1 /* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #define TRACE_TAG AUTH 18 19 #include "sysdeps.h" 20 21 #include <resolv.h> 22 #include <stdio.h> 23 #include <string.h> 24 25 #include <algorithm> 26 #include <chrono> 27 #include <iomanip> 28 #include <map> 29 #include <memory> 30 #include <thread> 31 32 #include <adb/crypto/rsa_2048_key.h> 33 #include <adb/tls/adb_ca_list.h> 34 #include <adbd_auth.h> 35 #include <android-base/file.h> 36 #include <android-base/no_destructor.h> 37 #include <android-base/strings.h> 38 #include <crypto_utils/android_pubkey.h> 39 #include <openssl/obj_mac.h> 40 #include <openssl/rsa.h> 41 #include <openssl/sha.h> 42 #include <openssl/ssl.h> 43 44 #include "adb.h" 45 #include "adb_auth.h" 46 #include "adb_io.h" 47 #include "adb_wifi.h" 48 #include "fdevent/fdevent.h" 49 #include "transport.h" 50 #include "types.h" 51 52 using namespace adb::crypto; 53 using namespace adb::tls; 54 using namespace std::chrono_literals; 55 56 static AdbdAuthContext* auth_ctx; 57 58 static RSA* rsa_pkey = nullptr; 59 60 static void adb_disconnected(void* unused, atransport* t); 61 static struct adisconnect adb_disconnect = {adb_disconnected, nullptr}; 62 63 static android::base::NoDestructor<std::map<uint32_t, weak_ptr<atransport>>> transports; 64 static uint32_t transport_auth_id = 0; 65 66 bool auth_required = true; 67 bool socket_access_allowed = true; 68 69 static void* transport_to_callback_arg(atransport* transport) { 70 uint32_t id = transport_auth_id++; 71 (*transports)[id] = transport->weak(); 72 return reinterpret_cast<void*>(id); 73 } 74 75 static atransport* transport_from_callback_arg(void* id) { 76 uint64_t id_u64 = reinterpret_cast<uint64_t>(id); 77 if (id_u64 > std::numeric_limits<uint32_t>::max()) { 78 LOG(FATAL) << "transport_from_callback_arg called on out of range value: " << id_u64; 79 } 80 81 uint32_t id_u32 = static_cast<uint32_t>(id_u64); 82 auto it = transports->find(id_u32); 83 if (it == transports->end()) { 84 LOG(ERROR) << "transport_from_callback_arg failed to find transport for id " << id_u32; 85 return nullptr; 86 } 87 88 atransport* t = it->second.get(); 89 if (!t) { 90 LOG(WARNING) << "transport_from_callback_arg found already destructed transport"; 91 return nullptr; 92 } 93 94 transports->erase(it); 95 return t; 96 } 97 98 static void IteratePublicKeys(std::function<bool(std::string_view public_key)> f) { 99 adbd_auth_get_public_keys( 100 auth_ctx, 101 [](void* opaque, const char* public_key, size_t len) { 102 return (*static_cast<decltype(f)*>(opaque))(std::string_view(public_key, len)); 103 }, 104 &f); 105 } 106 107 bssl::UniquePtr<STACK_OF(X509_NAME)> adbd_tls_client_ca_list() { 108 if (!auth_required) { 109 return nullptr; 110 } 111 112 bssl::UniquePtr<STACK_OF(X509_NAME)> ca_list(sk_X509_NAME_new_null()); 113 114 IteratePublicKeys([&](std::string_view public_key) { 115 // TODO: do we really have to support both ' ' and '\t'? 116 std::vector<std::string> split = android::base::Split(std::string(public_key), " \t"); 117 uint8_t keybuf[ANDROID_PUBKEY_ENCODED_SIZE + 1]; 118 const std::string& pubkey = split[0]; 119 if (b64_pton(pubkey.c_str(), keybuf, sizeof(keybuf)) != ANDROID_PUBKEY_ENCODED_SIZE) { 120 LOG(ERROR) << "Invalid base64 key " << pubkey; 121 return true; 122 } 123 124 RSA* key = nullptr; 125 if (!android_pubkey_decode(keybuf, ANDROID_PUBKEY_ENCODED_SIZE, &key)) { 126 LOG(ERROR) << "Failed to parse key " << pubkey; 127 return true; 128 } 129 bssl::UniquePtr<RSA> rsa_key(key); 130 131 unsigned char* dkey = nullptr; 132 int len = i2d_RSA_PUBKEY(rsa_key.get(), &dkey); 133 if (len <= 0 || dkey == nullptr) { 134 LOG(ERROR) << "Failed to encode RSA public key"; 135 return true; 136 } 137 138 uint8_t digest[SHA256_DIGEST_LENGTH]; 139 // Put the encoded key in the commonName attribute of the issuer name. 140 // Note that the commonName has a max length of 64 bytes, which is less 141 // than the SHA256_DIGEST_LENGTH. 142 SHA256(dkey, len, digest); 143 OPENSSL_free(dkey); 144 145 auto digest_str = SHA256BitsToHexString( 146 std::string_view(reinterpret_cast<const char*>(&digest[0]), sizeof(digest))); 147 LOG(INFO) << "fingerprint=[" << digest_str << "]"; 148 auto issuer = CreateCAIssuerFromEncodedKey(digest_str); 149 CHECK(bssl::PushToStack(ca_list.get(), std::move(issuer))); 150 return true; 151 }); 152 153 return ca_list; 154 } 155 156 bool adbd_auth_verify(const char* token, size_t token_size, const std::string& sig, 157 std::string* auth_key) { 158 bool authorized = false; 159 auth_key->clear(); 160 161 IteratePublicKeys([&](std::string_view public_key) { 162 // TODO: do we really have to support both ' ' and '\t'? 163 std::vector<std::string> split = android::base::Split(std::string(public_key), " \t"); 164 uint8_t keybuf[ANDROID_PUBKEY_ENCODED_SIZE + 1]; 165 const std::string& pubkey = split[0]; 166 if (b64_pton(pubkey.c_str(), keybuf, sizeof(keybuf)) != ANDROID_PUBKEY_ENCODED_SIZE) { 167 LOG(ERROR) << "Invalid base64 key " << pubkey; 168 return true; 169 } 170 171 RSA* key = nullptr; 172 if (!android_pubkey_decode(keybuf, ANDROID_PUBKEY_ENCODED_SIZE, &key)) { 173 LOG(ERROR) << "Failed to parse key " << pubkey; 174 return true; 175 } 176 177 bool verified = 178 (RSA_verify(NID_sha1, reinterpret_cast<const uint8_t*>(token), token_size, 179 reinterpret_cast<const uint8_t*>(sig.c_str()), sig.size(), key) == 1); 180 RSA_free(key); 181 if (verified) { 182 *auth_key = public_key; 183 authorized = true; 184 return false; 185 } 186 187 return true; 188 }); 189 190 return authorized; 191 } 192 193 static bool adbd_auth_generate_token(void* token, size_t token_size) { 194 FILE* fp = fopen("/dev/urandom", "re"); 195 if (!fp) return false; 196 bool okay = (fread(token, token_size, 1, fp) == 1); 197 fclose(fp); 198 return okay; 199 } 200 201 void adbd_cloexec_auth_socket() { 202 int fd = android_get_control_socket("adbd"); 203 if (fd == -1) { 204 PLOG(ERROR) << "Failed to get adbd socket"; 205 return; 206 } 207 fcntl(fd, F_SETFD, FD_CLOEXEC); 208 } 209 210 static void adbd_auth_key_authorized(void* arg, uint64_t id) { 211 LOG(INFO) << "adb client " << id << " authorized"; 212 fdevent_run_on_main_thread([=]() { 213 auto* transport = transport_from_callback_arg(arg); 214 if (!transport) { 215 LOG(ERROR) << "authorization received for deleted transport (" << id << "), ignoring"; 216 return; 217 } 218 219 if (transport->auth_id.has_value()) { 220 if (transport->auth_id.value() != id) { 221 LOG(ERROR) 222 << "authorization received, but auth id doesn't match, ignoring (expected " 223 << transport->auth_id.value() << ", got " << id << ")"; 224 return; 225 } 226 } else { 227 // Older versions (i.e. dogfood/beta builds) of libadbd_auth didn't pass the initial 228 // auth id to us, so we'll just have to trust it until R ships and we can retcon this. 229 transport->auth_id = id; 230 } 231 232 adbd_auth_verified(transport); 233 }); 234 } 235 236 static void adbd_key_removed(const char* public_key, size_t len) { 237 // The framework removed the key from its keystore. We need to disconnect all 238 // devices using that key. Search by t->auth_key 239 std::string_view auth_key(public_key, len); 240 kick_all_transports_by_auth_key(auth_key); 241 } 242 243 void adbd_auth_init(void) { 244 AdbdAuthCallbacksV1 cb; 245 cb.version = 1; 246 cb.key_authorized = adbd_auth_key_authorized; 247 cb.key_removed = adbd_key_removed; 248 auth_ctx = adbd_auth_new(&cb); 249 adbd_wifi_init(auth_ctx); 250 std::thread([]() { 251 adb_thread_setname("adbd auth"); 252 adbd_auth_run(auth_ctx); 253 LOG(FATAL) << "auth thread terminated"; 254 }).detach(); 255 } 256 257 void send_auth_request(atransport* t) { 258 LOG(INFO) << "Calling send_auth_request..."; 259 260 if (!adbd_auth_generate_token(t->token, sizeof(t->token))) { 261 PLOG(ERROR) << "Error generating token"; 262 return; 263 } 264 265 apacket* p = get_apacket(); 266 p->msg.command = A_AUTH; 267 p->msg.arg0 = ADB_AUTH_TOKEN; 268 p->msg.data_length = sizeof(t->token); 269 p->payload.assign(t->token, t->token + sizeof(t->token)); 270 send_packet(p, t); 271 } 272 273 void adbd_auth_verified(atransport* t) { 274 LOG(INFO) << "adb client authorized"; 275 handle_online(t); 276 send_connect(t); 277 } 278 279 static void adb_disconnected(void* unused, atransport* t) { 280 LOG(INFO) << "ADB disconnect"; 281 CHECK(t->auth_id.has_value()); 282 adbd_auth_notify_disconnect(auth_ctx, t->auth_id.value()); 283 } 284 285 void adbd_auth_confirm_key(atransport* t) { 286 LOG(INFO) << "prompting user to authorize key"; 287 t->AddDisconnect(&adb_disconnect); 288 if (adbd_auth_prompt_user_with_id) { 289 t->auth_id = adbd_auth_prompt_user_with_id(auth_ctx, t->auth_key.data(), t->auth_key.size(), 290 transport_to_callback_arg(t)); 291 } else { 292 adbd_auth_prompt_user(auth_ctx, t->auth_key.data(), t->auth_key.size(), 293 transport_to_callback_arg(t)); 294 } 295 } 296 297 void adbd_notify_framework_connected_key(atransport* t) { 298 t->auth_id = adbd_auth_notify_auth(auth_ctx, t->auth_key.data(), t->auth_key.size()); 299 } 300 301 int adbd_tls_verify_cert(X509_STORE_CTX* ctx, std::string* auth_key) { 302 if (!auth_required) { 303 // Any key will do. 304 LOG(INFO) << __func__ << ": auth not required"; 305 return 1; 306 } 307 308 bool authorized = false; 309 X509* cert = X509_STORE_CTX_get0_cert(ctx); 310 if (cert == nullptr) { 311 LOG(INFO) << "got null x509 certificate"; 312 return 0; 313 } 314 bssl::UniquePtr<EVP_PKEY> evp_pkey(X509_get_pubkey(cert)); 315 if (evp_pkey == nullptr) { 316 LOG(INFO) << "got null evp_pkey from x509 certificate"; 317 return 0; 318 } 319 320 IteratePublicKeys([&](std::string_view public_key) { 321 // TODO: do we really have to support both ' ' and '\t'? 322 std::vector<std::string> split = android::base::Split(std::string(public_key), " \t"); 323 uint8_t keybuf[ANDROID_PUBKEY_ENCODED_SIZE + 1]; 324 const std::string& pubkey = split[0]; 325 if (b64_pton(pubkey.c_str(), keybuf, sizeof(keybuf)) != ANDROID_PUBKEY_ENCODED_SIZE) { 326 LOG(ERROR) << "Invalid base64 key " << pubkey; 327 return true; 328 } 329 330 RSA* key = nullptr; 331 if (!android_pubkey_decode(keybuf, ANDROID_PUBKEY_ENCODED_SIZE, &key)) { 332 LOG(ERROR) << "Failed to parse key " << pubkey; 333 return true; 334 } 335 336 bool verified = false; 337 bssl::UniquePtr<EVP_PKEY> known_evp(EVP_PKEY_new()); 338 EVP_PKEY_set1_RSA(known_evp.get(), key); 339 if (EVP_PKEY_cmp(known_evp.get(), evp_pkey.get())) { 340 LOG(INFO) << "Matched auth_key=" << public_key; 341 verified = true; 342 } else { 343 LOG(INFO) << "auth_key doesn't match [" << public_key << "]"; 344 } 345 RSA_free(key); 346 if (verified) { 347 *auth_key = public_key; 348 authorized = true; 349 return false; 350 } 351 352 return true; 353 }); 354 355 return authorized ? 1 : 0; 356 } 357 358 void adbd_auth_tls_handshake(atransport* t) { 359 if (rsa_pkey == nullptr) { 360 // Generate a random RSA key to feed into the X509 certificate 361 auto rsa_2048 = CreateRSA2048Key(); 362 CHECK(rsa_2048.has_value()); 363 rsa_pkey = EVP_PKEY_get1_RSA(rsa_2048->GetEvpPkey()); 364 CHECK(rsa_pkey); 365 } 366 367 std::thread([t]() { 368 std::string auth_key; 369 if (t->connection()->DoTlsHandshake(rsa_pkey, &auth_key)) { 370 LOG(INFO) << "auth_key=" << auth_key; 371 if (t->IsTcpDevice()) { 372 t->auth_key = auth_key; 373 adbd_wifi_secure_connect(t); 374 } else { 375 adbd_auth_verified(t); 376 adbd_notify_framework_connected_key(t); 377 } 378 } else { 379 // Only allow one attempt at the handshake. 380 t->Kick(); 381 } 382 }).detach(); 383 } 384