1 /*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define TRACE_TAG AUTH
18
19 #include "sysdeps.h"
20 #include "adb_auth.h"
21 #include "adb_utils.h"
22
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <string.h>
26
27 #include "adb.h"
28
29 /* HACK: we need the RSAPublicKey struct
30 * but RSA_verify conflits with openssl */
31 #define RSA_verify RSA_verify_mincrypt
32 #include "mincrypt/rsa.h"
33 #undef RSA_verify
34
35 #include <android-base/errors.h>
36 #include <android-base/stringprintf.h>
37 #include <android-base/strings.h>
38 #include <cutils/list.h>
39
40 #include <openssl/evp.h>
41 #include <openssl/objects.h>
42 #include <openssl/pem.h>
43 #include <openssl/rsa.h>
44 #include <openssl/sha.h>
45
46 #if defined(OPENSSL_IS_BORINGSSL)
47 #include <openssl/base64.h>
48 #endif
49
50 #define ANDROID_PATH ".android"
51 #define ADB_KEY_FILE "adbkey"
52
53 struct adb_private_key {
54 struct listnode node;
55 RSA *rsa;
56 };
57
58 static struct listnode key_list;
59
60
61 /* Convert OpenSSL RSA private key to android pre-computed RSAPublicKey format */
RSA_to_RSAPublicKey(RSA * rsa,RSAPublicKey * pkey)62 static int RSA_to_RSAPublicKey(RSA *rsa, RSAPublicKey *pkey)
63 {
64 int ret = 1;
65 unsigned int i;
66
67 BN_CTX* ctx = BN_CTX_new();
68 BIGNUM* r32 = BN_new();
69 BIGNUM* rr = BN_new();
70 BIGNUM* r = BN_new();
71 BIGNUM* rem = BN_new();
72 BIGNUM* n = BN_new();
73 BIGNUM* n0inv = BN_new();
74
75 if (RSA_size(rsa) != RSANUMBYTES) {
76 ret = 0;
77 goto out;
78 }
79
80 BN_set_bit(r32, 32);
81 BN_copy(n, rsa->n);
82 BN_set_bit(r, RSANUMWORDS * 32);
83 BN_mod_sqr(rr, r, n, ctx);
84 BN_div(NULL, rem, n, r32, ctx);
85 BN_mod_inverse(n0inv, rem, r32, ctx);
86
87 pkey->len = RSANUMWORDS;
88 pkey->n0inv = 0 - BN_get_word(n0inv);
89 for (i = 0; i < RSANUMWORDS; i++) {
90 BN_div(rr, rem, rr, r32, ctx);
91 pkey->rr[i] = BN_get_word(rem);
92 BN_div(n, rem, n, r32, ctx);
93 pkey->n[i] = BN_get_word(rem);
94 }
95 pkey->exponent = BN_get_word(rsa->e);
96
97 out:
98 BN_free(n0inv);
99 BN_free(n);
100 BN_free(rem);
101 BN_free(r);
102 BN_free(rr);
103 BN_free(r32);
104 BN_CTX_free(ctx);
105
106 return ret;
107 }
108
get_user_info(char * buf,size_t len)109 static void get_user_info(char *buf, size_t len)
110 {
111 char hostname[1024], username[1024];
112 int ret = -1;
113
114 if (getenv("HOSTNAME") != NULL) {
115 strncpy(hostname, getenv("HOSTNAME"), sizeof(hostname));
116 hostname[sizeof(hostname)-1] = '\0';
117 ret = 0;
118 }
119
120 #ifndef _WIN32
121 if (ret < 0)
122 ret = gethostname(hostname, sizeof(hostname));
123 #endif
124 if (ret < 0)
125 strcpy(hostname, "unknown");
126
127 ret = -1;
128
129 if (getenv("LOGNAME") != NULL) {
130 strncpy(username, getenv("LOGNAME"), sizeof(username));
131 username[sizeof(username)-1] = '\0';
132 ret = 0;
133 }
134
135 #if !defined _WIN32 && !defined ADB_HOST_ON_TARGET
136 if (ret < 0)
137 ret = getlogin_r(username, sizeof(username));
138 #endif
139 if (ret < 0)
140 strcpy(username, "unknown");
141
142 ret = snprintf(buf, len, " %s@%s", username, hostname);
143 if (ret >= (signed)len)
144 buf[len - 1] = '\0';
145 }
146
write_public_keyfile(RSA * private_key,const char * private_key_path)147 static int write_public_keyfile(RSA *private_key, const char *private_key_path)
148 {
149 RSAPublicKey pkey;
150 FILE *outfile = NULL;
151 char path[PATH_MAX], info[MAX_PAYLOAD_V1];
152 uint8_t* encoded = nullptr;
153 size_t encoded_length;
154 int ret = 0;
155
156 if (snprintf(path, sizeof(path), "%s.pub", private_key_path) >=
157 (int)sizeof(path)) {
158 D("Path too long while writing public key");
159 return 0;
160 }
161
162 if (!RSA_to_RSAPublicKey(private_key, &pkey)) {
163 D("Failed to convert to publickey");
164 return 0;
165 }
166
167 outfile = fopen(path, "w");
168 if (!outfile) {
169 D("Failed to open '%s'", path);
170 return 0;
171 }
172
173 D("Writing public key to '%s'", path);
174
175 #if defined(OPENSSL_IS_BORINGSSL)
176 if (!EVP_EncodedLength(&encoded_length, sizeof(pkey))) {
177 D("Public key too large to base64 encode");
178 goto out;
179 }
180 #else
181 /* While we switch from OpenSSL to BoringSSL we have to implement
182 * |EVP_EncodedLength| here. */
183 encoded_length = 1 + ((sizeof(pkey) + 2) / 3 * 4);
184 #endif
185
186 encoded = new uint8_t[encoded_length];
187 if (encoded == nullptr) {
188 D("Allocation failure");
189 goto out;
190 }
191
192 encoded_length = EVP_EncodeBlock(encoded, (uint8_t*) &pkey, sizeof(pkey));
193 get_user_info(info, sizeof(info));
194
195 if (fwrite(encoded, encoded_length, 1, outfile) != 1 ||
196 fwrite(info, strlen(info), 1, outfile) != 1) {
197 D("Write error while writing public key");
198 goto out;
199 }
200
201 ret = 1;
202
203 out:
204 if (outfile != NULL) {
205 fclose(outfile);
206 }
207 delete[] encoded;
208 return ret;
209 }
210
generate_key(const char * file)211 static int generate_key(const char *file)
212 {
213 EVP_PKEY* pkey = EVP_PKEY_new();
214 BIGNUM* exponent = BN_new();
215 RSA* rsa = RSA_new();
216 mode_t old_mask;
217 FILE *f = NULL;
218 int ret = 0;
219
220 D("generate_key '%s'", file);
221
222 if (!pkey || !exponent || !rsa) {
223 D("Failed to allocate key");
224 goto out;
225 }
226
227 BN_set_word(exponent, RSA_F4);
228 RSA_generate_key_ex(rsa, 2048, exponent, NULL);
229 EVP_PKEY_set1_RSA(pkey, rsa);
230
231 old_mask = umask(077);
232
233 f = fopen(file, "w");
234 if (!f) {
235 D("Failed to open '%s'", file);
236 umask(old_mask);
237 goto out;
238 }
239
240 umask(old_mask);
241
242 if (!PEM_write_PrivateKey(f, pkey, NULL, NULL, 0, NULL, NULL)) {
243 D("Failed to write key");
244 goto out;
245 }
246
247 if (!write_public_keyfile(rsa, file)) {
248 D("Failed to write public key");
249 goto out;
250 }
251
252 ret = 1;
253
254 out:
255 if (f)
256 fclose(f);
257 EVP_PKEY_free(pkey);
258 RSA_free(rsa);
259 BN_free(exponent);
260 return ret;
261 }
262
read_key(const char * file,struct listnode * list)263 static int read_key(const char *file, struct listnode *list)
264 {
265 D("read_key '%s'", file);
266
267 FILE* fp = fopen(file, "r");
268 if (!fp) {
269 D("Failed to open '%s': %s", file, strerror(errno));
270 return 0;
271 }
272
273 adb_private_key* key = new adb_private_key;
274 key->rsa = RSA_new();
275
276 if (!PEM_read_RSAPrivateKey(fp, &key->rsa, NULL, NULL)) {
277 D("Failed to read key");
278 fclose(fp);
279 RSA_free(key->rsa);
280 delete key;
281 return 0;
282 }
283
284 fclose(fp);
285 list_add_tail(list, &key->node);
286 return 1;
287 }
288
get_user_keyfilepath(char * filename,size_t len)289 static int get_user_keyfilepath(char *filename, size_t len)
290 {
291 const std::string home = adb_get_homedir_path(true);
292 D("home '%s'", home.c_str());
293
294 const std::string android_dir =
295 android::base::StringPrintf("%s%c%s", home.c_str(),
296 OS_PATH_SEPARATOR, ANDROID_PATH);
297
298 struct stat buf;
299 if (stat(android_dir.c_str(), &buf)) {
300 if (adb_mkdir(android_dir.c_str(), 0750) < 0) {
301 D("Cannot mkdir '%s'", android_dir.c_str());
302 return -1;
303 }
304 }
305
306 return snprintf(filename, len, "%s%c%s",
307 android_dir.c_str(), OS_PATH_SEPARATOR, ADB_KEY_FILE);
308 }
309
get_user_key(struct listnode * list)310 static int get_user_key(struct listnode *list)
311 {
312 struct stat buf;
313 char path[PATH_MAX];
314 int ret;
315
316 ret = get_user_keyfilepath(path, sizeof(path));
317 if (ret < 0 || ret >= (signed)sizeof(path)) {
318 D("Error getting user key filename");
319 return 0;
320 }
321
322 D("user key '%s'", path);
323
324 if (stat(path, &buf) == -1) {
325 if (!generate_key(path)) {
326 D("Failed to generate new key");
327 return 0;
328 }
329 }
330
331 return read_key(path, list);
332 }
333
get_vendor_keys(struct listnode * key_list)334 static void get_vendor_keys(struct listnode* key_list) {
335 const char* adb_keys_path = getenv("ADB_VENDOR_KEYS");
336 if (adb_keys_path == nullptr) {
337 return;
338 }
339
340 for (const auto& path : android::base::Split(adb_keys_path, ENV_PATH_SEPARATOR_STR)) {
341 if (!read_key(path.c_str(), key_list)) {
342 D("Failed to read '%s'", path.c_str());
343 }
344 }
345 }
346
adb_auth_sign(void * node,const unsigned char * token,size_t token_size,unsigned char * sig)347 int adb_auth_sign(void *node, const unsigned char* token, size_t token_size,
348 unsigned char* sig)
349 {
350 unsigned int len;
351 struct adb_private_key *key = node_to_item(node, struct adb_private_key, node);
352
353 if (token_size != TOKEN_SIZE) {
354 D("Unexpected token size %zd", token_size);
355 return 0;
356 }
357
358 if (!RSA_sign(NID_sha1, token, token_size, sig, &len, key->rsa)) {
359 return 0;
360 }
361
362 D("adb_auth_sign len=%d", len);
363 return (int)len;
364 }
365
adb_auth_nextkey(void * current)366 void *adb_auth_nextkey(void *current)
367 {
368 struct listnode *item;
369
370 if (list_empty(&key_list))
371 return NULL;
372
373 if (!current)
374 return list_head(&key_list);
375
376 list_for_each(item, &key_list) {
377 if (item == current) {
378 /* current is the last item, we tried all the keys */
379 if (item->next == &key_list)
380 return NULL;
381 return item->next;
382 }
383 }
384
385 return NULL;
386 }
387
adb_auth_get_userkey(unsigned char * data,size_t len)388 int adb_auth_get_userkey(unsigned char *data, size_t len)
389 {
390 char path[PATH_MAX];
391 int ret = get_user_keyfilepath(path, sizeof(path) - 4);
392 if (ret < 0 || ret >= (signed)(sizeof(path) - 4)) {
393 D("Error getting user key filename");
394 return 0;
395 }
396 strcat(path, ".pub");
397
398 // TODO(danalbert): ReadFileToString
399 // Note that on Windows, load_file() does not do CR/LF translation, but
400 // ReadFileToString() uses the C Runtime which uses CR/LF translation by
401 // default (by is overridable with _setmode()).
402 unsigned size;
403 char* file_data = reinterpret_cast<char*>(load_file(path, &size));
404 if (file_data == nullptr) {
405 D("Can't load '%s'", path);
406 return 0;
407 }
408
409 if (len < (size_t)(size + 1)) {
410 D("%s: Content too large ret=%d", path, size);
411 free(file_data);
412 return 0;
413 }
414
415 memcpy(data, file_data, size);
416 free(file_data);
417 file_data = nullptr;
418 data[size] = '\0';
419
420 return size + 1;
421 }
422
adb_auth_keygen(const char * filename)423 int adb_auth_keygen(const char* filename) {
424 return (generate_key(filename) == 0);
425 }
426
adb_auth_init(void)427 void adb_auth_init(void)
428 {
429 int ret;
430
431 D("adb_auth_init");
432
433 list_init(&key_list);
434
435 ret = get_user_key(&key_list);
436 if (!ret) {
437 D("Failed to get user key");
438 return;
439 }
440
441 get_vendor_keys(&key_list);
442 }
443