Merge "adb: split up adb_auth.cpp." am: 4a8b178c97
am: 4546c8ac3d
Change-Id: Idb9ed3e21524893943ecd176d9abe6a1e3b5493b
This commit is contained in:
commit
58a5e5a50b
8 changed files with 124 additions and 141 deletions
|
@ -45,7 +45,6 @@ ADB_COMMON_windows_CFLAGS := \
|
|||
# get enough of adb in here that we no longer need minadb. https://b/17626262
|
||||
LIBADB_SRC_FILES := \
|
||||
adb.cpp \
|
||||
adb_auth.cpp \
|
||||
adb_io.cpp \
|
||||
adb_listeners.cpp \
|
||||
adb_trace.cpp \
|
||||
|
@ -103,7 +102,7 @@ LOCAL_MODULE := libadbd
|
|||
LOCAL_CFLAGS := $(LIBADB_CFLAGS) -DADB_HOST=0
|
||||
LOCAL_SRC_FILES := \
|
||||
$(LIBADB_SRC_FILES) \
|
||||
adb_auth_client.cpp \
|
||||
adbd_auth.cpp \
|
||||
jdwp_service.cpp \
|
||||
usb_linux_client.cpp \
|
||||
|
||||
|
|
38
adb/adb.cpp
38
adb/adb.cpp
|
@ -351,19 +351,31 @@ void handle_packet(apacket *p, atransport *t)
|
|||
break;
|
||||
|
||||
case A_AUTH:
|
||||
if (p->msg.arg0 == ADB_AUTH_TOKEN) {
|
||||
t->connection_state = kCsUnauthorized;
|
||||
send_auth_response(p->data, p->msg.data_length, t);
|
||||
} else if (p->msg.arg0 == ADB_AUTH_SIGNATURE) {
|
||||
if (adb_auth_verify(t->token, sizeof(t->token), p->data, p->msg.data_length)) {
|
||||
adb_auth_verified(t);
|
||||
t->failed_auth_attempts = 0;
|
||||
} else {
|
||||
if (t->failed_auth_attempts++ > 256) adb_sleep_ms(1000);
|
||||
send_auth_request(t);
|
||||
}
|
||||
} else if (p->msg.arg0 == ADB_AUTH_RSAPUBLICKEY) {
|
||||
adb_auth_confirm_key(p->data, p->msg.data_length, t);
|
||||
switch (p->msg.arg0) {
|
||||
#if ADB_HOST
|
||||
case ADB_AUTH_TOKEN:
|
||||
t->connection_state = kCsUnauthorized;
|
||||
send_auth_response(p->data, p->msg.data_length, t);
|
||||
break;
|
||||
#else
|
||||
case ADB_AUTH_SIGNATURE:
|
||||
if (adbd_auth_verify(t->token, sizeof(t->token), p->data, p->msg.data_length)) {
|
||||
adbd_auth_verified(t);
|
||||
t->failed_auth_attempts = 0;
|
||||
} else {
|
||||
if (t->failed_auth_attempts++ > 256) adb_sleep_ms(1000);
|
||||
send_auth_request(t);
|
||||
}
|
||||
break;
|
||||
|
||||
case ADB_AUTH_RSAPUBLICKEY:
|
||||
adbd_auth_confirm_key(p->data, p->msg.data_length, t);
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
t->connection_state = kCsOffline;
|
||||
handle_offline(t);
|
||||
break;
|
||||
}
|
||||
break;
|
||||
|
||||
|
|
101
adb/adb_auth.cpp
101
adb/adb_auth.cpp
|
@ -1,101 +0,0 @@
|
|||
/*
|
||||
* Copyright (C) 2015 The Android Open Source Project
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#define TRACE_TAG ADB
|
||||
|
||||
#include "adb.h"
|
||||
#include "adb_auth.h"
|
||||
#include "transport.h"
|
||||
|
||||
#include <errno.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <sys/types.h>
|
||||
#include <unistd.h>
|
||||
|
||||
bool auth_required = true;
|
||||
|
||||
void send_auth_request(atransport *t)
|
||||
{
|
||||
LOG(INFO) << "Calling send_auth_request...";
|
||||
|
||||
if (!adb_auth_generate_token(t->token, sizeof(t->token))) {
|
||||
PLOG(ERROR) << "Error generating token";
|
||||
return;
|
||||
}
|
||||
|
||||
apacket* p = get_apacket();
|
||||
memcpy(p->data, t->token, sizeof(t->token));
|
||||
p->msg.command = A_AUTH;
|
||||
p->msg.arg0 = ADB_AUTH_TOKEN;
|
||||
p->msg.data_length = sizeof(t->token);
|
||||
send_packet(p, t);
|
||||
}
|
||||
|
||||
static void send_auth_publickey(atransport* t) {
|
||||
LOG(INFO) << "Calling send_auth_publickey";
|
||||
|
||||
std::string key = adb_auth_get_userkey();
|
||||
if (key.empty()) {
|
||||
D("Failed to get user public key");
|
||||
return;
|
||||
}
|
||||
|
||||
if (key.size() >= MAX_PAYLOAD_V1) {
|
||||
D("User public key too large (%zu B)", key.size());
|
||||
return;
|
||||
}
|
||||
|
||||
apacket* p = get_apacket();
|
||||
memcpy(p->data, key.c_str(), key.size() + 1);
|
||||
|
||||
p->msg.command = A_AUTH;
|
||||
p->msg.arg0 = ADB_AUTH_RSAPUBLICKEY;
|
||||
|
||||
// adbd expects a null-terminated string.
|
||||
p->msg.data_length = key.size() + 1;
|
||||
send_packet(p, t);
|
||||
}
|
||||
|
||||
void send_auth_response(uint8_t* token, size_t token_size, atransport* t) {
|
||||
std::shared_ptr<RSA> key = t->NextKey();
|
||||
if (key == nullptr) {
|
||||
// No more private keys to try, send the public key.
|
||||
send_auth_publickey(t);
|
||||
return;
|
||||
}
|
||||
|
||||
LOG(INFO) << "Calling send_auth_response";
|
||||
apacket* p = get_apacket();
|
||||
|
||||
int ret = adb_auth_sign(key.get(), token, token_size, p->data);
|
||||
if (!ret) {
|
||||
D("Error signing the token");
|
||||
put_apacket(p);
|
||||
return;
|
||||
}
|
||||
|
||||
p->msg.command = A_AUTH;
|
||||
p->msg.arg0 = ADB_AUTH_SIGNATURE;
|
||||
p->msg.data_length = ret;
|
||||
send_packet(p, t);
|
||||
}
|
||||
|
||||
void adb_auth_verified(atransport *t)
|
||||
{
|
||||
handle_online(t);
|
||||
send_connect(t);
|
||||
}
|
|
@ -24,14 +24,6 @@
|
|||
|
||||
#include <openssl/rsa.h>
|
||||
|
||||
extern bool auth_required;
|
||||
|
||||
int adb_auth_keygen(const char* filename);
|
||||
void adb_auth_verified(atransport *t);
|
||||
|
||||
void send_auth_request(atransport *t);
|
||||
void send_auth_response(uint8_t *token, size_t token_size, atransport *t);
|
||||
|
||||
/* AUTH packets first argument */
|
||||
/* Request */
|
||||
#define ADB_AUTH_TOKEN 1
|
||||
|
@ -42,25 +34,26 @@ void send_auth_response(uint8_t *token, size_t token_size, atransport *t);
|
|||
#if ADB_HOST
|
||||
|
||||
void adb_auth_init();
|
||||
|
||||
int adb_auth_keygen(const char* filename);
|
||||
int adb_auth_sign(RSA* key, const unsigned char* token, size_t token_size, unsigned char* sig);
|
||||
std::string adb_auth_get_userkey();
|
||||
std::deque<std::shared_ptr<RSA>> adb_auth_get_private_keys();
|
||||
|
||||
static inline bool adb_auth_generate_token(void*, size_t) { abort(); }
|
||||
static inline bool adb_auth_verify(void*, size_t, void*, int) { abort(); }
|
||||
static inline void adb_auth_confirm_key(unsigned char*, size_t, atransport*) { abort(); }
|
||||
void send_auth_response(uint8_t *token, size_t token_size, atransport *t);
|
||||
|
||||
#else // !ADB_HOST
|
||||
|
||||
static inline int adb_auth_sign(void*, const unsigned char*, size_t, unsigned char*) { abort(); }
|
||||
static inline std::string adb_auth_get_userkey() { abort(); }
|
||||
static inline std::deque<std::shared_ptr<RSA>> adb_auth_get_private_keys() { abort(); }
|
||||
extern bool auth_required;
|
||||
|
||||
void adbd_auth_init(void);
|
||||
void adbd_auth_verified(atransport *t);
|
||||
|
||||
void adbd_cloexec_auth_socket();
|
||||
bool adb_auth_generate_token(void* token, size_t token_size);
|
||||
bool adb_auth_verify(uint8_t* token, size_t token_size, uint8_t* sig, int sig_len);
|
||||
void adb_auth_confirm_key(unsigned char *data, size_t len, atransport *t);
|
||||
bool adbd_auth_verify(uint8_t* token, size_t token_size, uint8_t* sig, int sig_len);
|
||||
void adbd_auth_confirm_key(unsigned char *data, size_t len, atransport *t);
|
||||
|
||||
void send_auth_request(atransport *t);
|
||||
|
||||
#endif // ADB_HOST
|
||||
|
||||
|
|
|
@ -45,6 +45,7 @@
|
|||
#include "adb_auth.h"
|
||||
#include "adb_utils.h"
|
||||
#include "sysdeps.h"
|
||||
#include "transport.h"
|
||||
|
||||
static std::mutex& g_keys_mutex = *new std::mutex;
|
||||
static std::map<std::string, std::shared_ptr<RSA>>& g_keys =
|
||||
|
@ -421,3 +422,52 @@ void adb_auth_init() {
|
|||
read_keys(path.c_str());
|
||||
}
|
||||
}
|
||||
|
||||
static void send_auth_publickey(atransport* t) {
|
||||
LOG(INFO) << "Calling send_auth_publickey";
|
||||
|
||||
std::string key = adb_auth_get_userkey();
|
||||
if (key.empty()) {
|
||||
D("Failed to get user public key");
|
||||
return;
|
||||
}
|
||||
|
||||
if (key.size() >= MAX_PAYLOAD_V1) {
|
||||
D("User public key too large (%zu B)", key.size());
|
||||
return;
|
||||
}
|
||||
|
||||
apacket* p = get_apacket();
|
||||
memcpy(p->data, key.c_str(), key.size() + 1);
|
||||
|
||||
p->msg.command = A_AUTH;
|
||||
p->msg.arg0 = ADB_AUTH_RSAPUBLICKEY;
|
||||
|
||||
// adbd expects a null-terminated string.
|
||||
p->msg.data_length = key.size() + 1;
|
||||
send_packet(p, t);
|
||||
}
|
||||
|
||||
void send_auth_response(uint8_t* token, size_t token_size, atransport* t) {
|
||||
std::shared_ptr<RSA> key = t->NextKey();
|
||||
if (key == nullptr) {
|
||||
// No more private keys to try, send the public key.
|
||||
send_auth_publickey(t);
|
||||
return;
|
||||
}
|
||||
|
||||
LOG(INFO) << "Calling send_auth_response";
|
||||
apacket* p = get_apacket();
|
||||
|
||||
int ret = adb_auth_sign(key.get(), token, token_size, p->data);
|
||||
if (!ret) {
|
||||
D("Error signing the token");
|
||||
put_apacket(p);
|
||||
return;
|
||||
}
|
||||
|
||||
p->msg.command = A_AUTH;
|
||||
p->msg.arg0 = ADB_AUTH_SIGNATURE;
|
||||
p->msg.data_length = ret;
|
||||
send_packet(p, t);
|
||||
}
|
||||
|
|
|
@ -44,7 +44,9 @@ static struct adisconnect usb_disconnect = { usb_disconnected, nullptr};
|
|||
static atransport* usb_transport;
|
||||
static bool needs_retry = false;
|
||||
|
||||
bool adb_auth_verify(uint8_t* token, size_t token_size, uint8_t* sig, int sig_len) {
|
||||
bool auth_required = true;
|
||||
|
||||
bool adbd_auth_verify(uint8_t* token, size_t token_size, uint8_t* sig, int sig_len) {
|
||||
static constexpr const char* key_paths[] = { "/adb_keys", "/data/misc/adb/adb_keys", nullptr };
|
||||
|
||||
for (const auto& path : key_paths) {
|
||||
|
@ -85,7 +87,7 @@ bool adb_auth_verify(uint8_t* token, size_t token_size, uint8_t* sig, int sig_le
|
|||
return false;
|
||||
}
|
||||
|
||||
bool adb_auth_generate_token(void* token, size_t token_size) {
|
||||
static bool adbd_auth_generate_token(void* token, size_t token_size) {
|
||||
FILE* fp = fopen("/dev/urandom", "re");
|
||||
if (!fp) return false;
|
||||
bool okay = (fread(token, token_size, 1, fp) == 1);
|
||||
|
@ -105,7 +107,7 @@ static void framework_disconnected() {
|
|||
framework_fd = -1;
|
||||
}
|
||||
|
||||
static void adb_auth_event(int fd, unsigned events, void*) {
|
||||
static void adbd_auth_event(int fd, unsigned events, void*) {
|
||||
if (events & FDE_READ) {
|
||||
char response[2];
|
||||
int ret = unix_read(fd, response, sizeof(response));
|
||||
|
@ -113,13 +115,13 @@ static void adb_auth_event(int fd, unsigned events, void*) {
|
|||
framework_disconnected();
|
||||
} else if (ret == 2 && response[0] == 'O' && response[1] == 'K') {
|
||||
if (usb_transport) {
|
||||
adb_auth_verified(usb_transport);
|
||||
adbd_auth_verified(usb_transport);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void adb_auth_confirm_key(unsigned char* key, size_t len, atransport* t) {
|
||||
void adbd_auth_confirm_key(unsigned char* key, size_t len, atransport* t) {
|
||||
if (!usb_transport) {
|
||||
usb_transport = t;
|
||||
t->AddDisconnect(&usb_disconnect);
|
||||
|
@ -150,7 +152,7 @@ void adb_auth_confirm_key(unsigned char* key, size_t len, atransport* t) {
|
|||
}
|
||||
}
|
||||
|
||||
static void adb_auth_listener(int fd, unsigned events, void* data) {
|
||||
static void adbd_auth_listener(int fd, unsigned events, void* data) {
|
||||
int s = adb_socket_accept(fd, nullptr, nullptr);
|
||||
if (s < 0) {
|
||||
PLOG(ERROR) << "Failed to accept";
|
||||
|
@ -163,7 +165,7 @@ static void adb_auth_listener(int fd, unsigned events, void* data) {
|
|||
}
|
||||
|
||||
framework_fd = s;
|
||||
fdevent_install(&framework_fde, framework_fd, adb_auth_event, nullptr);
|
||||
fdevent_install(&framework_fde, framework_fd, adbd_auth_event, nullptr);
|
||||
fdevent_add(&framework_fde, FDE_READ);
|
||||
|
||||
if (needs_retry) {
|
||||
|
@ -193,6 +195,28 @@ void adbd_auth_init(void) {
|
|||
return;
|
||||
}
|
||||
|
||||
fdevent_install(&listener_fde, fd, adb_auth_listener, NULL);
|
||||
fdevent_install(&listener_fde, fd, adbd_auth_listener, NULL);
|
||||
fdevent_add(&listener_fde, FDE_READ);
|
||||
}
|
||||
|
||||
void send_auth_request(atransport* t) {
|
||||
LOG(INFO) << "Calling send_auth_request...";
|
||||
|
||||
if (!adbd_auth_generate_token(t->token, sizeof(t->token))) {
|
||||
PLOG(ERROR) << "Error generating token";
|
||||
return;
|
||||
}
|
||||
|
||||
apacket* p = get_apacket();
|
||||
memcpy(p->data, t->token, sizeof(t->token));
|
||||
p->msg.command = A_AUTH;
|
||||
p->msg.arg0 = ADB_AUTH_TOKEN;
|
||||
p->msg.data_length = sizeof(t->token);
|
||||
send_packet(p, t);
|
||||
}
|
||||
|
||||
void adbd_auth_verified(atransport *t)
|
||||
{
|
||||
handle_online(t);
|
||||
send_connect(t);
|
||||
}
|
|
@ -1071,6 +1071,7 @@ int check_data(apacket *p)
|
|||
}
|
||||
}
|
||||
|
||||
#if ADB_HOST
|
||||
std::shared_ptr<RSA> atransport::NextKey() {
|
||||
if (keys_.empty()) keys_ = adb_auth_get_private_keys();
|
||||
|
||||
|
@ -1078,3 +1079,4 @@ std::shared_ptr<RSA> atransport::NextKey() {
|
|||
keys_.pop_front();
|
||||
return result;
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -108,7 +108,9 @@ public:
|
|||
return type == kTransportLocal && local_port_for_emulator_ == -1;
|
||||
}
|
||||
|
||||
#if ADB_HOST
|
||||
std::shared_ptr<RSA> NextKey();
|
||||
#endif
|
||||
|
||||
unsigned char token[TOKEN_SIZE] = {};
|
||||
size_t failed_auth_attempts = 0;
|
||||
|
@ -161,7 +163,9 @@ private:
|
|||
// A list of adisconnect callbacks called when the transport is kicked.
|
||||
std::list<adisconnect*> disconnects_;
|
||||
|
||||
#if ADB_HOST
|
||||
std::deque<std::shared_ptr<RSA>> keys_;
|
||||
#endif
|
||||
|
||||
DISALLOW_COPY_AND_ASSIGN(atransport);
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue