This command will be sent by adbd to notify the client that the
connection will be over TLS.
When client connects, it will send the CNXN packet, as usual. If the
server connection has TLS enabled, it will send the A_STLS packet
(regardless of whether auth is required). At this point, the client's
only valid response is to send a A_STLS packet. Once both sides have
exchanged the A_STLS packet, both will start the TLS handshake.
If auth is required, then the client will receive a CertificateRequest
with a list of known public keys (SHA256 hash) that it can use in its
certificate. Otherwise, the list will be empty and the client can assume
that either any key will work, or none will work.
If the handshake was successful, the server will send the CNXN packet
and the usual adb protocol is resumed over TLS. If the handshake failed,
both sides will disconnect, as there's no point to retry because the
server's known keys have already been communicated.
Bug: 111434128
Test: WIP; will add to adb_test.py/adb_device.py.
Enable wireless debugging in the Settings, then 'adb connect
<ip>:<port>'. Connection should succeed if key is in keystore. Used
wireshark to check for packet encryption.
Change-Id: I3d60647491c6c6b92297e4f628707a6457fa9420
Bug: 111434128, 119493510, 119494503
Test: Enable wireless debugging in Settings UI, click "pair with pairing code"
to generate pairing code.
On client, 'adb pair <ip_address>', enter pairing code at prompt and hit
enter. Pairing should complete.
'adb logcat'.
Change-Id: I86527bd3fc52e30a8e08ec5843dc3e100abf91fa
Exempt-From-Owner-Approval: approved already
Since both the client and daemon will now be generating keys.
BUG: b/111434128
Test: atest adb_crypto_test
Change-Id: I6fac562ae5629ab30b6639fbd88d822dae6e96bd
Before we just got "Failed to read key". After:
adb E 10-07 08:20:14 258249 258249 auth.cpp:176] Failed to read key \
from '/usr/local/google/home/enh/.android/adbkey'
94390117965240:error:0900006e:PEM routines:OPENSSL_internal:NO_START_LINE:\
external/boringssl/src/crypto/pem/pem_lib.c:622:Expecting: ANY PRIVATE KEY
Also fix the misleading "Failed to generate" message from adb_auth_init.
Bug: http://b/141715453
Test: manually corrupted key; see above
Change-Id: I6732ee6b683c8548d596d7c22eeddab8ce9a3cea
We don't need the public key to be generated at ~/.android/adbkey.pub,
but it's still useful to be able to generate the public key for use with
ADB_VENDOR_KEYS.
Bug: http://b/119634232
Test: manual
Change-Id: Iecd6ff1bba4af4ba142456034f3faf52bb9e017d
When a function argument takes a std::string, it's inefficient to
pass std::string::c_str(), since that creates an additional copy.
So we change these calling sites.
Test: TreeHugger
Change-Id: I1c0fde7275eb3ebd3baf05ec62581b0243655608
An adbkey/adbkey.pub pair that doesn't match up results in a
hard-to-diagnose scenario where "Always allow from this computer"
doesn't work. The private key contains all of the information that's
in the public key, so just extract the public key out of the private
key instead of storing them separately.
Bug: http://b/119634232
Test: rm ~/.android/adbkey.pub; adb kill-server; adb shell true
Test: rm ~/.android/adbkey*; adb kill-server; adb shell true
Change-Id: I0ae9033dbcd119c12cfb2b3977f1f1954ac800c1
Previously, connecting to devices that end up as unauthorized would
wait 10 seconds before reporting failure to the user. After this
change, notification happens as soon as the adb server realizes.
Test: manual
Change-Id: If7c8d38f22da3d98b952eee6a334abc8566bb751
Add two states: connecting and authorizing, to disambiguate the offline
and unauthorized states, respectively.
Previously, devices would transition as follows:
offline -> unauthorized -> offline -> online
offline -> unauthorized (when actually unauthorized)
With this patch:
connecting -> authorizing -> online
connecting -> authorizing -> unauthorized (when actually unauthorized)
This allows test automation and the like to distinguish between offline
devices, unauthorized devices, and working devices without having to
do retry loops with arbitrary sleeps on their end.
Bug: http://b/79257434
Test: adb_test
Test: adbd_test
Test: manually plugging in a device with `while true; do adb shell echo foo; done`
Change-Id: I036d9b593b51a27a59ac3fc57da966fd52658567
Switch from using std::string as the type we use to hold our payload in
apacket to a custom reimplementation that doesn't zero initialize. This
improves bulk transfer throughput in the adb_benchmark microbenchmark
on walleye by ~20%.
Test: adb shell taskset f0 /data/benchmarktest64/adb_benchmark/adb_benchmark
Change-Id: Ibad797701eb1460c9321b0400c5b167b89b2b4d0
Rearrange some files while we're doing this.
Bug: http://b/71721338
Test: manually ran adb on windows
Change-Id: Ie47bda82279e4b9521505ad0353bf9ef649fc7d7
Joshua Duong