Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 345cb066 authored by Benoit Goby's avatar Benoit Goby
Browse files

adb: Read secure adb keys on every auth request 

The framework can now clear the user key list, so we need to reload the
key list on every auth request instead of loading it once when adbd
starts.
This also fixes issues with encrypted devices, where the user key file
is only readable after the user has unlocked the device.

Change-Id: I350c5aab986f8ca86b95f316398d03012553e581
parent d984497a

adb/adb_auth.h

+0 −2
Original line number Diff line number Diff line
@@ -36,7 +36,6 @@ int adb_auth_get_userkey(unsigned char *data, size_t len); 
static inline int adb_auth_generate_token(void *token, size_t token_size) { return 0; }

static inline int adb_auth_verify(void *token, void *sig, int siglen) { return 0; }

static inline void adb_auth_confirm_key(unsigned char *data, size_t len, atransport *t) { }

static inline void adb_auth_reload_keys(void) { }



#else // !ADB_HOST
@@ -47,7 +46,6 @@ static inline int adb_auth_get_userkey(unsigned char *data, size_t len) { return 
int adb_auth_generate_token(void *token, size_t token_size);

int adb_auth_verify(void *token, void *sig, int siglen);

void adb_auth_confirm_key(unsigned char *data, size_t len, atransport *t);

void adb_auth_reload_keys(void);



#endif // ADB_HOST

adb/adb_auth_client.c

+11 −12
Original line number Diff line number Diff line
@@ -34,8 +34,6 @@ struct adb_public_key { 
    RSAPublicKey key;

};



static struct listnode key_list;



static char *key_paths[] = {

    "/adb_keys",

    "/data/misc/adb/adb_keys",
@@ -102,18 +100,18 @@ static void free_keys(struct listnode *list) 
    }

}



void adb_auth_reload_keys(void)

static void load_keys(struct listnode *list)

{

    char *path;

    char **paths = key_paths;

    struct stat buf;



    free_keys(&key_list);

    list_init(list);



    while ((path = *paths++)) {

        if (!stat(path, &buf)) {

            D("Loading keys from '%s'\n", path);

            read_keys(path, &key_list);

            read_keys(path, list);

        }

    }

}
@@ -137,19 +135,24 @@ int adb_auth_verify(void *token, void *sig, int siglen) 
{

    struct listnode *item;

    struct adb_public_key *key;

    int ret;

    struct listnode key_list;

    int ret = 0;



    if (siglen != RSANUMBYTES)

        return 0;



    load_keys(&key_list);



    list_for_each(item, &key_list) {

        key = node_to_item(item, struct adb_public_key, node);

        ret = RSA_verify(&key->key, sig, siglen, token);

        if (ret)

            return 1;

            break;

    }



    return 0;

    free_keys(&key_list);



    return ret;

}



static void adb_auth_event(int fd, unsigned events, void *data)
@@ -166,7 +169,6 @@ static void adb_auth_event(int fd, unsigned events, void *data) 
            framework_fd = -1;

        }

        else if (ret == 2 && response[0] == 'O' && response[1] == 'K') {

            adb_auth_reload_keys();

            adb_auth_verified(t);

        }

    }
@@ -225,9 +227,6 @@ void adb_auth_init(void) 
{

    int fd, ret;



    list_init(&key_list);

    adb_auth_reload_keys();



    fd = android_get_control_socket("adbd");

    if (fd < 0) {

        D("Failed to get adbd socket\n");