Commit graph

18 commits

Author SHA1 Message Date
Josh Gao
2e671202c3 adb: add support for vendor key directories.
Allow directories to be specified in ADB_VENDOR_KEYS. On Linux, monitor
this directory for new keys to be added.

Additionally, deduplicate keys by hashing their public key.

Bug: http://b/29273531
Bug: http://b/30927527
Change-Id: I8d3312b216b7f2c11900f2235f1f1b1d1c7aa767
Test: manually tested by adding a key to a directory, and verifying
      that devices became authorized after replugging.
2016-08-19 17:32:50 -07:00
Elliott Hughes
0aeb50500c Clean up key handling in adb.
This includes the locking we need to be able to re-load the keys at runtime.

We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or
"adbd_auth.cpp" in a later change.

Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8
Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without.
Bug: http://b/29273531
2016-08-11 13:53:18 -07:00
Elliott Hughes
e8b663fec3 Kill load_file.
Change-Id: I6c332f7d8e94d513605295b3d4d32c4e1cf878dc
2016-05-27 16:14:02 -07:00
Mattias Nissler
097b6bbc76 Switch fs_mgr and adb to libcrypto_utils.
Update code and dependencies to use BoringSSL + libcrypto_utils
instead of mincrypt.

Change-Id: Ic75164bd50c84b81b6310e27a67d4b3c174984f9
2016-04-12 23:04:11 +00:00
Elliott Hughes
5cba504215 Ignore ro.adb.secure in user builds.
Require authorization by default, and remove the ability to override
that in user builds. (userdebug and eng are still free to do whatever
they want.)

Bug: http://b/21862859
Change-Id: Ibf8af375be5bf1141c1ad481eee7a59fb10a7adb
2015-06-18 10:19:30 -07:00
Elliott Hughes
2d4121c0dc Remove extern "C" barriers to using C++.
Change-Id: Ic046d6aa540738cb46b54531bc59ba3b47b0136d
2015-04-17 09:47:42 -07:00
Dan Albert
3313426fad File header cleanup.
* sysdeps.h should always be included first.
 * TRACE_TAG needs to be defined before anything is included.
 * Some files were missing copyright headers.
 * Save precious bytes on my SSD by removing useless whitespace.

Change-Id: I88980e6e00b5be1093806cf286740d9e4a033b94
2015-03-19 15:32:33 -07:00
Pavel Labath
64d9adcea8 Fix file descriptor leakage in adbd
adb_auth_init in adb_auth_client.cpp sets FD_CLOEXEC on the control
socket, which prevents the leakage. However if ro.adb.secure
property is unset (as it is on the emulator), adb_auth_init is not
invoked, which results in the control socket fd leaking into any
process started by the deamon (specifically, any command executed
through adb shell).

Split the fd cleanup into a separate function that is called
unconditionally.

Change-Id: I73ea84977542ddfc4ac20599593ecf3745ae9108
2015-03-17 11:24:34 -07:00
Dan Albert
bac3474a82 Move adb to C++.
I keep trying to clean things up and needing std::strings. Might as
well just do this now.

usb_linux_client.c is going to stay as C because GCC isn't smart
enough to deal with the designated initializers it uses (though for
some reason it is in C mode).

The Darwin files are staying as C because I don't have a way to test
that they build.

The Windows files are staying as C because while I can actually build
for them, it's slow and painful.

Change-Id: I75367d29205a9049d34460032b3bb36384f43941
2015-03-09 14:06:11 -07:00
Dan Albert
bd0b750897 Move adb_main to its own file.
Change-Id: If6e98c089b39f73bd8f4a878a82669bfeee367f3
2015-02-18 18:32:54 -08:00
Dan Albert
ba3a251749 Move the adb auth code into its own file.
Change-Id: I84cf0bd7777f0147119e7c6afc4096c2e93156a2
2015-02-18 18:22:52 -08:00
Dan Albert
818fb4b448 Add extern "C" to all the adb headers.
Change-Id: Iaefa3e18d6ee2e065eb97271a796613b2a8e7d6e
2015-02-18 00:21:16 -08:00
Nick Kralevich
bea3f9c345 Introduce "adb keygen"
Introduce the "adb keygen" command.

  Usage: adb keygen <filename>

This command creates an adb public/private key pair in a user
specified file. This can be used to create new adb keys, or rotate
existing keys.

Modify adb's key generation routines to use the HOSTNAME/LOGNAME
environment variables if available. This allows someone to override
the username/hostname embedded within the adb public key file if
desired. Fallback to the old mechanisms if those environment
variables aren't available.

Bug: 18342715
Change-Id: Ibccee6088d4609aa05ad6687d3a1d8a8689d3e8a

(cherry picked from commit af782b9f2a)

Change-Id: Ic76ffc9412171dddc879af0bbf6e20fbe1a8f057
2014-12-08 13:44:39 -08:00
Benoit Goby
045a4a9c3a adb: Fix secure adb when booting with usb attached
When booting with usb attached, the secure adb authentication happens
long before the framework is done booting, so adb can't notify the
framework to install the public key.

Change-Id: Id2af6cebece345022f56cb0c4b5af24e1d7a425c
2013-02-02 01:19:06 +00:00
Benoit Goby
345cb066d2 adb: Read secure adb keys on every auth request
The framework can now clear the user key list, so we need to reload the
key list on every auth request instead of loading it once when adbd
starts.
This also fixes issues with encrypted devices, where the user key file
is only readable after the user has unlocked the device.

Change-Id: I350c5aab986f8ca86b95f316398d03012553e581
2013-01-15 17:16:22 -08:00
Benoit Goby
d5fcafaf41 adb: Add public key authentification
Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.

When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.

On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a :-separated (; under
Windows) list of private keys, e.g. company-wide or vendor keys.

On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.

ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.

Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-08-23 00:20:06 -07:00
Benoit Goby
3fc95a9918 Revert "adb: Add public key authentification"
This reverts commit f4ed516643.
2012-08-20 23:04:11 -07:00
Benoit Goby
f4ed516643 adb: Add public key authentification
Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.

When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.

On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a ;-separated list of private
keys, e.g. company-wide or vendor keys.

On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.

ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.

Change-Id: Idce931a7bfe4ce878428eaa47838e5184ac6073f
2012-08-16 21:36:26 -07:00