pa-fazil
/
android_system_core
mirror of https://github.com/fazilsheik96/android_system_core.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
android_system_core/adb/adb_auth_host.cpp

476 lines
11 KiB
C++
Raw Normal View History

adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
/*
* Copyright (C) 2012 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Adb: use VLOG() to replace D() for verbose logging. As there are too many D(), we can keep both VLOG() and D() now, and get rid of D() gradually. Change-Id: I2f1cb70bcab3e82c99fed939341d03f6b2216076
2015-09-22 22:52:57 +00:00
#define TRACE_TAG AUTH
File header cleanup. * sysdeps.h should always be included first. * TRACE_TAG needs to be defined before anything is included. * Some files were missing copyright headers. * Save precious bytes on my SSD by removing useless whitespace. Change-Id: I88980e6e00b5be1093806cf286740d9e4a033b94
2015-03-19 22:21:08 +00:00
#include "sysdeps.h"
#include "adb_auth.h"
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
#include <stdio.h>
Fix adb/fastboot windows compilations. Many of the windows files where not including stdlib.h even though they are using malloc/free calls. (cherry-pick of ae7bf0959bd3f79afbf365e41f015ed1c304afdc.) Change-Id: If6959df9909d9d9928e9f4a2a96018166361cf3c
2014-11-06 22:34:24 +00:00
#include <stdlib.h>
File header cleanup. * sysdeps.h should always be included first. * TRACE_TAG needs to be defined before anything is included. * Some files were missing copyright headers. * Save precious bytes on my SSD by removing useless whitespace. Change-Id: I88980e6e00b5be1093806cf286740d9e4a033b94
2015-03-19 22:21:08 +00:00
#include <string.h>
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
#ifdef _WIN32
Fix adb/fastboot windows compilations. Many of the windows files where not including stdlib.h even though they are using malloc/free calls. (cherry-pick of ae7bf0959bd3f79afbf365e41f015ed1c304afdc.) Change-Id: If6959df9909d9d9928e9f4a2a96018166361cf3c
2014-11-06 22:34:24 +00:00
# ifndef WIN32_LEAN_AND_MEAN
# define WIN32_LEAN_AND_MEAN
# endif
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
# include "windows.h"
# include "shlobj.h"
#else
# include <sys/types.h>
# include <sys/stat.h>
# include <unistd.h>
#endif
#include "adb.h"
/* HACK: we need the RSAPublicKey struct
* but RSA_verify conflits with openssl */
#define RSA_verify RSA_verify_mincrypt
#include "mincrypt/rsa.h"
#undef RSA_verify
Track rename of base/ to android-base/. Change-Id: Idf9444fece4aa89c93e15640de59a91f6e758ccf
2015-12-05 06:00:26 +00:00
#include <android-base/strings.h>
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
#include <cutils/list.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/sha.h>
Switch from using base64 BIOs to encoding funcs. The OpenSSL base64 BIO is going away in BoringSSL. This change switches to using the explicit base64 functions which are availible in both OpenSSL and BoringSSL. The BoringSSL helper functions (i.e. for calculating the size of the base64 encoding) are wrapped in #ifdefs so that this change isn't coupled with the switch to BoringSSL. Once that switch is complete, the #ifdefs can be removed. Bug: 17409664 Change-Id: I42bac3bc93a1fb39feed39a8917d8e38d97629d3 Signed-off-by: Adam Langley <agl@google.com>
2014-09-03 21:34:47 +00:00
#if defined(OPENSSL_IS_BORINGSSL)
#include <openssl/base64.h>
#endif
Revert "Turn on -Wformat-nonliteral." One of my build aliases doesn't play nice with USE_MINGW=1, so my build lied to me. Will revert until I fix it up. This reverts commit 459df8f3a14d4c614f0211049800cf7cad6d30ad. Change-Id: I7905c5ae5ee85fb2d228ce63d81c79f140998c18
2015-07-09 20:35:09 +00:00
#define ANDROID_PATH ".android"
#define ADB_KEY_FILE "adbkey"
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
struct adb_private_key {
struct listnode node;
RSA *rsa;
};
static struct listnode key_list;
/* Convert OpenSSL RSA private key to android pre-computed RSAPublicKey format */
static int RSA_to_RSAPublicKey(RSA *rsa, RSAPublicKey *pkey)
{
int ret = 1;
unsigned int i;
BN_CTX* ctx = BN_CTX_new();
BIGNUM* r32 = BN_new();
BIGNUM* rr = BN_new();
BIGNUM* r = BN_new();
BIGNUM* rem = BN_new();
BIGNUM* n = BN_new();
BIGNUM* n0inv = BN_new();
if (RSA_size(rsa) != RSANUMBYTES) {
ret = 0;
goto out;
}
BN_set_bit(r32, 32);
BN_copy(n, rsa->n);
BN_set_bit(r, RSANUMWORDS * 32);
BN_mod_sqr(rr, r, n, ctx);
BN_div(NULL, rem, n, r32, ctx);
BN_mod_inverse(n0inv, rem, r32, ctx);
pkey->len = RSANUMWORDS;
pkey->n0inv = 0 - BN_get_word(n0inv);
for (i = 0; i < RSANUMWORDS; i++) {
BN_div(rr, rem, rr, r32, ctx);
pkey->rr[i] = BN_get_word(rem);
BN_div(n, rem, n, r32, ctx);
pkey->n[i] = BN_get_word(rem);
}
pkey->exponent = BN_get_word(rsa->e);
out:
BN_free(n0inv);
BN_free(n);
BN_free(rem);
BN_free(r);
BN_free(rr);
BN_free(r32);
BN_CTX_free(ctx);
return ret;
}
static void get_user_info(char *buf, size_t len)
{
char hostname[1024], username[1024];
Introduce "adb keygen" Introduce the "adb keygen" command. Usage: adb keygen <filename> This command creates an adb public/private key pair in a user specified file. This can be used to create new adb keys, or rotate existing keys. Modify adb's key generation routines to use the HOSTNAME/LOGNAME environment variables if available. This allows someone to override the username/hostname embedded within the adb public key file if desired. Fallback to the old mechanisms if those environment variables aren't available. Bug: 18342715 Change-Id: Ibccee6088d4609aa05ad6687d3a1d8a8689d3e8a (cherry picked from commit af782b9f2ac4fb817ded80d4317a45345bb3f992) Change-Id: Ic76ffc9412171dddc879af0bbf6e20fbe1a8f057
2014-11-13 23:17:29 +00:00
int ret = -1;
if (getenv("HOSTNAME") != NULL) {
strncpy(hostname, getenv("HOSTNAME"), sizeof(hostname));
hostname[sizeof(hostname)-1] = '\0';
ret = 0;
}
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
#ifndef _WIN32
if (ret < 0)
Introduce "adb keygen" Introduce the "adb keygen" command. Usage: adb keygen <filename> This command creates an adb public/private key pair in a user specified file. This can be used to create new adb keys, or rotate existing keys. Modify adb's key generation routines to use the HOSTNAME/LOGNAME environment variables if available. This allows someone to override the username/hostname embedded within the adb public key file if desired. Fallback to the old mechanisms if those environment variables aren't available. Bug: 18342715 Change-Id: Ibccee6088d4609aa05ad6687d3a1d8a8689d3e8a (cherry picked from commit af782b9f2ac4fb817ded80d4317a45345bb3f992) Change-Id: Ic76ffc9412171dddc879af0bbf6e20fbe1a8f057
2014-11-13 23:17:29 +00:00
ret = gethostname(hostname, sizeof(hostname));
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
#endif
Introduce "adb keygen" Introduce the "adb keygen" command. Usage: adb keygen <filename> This command creates an adb public/private key pair in a user specified file. This can be used to create new adb keys, or rotate existing keys. Modify adb's key generation routines to use the HOSTNAME/LOGNAME environment variables if available. This allows someone to override the username/hostname embedded within the adb public key file if desired. Fallback to the old mechanisms if those environment variables aren't available. Bug: 18342715 Change-Id: Ibccee6088d4609aa05ad6687d3a1d8a8689d3e8a (cherry picked from commit af782b9f2ac4fb817ded80d4317a45345bb3f992) Change-Id: Ic76ffc9412171dddc879af0bbf6e20fbe1a8f057
2014-11-13 23:17:29 +00:00
if (ret < 0)
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
strcpy(hostname, "unknown");
Introduce "adb keygen" Introduce the "adb keygen" command. Usage: adb keygen <filename> This command creates an adb public/private key pair in a user specified file. This can be used to create new adb keys, or rotate existing keys. Modify adb's key generation routines to use the HOSTNAME/LOGNAME environment variables if available. This allows someone to override the username/hostname embedded within the adb public key file if desired. Fallback to the old mechanisms if those environment variables aren't available. Bug: 18342715 Change-Id: Ibccee6088d4609aa05ad6687d3a1d8a8689d3e8a (cherry picked from commit af782b9f2ac4fb817ded80d4317a45345bb3f992) Change-Id: Ic76ffc9412171dddc879af0bbf6e20fbe1a8f057
2014-11-13 23:17:29 +00:00
ret = -1;
if (getenv("LOGNAME") != NULL) {
strncpy(username, getenv("LOGNAME"), sizeof(username));
username[sizeof(username)-1] = '\0';
ret = 0;
}
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
#if !defined _WIN32 && !defined ADB_HOST_ON_TARGET
if (ret < 0)
Introduce "adb keygen" Introduce the "adb keygen" command. Usage: adb keygen <filename> This command creates an adb public/private key pair in a user specified file. This can be used to create new adb keys, or rotate existing keys. Modify adb's key generation routines to use the HOSTNAME/LOGNAME environment variables if available. This allows someone to override the username/hostname embedded within the adb public key file if desired. Fallback to the old mechanisms if those environment variables aren't available. Bug: 18342715 Change-Id: Ibccee6088d4609aa05ad6687d3a1d8a8689d3e8a (cherry picked from commit af782b9f2ac4fb817ded80d4317a45345bb3f992) Change-Id: Ic76ffc9412171dddc879af0bbf6e20fbe1a8f057
2014-11-13 23:17:29 +00:00
ret = getlogin_r(username, sizeof(username));
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
#endif
Introduce "adb keygen" Introduce the "adb keygen" command. Usage: adb keygen <filename> This command creates an adb public/private key pair in a user specified file. This can be used to create new adb keys, or rotate existing keys. Modify adb's key generation routines to use the HOSTNAME/LOGNAME environment variables if available. This allows someone to override the username/hostname embedded within the adb public key file if desired. Fallback to the old mechanisms if those environment variables aren't available. Bug: 18342715 Change-Id: Ibccee6088d4609aa05ad6687d3a1d8a8689d3e8a (cherry picked from commit af782b9f2ac4fb817ded80d4317a45345bb3f992) Change-Id: Ic76ffc9412171dddc879af0bbf6e20fbe1a8f057
2014-11-13 23:17:29 +00:00
if (ret < 0)
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
strcpy(username, "unknown");
ret = snprintf(buf, len, " %s@%s", username, hostname);
if (ret >= (signed)len)
buf[len - 1] = '\0';
}
static int write_public_keyfile(RSA *private_key, const char *private_key_path)
{
RSAPublicKey pkey;
Switch from using base64 BIOs to encoding funcs. The OpenSSL base64 BIO is going away in BoringSSL. This change switches to using the explicit base64 functions which are availible in both OpenSSL and BoringSSL. The BoringSSL helper functions (i.e. for calculating the size of the base64 encoding) are wrapped in #ifdefs so that this change isn't coupled with the switch to BoringSSL. Once that switch is complete, the #ifdefs can be removed. Bug: 17409664 Change-Id: I42bac3bc93a1fb39feed39a8917d8e38d97629d3 Signed-off-by: Adam Langley <agl@google.com>
2014-09-03 21:34:47 +00:00
FILE *outfile = NULL;
Increase size of the the adb packets sent over the wire The reason behing this change is to increase the adb push/pull speed with reduceing the number of packets sent between the host and the device because the communication is heavily bound by packet latency. The change maintains two way compatibility in the communication protocol with negotiating a packet size between the target and the host with the CONNECT packets. After this change the push/pull speeds improved significantly (measured from Linux-x86_64 with 100MB of data): | Old push | Old pull || New push | New pull | ----------------------------------------------------------- Hammerhead | 4.6 MB/s | 3.9 MB/s || 13.1 MB/s | 16.5 MB/s | ----------------------------------------------------------- Volantis | 6.0 MB/s | 6.2 MS/s || 25.9 MB/s | 29.0 MB/s | ----------------------------------------------------------- Fugu | 6.0 MB/s | 5.1 MB/s || 27.9 MB/s | 33.2 MB/s | ----------------------------------------------------------- Change-Id: Id9625de31266e43394289e325c7e7e473379c5d8
2015-07-13 18:12:28 +00:00
char path[PATH_MAX], info[MAX_PAYLOAD_V1];
Move adb to C++. I keep trying to clean things up and needing std::strings. Might as well just do this now. usb_linux_client.c is going to stay as C because GCC isn't smart enough to deal with the designated initializers it uses (though for some reason it is in C mode). The Darwin files are staying as C because I don't have a way to test that they build. The Windows files are staying as C because while I can actually build for them, it's slow and painful. Change-Id: I75367d29205a9049d34460032b3bb36384f43941
2015-02-26 01:51:28 +00:00
uint8_t* encoded = nullptr;
Switch from using base64 BIOs to encoding funcs. The OpenSSL base64 BIO is going away in BoringSSL. This change switches to using the explicit base64 functions which are availible in both OpenSSL and BoringSSL. The BoringSSL helper functions (i.e. for calculating the size of the base64 encoding) are wrapped in #ifdefs so that this change isn't coupled with the switch to BoringSSL. Once that switch is complete, the #ifdefs can be removed. Bug: 17409664 Change-Id: I42bac3bc93a1fb39feed39a8917d8e38d97629d3 Signed-off-by: Adam Langley <agl@google.com>
2014-09-03 21:34:47 +00:00
size_t encoded_length;
int ret = 0;
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
Switch from using base64 BIOs to encoding funcs. The OpenSSL base64 BIO is going away in BoringSSL. This change switches to using the explicit base64 functions which are availible in both OpenSSL and BoringSSL. The BoringSSL helper functions (i.e. for calculating the size of the base64 encoding) are wrapped in #ifdefs so that this change isn't coupled with the switch to BoringSSL. Once that switch is complete, the #ifdefs can be removed. Bug: 17409664 Change-Id: I42bac3bc93a1fb39feed39a8917d8e38d97629d3 Signed-off-by: Adam Langley <agl@google.com>
2014-09-03 21:34:47 +00:00
if (snprintf(path, sizeof(path), "%s.pub", private_key_path) >=
(int)sizeof(path)) {
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("Path too long while writing public key");
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
return 0;
Switch from using base64 BIOs to encoding funcs. The OpenSSL base64 BIO is going away in BoringSSL. This change switches to using the explicit base64 functions which are availible in both OpenSSL and BoringSSL. The BoringSSL helper functions (i.e. for calculating the size of the base64 encoding) are wrapped in #ifdefs so that this change isn't coupled with the switch to BoringSSL. Once that switch is complete, the #ifdefs can be removed. Bug: 17409664 Change-Id: I42bac3bc93a1fb39feed39a8917d8e38d97629d3 Signed-off-by: Adam Langley <agl@google.com>
2014-09-03 21:34:47 +00:00
}
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
Switch from using base64 BIOs to encoding funcs. The OpenSSL base64 BIO is going away in BoringSSL. This change switches to using the explicit base64 functions which are availible in both OpenSSL and BoringSSL. The BoringSSL helper functions (i.e. for calculating the size of the base64 encoding) are wrapped in #ifdefs so that this change isn't coupled with the switch to BoringSSL. Once that switch is complete, the #ifdefs can be removed. Bug: 17409664 Change-Id: I42bac3bc93a1fb39feed39a8917d8e38d97629d3 Signed-off-by: Adam Langley <agl@google.com>
2014-09-03 21:34:47 +00:00
if (!RSA_to_RSAPublicKey(private_key, &pkey)) {
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("Failed to convert to publickey");
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
return 0;
}
adb: win32: fix key files reading/writing The issue is that adb uses fopen() with "e" (presumably to open the file with O_CLOEXEC), but that flag causes MSVCRT.DLL to return an error. So when adb_auth_host.cpp goes to read or write the adbkey files, it fails. The quick fix is to not use the "e" option on adb host code since it isn't necessary there, compared to adbd. An alternative fix would be to have a fopen() wrapper on Windows that filters out the "e" option. Change-Id: I7d8ba2847dab0ed558ffe156e79093251eb253c9 Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
2015-05-08 02:08:29 +00:00
outfile = fopen(path, "w");
Switch from using base64 BIOs to encoding funcs. The OpenSSL base64 BIO is going away in BoringSSL. This change switches to using the explicit base64 functions which are availible in both OpenSSL and BoringSSL. The BoringSSL helper functions (i.e. for calculating the size of the base64 encoding) are wrapped in #ifdefs so that this change isn't coupled with the switch to BoringSSL. Once that switch is complete, the #ifdefs can be removed. Bug: 17409664 Change-Id: I42bac3bc93a1fb39feed39a8917d8e38d97629d3 Signed-off-by: Adam Langley <agl@google.com>
2014-09-03 21:34:47 +00:00
if (!outfile) {
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("Failed to open '%s'", path);
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
return 0;
}
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("Writing public key to '%s'", path);
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
Switch from using base64 BIOs to encoding funcs. The OpenSSL base64 BIO is going away in BoringSSL. This change switches to using the explicit base64 functions which are availible in both OpenSSL and BoringSSL. The BoringSSL helper functions (i.e. for calculating the size of the base64 encoding) are wrapped in #ifdefs so that this change isn't coupled with the switch to BoringSSL. Once that switch is complete, the #ifdefs can be removed. Bug: 17409664 Change-Id: I42bac3bc93a1fb39feed39a8917d8e38d97629d3 Signed-off-by: Adam Langley <agl@google.com>
2014-09-03 21:34:47 +00:00
#if defined(OPENSSL_IS_BORINGSSL)
if (!EVP_EncodedLength(&encoded_length, sizeof(pkey))) {
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("Public key too large to base64 encode");
Switch from using base64 BIOs to encoding funcs. The OpenSSL base64 BIO is going away in BoringSSL. This change switches to using the explicit base64 functions which are availible in both OpenSSL and BoringSSL. The BoringSSL helper functions (i.e. for calculating the size of the base64 encoding) are wrapped in #ifdefs so that this change isn't coupled with the switch to BoringSSL. Once that switch is complete, the #ifdefs can be removed. Bug: 17409664 Change-Id: I42bac3bc93a1fb39feed39a8917d8e38d97629d3 Signed-off-by: Adam Langley <agl@google.com>
2014-09-03 21:34:47 +00:00
goto out;
}
#else
/* While we switch from OpenSSL to BoringSSL we have to implement
* |EVP_EncodedLength| here. */
encoded_length = 1 + ((sizeof(pkey) + 2) / 3 * 4);
#endif
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
Remove strtok from adb. Also fix android::base::Split to behave like Java, Python, and google3. Change-Id: Ifbffd4e92950a79e7aea5d153c95fe0980648417
2015-04-25 06:02:00 +00:00
encoded = new uint8_t[encoded_length];
Move adb to C++. I keep trying to clean things up and needing std::strings. Might as well just do this now. usb_linux_client.c is going to stay as C because GCC isn't smart enough to deal with the designated initializers it uses (though for some reason it is in C mode). The Darwin files are staying as C because I don't have a way to test that they build. The Windows files are staying as C because while I can actually build for them, it's slow and painful. Change-Id: I75367d29205a9049d34460032b3bb36384f43941
2015-02-26 01:51:28 +00:00
if (encoded == nullptr) {
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("Allocation failure");
Switch from using base64 BIOs to encoding funcs. The OpenSSL base64 BIO is going away in BoringSSL. This change switches to using the explicit base64 functions which are availible in both OpenSSL and BoringSSL. The BoringSSL helper functions (i.e. for calculating the size of the base64 encoding) are wrapped in #ifdefs so that this change isn't coupled with the switch to BoringSSL. Once that switch is complete, the #ifdefs can be removed. Bug: 17409664 Change-Id: I42bac3bc93a1fb39feed39a8917d8e38d97629d3 Signed-off-by: Adam Langley <agl@google.com>
2014-09-03 21:34:47 +00:00
goto out;
}
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
Switch from using base64 BIOs to encoding funcs. The OpenSSL base64 BIO is going away in BoringSSL. This change switches to using the explicit base64 functions which are availible in both OpenSSL and BoringSSL. The BoringSSL helper functions (i.e. for calculating the size of the base64 encoding) are wrapped in #ifdefs so that this change isn't coupled with the switch to BoringSSL. Once that switch is complete, the #ifdefs can be removed. Bug: 17409664 Change-Id: I42bac3bc93a1fb39feed39a8917d8e38d97629d3 Signed-off-by: Adam Langley <agl@google.com>
2014-09-03 21:34:47 +00:00
encoded_length = EVP_EncodeBlock(encoded, (uint8_t*) &pkey, sizeof(pkey));
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
get_user_info(info, sizeof(info));
Switch from using base64 BIOs to encoding funcs. The OpenSSL base64 BIO is going away in BoringSSL. This change switches to using the explicit base64 functions which are availible in both OpenSSL and BoringSSL. The BoringSSL helper functions (i.e. for calculating the size of the base64 encoding) are wrapped in #ifdefs so that this change isn't coupled with the switch to BoringSSL. Once that switch is complete, the #ifdefs can be removed. Bug: 17409664 Change-Id: I42bac3bc93a1fb39feed39a8917d8e38d97629d3 Signed-off-by: Adam Langley <agl@google.com>
2014-09-03 21:34:47 +00:00
if (fwrite(encoded, encoded_length, 1, outfile) != 1 ||
fwrite(info, strlen(info), 1, outfile) != 1) {
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("Write error while writing public key");
Switch from using base64 BIOs to encoding funcs. The OpenSSL base64 BIO is going away in BoringSSL. This change switches to using the explicit base64 functions which are availible in both OpenSSL and BoringSSL. The BoringSSL helper functions (i.e. for calculating the size of the base64 encoding) are wrapped in #ifdefs so that this change isn't coupled with the switch to BoringSSL. Once that switch is complete, the #ifdefs can be removed. Bug: 17409664 Change-Id: I42bac3bc93a1fb39feed39a8917d8e38d97629d3 Signed-off-by: Adam Langley <agl@google.com>
2014-09-03 21:34:47 +00:00
goto out;
}
ret = 1;
out:
if (outfile != NULL) {
fclose(outfile);
}
Remove strtok from adb. Also fix android::base::Split to behave like Java, Python, and google3. Change-Id: Ifbffd4e92950a79e7aea5d153c95fe0980648417
2015-04-25 06:02:00 +00:00
delete[] encoded;
Switch from using base64 BIOs to encoding funcs. The OpenSSL base64 BIO is going away in BoringSSL. This change switches to using the explicit base64 functions which are availible in both OpenSSL and BoringSSL. The BoringSSL helper functions (i.e. for calculating the size of the base64 encoding) are wrapped in #ifdefs so that this change isn't coupled with the switch to BoringSSL. Once that switch is complete, the #ifdefs can be removed. Bug: 17409664 Change-Id: I42bac3bc93a1fb39feed39a8917d8e38d97629d3 Signed-off-by: Adam Langley <agl@google.com>
2014-09-03 21:34:47 +00:00
return ret;
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
}
static int generate_key(const char *file)
{
EVP_PKEY* pkey = EVP_PKEY_new();
BIGNUM* exponent = BN_new();
RSA* rsa = RSA_new();
adb: Create private key with 0600 mode Changed key name to force generating new pairs. Bug: 7092477 Change-Id: I680cb9dd1896ae52b2b29d63533f966e033d823f
2012-08-31 19:14:21 +00:00
mode_t old_mask;
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
FILE *f = NULL;
int ret = 0;
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("generate_key '%s'", file);
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
if (!pkey || !exponent || !rsa) {
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("Failed to allocate key");
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
goto out;
}
BN_set_word(exponent, RSA_F4);
RSA_generate_key_ex(rsa, 2048, exponent, NULL);
EVP_PKEY_set1_RSA(pkey, rsa);
adb: Create private key with 0600 mode Changed key name to force generating new pairs. Bug: 7092477 Change-Id: I680cb9dd1896ae52b2b29d63533f966e033d823f
2012-08-31 19:14:21 +00:00
old_mask = umask(077);
adb: win32: fix key files reading/writing The issue is that adb uses fopen() with "e" (presumably to open the file with O_CLOEXEC), but that flag causes MSVCRT.DLL to return an error. So when adb_auth_host.cpp goes to read or write the adbkey files, it fails. The quick fix is to not use the "e" option on adb host code since it isn't necessary there, compared to adbd. An alternative fix would be to have a fopen() wrapper on Windows that filters out the "e" option. Change-Id: I7d8ba2847dab0ed558ffe156e79093251eb253c9 Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
2015-05-08 02:08:29 +00:00
f = fopen(file, "w");
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
if (!f) {
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("Failed to open '%s'", file);
adb: Create private key with 0600 mode Changed key name to force generating new pairs. Bug: 7092477 Change-Id: I680cb9dd1896ae52b2b29d63533f966e033d823f
2012-08-31 19:14:21 +00:00
umask(old_mask);
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
goto out;
}
adb: Create private key with 0600 mode Changed key name to force generating new pairs. Bug: 7092477 Change-Id: I680cb9dd1896ae52b2b29d63533f966e033d823f
2012-08-31 19:14:21 +00:00
umask(old_mask);
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
if (!PEM_write_PrivateKey(f, pkey, NULL, NULL, 0, NULL, NULL)) {
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("Failed to write key");
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
goto out;
}
if (!write_public_keyfile(rsa, file)) {
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("Failed to write public key");
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
goto out;
}
ret = 1;
out:
if (f)
fclose(f);
EVP_PKEY_free(pkey);
RSA_free(rsa);
BN_free(exponent);
return ret;
}
static int read_key(const char *file, struct listnode *list)
{
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("read_key '%s'", file);
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
adb: win32: fix key files reading/writing The issue is that adb uses fopen() with "e" (presumably to open the file with O_CLOEXEC), but that flag causes MSVCRT.DLL to return an error. So when adb_auth_host.cpp goes to read or write the adbkey files, it fails. The quick fix is to not use the "e" option on adb host code since it isn't necessary there, compared to adbd. An alternative fix would be to have a fopen() wrapper on Windows that filters out the "e" option. Change-Id: I7d8ba2847dab0ed558ffe156e79093251eb253c9 Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
2015-05-08 02:08:29 +00:00
FILE* fp = fopen(file, "r");
Remove strtok from adb. Also fix android::base::Split to behave like Java, Python, and google3. Change-Id: Ifbffd4e92950a79e7aea5d153c95fe0980648417
2015-04-25 06:02:00 +00:00
if (!fp) {
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("Failed to open '%s': %s", file, strerror(errno));
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
return 0;
}
Remove strtok from adb. Also fix android::base::Split to behave like Java, Python, and google3. Change-Id: Ifbffd4e92950a79e7aea5d153c95fe0980648417
2015-04-25 06:02:00 +00:00
adb_private_key* key = new adb_private_key;
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
key->rsa = RSA_new();
Remove strtok from adb. Also fix android::base::Split to behave like Java, Python, and google3. Change-Id: Ifbffd4e92950a79e7aea5d153c95fe0980648417
2015-04-25 06:02:00 +00:00
if (!PEM_read_RSAPrivateKey(fp, &key->rsa, NULL, NULL)) {
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("Failed to read key");
Remove strtok from adb. Also fix android::base::Split to behave like Java, Python, and google3. Change-Id: Ifbffd4e92950a79e7aea5d153c95fe0980648417
2015-04-25 06:02:00 +00:00
fclose(fp);
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
RSA_free(key->rsa);
Remove strtok from adb. Also fix android::base::Split to behave like Java, Python, and google3. Change-Id: Ifbffd4e92950a79e7aea5d153c95fe0980648417
2015-04-25 06:02:00 +00:00
delete key;
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
return 0;
}
Remove strtok from adb. Also fix android::base::Split to behave like Java, Python, and google3. Change-Id: Ifbffd4e92950a79e7aea5d153c95fe0980648417
2015-04-25 06:02:00 +00:00
fclose(fp);
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
list_add_tail(list, &key->node);
return 1;
}
Revert "Turn on -Wformat-nonliteral." One of my build aliases doesn't play nice with USE_MINGW=1, so my build lied to me. Will revert until I fix it up. This reverts commit 459df8f3a14d4c614f0211049800cf7cad6d30ad. Change-Id: I7905c5ae5ee85fb2d228ce63d81c79f140998c18
2015-07-09 20:35:09 +00:00
static int get_user_keyfilepath(char *filename, size_t len)
{
const char *format, *home;
char android_dir[PATH_MAX];
struct stat buf;
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
#ifdef _WIN32
adb: win32: Unicode path names, env vars, some console support Initial support for Unicode file/dir names. Unicode paths can be passed on the command line, directory enumeration can enumerate Unicode paths, Unicode paths are used for file access, and Unicode paths can be output on the console correctly. Also Unicode environment variable access. Initial support for Unicode output from adb shell (which uses adb_fwrite()). This is partial because the corner case of an adb_fwrite() call with an incomplete UTF-8 multi-byte sequence does not output correctly, but this should be uncommon, is better than what we had before (*always* incorrect UTF-8 multi-byte sequences) and can be fixed in the future. Calls to Windows APIs with char strings were changed to pass wchar_t strings to the FooW() variants. For more details, see the giant comment in sysdeps_win32.cpp. https://code.google.com/p/android/issues/detail?id=8185 Change-Id: I7ebf6713bb635638b986ccee97b354428837c9c5 Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
2015-05-11 08:08:48 +00:00
std::string home_str;
Revert "Turn on -Wformat-nonliteral." One of my build aliases doesn't play nice with USE_MINGW=1, so my build lied to me. Will revert until I fix it up. This reverts commit 459df8f3a14d4c614f0211049800cf7cad6d30ad. Change-Id: I7905c5ae5ee85fb2d228ce63d81c79f140998c18
2015-07-09 20:35:09 +00:00
home = getenv("ANDROID_SDK_HOME");
if (!home) {
adb: win32: Unicode path names, env vars, some console support Initial support for Unicode file/dir names. Unicode paths can be passed on the command line, directory enumeration can enumerate Unicode paths, Unicode paths are used for file access, and Unicode paths can be output on the console correctly. Also Unicode environment variable access. Initial support for Unicode output from adb shell (which uses adb_fwrite()). This is partial because the corner case of an adb_fwrite() call with an incomplete UTF-8 multi-byte sequence does not output correctly, but this should be uncommon, is better than what we had before (*always* incorrect UTF-8 multi-byte sequences) and can be fixed in the future. Calls to Windows APIs with char strings were changed to pass wchar_t strings to the FooW() variants. For more details, see the giant comment in sysdeps_win32.cpp. https://code.google.com/p/android/issues/detail?id=8185 Change-Id: I7ebf6713bb635638b986ccee97b354428837c9c5 Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
2015-05-11 08:08:48 +00:00
WCHAR path[MAX_PATH];
adb: win32: call SystemErrorCodeToString() from more places Improve some error messages, or trace output. Change-Id: Ib09fac33a296f090d37f125cad7556fc5b5e928e Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
2015-08-03 01:50:17 +00:00
const HRESULT hr = SHGetFolderPathW(NULL, CSIDL_PROFILE, NULL, 0, path);
if (FAILED(hr)) {
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("SHGetFolderPathW failed: %s",
adb: win32: call SystemErrorCodeToString() from more places Improve some error messages, or trace output. Change-Id: Ib09fac33a296f090d37f125cad7556fc5b5e928e Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
2015-08-03 01:50:17 +00:00
SystemErrorCodeToString(hr).c_str());
adb: win32: Unicode path names, env vars, some console support Initial support for Unicode file/dir names. Unicode paths can be passed on the command line, directory enumeration can enumerate Unicode paths, Unicode paths are used for file access, and Unicode paths can be output on the console correctly. Also Unicode environment variable access. Initial support for Unicode output from adb shell (which uses adb_fwrite()). This is partial because the corner case of an adb_fwrite() call with an incomplete UTF-8 multi-byte sequence does not output correctly, but this should be uncommon, is better than what we had before (*always* incorrect UTF-8 multi-byte sequences) and can be fixed in the future. Calls to Windows APIs with char strings were changed to pass wchar_t strings to the FooW() variants. For more details, see the giant comment in sysdeps_win32.cpp. https://code.google.com/p/android/issues/detail?id=8185 Change-Id: I7ebf6713bb635638b986ccee97b354428837c9c5 Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
2015-05-11 08:08:48 +00:00
return -1;
}
adb: win32: remove widen()/narrow() in favor of UTF8ToWide()/WideToUTF8() Now that we have a more standardized API (also available in Chromium), switch to it. Another benefit is real error handling instead of just killing the process on invalid Unicode. Make UTF8ToWide()/WideToUTF8() set errno to EILSEQ on bad input. This is the same error code that wcsrtombs(3) uses. Update the unittest to check for EILSEQ. Change-Id: Ie92acf74d37adaea116cf610c1bf8cd433741e16 Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
2015-11-12 23:20:15 +00:00
if (!android::base::WideToUTF8(path, &home_str)) {
return -1;
}
adb: win32: Unicode path names, env vars, some console support Initial support for Unicode file/dir names. Unicode paths can be passed on the command line, directory enumeration can enumerate Unicode paths, Unicode paths are used for file access, and Unicode paths can be output on the console correctly. Also Unicode environment variable access. Initial support for Unicode output from adb shell (which uses adb_fwrite()). This is partial because the corner case of an adb_fwrite() call with an incomplete UTF-8 multi-byte sequence does not output correctly, but this should be uncommon, is better than what we had before (*always* incorrect UTF-8 multi-byte sequences) and can be fixed in the future. Calls to Windows APIs with char strings were changed to pass wchar_t strings to the FooW() variants. For more details, see the giant comment in sysdeps_win32.cpp. https://code.google.com/p/android/issues/detail?id=8185 Change-Id: I7ebf6713bb635638b986ccee97b354428837c9c5 Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
2015-05-11 08:08:48 +00:00
home = home_str.c_str();
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
}
Revert "Turn on -Wformat-nonliteral." One of my build aliases doesn't play nice with USE_MINGW=1, so my build lied to me. Will revert until I fix it up. This reverts commit 459df8f3a14d4c614f0211049800cf7cad6d30ad. Change-Id: I7905c5ae5ee85fb2d228ce63d81c79f140998c18
2015-07-09 20:35:09 +00:00
format = "%s\\%s";
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
#else
Revert "Turn on -Wformat-nonliteral." One of my build aliases doesn't play nice with USE_MINGW=1, so my build lied to me. Will revert until I fix it up. This reverts commit 459df8f3a14d4c614f0211049800cf7cad6d30ad. Change-Id: I7905c5ae5ee85fb2d228ce63d81c79f140998c18
2015-07-09 20:35:09 +00:00
home = getenv("HOME");
if (!home)
return -1;
format = "%s/%s";
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
#endif
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("home '%s'", home);
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
Revert "Turn on -Wformat-nonliteral." One of my build aliases doesn't play nice with USE_MINGW=1, so my build lied to me. Will revert until I fix it up. This reverts commit 459df8f3a14d4c614f0211049800cf7cad6d30ad. Change-Id: I7905c5ae5ee85fb2d228ce63d81c79f140998c18
2015-07-09 20:35:09 +00:00
if (snprintf(android_dir, sizeof(android_dir), format, home,
ANDROID_PATH) >= (int)sizeof(android_dir))
return -1;
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
Revert "Turn on -Wformat-nonliteral." One of my build aliases doesn't play nice with USE_MINGW=1, so my build lied to me. Will revert until I fix it up. This reverts commit 459df8f3a14d4c614f0211049800cf7cad6d30ad. Change-Id: I7905c5ae5ee85fb2d228ce63d81c79f140998c18
2015-07-09 20:35:09 +00:00
if (stat(android_dir, &buf)) {
if (adb_mkdir(android_dir, 0750) < 0) {
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("Cannot mkdir '%s'", android_dir);
Revert "Turn on -Wformat-nonliteral." One of my build aliases doesn't play nice with USE_MINGW=1, so my build lied to me. Will revert until I fix it up. This reverts commit 459df8f3a14d4c614f0211049800cf7cad6d30ad. Change-Id: I7905c5ae5ee85fb2d228ce63d81c79f140998c18
2015-07-09 20:35:09 +00:00
return -1;
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
}
}
Revert "Turn on -Wformat-nonliteral." One of my build aliases doesn't play nice with USE_MINGW=1, so my build lied to me. Will revert until I fix it up. This reverts commit 459df8f3a14d4c614f0211049800cf7cad6d30ad. Change-Id: I7905c5ae5ee85fb2d228ce63d81c79f140998c18
2015-07-09 20:35:09 +00:00
return snprintf(filename, len, format, android_dir, ADB_KEY_FILE);
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
}
static int get_user_key(struct listnode *list)
{
Revert "Turn on -Wformat-nonliteral." One of my build aliases doesn't play nice with USE_MINGW=1, so my build lied to me. Will revert until I fix it up. This reverts commit 459df8f3a14d4c614f0211049800cf7cad6d30ad. Change-Id: I7905c5ae5ee85fb2d228ce63d81c79f140998c18
2015-07-09 20:35:09 +00:00
struct stat buf;
char path[PATH_MAX];
int ret;
ret = get_user_keyfilepath(path, sizeof(path));
if (ret < 0 || ret >= (signed)sizeof(path)) {
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("Error getting user key filename");
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
return 0;
}
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("user key '%s'", path);
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
Revert "Turn on -Wformat-nonliteral." One of my build aliases doesn't play nice with USE_MINGW=1, so my build lied to me. Will revert until I fix it up. This reverts commit 459df8f3a14d4c614f0211049800cf7cad6d30ad. Change-Id: I7905c5ae5ee85fb2d228ce63d81c79f140998c18
2015-07-09 20:35:09 +00:00
if (stat(path, &buf) == -1) {
if (!generate_key(path)) {
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("Failed to generate new key");
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
return 0;
}
}
Revert "Turn on -Wformat-nonliteral." One of my build aliases doesn't play nice with USE_MINGW=1, so my build lied to me. Will revert until I fix it up. This reverts commit 459df8f3a14d4c614f0211049800cf7cad6d30ad. Change-Id: I7905c5ae5ee85fb2d228ce63d81c79f140998c18
2015-07-09 20:35:09 +00:00
return read_key(path, list);
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
}
Remove strtok from adb. Also fix android::base::Split to behave like Java, Python, and google3. Change-Id: Ifbffd4e92950a79e7aea5d153c95fe0980648417
2015-04-25 06:02:00 +00:00
static void get_vendor_keys(struct listnode* key_list) {
const char* adb_keys_path = getenv("ADB_VENDOR_KEYS");
if (adb_keys_path == nullptr) {
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
return;
Remove strtok from adb. Also fix android::base::Split to behave like Java, Python, and google3. Change-Id: Ifbffd4e92950a79e7aea5d153c95fe0980648417
2015-04-25 06:02:00 +00:00
}
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
Use const auto&/auto&& in adb. Change-Id: I74a7e511302e15e207906f572d181634e0ed5604
2015-10-07 22:59:35 +00:00
for (const auto& path : android::base::Split(adb_keys_path, ENV_PATH_SEPARATOR_STR)) {
Remove strtok from adb. Also fix android::base::Split to behave like Java, Python, and google3. Change-Id: Ifbffd4e92950a79e7aea5d153c95fe0980648417
2015-04-25 06:02:00 +00:00
if (!read_key(path.c_str(), key_list)) {
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("Failed to read '%s'", path.c_str());
Remove strtok from adb. Also fix android::base::Split to behave like Java, Python, and google3. Change-Id: Ifbffd4e92950a79e7aea5d153c95fe0980648417
2015-04-25 06:02:00 +00:00
}
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
}
}
Move adb to C++. I keep trying to clean things up and needing std::strings. Might as well just do this now. usb_linux_client.c is going to stay as C because GCC isn't smart enough to deal with the designated initializers it uses (though for some reason it is in C mode). The Darwin files are staying as C because I don't have a way to test that they build. The Windows files are staying as C because while I can actually build for them, it's slow and painful. Change-Id: I75367d29205a9049d34460032b3bb36384f43941
2015-02-26 01:51:28 +00:00
int adb_auth_sign(void *node, const unsigned char* token, size_t token_size,
unsigned char* sig)
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
{
unsigned int len;
struct adb_private_key *key = node_to_item(node, struct adb_private_key, node);
Verify token length before adb signs it Currently, a host running adb will sign a token of any length passed to it by a device, effectively acting as a signing oracle. If the ADB_VENDOR_KEYS environment variable is used to specify an additional key to use, this behavior is not only unexpected, but probably also unwanted. Further discussion can be found from this thread: http://www.metzdowd.com/pipermail/cryptography/2015-January/024423.html This change adds a check to ensure token length matches TOKEN_SIZE before it's signed, which prevents an attacker from signing longer messages. Change-Id: I7b2cc1f051941bf9b66e1c02980850bede501793
2015-01-27 16:48:35 +00:00
if (token_size != TOKEN_SIZE) {
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("Unexpected token size %zd", token_size);
Verify token length before adb signs it Currently, a host running adb will sign a token of any length passed to it by a device, effectively acting as a signing oracle. If the ADB_VENDOR_KEYS environment variable is used to specify an additional key to use, this behavior is not only unexpected, but probably also unwanted. Further discussion can be found from this thread: http://www.metzdowd.com/pipermail/cryptography/2015-January/024423.html This change adds a check to ensure token length matches TOKEN_SIZE before it's signed, which prevents an attacker from signing longer messages. Change-Id: I7b2cc1f051941bf9b66e1c02980850bede501793
2015-01-27 16:48:35 +00:00
return 0;
}
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
if (!RSA_sign(NID_sha1, token, token_size, sig, &len, key->rsa)) {
return 0;
}
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("adb_auth_sign len=%d", len);
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
return (int)len;
}
void *adb_auth_nextkey(void *current)
{
struct listnode *item;
if (list_empty(&key_list))
return NULL;
if (!current)
return list_head(&key_list);
list_for_each(item, &key_list) {
if (item == current) {
/* current is the last item, we tried all the keys */
if (item->next == &key_list)
return NULL;
return item->next;
}
}
return NULL;
}
int adb_auth_get_userkey(unsigned char *data, size_t len)
{
Revert "Turn on -Wformat-nonliteral." One of my build aliases doesn't play nice with USE_MINGW=1, so my build lied to me. Will revert until I fix it up. This reverts commit 459df8f3a14d4c614f0211049800cf7cad6d30ad. Change-Id: I7905c5ae5ee85fb2d228ce63d81c79f140998c18
2015-07-09 20:35:09 +00:00
char path[PATH_MAX];
int ret = get_user_keyfilepath(path, sizeof(path) - 4);
if (ret < 0 || ret >= (signed)(sizeof(path) - 4)) {
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("Error getting user key filename");
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
return 0;
}
Revert "Turn on -Wformat-nonliteral." One of my build aliases doesn't play nice with USE_MINGW=1, so my build lied to me. Will revert until I fix it up. This reverts commit 459df8f3a14d4c614f0211049800cf7cad6d30ad. Change-Id: I7905c5ae5ee85fb2d228ce63d81c79f140998c18
2015-07-09 20:35:09 +00:00
strcat(path, ".pub");
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
Move adb to C++. I keep trying to clean things up and needing std::strings. Might as well just do this now. usb_linux_client.c is going to stay as C because GCC isn't smart enough to deal with the designated initializers it uses (though for some reason it is in C mode). The Darwin files are staying as C because I don't have a way to test that they build. The Windows files are staying as C because while I can actually build for them, it's slow and painful. Change-Id: I75367d29205a9049d34460032b3bb36384f43941
2015-02-26 01:51:28 +00:00
// TODO(danalbert): ReadFileToString
adb: fix adb_close() vs. unix_close() usage Document the differences between adb_*() and unix_*() in the function prototypes in sysdeps.h. See the file for the details (CR/LF translation, well-known file descriptors, etc.). Fix adb_read(), adb_write(), and adb_close() calls that should really be unix_read(), unix_write(), and unix_close(). Note that this should have no impact on unix because on unix, unix_read/unix_write/unix_close are macros that map to adb_read/adb_write/adb_close. Improve sysdeps_win32.cpp file descriptor diagnostic logging to output the name of the function that was passed a bad file descriptor. Change-Id: I0a1d9c28772656c80bcc303ef8b61fccf4cd637c Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
2015-05-23 03:09:06 +00:00
// Note that on Windows, load_file() does not do CR/LF translation, but
// ReadFileToString() uses the C Runtime which uses CR/LF translation by
// default (by is overridable with _setmode()).
Move adb to C++. I keep trying to clean things up and needing std::strings. Might as well just do this now. usb_linux_client.c is going to stay as C because GCC isn't smart enough to deal with the designated initializers it uses (though for some reason it is in C mode). The Darwin files are staying as C because I don't have a way to test that they build. The Windows files are staying as C because while I can actually build for them, it's slow and painful. Change-Id: I75367d29205a9049d34460032b3bb36384f43941
2015-02-26 01:51:28 +00:00
unsigned size;
Revert "Turn on -Wformat-nonliteral." One of my build aliases doesn't play nice with USE_MINGW=1, so my build lied to me. Will revert until I fix it up. This reverts commit 459df8f3a14d4c614f0211049800cf7cad6d30ad. Change-Id: I7905c5ae5ee85fb2d228ce63d81c79f140998c18
2015-07-09 20:35:09 +00:00
char* file_data = reinterpret_cast<char*>(load_file(path, &size));
Move adb to C++. I keep trying to clean things up and needing std::strings. Might as well just do this now. usb_linux_client.c is going to stay as C because GCC isn't smart enough to deal with the designated initializers it uses (though for some reason it is in C mode). The Darwin files are staying as C because I don't have a way to test that they build. The Windows files are staying as C because while I can actually build for them, it's slow and painful. Change-Id: I75367d29205a9049d34460032b3bb36384f43941
2015-02-26 01:51:28 +00:00
if (file_data == nullptr) {
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("Can't load '%s'", path);
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
return 0;
}
Move adb to C++. I keep trying to clean things up and needing std::strings. Might as well just do this now. usb_linux_client.c is going to stay as C because GCC isn't smart enough to deal with the designated initializers it uses (though for some reason it is in C mode). The Darwin files are staying as C because I don't have a way to test that they build. The Windows files are staying as C because while I can actually build for them, it's slow and painful. Change-Id: I75367d29205a9049d34460032b3bb36384f43941
2015-02-26 01:51:28 +00:00
if (len < (size_t)(size + 1)) {
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("%s: Content too large ret=%d", path, size);
Move adb to C++. I keep trying to clean things up and needing std::strings. Might as well just do this now. usb_linux_client.c is going to stay as C because GCC isn't smart enough to deal with the designated initializers it uses (though for some reason it is in C mode). The Darwin files are staying as C because I don't have a way to test that they build. The Windows files are staying as C because while I can actually build for them, it's slow and painful. Change-Id: I75367d29205a9049d34460032b3bb36384f43941
2015-02-26 01:51:28 +00:00
free(file_data);
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
return 0;
}
Move adb to C++. I keep trying to clean things up and needing std::strings. Might as well just do this now. usb_linux_client.c is going to stay as C because GCC isn't smart enough to deal with the designated initializers it uses (though for some reason it is in C mode). The Darwin files are staying as C because I don't have a way to test that they build. The Windows files are staying as C because while I can actually build for them, it's slow and painful. Change-Id: I75367d29205a9049d34460032b3bb36384f43941
2015-02-26 01:51:28 +00:00
memcpy(data, file_data, size);
free(file_data);
file_data = nullptr;
data[size] = '\0';
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
Move adb to C++. I keep trying to clean things up and needing std::strings. Might as well just do this now. usb_linux_client.c is going to stay as C because GCC isn't smart enough to deal with the designated initializers it uses (though for some reason it is in C mode). The Darwin files are staying as C because I don't have a way to test that they build. The Windows files are staying as C because while I can actually build for them, it's slow and painful. Change-Id: I75367d29205a9049d34460032b3bb36384f43941
2015-02-26 01:51:28 +00:00
return size + 1;
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
}
Introduce "adb keygen" Introduce the "adb keygen" command. Usage: adb keygen <filename> This command creates an adb public/private key pair in a user specified file. This can be used to create new adb keys, or rotate existing keys. Modify adb's key generation routines to use the HOSTNAME/LOGNAME environment variables if available. This allows someone to override the username/hostname embedded within the adb public key file if desired. Fallback to the old mechanisms if those environment variables aren't available. Bug: 18342715 Change-Id: Ibccee6088d4609aa05ad6687d3a1d8a8689d3e8a (cherry picked from commit af782b9f2ac4fb817ded80d4317a45345bb3f992) Change-Id: Ic76ffc9412171dddc879af0bbf6e20fbe1a8f057
2014-11-13 23:17:29 +00:00
int adb_auth_keygen(const char* filename) {
return (generate_key(filename) == 0);
}
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
void adb_auth_init(void)
{
int ret;
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("adb_auth_init");
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
list_init(&key_list);
ret = get_user_key(&key_list);
if (!ret) {
adb: clean up debug tracing a little. Always use LOG() for debug tracing. Remove useless D_lock. I believe it is useless to lock just before and after fprintf. I verified the log output both on host and on device. The output looks fine to me. Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
2015-09-03 00:44:28 +00:00
D("Failed to get user key");
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 19:23:49 +00:00
return;
}
get_vendor_keys(&key_list);
}