| 515e1639ef0ab5e3149fafeffce826cf654d616f |
|
10-Apr-2013 |
Doug Zongker <dougz@android.com> |
mincrypt: support SHA-256 hash algorithm
- adds a library to compute the SHA-256 hash
- updates the RSA verifier to take an argument specifying either SHA-1
or SHA-256
- updates DumpPublicKey to with new "key" version numbers for
specifying SHA-256
- adds new argument to adb auth code to maintain existing behavior
Change-Id: I5b1406cf57c2b8993f6032eda3e29139f7740839
/system/core/adb/adb_auth_client.c
|
| b66356cab6cd47ecbe26513f36614dda1052eb11 |
|
02-Apr-2013 |
Benoit Goby <benoit@android.com> |
adb: Prevent registering usb_disconnect twice
adbd can receive multiple AUTH_RSAPUBLICKEY packets. This happens for
example when booting with usb attached when we retry authenticating
after the framework is done booting. Make sure usb_disconnect is only
registered once, otherwise this creates a loop in the disconnects list.
Bug: 8504991
Change-Id: Ia1f9a37005dd17b7eefee1493d622e1679263eea
/system/core/adb/adb_auth_client.c
|
| 045a4a9c3a317e60ab1078f5a689bf302ee2ab19 |
|
16-Jan-2013 |
Benoit Goby <benoit@android.com> |
adb: Fix secure adb when booting with usb attached
When booting with usb attached, the secure adb authentication happens
long before the framework is done booting, so adb can't notify the
framework to install the public key.
Change-Id: Id2af6cebece345022f56cb0c4b5af24e1d7a425c
/system/core/adb/adb_auth_client.c
|
| 345cb066d2e0c774c877a85d3035f298df1daf16 |
|
15-Jan-2013 |
Benoit Goby <benoit@android.com> |
adb: Read secure adb keys on every auth request
The framework can now clear the user key list, so we need to reload the
key list on every auth request instead of loading it once when adbd
starts.
This also fixes issues with encrypted devices, where the user key file
is only readable after the user has unlocked the device.
Change-Id: I350c5aab986f8ca86b95f316398d03012553e581
/system/core/adb/adb_auth_client.c
|
| d5fcafaf41f8ec90986c813f75ec78402096af2d |
|
12-Apr-2012 |
Benoit Goby <benoit@android.com> |
adb: Add public key authentification
Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.
When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.
On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a :-separated (; under
Windows) list of private keys, e.g. company-wide or vendor keys.
On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.
ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.
Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
/system/core/adb/adb_auth_client.c
|
| 3fc95a991805feba257a396c13548776fd36f34f |
|
21-Aug-2012 |
Benoit Goby <benoit@android.com> |
Revert "adb: Add public key authentification"
This reverts commit f4ed516643ee8ed3a59ad1a8048f7ce5f47f93fb.
/system/core/adb/adb_auth_client.c
|
| f4ed516643ee8ed3a59ad1a8048f7ce5f47f93fb |
|
12-Apr-2012 |
Benoit Goby <benoit@android.com> |
adb: Add public key authentification
Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.
When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.
On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a ;-separated list of private
keys, e.g. company-wide or vendor keys.
On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.
ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.
Change-Id: Idce931a7bfe4ce878428eaa47838e5184ac6073f
/system/core/adb/adb_auth_client.c
|