Commit graph

25 commits

Author SHA1 Message Date
Joshua Duong
5cf7868b7e [adbwifi] Add A_STLS command.
This command will be sent by adbd to notify the client that the
connection will be over TLS.

When client connects, it will send the CNXN packet, as usual. If the
server connection has TLS enabled, it will send the A_STLS packet
(regardless of whether auth is required). At this point, the client's
only valid response is to send a A_STLS packet. Once both sides have
exchanged the A_STLS packet, both will start the TLS handshake.

If auth is required, then the client will receive a CertificateRequest
with a list of known public keys (SHA256 hash) that it can use in its
certificate. Otherwise, the list will be empty and the client can assume
that either any key will work, or none will work.

If the handshake was successful, the server will send the CNXN packet
and the usual adb protocol is resumed over TLS. If the handshake failed,
both sides will disconnect, as there's no point to retry because the
server's known keys have already been communicated.

Bug: 111434128

Test: WIP; will add to adb_test.py/adb_device.py.

Enable wireless debugging in the Settings, then 'adb connect
<ip>:<port>'. Connection should succeed if key is in keystore. Used
wireshark to check for packet encryption.

Change-Id: I3d60647491c6c6b92297e4f628707a6457fa9420
2020-02-21 21:07:13 +00:00
Joshua Duong
d85f5c0130 [adbwifi] Add adbwifi_libs, TLS connection, and MDNS implementation.
Bug: 111434128, 119493510, 119494503

Test: Enable wireless debugging in Settings UI, click "pair with pairing code"
to generate pairing code.
On client, 'adb pair <ip_address>', enter pairing code at prompt and hit
enter. Pairing should complete.
'adb logcat'.
Change-Id: I86527bd3fc52e30a8e08ec5843dc3e100abf91fa
Exempt-From-Owner-Approval: approved already
2020-02-21 21:06:40 +00:00
Michael Groover
7eeda6ba03 Notify the framework when an adb key is authorized
Bug: 124076524
Test: atest AdbDebuggingManagerTest
Change-Id: If73b81ca73ba4d64763cf49c1bbe42de81fa1cb6
2019-05-09 16:05:40 -07:00
Josh Gao
2dc4cabe06 adb: stop using adbkey.pub.
An adbkey/adbkey.pub pair that doesn't match up results in a
hard-to-diagnose scenario where "Always allow from this computer"
doesn't work. The private key contains all of the information that's
in the public key, so just extract the public key out of the private
key instead of storing them separately.

Bug: http://b/119634232
Test: rm ~/.android/adbkey.pub; adb kill-server; adb shell true
Test: rm ~/.android/adbkey*; adb kill-server; adb shell true
Change-Id: I0ae9033dbcd119c12cfb2b3977f1f1954ac800c1
2018-11-15 17:50:57 -08:00
Josh Gao
f571fcbe87 adb: switch apacket over to a std::string payload.
Test: python test_device.py with walleye/x86_64 emulator
Change-Id: I0a18941af1cb2279e5019a24ace25741def1202f
2018-02-21 14:30:17 -08:00
Josh Gao
06d61d4d96 adb: rationalize types.
Use fixed length types for structs going over the wire, constify
arguments where possible, use char* instead of unsigned char* for
apacket data, and assorted other refactoring.

Bug: http://b/29273531
Test: python test_device.py with every combination of old/new adb and adbd
Change-Id: I0b6f818a32be5386985aa4519f542003cf427f9d
2016-10-06 14:50:02 -07:00
Josh Gao
3bd2879d8e adb: split up adb_auth.cpp.
All of the functions in adb_auth.cpp were used in only one of
adb/adbd. Split up them up into adb_auth_host.cpp and adbd_auth.cpp
respectively.

Bug: http://b/29273531
Test: built and flashed bullhead, adb still works
Change-Id: Ib610c5157522634cc273511175152f1306cc52a7
2016-10-06 12:36:26 -07:00
Josh Gao
2e671202c3 adb: add support for vendor key directories.
Allow directories to be specified in ADB_VENDOR_KEYS. On Linux, monitor
this directory for new keys to be added.

Additionally, deduplicate keys by hashing their public key.

Bug: http://b/29273531
Bug: http://b/30927527
Change-Id: I8d3312b216b7f2c11900f2235f1f1b1d1c7aa767
Test: manually tested by adding a key to a directory, and verifying
      that devices became authorized after replugging.
2016-08-19 17:32:50 -07:00
Elliott Hughes
0aeb50500c Clean up key handling in adb.
This includes the locking we need to be able to re-load the keys at runtime.

We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or
"adbd_auth.cpp" in a later change.

Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8
Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without.
Bug: http://b/29273531
2016-08-11 13:53:18 -07:00
Elliott Hughes
e8b663fec3 Kill load_file.
Change-Id: I6c332f7d8e94d513605295b3d4d32c4e1cf878dc
2016-05-27 16:14:02 -07:00
Mattias Nissler
097b6bbc76 Switch fs_mgr and adb to libcrypto_utils.
Update code and dependencies to use BoringSSL + libcrypto_utils
instead of mincrypt.

Change-Id: Ic75164bd50c84b81b6310e27a67d4b3c174984f9
2016-04-12 23:04:11 +00:00
Elliott Hughes
5cba504215 Ignore ro.adb.secure in user builds.
Require authorization by default, and remove the ability to override
that in user builds. (userdebug and eng are still free to do whatever
they want.)

Bug: http://b/21862859
Change-Id: Ibf8af375be5bf1141c1ad481eee7a59fb10a7adb
2015-06-18 10:19:30 -07:00
Elliott Hughes
2d4121c0dc Remove extern "C" barriers to using C++.
Change-Id: Ic046d6aa540738cb46b54531bc59ba3b47b0136d
2015-04-17 09:47:42 -07:00
Dan Albert
3313426fad File header cleanup.
* sysdeps.h should always be included first.
 * TRACE_TAG needs to be defined before anything is included.
 * Some files were missing copyright headers.
 * Save precious bytes on my SSD by removing useless whitespace.

Change-Id: I88980e6e00b5be1093806cf286740d9e4a033b94
2015-03-19 15:32:33 -07:00
Pavel Labath
64d9adcea8 Fix file descriptor leakage in adbd
adb_auth_init in adb_auth_client.cpp sets FD_CLOEXEC on the control
socket, which prevents the leakage. However if ro.adb.secure
property is unset (as it is on the emulator), adb_auth_init is not
invoked, which results in the control socket fd leaking into any
process started by the deamon (specifically, any command executed
through adb shell).

Split the fd cleanup into a separate function that is called
unconditionally.

Change-Id: I73ea84977542ddfc4ac20599593ecf3745ae9108
2015-03-17 11:24:34 -07:00
Dan Albert
bac3474a82 Move adb to C++.
I keep trying to clean things up and needing std::strings. Might as
well just do this now.

usb_linux_client.c is going to stay as C because GCC isn't smart
enough to deal with the designated initializers it uses (though for
some reason it is in C mode).

The Darwin files are staying as C because I don't have a way to test
that they build.

The Windows files are staying as C because while I can actually build
for them, it's slow and painful.

Change-Id: I75367d29205a9049d34460032b3bb36384f43941
2015-03-09 14:06:11 -07:00
Dan Albert
bd0b750897 Move adb_main to its own file.
Change-Id: If6e98c089b39f73bd8f4a878a82669bfeee367f3
2015-02-18 18:32:54 -08:00
Dan Albert
ba3a251749 Move the adb auth code into its own file.
Change-Id: I84cf0bd7777f0147119e7c6afc4096c2e93156a2
2015-02-18 18:22:52 -08:00
Dan Albert
818fb4b448 Add extern "C" to all the adb headers.
Change-Id: Iaefa3e18d6ee2e065eb97271a796613b2a8e7d6e
2015-02-18 00:21:16 -08:00
Nick Kralevich
bea3f9c345 Introduce "adb keygen"
Introduce the "adb keygen" command.

  Usage: adb keygen <filename>

This command creates an adb public/private key pair in a user
specified file. This can be used to create new adb keys, or rotate
existing keys.

Modify adb's key generation routines to use the HOSTNAME/LOGNAME
environment variables if available. This allows someone to override
the username/hostname embedded within the adb public key file if
desired. Fallback to the old mechanisms if those environment
variables aren't available.

Bug: 18342715
Change-Id: Ibccee6088d4609aa05ad6687d3a1d8a8689d3e8a

(cherry picked from commit af782b9f2a)

Change-Id: Ic76ffc9412171dddc879af0bbf6e20fbe1a8f057
2014-12-08 13:44:39 -08:00
Benoit Goby
045a4a9c3a adb: Fix secure adb when booting with usb attached
When booting with usb attached, the secure adb authentication happens
long before the framework is done booting, so adb can't notify the
framework to install the public key.

Change-Id: Id2af6cebece345022f56cb0c4b5af24e1d7a425c
2013-02-02 01:19:06 +00:00
Benoit Goby
345cb066d2 adb: Read secure adb keys on every auth request
The framework can now clear the user key list, so we need to reload the
key list on every auth request instead of loading it once when adbd
starts.
This also fixes issues with encrypted devices, where the user key file
is only readable after the user has unlocked the device.

Change-Id: I350c5aab986f8ca86b95f316398d03012553e581
2013-01-15 17:16:22 -08:00
Benoit Goby
d5fcafaf41 adb: Add public key authentification
Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.

When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.

On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a :-separated (; under
Windows) list of private keys, e.g. company-wide or vendor keys.

On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.

ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.

Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-08-23 00:20:06 -07:00
Benoit Goby
3fc95a9918 Revert "adb: Add public key authentification"
This reverts commit f4ed516643.
2012-08-20 23:04:11 -07:00
Benoit Goby
f4ed516643 adb: Add public key authentification
Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.

When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.

On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a ;-separated list of private
keys, e.g. company-wide or vendor keys.

On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.

ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.

Change-Id: Idce931a7bfe4ce878428eaa47838e5184ac6073f
2012-08-16 21:36:26 -07:00