316 lines
7.6 KiB
C++
316 lines
7.6 KiB
C++
/*
|
|
* Copyright (C) 2012 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#define TRACE_TAG AUTH
|
|
|
|
#include "sysdeps.h"
|
|
#include "adb_auth.h"
|
|
#include "adb_utils.h"
|
|
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
|
|
#include "adb.h"
|
|
|
|
#include <android-base/errors.h>
|
|
#include <android-base/file.h>
|
|
#include <android-base/stringprintf.h>
|
|
#include <android-base/strings.h>
|
|
#include <crypto_utils/android_pubkey.h>
|
|
#include <cutils/list.h>
|
|
|
|
#include <openssl/base64.h>
|
|
#include <openssl/evp.h>
|
|
#include <openssl/objects.h>
|
|
#include <openssl/pem.h>
|
|
#include <openssl/rsa.h>
|
|
#include <openssl/sha.h>
|
|
|
|
#define ANDROID_PATH ".android"
|
|
#define ADB_KEY_FILE "adbkey"
|
|
|
|
struct adb_private_key {
|
|
struct listnode node;
|
|
RSA *rsa;
|
|
};
|
|
|
|
static struct listnode key_list;
|
|
|
|
|
|
static std::string get_user_info() {
|
|
std::string hostname;
|
|
if (getenv("HOSTNAME")) hostname = getenv("HOSTNAME");
|
|
#if !defined(_WIN32)
|
|
char buf[64];
|
|
if (hostname.empty() && gethostname(buf, sizeof(buf)) != -1) hostname = buf;
|
|
#endif
|
|
if (hostname.empty()) hostname = "unknown";
|
|
|
|
std::string username;
|
|
if (getenv("LOGNAME")) username = getenv("LOGNAME");
|
|
#if !defined _WIN32 && !defined ADB_HOST_ON_TARGET
|
|
if (username.empty() && getlogin()) username = getlogin();
|
|
#endif
|
|
if (username.empty()) hostname = "unknown";
|
|
|
|
return " " + username + "@" + hostname;
|
|
}
|
|
|
|
static bool write_public_keyfile(RSA* private_key, const std::string& private_key_path) {
|
|
uint8_t binary_key_data[ANDROID_PUBKEY_ENCODED_SIZE];
|
|
if (!android_pubkey_encode(private_key, binary_key_data, sizeof(binary_key_data))) {
|
|
LOG(ERROR) << "Failed to convert to public key";
|
|
return false;
|
|
}
|
|
|
|
size_t base64_key_length;
|
|
if (!EVP_EncodedLength(&base64_key_length, sizeof(binary_key_data))) {
|
|
LOG(ERROR) << "Public key too large to base64 encode";
|
|
return false;
|
|
}
|
|
|
|
std::string content;
|
|
content.resize(base64_key_length);
|
|
base64_key_length = EVP_EncodeBlock(reinterpret_cast<uint8_t*>(&content[0]), binary_key_data,
|
|
sizeof(binary_key_data));
|
|
|
|
content += get_user_info();
|
|
|
|
std::string path(private_key_path + ".pub");
|
|
if (!android::base::WriteStringToFile(content, path)) {
|
|
PLOG(ERROR) << "Failed to write public key to '" << path << "'";
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
static int generate_key(const char *file)
|
|
{
|
|
EVP_PKEY* pkey = EVP_PKEY_new();
|
|
BIGNUM* exponent = BN_new();
|
|
RSA* rsa = RSA_new();
|
|
mode_t old_mask;
|
|
FILE *f = NULL;
|
|
int ret = 0;
|
|
|
|
D("generate_key '%s'", file);
|
|
|
|
if (!pkey || !exponent || !rsa) {
|
|
D("Failed to allocate key");
|
|
goto out;
|
|
}
|
|
|
|
BN_set_word(exponent, RSA_F4);
|
|
RSA_generate_key_ex(rsa, 2048, exponent, NULL);
|
|
EVP_PKEY_set1_RSA(pkey, rsa);
|
|
|
|
old_mask = umask(077);
|
|
|
|
f = fopen(file, "w");
|
|
if (!f) {
|
|
D("Failed to open '%s'", file);
|
|
umask(old_mask);
|
|
goto out;
|
|
}
|
|
|
|
umask(old_mask);
|
|
|
|
if (!PEM_write_PrivateKey(f, pkey, NULL, NULL, 0, NULL, NULL)) {
|
|
D("Failed to write key");
|
|
goto out;
|
|
}
|
|
|
|
if (!write_public_keyfile(rsa, file)) {
|
|
D("Failed to write public key");
|
|
goto out;
|
|
}
|
|
|
|
ret = 1;
|
|
|
|
out:
|
|
if (f)
|
|
fclose(f);
|
|
EVP_PKEY_free(pkey);
|
|
RSA_free(rsa);
|
|
BN_free(exponent);
|
|
return ret;
|
|
}
|
|
|
|
static int read_key(const char *file, struct listnode *list)
|
|
{
|
|
D("read_key '%s'", file);
|
|
|
|
FILE* fp = fopen(file, "r");
|
|
if (!fp) {
|
|
D("Failed to open '%s': %s", file, strerror(errno));
|
|
return 0;
|
|
}
|
|
|
|
adb_private_key* key = new adb_private_key;
|
|
key->rsa = RSA_new();
|
|
|
|
if (!PEM_read_RSAPrivateKey(fp, &key->rsa, NULL, NULL)) {
|
|
D("Failed to read key");
|
|
fclose(fp);
|
|
RSA_free(key->rsa);
|
|
delete key;
|
|
return 0;
|
|
}
|
|
|
|
fclose(fp);
|
|
list_add_tail(list, &key->node);
|
|
return 1;
|
|
}
|
|
|
|
static int get_user_keyfilepath(char *filename, size_t len)
|
|
{
|
|
const std::string home = adb_get_homedir_path(true);
|
|
D("home '%s'", home.c_str());
|
|
|
|
const std::string android_dir =
|
|
android::base::StringPrintf("%s%c%s", home.c_str(),
|
|
OS_PATH_SEPARATOR, ANDROID_PATH);
|
|
|
|
struct stat buf;
|
|
if (stat(android_dir.c_str(), &buf)) {
|
|
if (adb_mkdir(android_dir.c_str(), 0750) < 0) {
|
|
D("Cannot mkdir '%s'", android_dir.c_str());
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
return snprintf(filename, len, "%s%c%s",
|
|
android_dir.c_str(), OS_PATH_SEPARATOR, ADB_KEY_FILE);
|
|
}
|
|
|
|
static int get_user_key(struct listnode *list)
|
|
{
|
|
struct stat buf;
|
|
char path[PATH_MAX];
|
|
int ret;
|
|
|
|
ret = get_user_keyfilepath(path, sizeof(path));
|
|
if (ret < 0 || ret >= (signed)sizeof(path)) {
|
|
D("Error getting user key filename");
|
|
return 0;
|
|
}
|
|
|
|
D("user key '%s'", path);
|
|
|
|
if (stat(path, &buf) == -1) {
|
|
if (!generate_key(path)) {
|
|
D("Failed to generate new key");
|
|
return 0;
|
|
}
|
|
}
|
|
|
|
return read_key(path, list);
|
|
}
|
|
|
|
static void get_vendor_keys(struct listnode* key_list) {
|
|
const char* adb_keys_path = getenv("ADB_VENDOR_KEYS");
|
|
if (adb_keys_path == nullptr) {
|
|
return;
|
|
}
|
|
|
|
for (const auto& path : android::base::Split(adb_keys_path, ENV_PATH_SEPARATOR_STR)) {
|
|
if (!read_key(path.c_str(), key_list)) {
|
|
D("Failed to read '%s'", path.c_str());
|
|
}
|
|
}
|
|
}
|
|
|
|
int adb_auth_sign(void *node, const unsigned char* token, size_t token_size,
|
|
unsigned char* sig)
|
|
{
|
|
unsigned int len;
|
|
struct adb_private_key *key = node_to_item(node, struct adb_private_key, node);
|
|
|
|
if (token_size != TOKEN_SIZE) {
|
|
D("Unexpected token size %zd", token_size);
|
|
return 0;
|
|
}
|
|
|
|
if (!RSA_sign(NID_sha1, token, token_size, sig, &len, key->rsa)) {
|
|
return 0;
|
|
}
|
|
|
|
D("adb_auth_sign len=%d", len);
|
|
return (int)len;
|
|
}
|
|
|
|
void *adb_auth_nextkey(void *current)
|
|
{
|
|
struct listnode *item;
|
|
|
|
if (list_empty(&key_list))
|
|
return NULL;
|
|
|
|
if (!current)
|
|
return list_head(&key_list);
|
|
|
|
list_for_each(item, &key_list) {
|
|
if (item == current) {
|
|
/* current is the last item, we tried all the keys */
|
|
if (item->next == &key_list)
|
|
return NULL;
|
|
return item->next;
|
|
}
|
|
}
|
|
|
|
return NULL;
|
|
}
|
|
|
|
std::string adb_auth_get_userkey() {
|
|
char path[PATH_MAX];
|
|
int ret = get_user_keyfilepath(path, sizeof(path) - 4);
|
|
if (ret < 0 || ret >= (signed)(sizeof(path) - 4)) {
|
|
D("Error getting user key filename");
|
|
return "";
|
|
}
|
|
strcat(path, ".pub");
|
|
|
|
std::string content;
|
|
if (!android::base::ReadFileToString(path, &content)) {
|
|
D("Can't load '%s'", path);
|
|
return "";
|
|
}
|
|
return content;
|
|
}
|
|
|
|
int adb_auth_keygen(const char* filename) {
|
|
return (generate_key(filename) == 0);
|
|
}
|
|
|
|
void adb_auth_init(void)
|
|
{
|
|
int ret;
|
|
|
|
D("adb_auth_init");
|
|
|
|
list_init(&key_list);
|
|
|
|
ret = get_user_key(&key_list);
|
|
if (!ret) {
|
|
D("Failed to get user key");
|
|
return;
|
|
}
|
|
|
|
get_vendor_keys(&key_list);
|
|
}
|