Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_core / d5fcafaf41f8ec90986c813f75ec78402096af2d^! / . / adb / protocol.txt
commitd5fcafaf41f8ec90986c813f75ec78402096af2d[log] [tgz]
authorBenoit Goby <benoit@android.com>Thu Apr 12 12:23:49 2012 -0700
committerBenoit Goby <benoit@android.com>Thu Aug 23 00:20:06 2012 -0700
tree065980666ea47a8d814b844c447165ba08c55b4a
parent42a1e6c9d827fc3d64ad3b0750b87de1f4c436e7 [diff] [blame]
adb: Add public key authentification

Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.

When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.

On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a :-separated (; under
Windows) list of private keys, e.g. company-wide or vendor keys.

On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.

ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.

Change-Id: I4e84d7621da956f66ff657245901bdaefead8395

diff --git a/adb/protocol.txt b/adb/protocol.txt
index abd63f9..c9d3c24 100644
--- a/adb/protocol.txt
+++ b/adb/protocol.txt

@@ -75,6 +75,24 @@
 or identifier string.  The banner is used to transmit useful properties.
 
 
+--- AUTH(type, 0, "data") ----------------------------------------------
+
+The AUTH message informs the recipient that authentication is required to
+connect to the sender. If type is TOKEN(1), data is a random token that
+the recipient can sign with a private key. The recipient replies with an
+AUTH packet where type is SIGNATURE(2) and data is the signature. If the
+signature verification succeeds, the sender replies with a CONNECT packet.
+
+If the signature verification fails, the sender replies with a new AUTH
+packet and a new random token, so that the recipient can retry signing
+with a different private key.
+
+Once the recipient has tried all its private keys, it can reply with an
+AUTH packet where type is RSAPUBLICKEY(3) and data is the public key. If
+possible, an on-screen confirmation may be displayed for the user to
+confirm they want to install the public key on the device.
+
+
 --- OPEN(local-id, 0, "destination") -----------------------------------
 
 The OPEN message informs the recipient that the sender has a stream
@@ -166,6 +184,7 @@
 
 #define A_SYNC 0x434e5953
 #define A_CNXN 0x4e584e43
+#define A_AUTH 0x48545541
 #define A_OPEN 0x4e45504f
 #define A_OKAY 0x59414b4f
 #define A_CLSE 0x45534c43