1 /*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define TRACE_TAG AUTH
18
19 #include "sysdeps.h"
20
21 #include <resolv.h>
22 #include <stdio.h>
23 #include <string.h>
24
25 #include <algorithm>
26 #include <chrono>
27 #include <iomanip>
28 #include <map>
29 #include <memory>
30 #include <thread>
31
32 #include <adb/crypto/rsa_2048_key.h>
33 #include <adb/tls/adb_ca_list.h>
34 #include <adbd_auth.h>
35 #include <android-base/file.h>
36 #include <android-base/no_destructor.h>
37 #include <android-base/strings.h>
38 #include <crypto_utils/android_pubkey.h>
39 #include <openssl/obj_mac.h>
40 #include <openssl/rsa.h>
41 #include <openssl/sha.h>
42 #include <openssl/ssl.h>
43
44 #include "adb.h"
45 #include "adb_auth.h"
46 #include "adb_io.h"
47 #include "adb_wifi.h"
48 #include "fdevent/fdevent.h"
49 #include "transport.h"
50 #include "types.h"
51
52 using namespace adb::crypto;
53 using namespace adb::tls;
54 using namespace std::chrono_literals;
55
56 static AdbdAuthContext* auth_ctx;
57
58 static RSA* rsa_pkey = nullptr;
59
60 static void adb_disconnected(void* unused, atransport* t);
61 static struct adisconnect adb_disconnect = {adb_disconnected, nullptr};
62
63 static android::base::NoDestructor<std::map<uint32_t, weak_ptr<atransport>>> transports;
64 static uint32_t transport_auth_id = 0;
65
66 bool auth_required = true;
67
transport_to_callback_arg(atransport * transport)68 static void* transport_to_callback_arg(atransport* transport) {
69 uint32_t id = transport_auth_id++;
70 (*transports)[id] = transport->weak();
71 return reinterpret_cast<void*>(id);
72 }
73
transport_from_callback_arg(void * id)74 static atransport* transport_from_callback_arg(void* id) {
75 uint64_t id_u64 = reinterpret_cast<uint64_t>(id);
76 if (id_u64 > std::numeric_limits<uint32_t>::max()) {
77 LOG(FATAL) << "transport_from_callback_arg called on out of range value: " << id_u64;
78 }
79
80 uint32_t id_u32 = static_cast<uint32_t>(id_u64);
81 auto it = transports->find(id_u32);
82 if (it == transports->end()) {
83 LOG(ERROR) << "transport_from_callback_arg failed to find transport for id " << id_u32;
84 return nullptr;
85 }
86
87 atransport* t = it->second.get();
88 if (!t) {
89 LOG(WARNING) << "transport_from_callback_arg found already destructed transport";
90 return nullptr;
91 }
92
93 transports->erase(it);
94 return t;
95 }
96
IteratePublicKeys(std::function<bool (std::string_view public_key)> f)97 static void IteratePublicKeys(std::function<bool(std::string_view public_key)> f) {
98 adbd_auth_get_public_keys(
99 auth_ctx,
100 [](void* opaque, const char* public_key, size_t len) {
101 return (*static_cast<decltype(f)*>(opaque))(std::string_view(public_key, len));
102 },
103 &f);
104 }
105
adbd_tls_client_ca_list()106 bssl::UniquePtr<STACK_OF(X509_NAME)> adbd_tls_client_ca_list() {
107 if (!auth_required) {
108 return nullptr;
109 }
110
111 bssl::UniquePtr<STACK_OF(X509_NAME)> ca_list(sk_X509_NAME_new_null());
112
113 IteratePublicKeys([&](std::string_view public_key) {
114 // TODO: do we really have to support both ' ' and '\t'?
115 std::vector<std::string> split = android::base::Split(std::string(public_key), " \t");
116 uint8_t keybuf[ANDROID_PUBKEY_ENCODED_SIZE + 1];
117 const std::string& pubkey = split[0];
118 if (b64_pton(pubkey.c_str(), keybuf, sizeof(keybuf)) != ANDROID_PUBKEY_ENCODED_SIZE) {
119 LOG(ERROR) << "Invalid base64 key " << pubkey;
120 return true;
121 }
122
123 RSA* key = nullptr;
124 if (!android_pubkey_decode(keybuf, ANDROID_PUBKEY_ENCODED_SIZE, &key)) {
125 LOG(ERROR) << "Failed to parse key " << pubkey;
126 return true;
127 }
128 bssl::UniquePtr<RSA> rsa_key(key);
129
130 unsigned char* dkey = nullptr;
131 int len = i2d_RSA_PUBKEY(rsa_key.get(), &dkey);
132 if (len <= 0 || dkey == nullptr) {
133 LOG(ERROR) << "Failed to encode RSA public key";
134 return true;
135 }
136
137 uint8_t digest[SHA256_DIGEST_LENGTH];
138 // Put the encoded key in the commonName attribute of the issuer name.
139 // Note that the commonName has a max length of 64 bytes, which is less
140 // than the SHA256_DIGEST_LENGTH.
141 SHA256(dkey, len, digest);
142 OPENSSL_free(dkey);
143
144 auto digest_str = SHA256BitsToHexString(
145 std::string_view(reinterpret_cast<const char*>(&digest[0]), sizeof(digest)));
146 LOG(INFO) << "fingerprint=[" << digest_str << "]";
147 auto issuer = CreateCAIssuerFromEncodedKey(digest_str);
148 CHECK(bssl::PushToStack(ca_list.get(), std::move(issuer)));
149 return true;
150 });
151
152 return ca_list;
153 }
154
adbd_auth_verify(const char * token,size_t token_size,const std::string & sig,std::string * auth_key)155 bool adbd_auth_verify(const char* token, size_t token_size, const std::string& sig,
156 std::string* auth_key) {
157 bool authorized = false;
158 auth_key->clear();
159
160 IteratePublicKeys([&](std::string_view public_key) {
161 // TODO: do we really have to support both ' ' and '\t'?
162 std::vector<std::string> split = android::base::Split(std::string(public_key), " \t");
163 uint8_t keybuf[ANDROID_PUBKEY_ENCODED_SIZE + 1];
164 const std::string& pubkey = split[0];
165 if (b64_pton(pubkey.c_str(), keybuf, sizeof(keybuf)) != ANDROID_PUBKEY_ENCODED_SIZE) {
166 LOG(ERROR) << "Invalid base64 key " << pubkey;
167 return true;
168 }
169
170 RSA* key = nullptr;
171 if (!android_pubkey_decode(keybuf, ANDROID_PUBKEY_ENCODED_SIZE, &key)) {
172 LOG(ERROR) << "Failed to parse key " << pubkey;
173 return true;
174 }
175
176 bool verified =
177 (RSA_verify(NID_sha1, reinterpret_cast<const uint8_t*>(token), token_size,
178 reinterpret_cast<const uint8_t*>(sig.c_str()), sig.size(), key) == 1);
179 RSA_free(key);
180 if (verified) {
181 *auth_key = public_key;
182 authorized = true;
183 return false;
184 }
185
186 return true;
187 });
188
189 return authorized;
190 }
191
adbd_auth_generate_token(void * token,size_t token_size)192 static bool adbd_auth_generate_token(void* token, size_t token_size) {
193 FILE* fp = fopen("/dev/urandom", "re");
194 if (!fp) return false;
195 bool okay = (fread(token, token_size, 1, fp) == 1);
196 fclose(fp);
197 return okay;
198 }
199
adbd_cloexec_auth_socket()200 void adbd_cloexec_auth_socket() {
201 int fd = android_get_control_socket("adbd");
202 if (fd == -1) {
203 PLOG(ERROR) << "Failed to get adbd socket";
204 return;
205 }
206 fcntl(fd, F_SETFD, FD_CLOEXEC);
207 }
208
adbd_auth_key_authorized(void * arg,uint64_t id)209 static void adbd_auth_key_authorized(void* arg, uint64_t id) {
210 LOG(INFO) << "adb client authorized";
211 fdevent_run_on_main_thread([=]() {
212 LOG(INFO) << "arg = " << reinterpret_cast<uintptr_t>(arg);
213 auto* transport = transport_from_callback_arg(arg);
214 if (!transport) {
215 LOG(ERROR) << "authorization received for deleted transport, ignoring";
216 return;
217 }
218 transport->auth_id = id;
219 adbd_auth_verified(transport);
220 });
221 }
222
adbd_key_removed(const char * public_key,size_t len)223 static void adbd_key_removed(const char* public_key, size_t len) {
224 // The framework removed the key from its keystore. We need to disconnect all
225 // devices using that key. Search by t->auth_key
226 std::string_view auth_key(public_key, len);
227 kick_all_transports_by_auth_key(auth_key);
228 }
229
adbd_auth_init(void)230 void adbd_auth_init(void) {
231 AdbdAuthCallbacksV1 cb;
232 cb.version = 1;
233 cb.key_authorized = adbd_auth_key_authorized;
234 cb.key_removed = adbd_key_removed;
235 auth_ctx = adbd_auth_new(&cb);
236 adbd_wifi_init(auth_ctx);
237 std::thread([]() {
238 adb_thread_setname("adbd auth");
239 adbd_auth_run(auth_ctx);
240 LOG(FATAL) << "auth thread terminated";
241 }).detach();
242 }
243
send_auth_request(atransport * t)244 void send_auth_request(atransport* t) {
245 LOG(INFO) << "Calling send_auth_request...";
246
247 if (!adbd_auth_generate_token(t->token, sizeof(t->token))) {
248 PLOG(ERROR) << "Error generating token";
249 return;
250 }
251
252 apacket* p = get_apacket();
253 p->msg.command = A_AUTH;
254 p->msg.arg0 = ADB_AUTH_TOKEN;
255 p->msg.data_length = sizeof(t->token);
256 p->payload.assign(t->token, t->token + sizeof(t->token));
257 send_packet(p, t);
258 }
259
adbd_auth_verified(atransport * t)260 void adbd_auth_verified(atransport* t) {
261 LOG(INFO) << "adb client authorized";
262 handle_online(t);
263 send_connect(t);
264 }
265
adb_disconnected(void * unused,atransport * t)266 static void adb_disconnected(void* unused, atransport* t) {
267 LOG(INFO) << "ADB disconnect";
268 adbd_auth_notify_disconnect(auth_ctx, t->auth_id);
269 }
270
adbd_auth_confirm_key(atransport * t)271 void adbd_auth_confirm_key(atransport* t) {
272 LOG(INFO) << "prompting user to authorize key";
273 t->AddDisconnect(&adb_disconnect);
274 adbd_auth_prompt_user(auth_ctx, t->auth_key.data(), t->auth_key.size(),
275 transport_to_callback_arg(t));
276 }
277
adbd_notify_framework_connected_key(atransport * t)278 void adbd_notify_framework_connected_key(atransport* t) {
279 t->auth_id = adbd_auth_notify_auth(auth_ctx, t->auth_key.data(), t->auth_key.size());
280 }
281
adbd_tls_verify_cert(X509_STORE_CTX * ctx,std::string * auth_key)282 int adbd_tls_verify_cert(X509_STORE_CTX* ctx, std::string* auth_key) {
283 if (!auth_required) {
284 // Any key will do.
285 LOG(INFO) << __func__ << ": auth not required";
286 return 1;
287 }
288
289 bool authorized = false;
290 X509* cert = X509_STORE_CTX_get0_cert(ctx);
291 if (cert == nullptr) {
292 LOG(INFO) << "got null x509 certificate";
293 return 0;
294 }
295 bssl::UniquePtr<EVP_PKEY> evp_pkey(X509_get_pubkey(cert));
296 if (evp_pkey == nullptr) {
297 LOG(INFO) << "got null evp_pkey from x509 certificate";
298 return 0;
299 }
300
301 IteratePublicKeys([&](std::string_view public_key) {
302 // TODO: do we really have to support both ' ' and '\t'?
303 std::vector<std::string> split = android::base::Split(std::string(public_key), " \t");
304 uint8_t keybuf[ANDROID_PUBKEY_ENCODED_SIZE + 1];
305 const std::string& pubkey = split[0];
306 if (b64_pton(pubkey.c_str(), keybuf, sizeof(keybuf)) != ANDROID_PUBKEY_ENCODED_SIZE) {
307 LOG(ERROR) << "Invalid base64 key " << pubkey;
308 return true;
309 }
310
311 RSA* key = nullptr;
312 if (!android_pubkey_decode(keybuf, ANDROID_PUBKEY_ENCODED_SIZE, &key)) {
313 LOG(ERROR) << "Failed to parse key " << pubkey;
314 return true;
315 }
316
317 bool verified = false;
318 bssl::UniquePtr<EVP_PKEY> known_evp(EVP_PKEY_new());
319 EVP_PKEY_set1_RSA(known_evp.get(), key);
320 if (EVP_PKEY_cmp(known_evp.get(), evp_pkey.get())) {
321 LOG(INFO) << "Matched auth_key=" << public_key;
322 verified = true;
323 } else {
324 LOG(INFO) << "auth_key doesn't match [" << public_key << "]";
325 }
326 RSA_free(key);
327 if (verified) {
328 *auth_key = public_key;
329 authorized = true;
330 return false;
331 }
332
333 return true;
334 });
335
336 return authorized ? 1 : 0;
337 }
338
adbd_auth_tls_handshake(atransport * t)339 void adbd_auth_tls_handshake(atransport* t) {
340 if (rsa_pkey == nullptr) {
341 // Generate a random RSA key to feed into the X509 certificate
342 auto rsa_2048 = CreateRSA2048Key();
343 CHECK(rsa_2048.has_value());
344 rsa_pkey = EVP_PKEY_get1_RSA(rsa_2048->GetEvpPkey());
345 CHECK(rsa_pkey);
346 }
347
348 std::thread([t]() {
349 std::string auth_key;
350 if (t->connection()->DoTlsHandshake(rsa_pkey, &auth_key)) {
351 LOG(INFO) << "auth_key=" << auth_key;
352 if (t->IsTcpDevice()) {
353 t->auth_key = auth_key;
354 adbd_wifi_secure_connect(t);
355 } else {
356 adbd_auth_verified(t);
357 adbd_notify_framework_connected_key(t);
358 }
359 } else {
360 // Only allow one attempt at the handshake.
361 t->Kick();
362 }
363 }).detach();
364 }
365