From 345cb066d2e0c774c877a85d3035f298df1daf16 Mon Sep 17 00:00:00 2001 From: Benoit Goby Date: Mon, 14 Jan 2013 21:26:30 -0800 Subject: adb: Read secure adb keys on every auth request The framework can now clear the user key list, so we need to reload the key list on every auth request instead of loading it once when adbd starts. This also fixes issues with encrypted devices, where the user key file is only readable after the user has unlocked the device. Change-Id: I350c5aab986f8ca86b95f316398d03012553e581 --- adb/adb_auth.h | 2 -- adb/adb_auth_client.c | 23 +++++++++++------------ 2 files changed, 11 insertions(+), 14 deletions(-) diff --git a/adb/adb_auth.h b/adb/adb_auth.h index 1fffa49..96f637b 100644 --- a/adb/adb_auth.h +++ b/adb/adb_auth.h @@ -36,7 +36,6 @@ int adb_auth_get_userkey(unsigned char *data, size_t len); static inline int adb_auth_generate_token(void *token, size_t token_size) { return 0; } static inline int adb_auth_verify(void *token, void *sig, int siglen) { return 0; } static inline void adb_auth_confirm_key(unsigned char *data, size_t len, atransport *t) { } -static inline void adb_auth_reload_keys(void) { } #else // !ADB_HOST @@ -47,7 +46,6 @@ static inline int adb_auth_get_userkey(unsigned char *data, size_t len) { return int adb_auth_generate_token(void *token, size_t token_size); int adb_auth_verify(void *token, void *sig, int siglen); void adb_auth_confirm_key(unsigned char *data, size_t len, atransport *t); -void adb_auth_reload_keys(void); #endif // ADB_HOST diff --git a/adb/adb_auth_client.c b/adb/adb_auth_client.c index 0b4913e..a4ad18f 100644 --- a/adb/adb_auth_client.c +++ b/adb/adb_auth_client.c @@ -34,8 +34,6 @@ struct adb_public_key { RSAPublicKey key; }; -static struct listnode key_list; - static char *key_paths[] = { "/adb_keys", "/data/misc/adb/adb_keys", @@ -102,18 +100,18 @@ static void free_keys(struct listnode *list) } } -void adb_auth_reload_keys(void) +static void load_keys(struct listnode *list) { char *path; char **paths = key_paths; struct stat buf; - free_keys(&key_list); + list_init(list); while ((path = *paths++)) { if (!stat(path, &buf)) { D("Loading keys from '%s'\n", path); - read_keys(path, &key_list); + read_keys(path, list); } } } @@ -137,19 +135,24 @@ int adb_auth_verify(void *token, void *sig, int siglen) { struct listnode *item; struct adb_public_key *key; - int ret; + struct listnode key_list; + int ret = 0; if (siglen != RSANUMBYTES) return 0; + load_keys(&key_list); + list_for_each(item, &key_list) { key = node_to_item(item, struct adb_public_key, node); ret = RSA_verify(&key->key, sig, siglen, token); if (ret) - return 1; + break; } - return 0; + free_keys(&key_list); + + return ret; } static void adb_auth_event(int fd, unsigned events, void *data) @@ -166,7 +169,6 @@ static void adb_auth_event(int fd, unsigned events, void *data) framework_fd = -1; } else if (ret == 2 && response[0] == 'O' && response[1] == 'K') { - adb_auth_reload_keys(); adb_auth_verified(t); } } @@ -225,9 +227,6 @@ void adb_auth_init(void) { int fd, ret; - list_init(&key_list); - adb_auth_reload_keys(); - fd = android_get_control_socket("adbd"); if (fd < 0) { D("Failed to get adbd socket\n"); -- cgit v1.1