
RSA_free(key->rsa);
|
||||
delete key;
|
||||
return 0;
|
||||
RSA* key = RSA_new();
|
||||
if (!PEM_read_RSAPrivateKey(fp.get(), &key, nullptr, nullptr)) {
|
||||
LOG(ERROR) << "Failed to read key";
|
||||
RSA_free(key);
|
||||
return false;
|
||||
}
|
||||
|
||||
fclose(fp);
|
||||
list_add_tail(list, &key->node);
|
||||
return 1;
|
||||
g_key_list.push_back(key);
|
||||
return true;
|
||||
}
|
||||
|
||||
static int get_user_keyfilepath(char *filename, size_t len)
|
||||
{
|
||||
static std::string get_user_key_path() {
|
||||
const std::string home = adb_get_homedir_path(true);
|
||||
D("home '%s'", home.c_str());
|
||||
LOG(DEBUG) << "adb_get_homedir_path returned '" << home << "'";
|
||||
|
||||
const std::string android_dir =
|
||||
android::base::StringPrintf("%s%c%s", home.c_str(),
|
||||
OS_PATH_SEPARATOR, ANDROID_PATH);
|
||||
const std::string android_dir = android::base::StringPrintf("%s%c.android", home.c_str(),
|
||||
OS_PATH_SEPARATOR);
|
||||
|
||||
struct stat buf;
|
||||
if (stat(android_dir.c_str(), &buf)) {
|
||||
if (adb_mkdir(android_dir.c_str(), 0750) < 0) {
|
||||
D("Cannot mkdir '%s'", android_dir.c_str());
|
||||
return -1;
|
||||
if (stat(android_dir.c_str(), &buf) == -1) {
|
||||
if (adb_mkdir(android_dir.c_str(), 0750) == -1) {
|
||||
PLOG(ERROR) << "Cannot mkdir '" << android_dir << "'";
|
||||
return "";
|
||||
}
|
||||
}
|
||||
|
||||
return snprintf(filename, len, "%s%c%s",
|
||||
android_dir.c_str(), OS_PATH_SEPARATOR, ADB_KEY_FILE);
|
||||
return android_dir + OS_PATH_SEPARATOR + "adbkey";
|
||||
}
|
||||
|
||||
static int get_user_key(struct listnode *list)
|
||||
{
|
||||
struct stat buf;
|
||||
char path[PATH_MAX];
|
||||
int ret;
|
||||
|
||||
ret = get_user_keyfilepath(path, sizeof(path));
|
||||
if (ret < 0 || ret >= (signed)sizeof(path)) {
|
||||
D("Error getting user key filename");
|
||||
return 0;
|
||||
static bool get_user_key() {
|
||||
std::string path = get_user_key_path();
|
||||
if (path.empty()) {
|
||||
PLOG(ERROR) << "Error getting user key filename";
|
||||
return false;
|
||||
}
|
||||
|
||||
D("user key '%s'", path);
|
||||
|
||||
if (stat(path, &buf) == -1) {
|
||||
struct stat buf;
|
||||
if (stat(path.c_str(), &buf) == -1) {
|
||||
LOG(INFO) << "User key '" << path << "' does not exist...";
|
||||
if (!generate_key(path)) {
|
||||
D("Failed to generate new key");
|
||||
return 0;
|
||||
LOG(ERROR) << "Failed to generate new key";
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return read_key(path, list);
|
||||
return read_key(path);
|
||||
}
|
||||
|
||||
static void get_vendor_keys(struct listnode* key_list) {
|
||||
static void get_vendor_keys() {
|
||||
const char* adb_keys_path = getenv("ADB_VENDOR_KEYS");
|
||||
if (adb_keys_path == nullptr) {
|
||||
return;
|
||||
}
|
||||
|
||||
for (const auto& path : android::base::Split(adb_keys_path, ENV_PATH_SEPARATOR_STR)) {
|
||||
if (!read_key(path.c_str(), key_list)) {
|
||||
D("Failed to read '%s'", path.c_str());
|
||||
if (!read_key(path.c_str())) {
|
||||
PLOG(ERROR) << "Failed to read '" << path << "'";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
int adb_auth_sign(void *node, const unsigned char* token, size_t token_size,
|
||||
unsigned char* sig)
|
||||
{
|
||||
unsigned int len;
|
||||
struct adb_private_key *key = node_to_item(node, struct adb_private_key, node);
|
||||
std::deque<RSA*> adb_auth_get_private_keys() {
|
||||
std::deque<RSA*> result;
|
||||
|
||||
// Copy all the currently known keys, increasing their reference count so they're
|
||||
// usable until both we and the caller have freed our pointers.
|
||||
std::lock_guard<std::mutex> lock(g_key_list_mutex);
|
||||
for (const auto& key : g_key_list) {
|
||||
RSA_up_ref(key); // Since we're handing out another pointer to this key...
|
||||
result.push_back(key);
|
||||
}
|
||||
|
||||
// Add a sentinel to the list. Our caller uses this to mean "out of private keys,
|
||||
// but try using the public key" (the empty deque could otherwise mean this _or_
|
||||
// that this function hasn't been called yet to request the keys).
|
||||
result.push_back(nullptr);
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
int adb_auth_sign(RSA* key, const unsigned char* token, size_t token_size, unsigned char* sig) {
|
||||
if (token_size != TOKEN_SIZE) {
|
||||
D("Unexpected token size %zd", token_size);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!RSA_sign(NID_sha1, token, token_size, sig, &len, key->rsa)) {
|
||||
unsigned int len;
|
||||
if (!RSA_sign(NID_sha1, token, token_size, sig, &len, key)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -254,40 +250,17 @@ int adb_auth_sign(void *node, const unsigned char* token, size_t token_size,
|
|||
return (int)len;
|
||||
}
|
||||
|
||||
void *adb_auth_nextkey(void *current)
|
||||
{
|
||||
struct listnode *item;
|
||||
|
||||
if (list_empty(&key_list))
|
||||
return NULL;
|
||||
|
||||
if (!current)
|
||||
return list_head(&key_list);
|
||||
|
||||
list_for_each(item, &key_list) {
|
||||
if (item == current) {
|
||||
/* current is the last item, we tried all the keys */
|
||||
if (item->next == &key_list)
|
||||
return NULL;
|
||||
return item->next;
|
||||
}
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
std::string adb_auth_get_userkey() {
|
||||
char path[PATH_MAX];
|
||||
int ret = get_user_keyfilepath(path, sizeof(path) - 4);
|
||||
if (ret < 0 || ret >= (signed)(sizeof(path) - 4)) {
|
||||
D("Error getting user key filename");
|
||||
std::string path = get_user_key_path();
|
||||
if (path.empty()) {
|
||||
PLOG(ERROR) << "Error getting user key filename";
|
||||
return "";
|
||||
}
|
||||
strcat(path, ".pub");
|
||||
path += ".pub";
|
||||
|
||||
std::string content;
|
||||
if (!android::base::ReadFileToString(path, &content)) {
|
||||
D("Can't load '%s'", path);
|
||||
PLOG(ERROR) << "Can't load '" << path << "'";
|
||||
return "";
|
||||
}
|
||||
return content;
|
||||
|
@ -297,19 +270,14 @@ int adb_auth_keygen(const char* filename) {
|
|||
return (generate_key(filename) == 0);
|
||||
}
|
||||
|
||||
void adb_auth_init(void)
|
||||
{
|
||||
int ret;
|
||||
void adb_auth_init() {
|
||||
LOG(INFO) << "adb_auth_init...";
|
||||
|
||||
D("adb_auth_init");
|
||||
|
||||
list_init(&key_list);
|
||||
|
||||
ret = get_user_key(&key_list);
|
||||
if (!ret) {
|
||||
D("Failed to get user key");
|
||||
if (!get_user_key()) {
|
||||
LOG(ERROR) << "Failed to get user key";
|
||||
return;
|
||||
}
|
||||
|
||||
get_vendor_keys(&key_list);
|
||||
std::lock_guard<std::mutex> lock(g_key_list_mutex);
|
||||
get_vendor_keys();
|
||||
}
|
||||
|
|
|
@ -110,7 +110,6 @@ int adb_server_main(int is_daemon, int server_port, int ack_reply_fd) {
|
|||
|
||||
usb_init();
|
||||
local_init(DEFAULT_ADB_LOCAL_TRANSPORT_PORT);
|
||||
adb_auth_init();
|
||||
|
||||
std::string error;
|
||||
std::string local_name = android::base::StringPrintf("tcp:%d", server_port);
|
||||
|
@ -118,11 +117,14 @@ int adb_server_main(int is_daemon, int server_port, int ack_reply_fd) {
|
|||
fatal("could not install *smartsocket* listener: %s", error.c_str());
|
||||
}
|
||||
|
||||
// Inform our parent that we are up and running.
|
||||
if (is_daemon) {
|
||||
close_stdin();
|
||||
setup_daemon_logging();
|
||||
}
|
||||
|
||||
adb_auth_init();
|
||||
|
||||
if (is_daemon) {
|
||||
#if !defined(_WIN32)
|
||||
// Start a new session for the daemon. Do this here instead of after the fork so
|
||||
// that a ctrl-c between the "starting server" and "done starting server" messages
|
||||
|
@ -132,6 +134,8 @@ int adb_server_main(int is_daemon, int server_port, int ack_reply_fd) {
|
|||
}
|
||||
#endif
|
||||
|
||||
// Inform our parent that we are up and running.
|
||||
|
||||
// Any error output written to stderr now goes to adb.log. We could
|
||||
// keep around a copy of the stderr fd and use that to write any errors
|
||||
// encountered by the following code, but that is probably overkill.
|
||||
|
|
|
@ -828,4 +828,9 @@ static inline void disable_tcp_nagle(int fd) {
|
|||
// configured to drop after 10 missed keepalives. Returns true on success.
|
||||
bool set_tcp_keepalive(int fd, int interval_sec);
|
||||
|
||||
#if defined(_WIN32)
|
||||
// Win32 defines ERROR, which we don't need, but which conflicts with google3 logging.
|
||||
#undef ERROR
|
||||
#endif
|
||||
|
||||
#endif /* _ADB_SYSDEPS_H */
|
||||
|
|
|
@ -35,6 +35,7 @@
|
|||
#include <android-base/strings.h>
|
||||
|
||||
#include "adb.h"
|
||||
#include "adb_auth.h"
|
||||
#include "adb_utils.h"
|
||||
#include "diagnose_usb.h"
|
||||
|
||||
|
@ -1074,3 +1075,11 @@ int check_data(apacket *p)
|
|||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
RSA* atransport::NextKey() {
|
||||
if (keys_.empty()) keys_ = adb_auth_get_private_keys();
|
||||
|
||||
RSA* result = keys_[0];
|
||||
keys_.pop_front();
|
||||
return result;
|
||||
}
|
||||
|
|
|
@ -19,12 +19,15 @@
|
|||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <deque>
|
||||
#include <list>
|
||||
#include <string>
|
||||
#include <unordered_set>
|
||||
|
||||
#include "adb.h"
|
||||
|
||||
#include <openssl/rsa.h>
|
||||
|
||||
typedef std::unordered_set<std::string> FeatureSet;
|
||||
|
||||
const FeatureSet& supported_features();
|
||||
|
@ -104,7 +107,8 @@ public:
|
|||
return type == kTransportLocal && local_port_for_emulator_ == -1;
|
||||
}
|
||||
|
||||
void* key = nullptr;
|
||||
RSA* NextKey();
|
||||
|
||||
unsigned char token[TOKEN_SIZE] = {};
|
||||
size_t failed_auth_attempts = 0;
|
||||
|
||||
|
@ -156,6 +160,8 @@ private:
|
|||
// A list of adisconnect callbacks called when the transport is kicked.
|
||||
std::list<adisconnect*> disconnects_;
|
||||
|
||||
std::deque<RSA*> keys_;
|
||||
|
||||
DISALLOW_COPY_AND_ASSIGN(atransport);
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in New Issue