static RSA* load_key(const char* path) { std::string content; if (!android::base::ReadFileToString(path, &content) || content.size() < ANDROID_PUBKEY_ENCODED_SIZE) { fprintf(stderr, "Failed to load key from %s\n", path); return nullptr; } RSA* key = nullptr; if (!android_pubkey_decode(reinterpret_cast<const uint8_t*>(content.c_str()), ANDROID_PUBKEY_ENCODED_SIZE, &key)) { fprintf(stderr, "Failed to parse key!\n"); return nullptr; } return key; }
bool adbd_auth_verify(const char* token, size_t token_size, const std::string& sig) { static constexpr const char* key_paths[] = { "/adb_keys", "/data/misc/adb/adb_keys", nullptr }; for (const auto& path : key_paths) { if (access(path, R_OK) == 0) { LOG(INFO) << "Loading keys from " << path; std::string content; if (!android::base::ReadFileToString(path, &content)) { PLOG(ERROR) << "Couldn't read " << path; continue; } for (const auto& line : android::base::Split(content, "\n")) { // TODO: do we really have to support both ' ' and '\t'? char* sep = strpbrk(const_cast<char*>(line.c_str()), " \t"); if (sep) *sep = '\0'; // b64_pton requires one additional byte in the target buffer for // decoding to succeed. See http://b/28035006 for details. uint8_t keybuf[ANDROID_PUBKEY_ENCODED_SIZE + 1]; if (__b64_pton(line.c_str(), keybuf, sizeof(keybuf)) != ANDROID_PUBKEY_ENCODED_SIZE) { LOG(ERROR) << "Invalid base64 key " << line.c_str() << " in " << path; continue; } RSA* key = nullptr; if (!android_pubkey_decode(keybuf, ANDROID_PUBKEY_ENCODED_SIZE, &key)) { LOG(ERROR) << "Failed to parse key " << line.c_str() << " in " << path; continue; } bool verified = (RSA_verify(NID_sha1, reinterpret_cast<const uint8_t*>(token), token_size, reinterpret_cast<const uint8_t*>(sig.c_str()), sig.size(), key) == 1); RSA_free(key); if (verified) return true; } } } return false; }
static RSA *load_key(const char *path) { uint8_t key_data[ANDROID_PUBKEY_ENCODED_SIZE]; auto f = std::unique_ptr<FILE, decltype(&fclose)>{fopen(path, "re"), fclose}; if (!f) { LERROR << "Can't open " << path; return nullptr; } if (!fread(key_data, sizeof(key_data), 1, f.get())) { LERROR << "Could not read key!"; return nullptr; } RSA* key = nullptr; if (!android_pubkey_decode(key_data, sizeof(key_data), &key)) { LERROR << "Could not parse key!"; return nullptr; } return key; }