adb: Add public key authentification
Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.
When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.
On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a :-separated (; under
Windows) list of private keys, e.g. company-wide or vendor keys.
On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.
ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.
Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
|
|
|
/*
|
|
|
|
* Copyright (C) 2012 The Android Open Source Project
|
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <resolv.h>
|
|
|
|
#include <cutils/list.h>
|
|
|
|
#include <cutils/sockets.h>
|
|
|
|
|
|
|
|
#include "sysdeps.h"
|
|
|
|
#include "adb.h"
|
|
|
|
#include "adb_auth.h"
|
|
|
|
#include "fdevent.h"
|
|
|
|
#include "mincrypt/rsa.h"
|
|
|
|
|
|
|
|
#define TRACE_TAG TRACE_AUTH
|
|
|
|
|
|
|
|
|
|
|
|
struct adb_public_key {
|
|
|
|
struct listnode node;
|
|
|
|
RSAPublicKey key;
|
|
|
|
};
|
|
|
|
|
|
|
|
static char *key_paths[] = {
|
|
|
|
"/adb_keys",
|
|
|
|
"/data/misc/adb/adb_keys",
|
|
|
|
NULL
|
|
|
|
};
|
|
|
|
|
|
|
|
static fdevent listener_fde;
|
|
|
|
static int framework_fd = -1;
|
|
|
|
|
2013-01-16 03:59:14 +00:00
|
|
|
static void usb_disconnected(void* unused, atransport* t);
|
|
|
|
static struct adisconnect usb_disconnect = { usb_disconnected, 0, 0, 0 };
|
|
|
|
static atransport* usb_transport;
|
|
|
|
static bool needs_retry = false;
|
adb: Add public key authentification
Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.
When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.
On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a :-separated (; under
Windows) list of private keys, e.g. company-wide or vendor keys.
On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.
ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.
Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
|
|
|
|
|
|
|
static void read_keys(const char *file, struct listnode *list)
|
|
|
|
{
|
|
|
|
struct adb_public_key *key;
|
|
|
|
FILE *f;
|
|
|
|
char buf[MAX_PAYLOAD];
|
|
|
|
char *sep;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
f = fopen(file, "r");
|
|
|
|
if (!f) {
|
|
|
|
D("Can't open '%s'\n", file);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
while (fgets(buf, sizeof(buf), f)) {
|
|
|
|
/* Allocate 4 extra bytes to decode the base64 data in-place */
|
|
|
|
key = calloc(1, sizeof(*key) + 4);
|
|
|
|
if (!key) {
|
|
|
|
D("Can't malloc key\n");
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
sep = strpbrk(buf, " \t");
|
|
|
|
if (sep)
|
|
|
|
*sep = '\0';
|
|
|
|
|
|
|
|
ret = __b64_pton(buf, (u_char *)&key->key, sizeof(key->key) + 4);
|
|
|
|
if (ret != sizeof(key->key)) {
|
|
|
|
D("%s: Invalid base64 data ret=%d\n", file, ret);
|
|
|
|
free(key);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (key->key.len != RSANUMWORDS) {
|
|
|
|
D("%s: Invalid key len %d\n", file, key->key.len);
|
|
|
|
free(key);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
list_add_tail(list, &key->node);
|
|
|
|
}
|
|
|
|
|
|
|
|
fclose(f);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void free_keys(struct listnode *list)
|
|
|
|
{
|
|
|
|
struct listnode *item;
|
|
|
|
|
|
|
|
while (!list_empty(list)) {
|
|
|
|
item = list_head(list);
|
|
|
|
list_remove(item);
|
|
|
|
free(node_to_item(item, struct adb_public_key, node));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-01-15 05:26:30 +00:00
|
|
|
static void load_keys(struct listnode *list)
|
adb: Add public key authentification
Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.
When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.
On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a :-separated (; under
Windows) list of private keys, e.g. company-wide or vendor keys.
On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.
ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.
Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
|
|
|
{
|
|
|
|
char *path;
|
|
|
|
char **paths = key_paths;
|
|
|
|
struct stat buf;
|
|
|
|
|
2013-01-15 05:26:30 +00:00
|
|
|
list_init(list);
|
adb: Add public key authentification
Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.
When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.
On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a :-separated (; under
Windows) list of private keys, e.g. company-wide or vendor keys.
On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.
ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.
Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
|
|
|
|
|
|
|
while ((path = *paths++)) {
|
|
|
|
if (!stat(path, &buf)) {
|
|
|
|
D("Loading keys from '%s'\n", path);
|
2013-01-15 05:26:30 +00:00
|
|
|
read_keys(path, list);
|
adb: Add public key authentification
Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.
When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.
On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a :-separated (; under
Windows) list of private keys, e.g. company-wide or vendor keys.
On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.
ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.
Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
int adb_auth_generate_token(void *token, size_t token_size)
|
|
|
|
{
|
|
|
|
FILE *f;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
f = fopen("/dev/urandom", "r");
|
|
|
|
if (!f)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
ret = fread(token, token_size, 1, f);
|
|
|
|
|
|
|
|
fclose(f);
|
|
|
|
return ret * token_size;
|
|
|
|
}
|
|
|
|
|
|
|
|
int adb_auth_verify(void *token, void *sig, int siglen)
|
|
|
|
{
|
|
|
|
struct listnode *item;
|
|
|
|
struct adb_public_key *key;
|
2013-01-15 05:26:30 +00:00
|
|
|
struct listnode key_list;
|
|
|
|
int ret = 0;
|
adb: Add public key authentification
Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.
When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.
On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a :-separated (; under
Windows) list of private keys, e.g. company-wide or vendor keys.
On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.
ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.
Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
|
|
|
|
|
|
|
if (siglen != RSANUMBYTES)
|
|
|
|
return 0;
|
|
|
|
|
2013-01-15 05:26:30 +00:00
|
|
|
load_keys(&key_list);
|
|
|
|
|
adb: Add public key authentification
Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.
When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.
On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a :-separated (; under
Windows) list of private keys, e.g. company-wide or vendor keys.
On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.
ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.
Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
|
|
|
list_for_each(item, &key_list) {
|
|
|
|
key = node_to_item(item, struct adb_public_key, node);
|
|
|
|
ret = RSA_verify(&key->key, sig, siglen, token);
|
|
|
|
if (ret)
|
2013-01-15 05:26:30 +00:00
|
|
|
break;
|
adb: Add public key authentification
Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.
When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.
On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a :-separated (; under
Windows) list of private keys, e.g. company-wide or vendor keys.
On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.
ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.
Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
|
|
|
}
|
|
|
|
|
2013-01-15 05:26:30 +00:00
|
|
|
free_keys(&key_list);
|
|
|
|
|
|
|
|
return ret;
|
adb: Add public key authentification
Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.
When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.
On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a :-separated (; under
Windows) list of private keys, e.g. company-wide or vendor keys.
On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.
ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.
Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
|
|
|
}
|
|
|
|
|
2013-01-16 03:59:14 +00:00
|
|
|
static void usb_disconnected(void* unused, atransport* t)
|
|
|
|
{
|
2013-04-02 00:39:06 +00:00
|
|
|
D("USB disconnect\n");
|
2013-01-16 03:59:14 +00:00
|
|
|
remove_transport_disconnect(usb_transport, &usb_disconnect);
|
|
|
|
usb_transport = NULL;
|
|
|
|
needs_retry = false;
|
|
|
|
}
|
|
|
|
|
adb: Add public key authentification
Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.
When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.
On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a :-separated (; under
Windows) list of private keys, e.g. company-wide or vendor keys.
On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.
ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.
Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
|
|
|
static void adb_auth_event(int fd, unsigned events, void *data)
|
|
|
|
{
|
|
|
|
char response[2];
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
if (events & FDE_READ) {
|
|
|
|
ret = unix_read(fd, response, sizeof(response));
|
|
|
|
if (ret < 0) {
|
2013-04-02 00:39:06 +00:00
|
|
|
D("Framework disconnect\n");
|
2013-01-16 03:59:14 +00:00
|
|
|
if (usb_transport)
|
|
|
|
fdevent_remove(&usb_transport->auth_fde);
|
adb: Add public key authentification
Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.
When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.
On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a :-separated (; under
Windows) list of private keys, e.g. company-wide or vendor keys.
On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.
ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.
Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
|
|
|
framework_fd = -1;
|
|
|
|
}
|
|
|
|
else if (ret == 2 && response[0] == 'O' && response[1] == 'K') {
|
2013-01-16 03:59:14 +00:00
|
|
|
if (usb_transport)
|
|
|
|
adb_auth_verified(usb_transport);
|
adb: Add public key authentification
Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.
When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.
On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a :-separated (; under
Windows) list of private keys, e.g. company-wide or vendor keys.
On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.
ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.
Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void adb_auth_confirm_key(unsigned char *key, size_t len, atransport *t)
|
|
|
|
{
|
|
|
|
char msg[MAX_PAYLOAD];
|
|
|
|
int ret;
|
|
|
|
|
2013-04-02 00:39:06 +00:00
|
|
|
if (!usb_transport) {
|
|
|
|
usb_transport = t;
|
|
|
|
add_transport_disconnect(t, &usb_disconnect);
|
|
|
|
}
|
2013-01-16 03:59:14 +00:00
|
|
|
|
adb: Add public key authentification
Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.
When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.
On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a :-separated (; under
Windows) list of private keys, e.g. company-wide or vendor keys.
On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.
ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.
Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
|
|
|
if (framework_fd < 0) {
|
|
|
|
D("Client not connected\n");
|
2013-01-16 03:59:14 +00:00
|
|
|
needs_retry = true;
|
adb: Add public key authentification
Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.
When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.
On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a :-separated (; under
Windows) list of private keys, e.g. company-wide or vendor keys.
On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.
ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.
Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (key[len - 1] != '\0') {
|
|
|
|
D("Key must be a null-terminated string\n");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = snprintf(msg, sizeof(msg), "PK%s", key);
|
|
|
|
if (ret >= (signed)sizeof(msg)) {
|
|
|
|
D("Key too long. ret=%d", ret);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
D("Sending '%s'\n", msg);
|
|
|
|
|
|
|
|
ret = unix_write(framework_fd, msg, ret);
|
|
|
|
if (ret < 0) {
|
|
|
|
D("Failed to write PK, errno=%d\n", errno);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
fdevent_install(&t->auth_fde, framework_fd, adb_auth_event, t);
|
|
|
|
fdevent_add(&t->auth_fde, FDE_READ);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void adb_auth_listener(int fd, unsigned events, void *data)
|
|
|
|
{
|
|
|
|
struct sockaddr addr;
|
|
|
|
socklen_t alen;
|
|
|
|
int s;
|
|
|
|
|
|
|
|
alen = sizeof(addr);
|
|
|
|
|
|
|
|
s = adb_socket_accept(fd, &addr, &alen);
|
|
|
|
if (s < 0) {
|
|
|
|
D("Failed to accept: errno=%d\n", errno);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
framework_fd = s;
|
2013-01-16 03:59:14 +00:00
|
|
|
|
|
|
|
if (needs_retry) {
|
|
|
|
needs_retry = false;
|
|
|
|
send_auth_request(usb_transport);
|
|
|
|
}
|
adb: Add public key authentification
Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.
When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.
On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a :-separated (; under
Windows) list of private keys, e.g. company-wide or vendor keys.
On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.
ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.
Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
void adb_auth_init(void)
|
|
|
|
{
|
|
|
|
int fd, ret;
|
|
|
|
|
|
|
|
fd = android_get_control_socket("adbd");
|
|
|
|
if (fd < 0) {
|
|
|
|
D("Failed to get adbd socket\n");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = listen(fd, 4);
|
|
|
|
if (ret < 0) {
|
|
|
|
D("Failed to listen on '%d'\n", fd);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
fdevent_install(&listener_fde, fd, adb_auth_listener, NULL);
|
|
|
|
fdevent_add(&listener_fde, FDE_READ);
|
|
|
|
}
|