pa-fazil
/
android_system_core
mirror of https://github.com/fazilsheik96/android_system_core.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
android_system_core/adb/adb_auth_host.cpp

482 lines
14 KiB
C++
Raw Normal View History

adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
/*
* Copyright (C) 2012 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Adb: use VLOG() to replace D() for verbose logging. As there are too many D(), we can keep both VLOG() and D() now, and get rid of D() gradually. Change-Id: I2f1cb70bcab3e82c99fed939341d03f6b2216076
2015-09-22 22:52:57 +00:00
#define TRACE_TAG AUTH
File header cleanup. * sysdeps.h should always be included first. * TRACE_TAG needs to be defined before anything is included. * Some files were missing copyright headers. * Save precious bytes on my SSD by removing useless whitespace. Change-Id: I88980e6e00b5be1093806cf286740d9e4a033b94
2015-03-19 22:21:08 +00:00
adb: add support for vendor key directories. Allow directories to be specified in ADB_VENDOR_KEYS. On Linux, monitor this directory for new keys to be added. Additionally, deduplicate keys by hashing their public key. Bug: http://b/29273531 Bug: http://b/30927527 Change-Id: I8d3312b216b7f2c11900f2235f1f1b1d1c7aa767 Test: manually tested by adding a key to a directory, and verifying that devices became authorized after replugging.
2016-08-19 05:00:12 +00:00
#include <dirent.h>
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
#include <stdio.h>
Fix adb/fastboot windows compilations. Many of the windows files where not including stdlib.h even though they are using malloc/free calls. (cherry-pick of ae7bf0959bd3f79afbf365e41f015ed1c304afdc.) Change-Id: If6959df9909d9d9928e9f4a2a96018166361cf3c
2014-11-06 22:34:24 +00:00
#include <stdlib.h>
File header cleanup. * sysdeps.h should always be included first. * TRACE_TAG needs to be defined before anything is included. * Some files were missing copyright headers. * Save precious bytes on my SSD by removing useless whitespace. Change-Id: I88980e6e00b5be1093806cf286740d9e4a033b94
2015-03-19 22:21:08 +00:00
#include <string.h>
adb: add support for vendor key directories. Allow directories to be specified in ADB_VENDOR_KEYS. On Linux, monitor this directory for new keys to be added. Additionally, deduplicate keys by hashing their public key. Bug: http://b/29273531 Bug: http://b/30927527 Change-Id: I8d3312b216b7f2c11900f2235f1f1b1d1c7aa767 Test: manually tested by adding a key to a directory, and verifying that devices became authorized after replugging.
2016-08-19 05:00:12 +00:00
#if defined(__linux__)
#include <sys/inotify.h>
#endif
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
adb: add support for vendor key directories. Allow directories to be specified in ADB_VENDOR_KEYS. On Linux, monitor this directory for new keys to be added. Additionally, deduplicate keys by hashing their public key. Bug: http://b/29273531 Bug: http://b/30927527 Change-Id: I8d3312b216b7f2c11900f2235f1f1b1d1c7aa767 Test: manually tested by adding a key to a directory, and verifying that devices became authorized after replugging.
2016-08-19 05:00:12 +00:00
#include <map>
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 00:42:01 +00:00
#include <mutex>
adb: add support for vendor key directories. Allow directories to be specified in ADB_VENDOR_KEYS. On Linux, monitor this directory for new keys to be added. Additionally, deduplicate keys by hashing their public key. Bug: http://b/29273531 Bug: http://b/30927527 Change-Id: I8d3312b216b7f2c11900f2235f1f1b1d1c7aa767 Test: manually tested by adding a key to a directory, and verifying that devices became authorized after replugging.
2016-08-19 05:00:12 +00:00
#include <set>
#include <string>
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
base: add SystemErrorCodeToString() function. Pulls the Windows error string generation out of adb into libbase so that it can be used by fastboot as well. Also makes a Unix equivalent that just wraps strerror() so that upcoming fastboot error reporting code can be platform-independent. The intent here is just to provide a portable way to report an error to the user. More general cross-platform error handling is out of scope. Bug: http://b/26236380 Change-Id: I5a784a844775949562d069bb41dcb0ebd13a32bc
2016-01-27 16:52:53 +00:00
#include <android-base/errors.h>
Kill load_file. Change-Id: I6c332f7d8e94d513605295b3d4d32c4e1cf878dc
2016-05-27 05:43:19 +00:00
#include <android-base/file.h>
[adb] Followup CL to clean up adb_auth_host.cpp Get rid of unused includes + replace a fixed-size buffer with an std::string (cherry-pick of 049ebb810f466d916ec9e73cdf28624b57a8c25d.) Change-Id: I4f9927b900a79a012b5d52908b9d22ac3d2a401c
2016-05-26 16:46:10 +00:00
#include <android-base/stringprintf.h>
Track rename of base/ to android-base/. Change-Id: Idf9444fece4aa89c93e15640de59a91f6e758ccf
2015-12-05 06:00:26 +00:00
#include <android-base/strings.h>
Switch fs_mgr and adb to libcrypto_utils. Update code and dependencies to use BoringSSL + libcrypto_utils instead of mincrypt. Change-Id: Ic75164bd50c84b81b6310e27a67d4b3c174984f9
2016-03-31 14:32:09 +00:00
#include <crypto_utils/android_pubkey.h>
Address old review comments in adb_auth_host.cpp. Comments from: https://android-review.googlesource.com/#/c/212781/4/adb/adb_auth_host.cpp@107 Bug: http://b/28152031 Change-Id: I27d062f3eeb8db90f94b1b4f5d7204000a7ac73d Test: manually removed ~/.android/adb* and checked they were recreated correctly.
2016-06-21 23:50:48 +00:00
#include <openssl/base64.h>
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/sha.h>
adb: add support for vendor key directories. Allow directories to be specified in ADB_VENDOR_KEYS. On Linux, monitor this directory for new keys to be added. Additionally, deduplicate keys by hashing their public key. Bug: http://b/29273531 Bug: http://b/30927527 Change-Id: I8d3312b216b7f2c11900f2235f1f1b1d1c7aa767 Test: manually tested by adding a key to a directory, and verifying that devices became authorized after replugging.
2016-08-19 05:00:12 +00:00
#include "adb.h"
#include "adb_auth.h"
#include "adb_utils.h"
#include "sysdeps.h"
adb: split up adb_auth.cpp. All of the functions in adb_auth.cpp were used in only one of adb/adbd. Split up them up into adb_auth_host.cpp and adbd_auth.cpp respectively. Bug: http://b/29273531 Test: built and flashed bullhead, adb still works Change-Id: Ib610c5157522634cc273511175152f1306cc52a7
2016-10-06 02:02:29 +00:00
#include "transport.h"
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
adb: add support for vendor key directories. Allow directories to be specified in ADB_VENDOR_KEYS. On Linux, monitor this directory for new keys to be added. Additionally, deduplicate keys by hashing their public key. Bug: http://b/29273531 Bug: http://b/30927527 Change-Id: I8d3312b216b7f2c11900f2235f1f1b1d1c7aa767 Test: manually tested by adding a key to a directory, and verifying that devices became authorized after replugging.
2016-08-19 05:00:12 +00:00
static std::mutex& g_keys_mutex = *new std::mutex;
static std::map<std::string, std::shared_ptr<RSA>>& g_keys =
*new std::map<std::string, std::shared_ptr<RSA>>;
static std::map<int, std::string>& g_monitored_paths = *new std::map<int, std::string>;
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
Address old review comments in adb_auth_host.cpp. Comments from: https://android-review.googlesource.com/#/c/212781/4/adb/adb_auth_host.cpp@107 Bug: http://b/28152031 Change-Id: I27d062f3eeb8db90f94b1b4f5d7204000a7ac73d Test: manually removed ~/.android/adb* and checked they were recreated correctly.
2016-06-21 23:50:48 +00:00
static std::string get_user_info() {
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 00:42:01 +00:00
LOG(INFO) << "get_user_info...";
Address old review comments in adb_auth_host.cpp. Comments from: https://android-review.googlesource.com/#/c/212781/4/adb/adb_auth_host.cpp@107 Bug: http://b/28152031 Change-Id: I27d062f3eeb8db90f94b1b4f5d7204000a7ac73d Test: manually removed ~/.android/adb* and checked they were recreated correctly.
2016-06-21 23:50:48 +00:00
std::string hostname;
if (getenv("HOSTNAME")) hostname = getenv("HOSTNAME");
#if !defined(_WIN32)
char buf[64];
if (hostname.empty() && gethostname(buf, sizeof(buf)) != -1) hostname = buf;
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
#endif
Address old review comments in adb_auth_host.cpp. Comments from: https://android-review.googlesource.com/#/c/212781/4/adb/adb_auth_host.cpp@107 Bug: http://b/28152031 Change-Id: I27d062f3eeb8db90f94b1b4f5d7204000a7ac73d Test: manually removed ~/.android/adb* and checked they were recreated correctly.
2016-06-21 23:50:48 +00:00
if (hostname.empty()) hostname = "unknown";
Introduce "adb keygen" Introduce the "adb keygen" command. Usage: adb keygen <filename> This command creates an adb public/private key pair in a user specified file. This can be used to create new adb keys, or rotate existing keys. Modify adb's key generation routines to use the HOSTNAME/LOGNAME environment variables if available. This allows someone to override the username/hostname embedded within the adb public key file if desired. Fallback to the old mechanisms if those environment variables aren't available. Bug: 18342715 Change-Id: Ibccee6088d4609aa05ad6687d3a1d8a8689d3e8a (cherry picked from commit af782b9f2ac4fb817ded80d4317a45345bb3f992) Change-Id: Ic76ffc9412171dddc879af0bbf6e20fbe1a8f057
2014-11-13 23:17:29 +00:00
Address old review comments in adb_auth_host.cpp. Comments from: https://android-review.googlesource.com/#/c/212781/4/adb/adb_auth_host.cpp@107 Bug: http://b/28152031 Change-Id: I27d062f3eeb8db90f94b1b4f5d7204000a7ac73d Test: manually removed ~/.android/adb* and checked they were recreated correctly.
2016-06-21 23:50:48 +00:00
std::string username;
if (getenv("LOGNAME")) username = getenv("LOGNAME");
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
#if !defined _WIN32 && !defined ADB_HOST_ON_TARGET
Address old review comments in adb_auth_host.cpp. Comments from: https://android-review.googlesource.com/#/c/212781/4/adb/adb_auth_host.cpp@107 Bug: http://b/28152031 Change-Id: I27d062f3eeb8db90f94b1b4f5d7204000a7ac73d Test: manually removed ~/.android/adb* and checked they were recreated correctly.
2016-06-21 23:50:48 +00:00
if (username.empty() && getlogin()) username = getlogin();
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
#endif
Address old review comments in adb_auth_host.cpp. Comments from: https://android-review.googlesource.com/#/c/212781/4/adb/adb_auth_host.cpp@107 Bug: http://b/28152031 Change-Id: I27d062f3eeb8db90f94b1b4f5d7204000a7ac73d Test: manually removed ~/.android/adb* and checked they were recreated correctly.
2016-06-21 23:50:48 +00:00
if (username.empty()) hostname = "unknown";
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
Address old review comments in adb_auth_host.cpp. Comments from: https://android-review.googlesource.com/#/c/212781/4/adb/adb_auth_host.cpp@107 Bug: http://b/28152031 Change-Id: I27d062f3eeb8db90f94b1b4f5d7204000a7ac73d Test: manually removed ~/.android/adb* and checked they were recreated correctly.
2016-06-21 23:50:48 +00:00
return " " + username + "@" + hostname;
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
}
Address old review comments in adb_auth_host.cpp. Comments from: https://android-review.googlesource.com/#/c/212781/4/adb/adb_auth_host.cpp@107 Bug: http://b/28152031 Change-Id: I27d062f3eeb8db90f94b1b4f5d7204000a7ac73d Test: manually removed ~/.android/adb* and checked they were recreated correctly.
2016-06-21 23:50:48 +00:00
static bool write_public_keyfile(RSA* private_key, const std::string& private_key_path) {
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 00:42:01 +00:00
LOG(INFO) << "write_public_keyfile...";
Switch fs_mgr and adb to libcrypto_utils. Update code and dependencies to use BoringSSL + libcrypto_utils instead of mincrypt. Change-Id: Ic75164bd50c84b81b6310e27a67d4b3c174984f9
2016-03-31 14:32:09 +00:00
uint8_t binary_key_data[ANDROID_PUBKEY_ENCODED_SIZE];
Address old review comments in adb_auth_host.cpp. Comments from: https://android-review.googlesource.com/#/c/212781/4/adb/adb_auth_host.cpp@107 Bug: http://b/28152031 Change-Id: I27d062f3eeb8db90f94b1b4f5d7204000a7ac73d Test: manually removed ~/.android/adb* and checked they were recreated correctly.
2016-06-21 23:50:48 +00:00
if (!android_pubkey_encode(private_key, binary_key_data, sizeof(binary_key_data))) {
LOG(ERROR) << "Failed to convert to public key";
return false;
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
}
Stop writing NUL bytes in adbkey.pub. In N we moved some code from C to C++ without realizing that EVP_EncodedLength includes space for a terminating NUL and EVP_EncodeBlock writes one. Because our key reading code copes with the NUL, we never noticed. Distinguish between the required space returned by EVP_EncodedLength and the actual number of bytes (not including NUL) used return by EVP_EncodeBlock. Bug: http://b/36187819 Test: hexdump of ~/.android/adbkey.pub Change-Id: I81a487ddbb5c884593b6426d1f41cfaece26ff90
2017-05-01 20:45:30 +00:00
size_t expected_length;
if (!EVP_EncodedLength(&expected_length, sizeof(binary_key_data))) {
Address old review comments in adb_auth_host.cpp. Comments from: https://android-review.googlesource.com/#/c/212781/4/adb/adb_auth_host.cpp@107 Bug: http://b/28152031 Change-Id: I27d062f3eeb8db90f94b1b4f5d7204000a7ac73d Test: manually removed ~/.android/adb* and checked they were recreated correctly.
2016-06-21 23:50:48 +00:00
LOG(ERROR) << "Public key too large to base64 encode";
return false;
Switch from using base64 BIOs to encoding funcs. The OpenSSL base64 BIO is going away in BoringSSL. This change switches to using the explicit base64 functions which are availible in both OpenSSL and BoringSSL. The BoringSSL helper functions (i.e. for calculating the size of the base64 encoding) are wrapped in #ifdefs so that this change isn't coupled with the switch to BoringSSL. Once that switch is complete, the #ifdefs can be removed. Bug: 17409664 Change-Id: I42bac3bc93a1fb39feed39a8917d8e38d97629d3 Signed-off-by: Adam Langley <agl@google.com>
2014-09-03 21:34:47 +00:00
}
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
Address old review comments in adb_auth_host.cpp. Comments from: https://android-review.googlesource.com/#/c/212781/4/adb/adb_auth_host.cpp@107 Bug: http://b/28152031 Change-Id: I27d062f3eeb8db90f94b1b4f5d7204000a7ac73d Test: manually removed ~/.android/adb* and checked they were recreated correctly.
2016-06-21 23:50:48 +00:00
std::string content;
Stop writing NUL bytes in adbkey.pub. In N we moved some code from C to C++ without realizing that EVP_EncodedLength includes space for a terminating NUL and EVP_EncodeBlock writes one. Because our key reading code copes with the NUL, we never noticed. Distinguish between the required space returned by EVP_EncodedLength and the actual number of bytes (not including NUL) used return by EVP_EncodeBlock. Bug: http://b/36187819 Test: hexdump of ~/.android/adbkey.pub Change-Id: I81a487ddbb5c884593b6426d1f41cfaece26ff90
2017-05-01 20:45:30 +00:00
content.resize(expected_length);
size_t actual_length = EVP_EncodeBlock(reinterpret_cast<uint8_t*>(&content[0]), binary_key_data,
sizeof(binary_key_data));
content.resize(actual_length);
Switch fs_mgr and adb to libcrypto_utils. Update code and dependencies to use BoringSSL + libcrypto_utils instead of mincrypt. Change-Id: Ic75164bd50c84b81b6310e27a67d4b3c174984f9
2016-03-31 14:32:09 +00:00
Address old review comments in adb_auth_host.cpp. Comments from: https://android-review.googlesource.com/#/c/212781/4/adb/adb_auth_host.cpp@107 Bug: http://b/28152031 Change-Id: I27d062f3eeb8db90f94b1b4f5d7204000a7ac73d Test: manually removed ~/.android/adb* and checked they were recreated correctly.
2016-06-21 23:50:48 +00:00
content += get_user_info();
Switch fs_mgr and adb to libcrypto_utils. Update code and dependencies to use BoringSSL + libcrypto_utils instead of mincrypt. Change-Id: Ic75164bd50c84b81b6310e27a67d4b3c174984f9
2016-03-31 14:32:09 +00:00
Address old review comments in adb_auth_host.cpp. Comments from: https://android-review.googlesource.com/#/c/212781/4/adb/adb_auth_host.cpp@107 Bug: http://b/28152031 Change-Id: I27d062f3eeb8db90f94b1b4f5d7204000a7ac73d Test: manually removed ~/.android/adb* and checked they were recreated correctly.
2016-06-21 23:50:48 +00:00
std::string path(private_key_path + ".pub");
if (!android::base::WriteStringToFile(content, path)) {
PLOG(ERROR) << "Failed to write public key to '" << path << "'";
return false;
Switch from using base64 BIOs to encoding funcs. The OpenSSL base64 BIO is going away in BoringSSL. This change switches to using the explicit base64 functions which are availible in both OpenSSL and BoringSSL. The BoringSSL helper functions (i.e. for calculating the size of the base64 encoding) are wrapped in #ifdefs so that this change isn't coupled with the switch to BoringSSL. Once that switch is complete, the #ifdefs can be removed. Bug: 17409664 Change-Id: I42bac3bc93a1fb39feed39a8917d8e38d97629d3 Signed-off-by: Adam Langley <agl@google.com>
2014-09-03 21:34:47 +00:00
}
Address old review comments in adb_auth_host.cpp. Comments from: https://android-review.googlesource.com/#/c/212781/4/adb/adb_auth_host.cpp@107 Bug: http://b/28152031 Change-Id: I27d062f3eeb8db90f94b1b4f5d7204000a7ac73d Test: manually removed ~/.android/adb* and checked they were recreated correctly.
2016-06-21 23:50:48 +00:00
return true;
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
}
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 00:42:01 +00:00
static int generate_key(const std::string& file) {
LOG(INFO) << "generate_key(" << file << ")...";
adb: Create private key with 0600 mode Changed key name to force generating new pairs. Bug: 7092477 Change-Id: I680cb9dd1896ae52b2b29d63533f966e033d823f
2012-08-31 19:14:21 +00:00
mode_t old_mask;
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
FILE *f = NULL;
int ret = 0;
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 00:42:01 +00:00
EVP_PKEY* pkey = EVP_PKEY_new();
BIGNUM* exponent = BN_new();
RSA* rsa = RSA_new();
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
if (!pkey || !exponent || !rsa) {
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 00:42:01 +00:00
LOG(ERROR) << "Failed to allocate key";
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
goto out;
}
BN_set_word(exponent, RSA_F4);
RSA_generate_key_ex(rsa, 2048, exponent, NULL);
EVP_PKEY_set1_RSA(pkey, rsa);
adb: Create private key with 0600 mode Changed key name to force generating new pairs. Bug: 7092477 Change-Id: I680cb9dd1896ae52b2b29d63533f966e033d823f
2012-08-31 19:14:21 +00:00
old_mask = umask(077);
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 00:42:01 +00:00
f = fopen(file.c_str(), "w");
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
if (!f) {
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 00:42:01 +00:00
PLOG(ERROR) << "Failed to open " << file;
adb: Create private key with 0600 mode Changed key name to force generating new pairs. Bug: 7092477 Change-Id: I680cb9dd1896ae52b2b29d63533f966e033d823f
2012-08-31 19:14:21 +00:00
umask(old_mask);
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
goto out;
}
adb: Create private key with 0600 mode Changed key name to force generating new pairs. Bug: 7092477 Change-Id: I680cb9dd1896ae52b2b29d63533f966e033d823f
2012-08-31 19:14:21 +00:00
umask(old_mask);
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
if (!PEM_write_PrivateKey(f, pkey, NULL, NULL, 0, NULL, NULL)) {
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("Failed to write key");
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
goto out;
}
if (!write_public_keyfile(rsa, file)) {
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("Failed to write public key");
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
goto out;
}
ret = 1;
out:
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 00:42:01 +00:00
if (f) fclose(f);
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
EVP_PKEY_free(pkey);
RSA_free(rsa);
BN_free(exponent);
return ret;
}
adb: add support for vendor key directories. Allow directories to be specified in ADB_VENDOR_KEYS. On Linux, monitor this directory for new keys to be added. Additionally, deduplicate keys by hashing their public key. Bug: http://b/29273531 Bug: http://b/30927527 Change-Id: I8d3312b216b7f2c11900f2235f1f1b1d1c7aa767 Test: manually tested by adding a key to a directory, and verifying that devices became authorized after replugging.
2016-08-19 05:00:12 +00:00
static std::string hash_key(RSA* key) {
unsigned char* pubkey = nullptr;
int len = i2d_RSA_PUBKEY(key, &pubkey);
if (len < 0) {
LOG(ERROR) << "failed to encode RSA public key";
return std::string();
}
std::string result;
result.resize(SHA256_DIGEST_LENGTH);
SHA256(pubkey, len, reinterpret_cast<unsigned char*>(&result[0]));
OPENSSL_free(pubkey);
return result;
}
static bool read_key_file(const std::string& file) {
LOG(INFO) << "read_key_file '" << file << "'...";
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 00:42:01 +00:00
std::unique_ptr<FILE, decltype(&fclose)> fp(fopen(file.c_str(), "r"), fclose);
Remove strtok from adb. Also fix android::base::Split to behave like Java, Python, and google3. Change-Id: Ifbffd4e92950a79e7aea5d153c95fe0980648417
2015-04-25 06:02:00 +00:00
if (!fp) {
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 00:42:01 +00:00
PLOG(ERROR) << "Failed to open '" << file << "'";
return false;
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
}
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 00:42:01 +00:00
RSA* key = RSA_new();
if (!PEM_read_RSAPrivateKey(fp.get(), &key, nullptr, nullptr)) {
LOG(ERROR) << "Failed to read key";
RSA_free(key);
return false;
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
}
adb: add support for vendor key directories. Allow directories to be specified in ADB_VENDOR_KEYS. On Linux, monitor this directory for new keys to be added. Additionally, deduplicate keys by hashing their public key. Bug: http://b/29273531 Bug: http://b/30927527 Change-Id: I8d3312b216b7f2c11900f2235f1f1b1d1c7aa767 Test: manually tested by adding a key to a directory, and verifying that devices became authorized after replugging.
2016-08-19 05:00:12 +00:00
std::lock_guard<std::mutex> lock(g_keys_mutex);
std::string fingerprint = hash_key(key);
if (g_keys.find(fingerprint) != g_keys.end()) {
LOG(INFO) << "ignoring already-loaded key: " << file;
RSA_free(key);
} else {
g_keys[fingerprint] = std::shared_ptr<RSA>(key, RSA_free);
}
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 00:42:01 +00:00
return true;
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
}
adb: add support for vendor key directories. Allow directories to be specified in ADB_VENDOR_KEYS. On Linux, monitor this directory for new keys to be added. Additionally, deduplicate keys by hashing their public key. Bug: http://b/29273531 Bug: http://b/30927527 Change-Id: I8d3312b216b7f2c11900f2235f1f1b1d1c7aa767 Test: manually tested by adding a key to a directory, and verifying that devices became authorized after replugging.
2016-08-19 05:00:12 +00:00
static bool read_keys(const std::string& path, bool allow_dir = true) {
LOG(INFO) << "read_keys '" << path << "'...";
struct stat st;
if (stat(path.c_str(), &st) != 0) {
PLOG(ERROR) << "failed to stat '" << path << "'";
return false;
}
if (S_ISREG(st.st_mode)) {
return read_key_file(path);
} else if (S_ISDIR(st.st_mode)) {
if (!allow_dir) {
// inotify isn't recursive. It would break expectations to load keys in nested
// directories but not monitor them for new keys.
LOG(WARNING) << "refusing to recurse into directory '" << path << "'";
return false;
}
std::unique_ptr<DIR, decltype(&closedir)> dir(opendir(path.c_str()), closedir);
if (!dir) {
PLOG(ERROR) << "failed to open directory '" << path << "'";
return false;
}
bool result = false;
while (struct dirent* dent = readdir(dir.get())) {
std::string name = dent->d_name;
// We can't use dent->d_type here because it's not available on Windows.
if (name == "." || name == "..") {
continue;
}
adb: don't require adb keys to be named "*.adb_key". Don't require the extension on explicit file paths passed on; only check for it in monitored directories. Bug: http://b/33638233 Test: ADB_TRACE=1 ADB_VENDOR_KEYS=$HOME/foo adb server nodaemon Change-Id: I7387e0bbe0f2e16878bf22b05d5c6e8d0f9e5a92
2016-12-15 00:59:29 +00:00
if (!android::base::EndsWith(name, ".adb_key")) {
LOG(INFO) << "skipping non-adb_key '" << path << "/" << name << "'";
continue;
}
result |= read_key_file((path + OS_PATH_SEPARATOR + name));
adb: add support for vendor key directories. Allow directories to be specified in ADB_VENDOR_KEYS. On Linux, monitor this directory for new keys to be added. Additionally, deduplicate keys by hashing their public key. Bug: http://b/29273531 Bug: http://b/30927527 Change-Id: I8d3312b216b7f2c11900f2235f1f1b1d1c7aa767 Test: manually tested by adding a key to a directory, and verifying that devices became authorized after replugging.
2016-08-19 05:00:12 +00:00
}
return result;
}
LOG(ERROR) << "unexpected type for '" << path << "': 0x" << std::hex << st.st_mode;
return false;
}
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 00:42:01 +00:00
static std::string get_user_key_path() {
adb: add helper to get the ~/.android directory. Extract the logic for creating ~/.android out of get_user_key_path into its own function. Also, fall back to getpwuid_r when $HOME isn't defined. Change-Id: I676a7c750cb364f89b544818ffda07903d14fb97 Test: ran adb with ~/.android missing
2016-08-30 22:23:35 +00:00
return adb_get_android_dir_path() + OS_PATH_SEPARATOR + "adbkey";
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
}
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 00:42:01 +00:00
static bool get_user_key() {
std::string path = get_user_key_path();
if (path.empty()) {
PLOG(ERROR) << "Error getting user key filename";
return false;
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
}
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 00:42:01 +00:00
struct stat buf;
if (stat(path.c_str(), &buf) == -1) {
LOG(INFO) << "User key '" << path << "' does not exist...";
Revert "Turn on -Wformat-nonliteral." One of my build aliases doesn't play nice with USE_MINGW=1, so my build lied to me. Will revert until I fix it up. This reverts commit 459df8f3a14d4c614f0211049800cf7cad6d30ad. Change-Id: I7905c5ae5ee85fb2d228ce63d81c79f140998c18
2015-07-09 20:35:09 +00:00
if (!generate_key(path)) {
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 00:42:01 +00:00
LOG(ERROR) << "Failed to generate new key";
return false;
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
}
}
adb: add support for vendor key directories. Allow directories to be specified in ADB_VENDOR_KEYS. On Linux, monitor this directory for new keys to be added. Additionally, deduplicate keys by hashing their public key. Bug: http://b/29273531 Bug: http://b/30927527 Change-Id: I8d3312b216b7f2c11900f2235f1f1b1d1c7aa767 Test: manually tested by adding a key to a directory, and verifying that devices became authorized after replugging.
2016-08-19 05:00:12 +00:00
return read_key_file(path);
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
}
adb: add support for vendor key directories. Allow directories to be specified in ADB_VENDOR_KEYS. On Linux, monitor this directory for new keys to be added. Additionally, deduplicate keys by hashing their public key. Bug: http://b/29273531 Bug: http://b/30927527 Change-Id: I8d3312b216b7f2c11900f2235f1f1b1d1c7aa767 Test: manually tested by adding a key to a directory, and verifying that devices became authorized after replugging.
2016-08-19 05:00:12 +00:00
static std::set<std::string> get_vendor_keys() {
Remove strtok from adb. Also fix android::base::Split to behave like Java, Python, and google3. Change-Id: Ifbffd4e92950a79e7aea5d153c95fe0980648417
2015-04-25 06:02:00 +00:00
const char* adb_keys_path = getenv("ADB_VENDOR_KEYS");
if (adb_keys_path == nullptr) {
adb: add support for vendor key directories. Allow directories to be specified in ADB_VENDOR_KEYS. On Linux, monitor this directory for new keys to be added. Additionally, deduplicate keys by hashing their public key. Bug: http://b/29273531 Bug: http://b/30927527 Change-Id: I8d3312b216b7f2c11900f2235f1f1b1d1c7aa767 Test: manually tested by adding a key to a directory, and verifying that devices became authorized after replugging.
2016-08-19 05:00:12 +00:00
return std::set<std::string>();
Remove strtok from adb. Also fix android::base::Split to behave like Java, Python, and google3. Change-Id: Ifbffd4e92950a79e7aea5d153c95fe0980648417
2015-04-25 06:02:00 +00:00
}
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
adb: add support for vendor key directories. Allow directories to be specified in ADB_VENDOR_KEYS. On Linux, monitor this directory for new keys to be added. Additionally, deduplicate keys by hashing their public key. Bug: http://b/29273531 Bug: http://b/30927527 Change-Id: I8d3312b216b7f2c11900f2235f1f1b1d1c7aa767 Test: manually tested by adding a key to a directory, and verifying that devices became authorized after replugging.
2016-08-19 05:00:12 +00:00
std::set<std::string> result;
Use const auto&/auto&& in adb. Change-Id: I74a7e511302e15e207906f572d181634e0ed5604
2015-10-07 22:59:35 +00:00
for (const auto& path : android::base::Split(adb_keys_path, ENV_PATH_SEPARATOR_STR)) {
adb: add support for vendor key directories. Allow directories to be specified in ADB_VENDOR_KEYS. On Linux, monitor this directory for new keys to be added. Additionally, deduplicate keys by hashing their public key. Bug: http://b/29273531 Bug: http://b/30927527 Change-Id: I8d3312b216b7f2c11900f2235f1f1b1d1c7aa767 Test: manually tested by adding a key to a directory, and verifying that devices became authorized after replugging.
2016-08-19 05:00:12 +00:00
result.emplace(path);
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
}
adb: add support for vendor key directories. Allow directories to be specified in ADB_VENDOR_KEYS. On Linux, monitor this directory for new keys to be added. Additionally, deduplicate keys by hashing their public key. Bug: http://b/29273531 Bug: http://b/30927527 Change-Id: I8d3312b216b7f2c11900f2235f1f1b1d1c7aa767 Test: manually tested by adding a key to a directory, and verifying that devices became authorized after replugging.
2016-08-19 05:00:12 +00:00
return result;
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
}
adb: add support for vendor key directories. Allow directories to be specified in ADB_VENDOR_KEYS. On Linux, monitor this directory for new keys to be added. Additionally, deduplicate keys by hashing their public key. Bug: http://b/29273531 Bug: http://b/30927527 Change-Id: I8d3312b216b7f2c11900f2235f1f1b1d1c7aa767 Test: manually tested by adding a key to a directory, and verifying that devices became authorized after replugging.
2016-08-19 05:00:12 +00:00
std::deque<std::shared_ptr<RSA>> adb_auth_get_private_keys() {
std::deque<std::shared_ptr<RSA>> result;
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 00:42:01 +00:00
adb: add support for vendor key directories. Allow directories to be specified in ADB_VENDOR_KEYS. On Linux, monitor this directory for new keys to be added. Additionally, deduplicate keys by hashing their public key. Bug: http://b/29273531 Bug: http://b/30927527 Change-Id: I8d3312b216b7f2c11900f2235f1f1b1d1c7aa767 Test: manually tested by adding a key to a directory, and verifying that devices became authorized after replugging.
2016-08-19 05:00:12 +00:00
// Copy all the currently known keys.
std::lock_guard<std::mutex> lock(g_keys_mutex);
for (const auto& it : g_keys) {
result.push_back(it.second);
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 00:42:01 +00:00
}
// Add a sentinel to the list. Our caller uses this to mean "out of private keys,
// but try using the public key" (the empty deque could otherwise mean this _or_
// that this function hasn't been called yet to request the keys).
result.push_back(nullptr);
return result;
}
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
adb: rationalize types. Use fixed length types for structs going over the wire, constify arguments where possible, use char* instead of unsigned char* for apacket data, and assorted other refactoring. Bug: http://b/29273531 Test: python test_device.py with every combination of old/new adb and adbd Change-Id: I0b6f818a32be5386985aa4519f542003cf427f9d
2016-10-06 20:31:44 +00:00
static int adb_auth_sign(RSA* key, const char* token, size_t token_size, char* sig) {
Verify token length before adb signs it Currently, a host running adb will sign a token of any length passed to it by a device, effectively acting as a signing oracle. If the ADB_VENDOR_KEYS environment variable is used to specify an additional key to use, this behavior is not only unexpected, but probably also unwanted. Further discussion can be found from this thread: http://www.metzdowd.com/pipermail/cryptography/2015-January/024423.html This change adds a check to ensure token length matches TOKEN_SIZE before it's signed, which prevents an attacker from signing longer messages. Change-Id: I7b2cc1f051941bf9b66e1c02980850bede501793
2015-01-27 16:48:35 +00:00
if (token_size != TOKEN_SIZE) {
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("Unexpected token size %zd", token_size);
Verify token length before adb signs it Currently, a host running adb will sign a token of any length passed to it by a device, effectively acting as a signing oracle. If the ADB_VENDOR_KEYS environment variable is used to specify an additional key to use, this behavior is not only unexpected, but probably also unwanted. Further discussion can be found from this thread: http://www.metzdowd.com/pipermail/cryptography/2015-January/024423.html This change adds a check to ensure token length matches TOKEN_SIZE before it's signed, which prevents an attacker from signing longer messages. Change-Id: I7b2cc1f051941bf9b66e1c02980850bede501793
2015-01-27 16:48:35 +00:00
return 0;
}
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 00:42:01 +00:00
unsigned int len;
adb: rationalize types. Use fixed length types for structs going over the wire, constify arguments where possible, use char* instead of unsigned char* for apacket data, and assorted other refactoring. Bug: http://b/29273531 Test: python test_device.py with every combination of old/new adb and adbd Change-Id: I0b6f818a32be5386985aa4519f542003cf427f9d
2016-10-06 20:31:44 +00:00
if (!RSA_sign(NID_sha1, reinterpret_cast<const uint8_t*>(token), token_size,
reinterpret_cast<uint8_t*>(sig), &len, key)) {
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
return 0;
}
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("adb_auth_sign len=%d", len);
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
return (int)len;
}
Kill load_file. Change-Id: I6c332f7d8e94d513605295b3d4d32c4e1cf878dc
2016-05-27 05:43:19 +00:00
std::string adb_auth_get_userkey() {
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 00:42:01 +00:00
std::string path = get_user_key_path();
if (path.empty()) {
PLOG(ERROR) << "Error getting user key filename";
Kill load_file. Change-Id: I6c332f7d8e94d513605295b3d4d32c4e1cf878dc
2016-05-27 05:43:19 +00:00
return "";
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
}
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 00:42:01 +00:00
path += ".pub";
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
Kill load_file. Change-Id: I6c332f7d8e94d513605295b3d4d32c4e1cf878dc
2016-05-27 05:43:19 +00:00
std::string content;
if (!android::base::ReadFileToString(path, &content)) {
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 00:42:01 +00:00
PLOG(ERROR) << "Can't load '" << path << "'";
Kill load_file. Change-Id: I6c332f7d8e94d513605295b3d4d32c4e1cf878dc
2016-05-27 05:43:19 +00:00
return "";
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
}
Kill load_file. Change-Id: I6c332f7d8e94d513605295b3d4d32c4e1cf878dc
2016-05-27 05:43:19 +00:00
return content;
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
}
Introduce "adb keygen" Introduce the "adb keygen" command. Usage: adb keygen <filename> This command creates an adb public/private key pair in a user specified file. This can be used to create new adb keys, or rotate existing keys. Modify adb's key generation routines to use the HOSTNAME/LOGNAME environment variables if available. This allows someone to override the username/hostname embedded within the adb public key file if desired. Fallback to the old mechanisms if those environment variables aren't available. Bug: 18342715 Change-Id: Ibccee6088d4609aa05ad6687d3a1d8a8689d3e8a (cherry picked from commit af782b9f2ac4fb817ded80d4317a45345bb3f992) Change-Id: Ic76ffc9412171dddc879af0bbf6e20fbe1a8f057
2014-11-13 23:17:29 +00:00
int adb_auth_keygen(const char* filename) {
return (generate_key(filename) == 0);
}
adb: add support for vendor key directories. Allow directories to be specified in ADB_VENDOR_KEYS. On Linux, monitor this directory for new keys to be added. Additionally, deduplicate keys by hashing their public key. Bug: http://b/29273531 Bug: http://b/30927527 Change-Id: I8d3312b216b7f2c11900f2235f1f1b1d1c7aa767 Test: manually tested by adding a key to a directory, and verifying that devices became authorized after replugging.
2016-08-19 05:00:12 +00:00
#if defined(__linux__)
static void adb_auth_inotify_update(int fd, unsigned fd_event, void*) {
LOG(INFO) << "adb_auth_inotify_update called";
if (!(fd_event & FDE_READ)) {
return;
}
char buf[sizeof(struct inotify_event) + NAME_MAX + 1];
while (true) {
ssize_t rc = TEMP_FAILURE_RETRY(unix_read(fd, buf, sizeof(buf)));
if (rc == -1) {
if (errno == EAGAIN) {
LOG(INFO) << "done reading inotify fd";
break;
}
PLOG(FATAL) << "read of inotify event failed";
}
// The read potentially returned multiple events.
char* start = buf;
char* end = buf + rc;
while (start < end) {
inotify_event* event = reinterpret_cast<inotify_event*>(start);
auto root_it = g_monitored_paths.find(event->wd);
if (root_it == g_monitored_paths.end()) {
LOG(FATAL) << "observed inotify event for unmonitored path, wd = " << event->wd;
}
std::string path = root_it->second;
if (event->len > 0) {
path += '/';
path += event->name;
}
if (event->mask & (IN_CREATE | IN_MOVED_TO)) {
if (event->mask & IN_ISDIR) {
LOG(INFO) << "ignoring new directory at '" << path << "'";
} else {
LOG(INFO) << "observed new file at '" << path << "'";
read_keys(path, false);
}
} else {
LOG(WARNING) << "unmonitored event for " << path << ": 0x" << std::hex
<< event->mask;
}
start += sizeof(struct inotify_event) + event->len;
}
}
}
static void adb_auth_inotify_init(const std::set<std::string>& paths) {
LOG(INFO) << "adb_auth_inotify_init...";
adb: check for and report inotify_init1 failure. Bug: http://b/34396687 Test: mma Change-Id: I55ea84db49017a6533ac54db5072e3e75ba30097
2017-01-19 02:14:17 +00:00
adb: add support for vendor key directories. Allow directories to be specified in ADB_VENDOR_KEYS. On Linux, monitor this directory for new keys to be added. Additionally, deduplicate keys by hashing their public key. Bug: http://b/29273531 Bug: http://b/30927527 Change-Id: I8d3312b216b7f2c11900f2235f1f1b1d1c7aa767 Test: manually tested by adding a key to a directory, and verifying that devices became authorized after replugging.
2016-08-19 05:00:12 +00:00
int infd = inotify_init1(IN_CLOEXEC | IN_NONBLOCK);
adb: check for and report inotify_init1 failure. Bug: http://b/34396687 Test: mma Change-Id: I55ea84db49017a6533ac54db5072e3e75ba30097
2017-01-19 02:14:17 +00:00
if (infd < 0) {
PLOG(ERROR) << "failed to create inotify fd";
return;
}
adb: add support for vendor key directories. Allow directories to be specified in ADB_VENDOR_KEYS. On Linux, monitor this directory for new keys to be added. Additionally, deduplicate keys by hashing their public key. Bug: http://b/29273531 Bug: http://b/30927527 Change-Id: I8d3312b216b7f2c11900f2235f1f1b1d1c7aa767 Test: manually tested by adding a key to a directory, and verifying that devices became authorized after replugging.
2016-08-19 05:00:12 +00:00
for (const std::string& path : paths) {
int wd = inotify_add_watch(infd, path.c_str(), IN_CREATE | IN_MOVED_TO);
if (wd < 0) {
PLOG(ERROR) << "failed to inotify_add_watch on path '" << path;
continue;
}
g_monitored_paths[wd] = path;
LOG(INFO) << "watch descriptor " << wd << " registered for " << path;
}
fdevent* event = fdevent_create(infd, adb_auth_inotify_update, nullptr);
fdevent_add(event, FDE_READ);
}
#endif
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 00:42:01 +00:00
void adb_auth_init() {
LOG(INFO) << "adb_auth_init...";
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 00:42:01 +00:00
if (!get_user_key()) {
LOG(ERROR) << "Failed to get user key";
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
return;
}
adb: add support for vendor key directories. Allow directories to be specified in ADB_VENDOR_KEYS. On Linux, monitor this directory for new keys to be added. Additionally, deduplicate keys by hashing their public key. Bug: http://b/29273531 Bug: http://b/30927527 Change-Id: I8d3312b216b7f2c11900f2235f1f1b1d1c7aa767 Test: manually tested by adding a key to a directory, and verifying that devices became authorized after replugging.
2016-08-19 05:00:12 +00:00
const auto& key_paths = get_vendor_keys();
#if defined(__linux__)
adb_auth_inotify_init(key_paths);
#endif
for (const std::string& path : key_paths) {
read_keys(path.c_str());
}
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
}
adb: split up adb_auth.cpp. All of the functions in adb_auth.cpp were used in only one of adb/adbd. Split up them up into adb_auth_host.cpp and adbd_auth.cpp respectively. Bug: http://b/29273531 Test: built and flashed bullhead, adb still works Change-Id: Ib610c5157522634cc273511175152f1306cc52a7
2016-10-06 02:02:29 +00:00
static void send_auth_publickey(atransport* t) {
LOG(INFO) << "Calling send_auth_publickey";
std::string key = adb_auth_get_userkey();
if (key.empty()) {
D("Failed to get user public key");
return;
}
if (key.size() >= MAX_PAYLOAD_V1) {
D("User public key too large (%zu B)", key.size());
return;
}
apacket* p = get_apacket();
memcpy(p->data, key.c_str(), key.size() + 1);
p->msg.command = A_AUTH;
p->msg.arg0 = ADB_AUTH_RSAPUBLICKEY;
// adbd expects a null-terminated string.
p->msg.data_length = key.size() + 1;
send_packet(p, t);
}
adb: rationalize types. Use fixed length types for structs going over the wire, constify arguments where possible, use char* instead of unsigned char* for apacket data, and assorted other refactoring. Bug: http://b/29273531 Test: python test_device.py with every combination of old/new adb and adbd Change-Id: I0b6f818a32be5386985aa4519f542003cf427f9d
2016-10-06 20:31:44 +00:00
void send_auth_response(const char* token, size_t token_size, atransport* t) {
adb: split up adb_auth.cpp. All of the functions in adb_auth.cpp were used in only one of adb/adbd. Split up them up into adb_auth_host.cpp and adbd_auth.cpp respectively. Bug: http://b/29273531 Test: built and flashed bullhead, adb still works Change-Id: Ib610c5157522634cc273511175152f1306cc52a7
2016-10-06 02:02:29 +00:00
std::shared_ptr<RSA> key = t->NextKey();
if (key == nullptr) {
// No more private keys to try, send the public key.
send_auth_publickey(t);
return;
}
LOG(INFO) << "Calling send_auth_response";
apacket* p = get_apacket();
int ret = adb_auth_sign(key.get(), token, token_size, p->data);
if (!ret) {
D("Error signing the token");
put_apacket(p);
return;
}
p->msg.command = A_AUTH;
p->msg.arg0 = ADB_AUTH_SIGNATURE;
p->msg.data_length = ret;
send_packet(p, t);
}