adb: Add public key authentification
Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.
When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.
On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a :-separated (; under
Windows) list of private keys, e.g. company-wide or vendor keys.
On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.
ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.
Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
diff --git a/adb/adb.h b/adb/adb.h
index df88896..5e9a0fb 100644
--- a/adb/adb.h
+++ b/adb/adb.h
@@ -29,13 +29,14 @@
#define A_OKAY 0x59414b4f
#define A_CLSE 0x45534c43
#define A_WRTE 0x45545257
+#define A_AUTH 0x48545541
#define A_VERSION 0x01000000 // ADB protocol version
#define ADB_VERSION_MAJOR 1 // Used for help/version information
#define ADB_VERSION_MINOR 0 // Used for help/version information
-#define ADB_SERVER_VERSION 29 // Increment this when we want to force users to start a new adb server
+#define ADB_SERVER_VERSION 30 // Increment this when we want to force users to start a new adb server
typedef struct amessage amessage;
typedef struct apacket apacket;
@@ -165,6 +166,8 @@
kTransportHost,
} transport_type;
+#define TOKEN_SIZE 20
+
struct atransport
{
atransport *next;
@@ -181,6 +184,7 @@
int ref_count;
unsigned sync_token;
int connection_state;
+ int online;
transport_type type;
/* usb handle or socket fd as needed */
@@ -198,6 +202,11 @@
/* a list of adisconnect callbacks called when the transport is kicked */
int kicked;
adisconnect disconnects;
+
+ void *key;
+ unsigned char token[TOKEN_SIZE];
+ fdevent auth_fde;
+ unsigned failed_auth_attempts;
};
@@ -349,6 +358,7 @@
TRACE_SYSDEPS,
TRACE_JDWP, /* 0x100 */
TRACE_SERVICES,
+ TRACE_AUTH,
} AdbTrace;
#if ADB_TRACE
@@ -408,7 +418,7 @@
#endif
-#if !TRACE_PACKETS
+#if !DEBUG_PACKETS
#define print_packet(tag,p) do {} while (0)
#endif