tequilaOS/platform_system_core
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_core/adb/adb_auth.h

71 lines
1.9 KiB
C
Raw Normal View History

adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
/*
* Copyright (C) 2012 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef __ADB_AUTH_H
#define __ADB_AUTH_H
File header cleanup. * sysdeps.h should always be included first. * TRACE_TAG needs to be defined before anything is included. * Some files were missing copyright headers. * Save precious bytes on my SSD by removing useless whitespace. Change-Id: I88980e6e00b5be1093806cf286740d9e4a033b94
2015-03-19 23:21:08 +01:00
#include "adb.h"
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 02:42:01 +02:00
#include <deque>
adb: add support for vendor key directories. Allow directories to be specified in ADB_VENDOR_KEYS. On Linux, monitor this directory for new keys to be added. Additionally, deduplicate keys by hashing their public key. Bug: http://b/29273531 Bug: http://b/30927527 Change-Id: I8d3312b216b7f2c11900f2235f1f1b1d1c7aa767 Test: manually tested by adding a key to a directory, and verifying that devices became authorized after replugging.
2016-08-19 07:00:12 +02:00
#include <memory>
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 02:42:01 +02:00
#include <openssl/rsa.h>
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
/* AUTH packets first argument */
/* Request */
#define ADB_AUTH_TOKEN 1
/* Response */
#define ADB_AUTH_SIGNATURE 2
#define ADB_AUTH_RSAPUBLICKEY 3
#if ADB_HOST
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 02:42:01 +02:00
void adb_auth_init();
adb: split up adb_auth.cpp. All of the functions in adb_auth.cpp were used in only one of adb/adbd. Split up them up into adb_auth_host.cpp and adbd_auth.cpp respectively. Bug: http://b/29273531 Test: built and flashed bullhead, adb still works Change-Id: Ib610c5157522634cc273511175152f1306cc52a7
2016-10-06 04:02:29 +02:00
int adb_auth_keygen(const char* filename);
adb: stop using adbkey.pub. An adbkey/adbkey.pub pair that doesn't match up results in a hard-to-diagnose scenario where "Always allow from this computer" doesn't work. The private key contains all of the information that's in the public key, so just extract the public key out of the private key instead of storing them separately. Bug: http://b/119634232 Test: rm ~/.android/adbkey.pub; adb kill-server; adb shell true Test: rm ~/.android/adbkey*; adb kill-server; adb shell true Change-Id: I0ae9033dbcd119c12cfb2b3977f1f1954ac800c1
2018-11-16 02:45:46 +01:00
int adb_auth_pubkey(const char* filename);
Kill load_file. Change-Id: I6c332f7d8e94d513605295b3d4d32c4e1cf878dc
2016-05-27 07:43:19 +02:00
std::string adb_auth_get_userkey();
[adbwifi] Add adbwifi_libs, TLS connection, and MDNS implementation. Bug: 111434128, 119493510, 119494503 Test: Enable wireless debugging in Settings UI, click "pair with pairing code" to generate pairing code. On client, 'adb pair <ip_address>', enter pairing code at prompt and hit enter. Pairing should complete. 'adb logcat'. Change-Id: I86527bd3fc52e30a8e08ec5843dc3e100abf91fa Exempt-From-Owner-Approval: approved already
2019-11-20 23:18:43 +01:00
bssl::UniquePtr<EVP_PKEY> adb_auth_get_user_privkey();
adb: add support for vendor key directories. Allow directories to be specified in ADB_VENDOR_KEYS. On Linux, monitor this directory for new keys to be added. Additionally, deduplicate keys by hashing their public key. Bug: http://b/29273531 Bug: http://b/30927527 Change-Id: I8d3312b216b7f2c11900f2235f1f1b1d1c7aa767 Test: manually tested by adding a key to a directory, and verifying that devices became authorized after replugging.
2016-08-19 07:00:12 +02:00
std::deque<std::shared_ptr<RSA>> adb_auth_get_private_keys();
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
adb: rationalize types. Use fixed length types for structs going over the wire, constify arguments where possible, use char* instead of unsigned char* for apacket data, and assorted other refactoring. Bug: http://b/29273531 Test: python test_device.py with every combination of old/new adb and adbd Change-Id: I0b6f818a32be5386985aa4519f542003cf427f9d
2016-10-06 22:31:44 +02:00
void send_auth_response(const char* token, size_t token_size, atransport* t);
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
[adbwifi] Add A_STLS command. This command will be sent by adbd to notify the client that the connection will be over TLS. When client connects, it will send the CNXN packet, as usual. If the server connection has TLS enabled, it will send the A_STLS packet (regardless of whether auth is required). At this point, the client's only valid response is to send a A_STLS packet. Once both sides have exchanged the A_STLS packet, both will start the TLS handshake. If auth is required, then the client will receive a CertificateRequest with a list of known public keys (SHA256 hash) that it can use in its certificate. Otherwise, the list will be empty and the client can assume that either any key will work, or none will work. If the handshake was successful, the server will send the CNXN packet and the usual adb protocol is resumed over TLS. If the handshake failed, both sides will disconnect, as there's no point to retry because the server's known keys have already been communicated. Bug: 111434128 Test: WIP; will add to adb_test.py/adb_device.py. Enable wireless debugging in the Settings, then 'adb connect <ip>:<port>'. Connection should succeed if key is in keystore. Used wireshark to check for packet encryption. Change-Id: I3d60647491c6c6b92297e4f628707a6457fa9420
2020-01-21 22:19:42 +01:00
int adb_tls_set_certificate(SSL* ssl);
void adb_auth_tls_handshake(atransport* t);
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
#else // !ADB_HOST
adb: split up adb_auth.cpp. All of the functions in adb_auth.cpp were used in only one of adb/adbd. Split up them up into adb_auth_host.cpp and adbd_auth.cpp respectively. Bug: http://b/29273531 Test: built and flashed bullhead, adb still works Change-Id: Ib610c5157522634cc273511175152f1306cc52a7
2016-10-06 04:02:29 +02:00
extern bool auth_required;
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
Fix file descriptor leakage in adbd adb_auth_init in adb_auth_client.cpp sets FD_CLOEXEC on the control socket, which prevents the leakage. However if ro.adb.secure property is unset (as it is on the emulator), adb_auth_init is not invoked, which results in the control socket fd leaking into any process started by the deamon (specifically, any command executed through adb shell). Split the fd cleanup into a separate function that is called unconditionally. Change-Id: I73ea84977542ddfc4ac20599593ecf3745ae9108
2015-03-17 19:03:36 +01:00
void adbd_auth_init(void);
adb: split up adb_auth.cpp. All of the functions in adb_auth.cpp were used in only one of adb/adbd. Split up them up into adb_auth_host.cpp and adbd_auth.cpp respectively. Bug: http://b/29273531 Test: built and flashed bullhead, adb still works Change-Id: Ib610c5157522634cc273511175152f1306cc52a7
2016-10-06 04:02:29 +02:00
void adbd_auth_verified(atransport *t);
Fix file descriptor leakage in adbd adb_auth_init in adb_auth_client.cpp sets FD_CLOEXEC on the control socket, which prevents the leakage. However if ro.adb.secure property is unset (as it is on the emulator), adb_auth_init is not invoked, which results in the control socket fd leaking into any process started by the deamon (specifically, any command executed through adb shell). Split the fd cleanup into a separate function that is called unconditionally. Change-Id: I73ea84977542ddfc4ac20599593ecf3745ae9108
2015-03-17 19:03:36 +01:00
void adbd_cloexec_auth_socket();
Notify the framework when an adb key is authorized Bug: 124076524 Test: atest AdbDebuggingManagerTest Change-Id: If73b81ca73ba4d64763cf49c1bbe42de81fa1cb6
2019-04-26 03:33:35 +02:00
bool adbd_auth_verify(const char* token, size_t token_size, const std::string& sig,
std::string* auth_key);
void adbd_auth_confirm_key(atransport* t);
void adbd_notify_framework_connected_key(atransport* t);
adb: split up adb_auth.cpp. All of the functions in adb_auth.cpp were used in only one of adb/adbd. Split up them up into adb_auth_host.cpp and adbd_auth.cpp respectively. Bug: http://b/29273531 Test: built and flashed bullhead, adb still works Change-Id: Ib610c5157522634cc273511175152f1306cc52a7
2016-10-06 04:02:29 +02:00
void send_auth_request(atransport *t);
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
[adbwifi] Add A_STLS command. This command will be sent by adbd to notify the client that the connection will be over TLS. When client connects, it will send the CNXN packet, as usual. If the server connection has TLS enabled, it will send the A_STLS packet (regardless of whether auth is required). At this point, the client's only valid response is to send a A_STLS packet. Once both sides have exchanged the A_STLS packet, both will start the TLS handshake. If auth is required, then the client will receive a CertificateRequest with a list of known public keys (SHA256 hash) that it can use in its certificate. Otherwise, the list will be empty and the client can assume that either any key will work, or none will work. If the handshake was successful, the server will send the CNXN packet and the usual adb protocol is resumed over TLS. If the handshake failed, both sides will disconnect, as there's no point to retry because the server's known keys have already been communicated. Bug: 111434128 Test: WIP; will add to adb_test.py/adb_device.py. Enable wireless debugging in the Settings, then 'adb connect <ip>:<port>'. Connection should succeed if key is in keystore. Used wireshark to check for packet encryption. Change-Id: I3d60647491c6c6b92297e4f628707a6457fa9420
2020-01-21 22:19:42 +01:00
void adbd_auth_tls_handshake(atransport* t);
int adbd_tls_verify_cert(X509_STORE_CTX* ctx, std::string* auth_key);
bssl::UniquePtr<STACK_OF(X509_NAME)> adbd_tls_client_ca_list();
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
#endif // ADB_HOST
#endif // __ADB_AUTH_H
Reference in a new issue Copy permalink