Merge changes from topic 'boringssl_conversion'

# Even though we're building a static library (and thus there's no link step for

# this to take effect), this adds the includes to our path.

LOCAL_STATIC_LIBRARIES := libbase

LOCAL_STATIC_LIBRARIES := libcrypto_utils_static libcrypto_static libbase

include $(BUILD_STATIC_LIBRARY)

# Even though we're building a static library (and thus there's no link step for

# this to take effect), this adds the includes to our path.

LOCAL_STATIC_LIBRARIES := libcrypto_static libbase

LOCAL_STATIC_LIBRARIES := libcrypto_utils_static libcrypto_static libbase

LOCAL_C_INCLUDES_windows := development/host/windows/usb/api/

LOCAL_MULTILIB := first

    shell_service_test.cpp \

LOCAL_SANITIZE := $(adb_target_sanitize)

LOCAL_STATIC_LIBRARIES := libadbd

LOCAL_STATIC_LIBRARIES := libadbd libcrypto_utils_static libcrypto_static

LOCAL_SHARED_LIBRARIES := liblog libbase libcutils

include $(BUILD_NATIVE_TEST)

LOCAL_SHARED_LIBRARIES := libbase

LOCAL_STATIC_LIBRARIES := \

    libadb \

    libcrypto_utils_static \

    libcrypto_static \

    libcutils \

    libdiagnose_usb \

LOCAL_SRC_FILES := test_track_devices.cpp

LOCAL_SANITIZE := $(adb_host_sanitize)

LOCAL_SHARED_LIBRARIES := libbase

LOCAL_STATIC_LIBRARIES := libadb libcrypto_static libcutils

LOCAL_STATIC_LIBRARIES := libadb libcrypto_utils_static libcrypto_static libcutils

LOCAL_LDLIBS += -lrt -ldl -lpthread

include $(BUILD_HOST_EXECUTABLE)

endif

LOCAL_STATIC_LIBRARIES := \

    libadb \

    libbase \

    libcrypto_utils_static \

    libcrypto_static \

    libdiagnose_usb \

    liblog \

    libfec_rs \

    libselinux \

    liblog \

    libmincrypt \

    libext4_utils_static \

    libsquashfs_utils \

    libcutils \

    libbase \

    libcrypto_utils_static \

    libcrypto_static \

    libminijail

                send_auth_publickey(t);

            }

        } else if (p->msg.arg0 == ADB_AUTH_SIGNATURE) {

            if (adb_auth_verify(t->token, p->data, p->msg.data_length)) {

            if (adb_auth_verify(t->token, sizeof(t->token),

                                p->data, p->msg.data_length)) {

                adb_auth_verified(t);

                t->failed_auth_attempts = 0;

            } else {

void *adb_auth_nextkey(void *current);

int adb_auth_get_userkey(unsigned char *data, size_t len);

static inline int adb_auth_generate_token(void *token, size_t token_size) { return 0; }

static inline int adb_auth_verify(void *token, void *sig, int siglen) { return 0; }

static inline void adb_auth_confirm_key(unsigned char *data, size_t len, atransport *t) { }

static inline int adb_auth_generate_token(void *token, size_t token_size) {

    return 0;

}

static inline int adb_auth_verify(void *token, size_t token_size,

                                  void *sig, int siglen) {

    return 0;

}

static inline void adb_auth_confirm_key(unsigned char *data, size_t len,

                                        atransport *t) {}

#else // !ADB_HOST

    return 0;

}

static inline void *adb_auth_nextkey(void *current) { return NULL; }

static inline int adb_auth_get_userkey(unsigned char *data, size_t len) { return 0; }

static inline int adb_auth_get_userkey(unsigned char *data, size_t len) {

    return 0;

}

void adbd_auth_init(void);

void adbd_cloexec_auth_socket();

int adb_auth_generate_token(void *token, size_t token_size);

int adb_auth_verify(uint8_t* token, uint8_t* sig, int siglen);

int adb_auth_verify(uint8_t* token, size_t token_size,

                    uint8_t* sig, int siglen);

void adb_auth_confirm_key(unsigned char *data, size_t len, atransport *t);

#endif // ADB_HOST

#include <stdio.h>

#include <string.h>

#include <openssl/obj_mac.h>

#include <openssl/rsa.h>

#include <openssl/sha.h>

#include <crypto_utils/android_pubkey.h>

#include "cutils/list.h"

#include "cutils/sockets.h"

#include "mincrypt/rsa.h"

#include "mincrypt/sha.h"

#include "adb.h"

#include "fdevent.h"

struct adb_public_key {

    struct listnode node;

    RSAPublicKey key;

    RSA* key;

};

static const char *key_paths[] = {

    }

    while (fgets(buf, sizeof(buf), f)) {

        /* Allocate 4 extra bytes to decode the base64 data in-place */

        auto key = reinterpret_cast<adb_public_key*>(

            calloc(1, sizeof(adb_public_key) + 4));

            calloc(1, sizeof(adb_public_key)));

        if (key == nullptr) {

            D("Can't malloc key");

            break;

        if (sep)

            *sep = '\0';

        ret = __b64_pton(buf, (u_char *)&key->key, sizeof(key->key) + 4);

        if (ret != sizeof(key->key)) {

        // b64_pton requires one additional byte in the target buffer for

        // decoding to succeed. See http://b/28035006 for details.

        uint8_t keybuf[ANDROID_PUBKEY_ENCODED_SIZE + 1];

        ret = __b64_pton(buf, keybuf, sizeof(keybuf));

        if (ret != ANDROID_PUBKEY_ENCODED_SIZE) {

            D("%s: Invalid base64 data ret=%d", file, ret);

            free(key);

            continue;

        }

        if (key->key.len != RSANUMWORDS) {

            D("%s: Invalid key len %d", file, key->key.len);

        if (!android_pubkey_decode(keybuf, ret, &key->key)) {

            D("%s: Failed to parse key", file);

            free(key);

            continue;

        }

    while (!list_empty(list)) {

        item = list_head(list);

        list_remove(item);

        free(node_to_item(item, struct adb_public_key, node));

        adb_public_key* key = node_to_item(item, struct adb_public_key, node);

        RSA_free(key->key);

        free(key);

    }

}

    return ret * token_size;

}

int adb_auth_verify(uint8_t* token, uint8_t* sig, int siglen)

int adb_auth_verify(uint8_t* token, size_t token_size, uint8_t* sig, int siglen)

{

    struct listnode *item;

    struct listnode key_list;

    int ret = 0;

    if (siglen != RSANUMBYTES)

        return 0;

    load_keys(&key_list);

    list_for_each(item, &key_list) {

        adb_public_key* key = node_to_item(item, struct adb_public_key, node);

        ret = RSA_verify(&key->key, sig, siglen, token, SHA_DIGEST_SIZE);

        ret = RSA_verify(NID_sha1, token, token_size, sig, siglen, key->key);

        if (ret)

            break;

    }

#include "adb.h"

/* HACK: we need the RSAPublicKey struct

 * but RSA_verify conflits with openssl */

#define RSA_verify RSA_verify_mincrypt

#include "mincrypt/rsa.h"

#undef RSA_verify

#include <android-base/errors.h>

#include <android-base/strings.h>

#include <crypto_utils/android_pubkey.h>

#include <cutils/list.h>

#include <openssl/evp.h>

static struct listnode key_list;

/* Convert OpenSSL RSA private key to android pre-computed RSAPublicKey format */

static int RSA_to_RSAPublicKey(RSA *rsa, RSAPublicKey *pkey)

{

    int ret = 1;

    unsigned int i;

    BN_CTX* ctx = BN_CTX_new();

    BIGNUM* r32 = BN_new();

    BIGNUM* rr = BN_new();

    BIGNUM* r = BN_new();

    BIGNUM* rem = BN_new();

    BIGNUM* n = BN_new();

    BIGNUM* n0inv = BN_new();

    if (RSA_size(rsa) != RSANUMBYTES) {

        ret = 0;

        goto out;

    }

    BN_set_bit(r32, 32);

    BN_copy(n, rsa->n);

    BN_set_bit(r, RSANUMWORDS * 32);

    BN_mod_sqr(rr, r, n, ctx);

    BN_div(NULL, rem, n, r32, ctx);

    BN_mod_inverse(n0inv, rem, r32, ctx);

    pkey->len = RSANUMWORDS;

    pkey->n0inv = 0 - BN_get_word(n0inv);

    for (i = 0; i < RSANUMWORDS; i++) {

        BN_div(rr, rem, rr, r32, ctx);

        pkey->rr[i] = BN_get_word(rem);

        BN_div(n, rem, n, r32, ctx);

        pkey->n[i] = BN_get_word(rem);

    }

    pkey->exponent = BN_get_word(rsa->e);

out:

    BN_free(n0inv);

    BN_free(n);

    BN_free(rem);

    BN_free(r);

    BN_free(rr);

    BN_free(r32);

    BN_CTX_free(ctx);

    return ret;

}

static void get_user_info(char *buf, size_t len)

{

    char hostname[1024], username[1024];

static int write_public_keyfile(RSA *private_key, const char *private_key_path)

{

    RSAPublicKey pkey;

    uint8_t binary_key_data[ANDROID_PUBKEY_ENCODED_SIZE];

    uint8_t* base64_key_data = nullptr;

    size_t base64_key_length = 0;

    FILE *outfile = NULL;

    char path[PATH_MAX], info[MAX_PAYLOAD_V1];

    uint8_t* encoded = nullptr;

    size_t encoded_length;

    int ret = 0;

    if (snprintf(path, sizeof(path), "%s.pub", private_key_path) >=

        (int)sizeof(path)) {

        D("Path too long while writing public key");

        return 0;

    }

    if (!RSA_to_RSAPublicKey(private_key, &pkey)) {

    if (!android_pubkey_encode(private_key, binary_key_data,

                               sizeof(binary_key_data))) {

        D("Failed to convert to publickey");

        return 0;

    }

    outfile = fopen(path, "w");

    if (!outfile) {

        D("Failed to open '%s'", path);

        return 0;

        goto out;

    }

    D("Writing public key to '%s'", path);

#if defined(OPENSSL_IS_BORINGSSL)

    if (!EVP_EncodedLength(&encoded_length, sizeof(pkey))) {

    if (!EVP_EncodedLength(&base64_key_length, sizeof(binary_key_data))) {

        D("Public key too large to base64 encode");

        goto out;

    }

#else

    /* While we switch from OpenSSL to BoringSSL we have to implement

     * |EVP_EncodedLength| here. */

    encoded_length = 1 + ((sizeof(pkey) + 2) / 3 * 4);

    base64_key_length = 1 + ((sizeof(binary_key_data) + 2) / 3 * 4);

#endif

    encoded = new uint8_t[encoded_length];

    if (encoded == nullptr) {

    base64_key_data = new uint8_t[base64_key_length];

    if (base64_key_data == nullptr) {

        D("Allocation failure");

        goto out;

    }

    encoded_length = EVP_EncodeBlock(encoded, (uint8_t*) &pkey, sizeof(pkey));

    base64_key_length = EVP_EncodeBlock(base64_key_data, binary_key_data,

                                        sizeof(binary_key_data));

    get_user_info(info, sizeof(info));

    if (fwrite(encoded, encoded_length, 1, outfile) != 1 ||

    if (snprintf(path, sizeof(path), "%s.pub", private_key_path) >=

        (int)sizeof(path)) {

        D("Path too long while writing public key");

        goto out;

    }

    outfile = fopen(path, "w");

    if (!outfile) {

        D("Failed to open '%s'", path);

        goto out;

    }

    if (fwrite(base64_key_data, base64_key_length, 1, outfile) != 1 ||

        fwrite(info, strlen(info), 1, outfile) != 1) {

        D("Write error while writing public key");

        goto out;

    if (outfile != NULL) {

        fclose(outfile);

    }

    delete[] encoded;

    delete[] base64_key_data;

    return ret;

}