Switch fs_mgr and adb to libcrypto_utils. (097b6bbc) · Commits · e / os / android_system_core

adb/Android.mk

+7 −5

Original line number	Diff line number	Diff line
		@@ -108,7 +108,7 @@ LOCAL_SANITIZE := $(adb_target_sanitize)

		# Even though we're building a static library (and thus there's no link step for
		# this to take effect), this adds the includes to our path.
		LOCAL_STATIC_LIBRARIES := libbase
		LOCAL_STATIC_LIBRARIES := libcrypto_utils_static libcrypto_static libbase

		include $(BUILD_STATIC_LIBRARY)

		@@ -131,7 +131,7 @@ LOCAL_SANITIZE := $(adb_host_sanitize)

		# Even though we're building a static library (and thus there's no link step for
		# this to take effect), this adds the includes to our path.
		LOCAL_STATIC_LIBRARIES := libcrypto_static libbase
		LOCAL_STATIC_LIBRARIES := libcrypto_utils_static libcrypto_static libbase

		LOCAL_C_INCLUDES_windows := development/host/windows/usb/api/
		LOCAL_MULTILIB := first
		@@ -151,7 +151,7 @@ LOCAL_SRC_FILES := \
		shell_service_test.cpp \

		LOCAL_SANITIZE := $(adb_target_sanitize)
		LOCAL_STATIC_LIBRARIES := libadbd
		LOCAL_STATIC_LIBRARIES := libadbd libcrypto_utils_static libcrypto_static
		LOCAL_SHARED_LIBRARIES := liblog libbase libcutils
		include $(BUILD_NATIVE_TEST)

		@@ -191,6 +191,7 @@ LOCAL_SANITIZE := $(adb_host_sanitize)
		LOCAL_SHARED_LIBRARIES := libbase
		LOCAL_STATIC_LIBRARIES := \
		libadb \
		libcrypto_utils_static \
		libcrypto_static \
		libcutils \
		libdiagnose_usb \
		@@ -219,7 +220,7 @@ LOCAL_CFLAGS_darwin := $(LIBADB_darwin_CFLAGS)
		LOCAL_SRC_FILES := test_track_devices.cpp
		LOCAL_SANITIZE := $(adb_host_sanitize)
		LOCAL_SHARED_LIBRARIES := libbase
		LOCAL_STATIC_LIBRARIES := libadb libcrypto_static libcutils
		LOCAL_STATIC_LIBRARIES := libadb libcrypto_utils_static libcrypto_static libcutils
		LOCAL_LDLIBS += -lrt -ldl -lpthread
		include $(BUILD_HOST_EXECUTABLE)
		endif
		@@ -271,6 +272,7 @@ LOCAL_SANITIZE := $(adb_host_sanitize)
		LOCAL_STATIC_LIBRARIES := \
		libadb \
		libbase \
		libcrypto_utils_static \
		libcrypto_static \
		libdiagnose_usb \
		liblog \
		@@ -342,11 +344,11 @@ LOCAL_STATIC_LIBRARIES := \
		libfec_rs \
		libselinux \
		liblog \
		libmincrypt \
		libext4_utils_static \
		libsquashfs_utils \
		libcutils \
		libbase \
		libcrypto_utils_static \
		libcrypto_static \
		libminijail

adb/adb.cpp

+2 −1

Original line number	Diff line number	Diff line
		@@ -353,7 +353,8 @@ void handle_packet(apacket p, atransport t)
		send_auth_publickey(t);
		}
		} else if (p->msg.arg0 == ADB_AUTH_SIGNATURE) {
		if (adb_auth_verify(t->token, p->data, p->msg.data_length)) {
		if (adb_auth_verify(t->token, sizeof(t->token),
		p->data, p->msg.data_length)) {
		adb_auth_verified(t);
		t->failed_auth_attempts = 0;
		} else {

adb/adb_auth.h

+14 −5

Original line number	Diff line number	Diff line
		@@ -43,9 +43,15 @@ int adb_auth_sign(void key, const unsigned char token, size_t token_size,
		void adb_auth_nextkey(void current);
		int adb_auth_get_userkey(unsigned char *data, size_t len);

		static inline int adb_auth_generate_token(void *token, size_t token_size) { return 0; }
		static inline int adb_auth_verify(void token, void sig, int siglen) { return 0; }
		static inline void adb_auth_confirm_key(unsigned char data, size_t len, atransport t) { }
		static inline int adb_auth_generate_token(void *token, size_t token_size) {
		return 0;
		}
		static inline int adb_auth_verify(void *token, size_t token_size,
		void *sig, int siglen) {
		return 0;
		}
		static inline void adb_auth_confirm_key(unsigned char *data, size_t len,
		atransport *t) {}

		#else // !ADB_HOST

		@@ -54,12 +60,15 @@ static inline int adb_auth_sign(void* key, const unsigned char* token,
		return 0;
		}
		static inline void adb_auth_nextkey(void current) { return NULL; }
		static inline int adb_auth_get_userkey(unsigned char *data, size_t len) { return 0; }
		static inline int adb_auth_get_userkey(unsigned char *data, size_t len) {
		return 0;
		}

		void adbd_auth_init(void);
		void adbd_cloexec_auth_socket();
		int adb_auth_generate_token(void *token, size_t token_size);
		int adb_auth_verify(uint8_t* token, uint8_t* sig, int siglen);
		int adb_auth_verify(uint8_t* token, size_t token_size,
		uint8_t* sig, int siglen);
		void adb_auth_confirm_key(unsigned char data, size_t len, atransport t);

		#endif // ADB_HOST

adb/adb_auth_client.cpp

+20 −15

Original line number	Diff line number	Diff line
		@@ -23,10 +23,14 @@
		#include <stdio.h>
		#include <string.h>

		#include <openssl/obj_mac.h>
		#include <openssl/rsa.h>
		#include <openssl/sha.h>

		#include <crypto_utils/android_pubkey.h>

		#include "cutils/list.h"
		#include "cutils/sockets.h"
		#include "mincrypt/rsa.h"
		#include "mincrypt/sha.h"

		#include "adb.h"
		#include "fdevent.h"
		@@ -34,7 +38,7 @@

		struct adb_public_key {
		struct listnode node;
		RSAPublicKey key;
		RSA* key;
		};

		static const char *key_paths[] = {
		@@ -66,9 +70,8 @@ static void read_keys(const char file, struct listnode list)
		}

		while (fgets(buf, sizeof(buf), f)) {
		/* Allocate 4 extra bytes to decode the base64 data in-place */
		auto key = reinterpret_cast<adb_public_key*>(
		calloc(1, sizeof(adb_public_key) + 4));
		calloc(1, sizeof(adb_public_key)));
		if (key == nullptr) {
		D("Can't malloc key");
		break;
		@@ -78,15 +81,18 @@ static void read_keys(const char file, struct listnode list)
		if (sep)
		*sep = '\0';

		ret = __b64_pton(buf, (u_char *)&key->key, sizeof(key->key) + 4);
		if (ret != sizeof(key->key)) {
		// b64_pton requires one additional byte in the target buffer for
		// decoding to succeed. See http://b/28035006 for details.
		uint8_t keybuf[ANDROID_PUBKEY_ENCODED_SIZE + 1];
		ret = __b64_pton(buf, keybuf, sizeof(keybuf));
		if (ret != ANDROID_PUBKEY_ENCODED_SIZE) {
		D("%s: Invalid base64 data ret=%d", file, ret);
		free(key);
		continue;
		}

		if (key->key.len != RSANUMWORDS) {
		D("%s: Invalid key len %d", file, key->key.len);
		if (!android_pubkey_decode(keybuf, ret, &key->key)) {
		D("%s: Failed to parse key", file);
		free(key);
		continue;
		}
		@@ -104,7 +110,9 @@ static void free_keys(struct listnode *list)
		while (!list_empty(list)) {
		item = list_head(list);
		list_remove(item);
		free(node_to_item(item, struct adb_public_key, node));
		adb_public_key* key = node_to_item(item, struct adb_public_key, node);
		RSA_free(key->key);
		free(key);
		}
		}

		@@ -139,20 +147,17 @@ int adb_auth_generate_token(void *token, size_t token_size)
		return ret * token_size;
		}

		int adb_auth_verify(uint8_t* token, uint8_t* sig, int siglen)
		int adb_auth_verify(uint8_t* token, size_t token_size, uint8_t* sig, int siglen)
		{
		struct listnode *item;
		struct listnode key_list;
		int ret = 0;

		if (siglen != RSANUMBYTES)
		return 0;

		load_keys(&key_list);

		list_for_each(item, &key_list) {
		adb_public_key* key = node_to_item(item, struct adb_public_key, node);
		ret = RSA_verify(&key->key, sig, siglen, token, SHA_DIGEST_SIZE);
		ret = RSA_verify(NID_sha1, token, token_size, sig, siglen, key->key);
		if (ret)
		break;
		}

adb/adb_auth_host.cpp

+27 −78

Original line number	Diff line number	Diff line
		@@ -37,14 +37,9 @@

		#include "adb.h"

		/* HACK: we need the RSAPublicKey struct
		* but RSA_verify conflits with openssl */
		#define RSA_verify RSA_verify_mincrypt
		#include "mincrypt/rsa.h"
		#undef RSA_verify

		#include <android-base/errors.h>
		#include <android-base/strings.h>
		#include <crypto_utils/android_pubkey.h>
		#include <cutils/list.h>

		#include <openssl/evp.h>
		@@ -68,54 +63,6 @@ struct adb_private_key {
		static struct listnode key_list;


		/* Convert OpenSSL RSA private key to android pre-computed RSAPublicKey format */
		static int RSA_to_RSAPublicKey(RSA rsa, RSAPublicKey pkey)
		{
		int ret = 1;
		unsigned int i;

		BN_CTX* ctx = BN_CTX_new();
		BIGNUM* r32 = BN_new();
		BIGNUM* rr = BN_new();
		BIGNUM* r = BN_new();
		BIGNUM* rem = BN_new();
		BIGNUM* n = BN_new();
		BIGNUM* n0inv = BN_new();

		if (RSA_size(rsa) != RSANUMBYTES) {
		ret = 0;
		goto out;
		}

		BN_set_bit(r32, 32);
		BN_copy(n, rsa->n);
		BN_set_bit(r, RSANUMWORDS * 32);
		BN_mod_sqr(rr, r, n, ctx);
		BN_div(NULL, rem, n, r32, ctx);
		BN_mod_inverse(n0inv, rem, r32, ctx);

		pkey->len = RSANUMWORDS;
		pkey->n0inv = 0 - BN_get_word(n0inv);
		for (i = 0; i < RSANUMWORDS; i++) {
		BN_div(rr, rem, rr, r32, ctx);
		pkey->rr[i] = BN_get_word(rem);
		BN_div(n, rem, n, r32, ctx);
		pkey->n[i] = BN_get_word(rem);
		}
		pkey->exponent = BN_get_word(rsa->e);

		out:
		BN_free(n0inv);
		BN_free(n);
		BN_free(rem);
		BN_free(r);
		BN_free(rr);
		BN_free(r32);
		BN_CTX_free(ctx);

		return ret;
		}

		static void get_user_info(char *buf, size_t len)
		{
		char hostname[1024], username[1024];
		@@ -156,53 +103,55 @@ static void get_user_info(char *buf, size_t len)

		static int write_public_keyfile(RSA private_key, const char private_key_path)
		{
		RSAPublicKey pkey;
		uint8_t binary_key_data[ANDROID_PUBKEY_ENCODED_SIZE];
		uint8_t* base64_key_data = nullptr;
		size_t base64_key_length = 0;
		FILE *outfile = NULL;
		char path[PATH_MAX], info[MAX_PAYLOAD_V1];
		uint8_t* encoded = nullptr;
		size_t encoded_length;
		int ret = 0;

		if (snprintf(path, sizeof(path), "%s.pub", private_key_path) >=
		(int)sizeof(path)) {
		D("Path too long while writing public key");
		return 0;
		}

		if (!RSA_to_RSAPublicKey(private_key, &pkey)) {
		if (!android_pubkey_encode(private_key, binary_key_data,
		sizeof(binary_key_data))) {
		D("Failed to convert to publickey");
		return 0;
		}

		outfile = fopen(path, "w");
		if (!outfile) {
		D("Failed to open '%s'", path);
		return 0;
		goto out;
		}

		D("Writing public key to '%s'", path);

		#if defined(OPENSSL_IS_BORINGSSL)
		if (!EVP_EncodedLength(&encoded_length, sizeof(pkey))) {
		if (!EVP_EncodedLength(&base64_key_length, sizeof(binary_key_data))) {
		D("Public key too large to base64 encode");
		goto out;
		}
		#else
		/* While we switch from OpenSSL to BoringSSL we have to implement
		* \|EVP_EncodedLength\| here. */
		encoded_length = 1 + ((sizeof(pkey) + 2) / 3 * 4);
		base64_key_length = 1 + ((sizeof(binary_key_data) + 2) / 3 * 4);
		#endif

		encoded = new uint8_t[encoded_length];
		if (encoded == nullptr) {
		base64_key_data = new uint8_t[base64_key_length];
		if (base64_key_data == nullptr) {
		D("Allocation failure");
		goto out;
		}

		encoded_length = EVP_EncodeBlock(encoded, (uint8_t*) &pkey, sizeof(pkey));
		base64_key_length = EVP_EncodeBlock(base64_key_data, binary_key_data,
		sizeof(binary_key_data));
		get_user_info(info, sizeof(info));

		if (fwrite(encoded, encoded_length, 1, outfile) != 1 \|\|
		if (snprintf(path, sizeof(path), "%s.pub", private_key_path) >=
		(int)sizeof(path)) {
		D("Path too long while writing public key");
		goto out;
		}

		outfile = fopen(path, "w");
		if (!outfile) {
		D("Failed to open '%s'", path);
		goto out;
		}

		if (fwrite(base64_key_data, base64_key_length, 1, outfile) != 1 \|\|
		fwrite(info, strlen(info), 1, outfile) != 1) {
		D("Write error while writing public key");
		goto out;
		@@ -214,7 +163,7 @@ static int write_public_keyfile(RSA private_key, const char private_key_path)
		if (outfile != NULL) {
		fclose(outfile);
		}
		delete[] encoded;
		delete[] base64_key_data;
		return ret;
		}