1 files changed, 347 insertions, 0 deletions
diff --git a/adb/secrets/src/android/emulation/control/adb/adbkey.cpp b/adb/secrets/src/android/emulation/control/adb/adbkey.cpp
new file mode 100644
index 0000000..2f0f1ff
--- /dev/null
+++ b/adb/secrets/src/android/emulation/control/adb/adbkey.cpp
@@ -0,0 +1,347 @@
+// Copyright 2019 The Android Open Source Project
+//
+// This software is licensed under the terms of the GNU General Public
+// License version 2, as published by the Free Software Foundation, and
+// may be copied, distributed, and modified under those terms.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+#include "android/emulation/control/adb/adbkey.h"
+
+#include <openssl/base.h>
+#include <openssl/base64.h> // for EVP_EncodeBlock, EVP_Encod...
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/nid.h>
+#include <openssl/pem.h>
+#include <openssl/rsa.h>
+
+#include <cstdio>
+#include <filesystem>
+#include <memory>
+#include <string.h>
+#include <string>
+#include <sys/types.h>
+#include <vector>
+
+#include "aemu/base/Log.h"
+#include "aemu/base/files/PathUtils.h"
+#include "android/base/file/file_io.h"
+#include "android/base/system/System.h"
+#include "android/goldfish/ConfigDirs.h"
+#include "android/utils/path.h"
+
+namespace fs = std::filesystem;
+/* set >0 for very verbose debugging */
+#define DEBUG 0
+
+#define D(...) (void)0
+#define DD(...) (void)0
+#if DEBUG >= 1
+#undef D
+#define D(fmt, ...)                                                            \
+  fprintf(stderr, "adbkey: %s:%d| " fmt "\n", __func__, __LINE__, ##__VA_ARGS__)
+#endif
+#if DEBUG >= 2
+#undef DD
+#define DD(fmt, ...)                                                           \
+  fprintf(stderr, "adbkey: %s:%d| " fmt "\n", __func__, __LINE__, ##__VA_ARGS__)
+#endif
+
+using android::base::System;
+
+// Better safe than sorry.
+static_assert(ANDROID_PUBKEY_MODULUS_SIZE % 4 == 0,
+              "RSA modulus size must be multiple of the word size!");
+
+// Size of the RSA modulus in words.
+constexpr const int ANDROID_PUBKEY_MODULUS_SIZE_WORDS =
+    ANDROID_PUBKEY_MODULUS_SIZE / 4;
+
+namespace {
+std::string get_user_info() {
+  std::string hostname = System::get()->getEnvironmentVariable("HOSTNAME");
+  if (hostname.empty()) {
+    hostname = "unknown";
+  }
+
+  std::string username;
+  if (getenv("LOGNAME")) {
+    username = getenv("LOGNAME");
+  }
+  if (username.empty()) {
+    hostname = "unknown";
+  }
+  return " " + username + "@" + hostname;
+}
+
+} // namespace
+
+// From ${AOSP}/system/core/adb/client/auth.cpp
+bool calculate_public_key(std::string *out, RSA *private_key) {
+  uint8_t binary_key_data[ANDROID_PUBKEY_ENCODED_SIZE];
+  if (!android_pubkey_encode(private_key, binary_key_data,
+                             sizeof(binary_key_data))) {
+    LOG(ERROR) << "Failed to convert to public key";
+    return false;
+  }
+
+  size_t expected_length;
+  if (!EVP_EncodedLength(&expected_length, sizeof(binary_key_data))) {
+    LOG(ERROR) << "Public key too large to base64 encode";
+    return false;
+  }
+
+  out->resize(expected_length);
+  size_t actual_length = EVP_EncodeBlock(
+      (uint8_t *)out->data(), binary_key_data, sizeof(binary_key_data));
+  out->resize(actual_length);
+  out->append(get_user_info());
+  return true;
+}
+
+static std::shared_ptr<RSA> read_key_file(const std::string &file) {
+  std::unique_ptr<FILE, decltype(&fclose)> fp(android_fopen(file.c_str(), "r"),
+                                              fclose);
+  if (!fp) {
+    LOG(ERROR) << "Failed to open rsa file: " << file;
+    return nullptr;
+  }
+
+  RSA *key = RSA_new();
+  if (!PEM_read_RSAPrivateKey(fp.get(), &key, nullptr, nullptr)) {
+    LOG(ERROR) << "Failed to read rsa key";
+    RSA_free(key);
+    return nullptr;
+  }
+
+  return std::shared_ptr<RSA>(key, RSA_free);
+}
+
+static bool generate_key(const std::string &file) {
+
+  mode_t old_mask;
+  FILE *f = nullptr;
+  bool ret = false;
+
+  EVP_PKEY *pkey = EVP_PKEY_new();
+  BIGNUM *exponent = BN_new();
+  RSA *rsa = RSA_new();
+  if (!pkey || !exponent || !rsa) {
+    dwarning("Failed to allocate key");
+    goto out;
+  }
+
+  BN_set_word(exponent, RSA_F4);
+  RSA_generate_key_ex(rsa, 2048, exponent, nullptr);
+  EVP_PKEY_set1_RSA(pkey, rsa);
+
+  f = android_fopen(file.c_str(), "w");
+  if (!f) {
+    dwarning("Failed to open %s", file.c_str());
+    goto out;
+  }
+
+  if (!PEM_write_PrivateKey(f, pkey, nullptr, nullptr, 0, nullptr, nullptr)) {
+    dwarning("Failed to write key");
+    goto out;
+  }
+
+  fclose(f);
+  f = nullptr;
+  android_chmod(file.c_str(), 0777);
+
+  ret = true;
+
+out:
+  if (f) {
+    fclose(f);
+  }
+  EVP_PKEY_free(pkey);
+  RSA_free(rsa);
+  BN_free(exponent);
+  return ret;
+}
+
+bool adb_auth_keygen(const fs::path &filename) { return generate_key(filename); }
+
+bool pubkey_from_privkey(const fs::path &path, std::string *out) {
+  std::shared_ptr<RSA> privkey = read_key_file(path);
+  if (!privkey) {
+    return false;
+  }
+  return calculate_public_key(out, privkey.get());
+}
+
+// Get adbkey path, return "" if failed
+// adbKeyFileName could be "adbkey" or "adbkey.pub"
+fs::path getAdbKeyPath(const fs::path& adbKeyFileName) {
+  fs::path adbKeyPath = android::goldfish::ConfigDirs::getUserDirectory() / adbKeyFileName;
+  if (path_is_regular(adbKeyPath.c_str()) &&
+      path_can_read(adbKeyPath.c_str())) {
+    return adbKeyPath;
+  }
+  D("cannot read adb key file: %s", adbKeyPath.c_str());
+  D("trying again by copying from home dir");
+
+  auto home = System::get()->getHomeDirectory();
+  if (home.empty()) {
+    home = System::get()->getTempDir();
+    if (home.empty()) {
+      home = "/tmp";
+    }
+  }
+  D("Looking in %s", home.c_str());
+
+  auto guessedSrcAdbKeyPub = home / ".android" / adbKeyFileName;
+  path_copy_file(adbKeyPath.c_str(), guessedSrcAdbKeyPub.c_str());
+
+  if (path_is_regular(adbKeyPath.c_str()) &&
+      path_can_read(adbKeyPath.c_str())) {
+    return adbKeyPath;
+  }
+  D("cannot read adb key file (failed): %s", adbKeyPath.c_str());
+  return "";
+}
+
+fs::path getPublicAdbKeyPath() { return getAdbKeyPath(kPublicKeyFileName); }
+
+fs::path getPrivateAdbKeyPath() {
+  return getAdbKeyPath(kPrivateKeyFileName);
+}
+
+// This file implements encoding and decoding logic for Android's custom RSA
+// public key binary format. Public keys are stored as a sequence of
+// little-endian 32 bit words. Note that Android only supports little-endian
+// processors, so we don't do any byte order conversions when parsing the binary
+// struct.
+typedef struct RSAPublicKey {
+  // Modulus length. This must be ANDROID_PUBKEY_MODULUS_SIZE.
+  uint32_t modulus_size_words;
+
+  // Precomputed montgomery parameter: -1 / n[0] mod 2^32
+  uint32_t n0inv;
+
+  // RSA modulus as a little-endian array.
+  uint8_t modulus[ANDROID_PUBKEY_MODULUS_SIZE];
+
+  // Montgomery parameter R^2 as a little-endian array of little-endian words.
+  uint8_t rr[ANDROID_PUBKEY_MODULUS_SIZE];
+
+  // RSA modulus: 3 or 65537
+  uint32_t exponent;
+} RSAPublicKey;
+
+bool android_pubkey_decode(const uint8_t *key_buffer, size_t size, RSA **key) {
+  // Check |size| is large enough and the modulus size is correct.
+  if (size < sizeof(RSAPublicKey)) {
+    LOG(ERROR) << "WARNING: adbkey decode failed.";
+    return false;
+  }
+  RSAPublicKey key_struct;
+  memcpy(&key_struct, key_buffer, sizeof(key_struct));
+
+  if (key_struct.modulus_size_words != ANDROID_PUBKEY_MODULUS_SIZE_WORDS) {
+    LOG(ERROR) << "WARNING: adbkey decode failed.";
+    return false;
+  }
+
+  // Read the modulus and exponent.
+  bssl::UniquePtr<BIGNUM> n(
+      BN_le2bn(key_struct.modulus, ANDROID_PUBKEY_MODULUS_SIZE, nullptr));
+  bssl::UniquePtr<BIGNUM> e(BN_new());
+  if (!n || !e || !BN_set_word(e.get(), key_struct.exponent)) {
+    LOG(ERROR) << "WARNING: adbkey decode failed.";
+    return false;
+  }
+
+  // TODO(davidben): After we're sure the BoringSSL update has stuck, switch
+  // this to RSA_new_public_key, which is a bit less tedious. For now, use the
+  // older APIs to avoid a build break if it gets temporarily reverted.
+  bssl::UniquePtr<RSA> new_key(RSA_new());
+  if (!new_key ||
+      !RSA_set0_key(new_key.get(), n.get(), e.get(), /*d=*/nullptr)) {
+    LOG(ERROR) << "WARNING: adbkey decode failed.";
+    return false;
+  }
+  // RSA_set0_key takes ownership on success.
+  (void) n.release();
+  (void) e.release();
+
+  *key = new_key.release();
+  return true;
+}
+
+bool android_pubkey_encode(const RSA *key, uint8_t *key_buffer, size_t size) {
+  if (sizeof(RSAPublicKey) > size ||
+      RSA_size(key) != ANDROID_PUBKEY_MODULUS_SIZE) {
+    return false;
+  }
+
+  // Store the modulus size.
+  RSAPublicKey key_struct;
+  key_struct.modulus_size_words = ANDROID_PUBKEY_MODULUS_SIZE_WORDS;
+
+  // Compute and store n0inv = -1 / N[0] mod 2^32.
+  bssl::UniquePtr<BN_CTX> ctx(BN_CTX_new());
+  bssl::UniquePtr<BIGNUM> r32(BN_new());
+  bssl::UniquePtr<BIGNUM> n0inv(BN_new());
+  if (!ctx || !r32 || !n0inv || !BN_set_bit(r32.get(), 32) ||
+      !BN_mod(n0inv.get(), RSA_get0_n(key), r32.get(), ctx.get()) ||
+      !BN_mod_inverse(n0inv.get(), n0inv.get(), r32.get(), ctx.get()) ||
+      !BN_sub(n0inv.get(), r32.get(), n0inv.get())) {
+    return false;
+  }
+  key_struct.n0inv = (uint32_t)BN_get_word(n0inv.get());
+
+  // Store the modulus.
+  if (!BN_bn2le_padded(key_struct.modulus, ANDROID_PUBKEY_MODULUS_SIZE,
+                       RSA_get0_n(key))) {
+    return false;
+  }
+
+  // Compute and store rr = (2^(rsa_size)) ^ 2 mod N.
+  bssl::UniquePtr<BIGNUM> rr(BN_new());
+  if (!rr || !BN_set_bit(rr.get(), ANDROID_PUBKEY_MODULUS_SIZE * 8) ||
+      !BN_mod_sqr(rr.get(), rr.get(), RSA_get0_n(key), ctx.get()) ||
+      !BN_bn2le_padded(key_struct.rr, ANDROID_PUBKEY_MODULUS_SIZE, rr.get())) {
+    return false;
+  }
+
+  // Store the exponent.
+  key_struct.exponent = (uint32_t)BN_get_word(RSA_get0_e(key));
+  memcpy(key_buffer, &key_struct, sizeof(key_struct));
+  return true;
+}
+
+static bool sign_token(RSA *key_rsa, const uint8_t *token, int token_size,
+                       uint8_t *sig, int &len) {
+  if (token_size != TOKEN_SIZE) {
+    DD("Unexpected token size %d\n", token_size);
+  }
+
+  if (!RSA_sign(NID_sha1, token, (size_t)token_size, sig, (unsigned int *)&len,
+                key_rsa)) {
+    return false;
+  }
+
+  DD("successfully signed with siglen %d\n", (int)len);
+  return true;
+}
+
+bool sign_auth_token(const uint8_t *token, int token_size, uint8_t *sig,
+                     int &siglen) {
+  const std::string key_path = getAdbKeyPath(kPrivateKeyFileName);
+  if (key_path.empty()) {
+    LOG(ERROR) << "No private key found, unable to sign token";
+  }
+  auto rsa = read_key_file(key_path);
+  if (!rsa) {
+    LOG(ERROR) << "No RSA key available.";
+    return false;
+  }
+  return sign_token(rsa.get(), token, token_size, sig, siglen);
+}