fix: USB AOAP recovery, TLS bridge guard, SSL decrypt drain, diagnostics#84
Merged
fix: USB AOAP recovery, TLS bridge guard, SSL decrypt drain, diagnostics#84
Conversation
- handle SSL WANT_READ/WANT_WRITE as partial frame in Cryptor decrypt\n- add richer SSL diagnostics in SSLWrapper/Cryptor\n- move cert/key install path from /etc/openauto to /etc/aasdk\n- add debian postinst migration and permission/ownership fixups
- AOAPDevice: detect LIBUSB_ERROR_BUSY on claimInterface and attempt releaseInterface + retry before throwing to handle stale ownership after abrupt transport teardown - MessageInStream: conditionally inject ENCAPSULATED_SSL prefix (MessageId 3) only when the incoming payload looks like a TLS record (content-type 0x14-0x17, version byte 0x03); plain payloads such as version responses are no longer misclassified; promote frame/payload logs to info level - Cryptor: simplify SSL decrypt drain loop to pure while(true) with fixed 2048-byte read chunks; remove overhead/expected-bytes heuristics that caused premature loop exit; demote WANT_READ/WANT_WRITE to debug - ControlServiceChannel: add info-level logs for sendVersionRequest (logs major/minor) and sendHandshake (logs payload size); promote incoming MessageId log to info for runtime visibility - USBTransport: add diagnostic logs for doSend submission, sendComplete, sendError, enqueueReceive, receiveComplete and receiveError including endpoint address, byte count and error code/native code
matt2005
added a commit
that referenced
this pull request
Mar 15, 2026
* fix: USB AOAP recovery, TLS bridge guard, SSL decrypt drain, diagnostics (#84) * Fix SSL decrypt handling and migrate cert install to /etc/aasdk - handle SSL WANT_READ/WANT_WRITE as partial frame in Cryptor decrypt\n- add richer SSL diagnostics in SSLWrapper/Cryptor\n- move cert/key install path from /etc/openauto to /etc/aasdk\n- add debian postinst migration and permission/ownership fixups * fix: USB AOAP recovery, TLS bridge, SSL decrypt drain, diagnostics - AOAPDevice: detect LIBUSB_ERROR_BUSY on claimInterface and attempt releaseInterface + retry before throwing to handle stale ownership after abrupt transport teardown - MessageInStream: conditionally inject ENCAPSULATED_SSL prefix (MessageId 3) only when the incoming payload looks like a TLS record (content-type 0x14-0x17, version byte 0x03); plain payloads such as version responses are no longer misclassified; promote frame/payload logs to info level - Cryptor: simplify SSL decrypt drain loop to pure while(true) with fixed 2048-byte read chunks; remove overhead/expected-bytes heuristics that caused premature loop exit; demote WANT_READ/WANT_WRITE to debug - ControlServiceChannel: add info-level logs for sendVersionRequest (logs major/minor) and sendHandshake (logs payload size); promote incoming MessageId log to info for runtime visibility - USBTransport: add diagnostic logs for doSend submission, sendComplete, sendError, enqueueReceive, receiveComplete and receiveError including endpoint address, byte count and error code/native code * Add runtime-toggleable cryptor/message tracing and docs (#85) * Address Copilot PR review follow-ups (#87) * Add MessageInStream regression tests and run CI unit tests on PR/main/develop (#88)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR contains a set of fixes and diagnostic improvements to the USB AOAP transport stack, uncovered during runtime debugging on Raspberry Pi 5 with a USB-connected Android phone.
USB/AOAPDevice.cpp— stale interface claim recoveryWhen the transport is torn down abruptly (e.g. control version-request timeout triggering a full AASDK stack reset), the OS may keep the AOAP bulk interface claimed by the previous libusb handle. The next
claimInterfacecall returnsLIBUSB_ERROR_BUSY (-6).Added a recovery path: on
LIBUSB_ERROR_BUSY, callreleaseInterfacethen retryclaimInterfaceonce before throwing.Messenger/MessageInStream.cpp— TLS bridge guardThe code that synthesises an
ENCAPSULATED_SSLprefix (MessageId 3) was unconditionally applied to all encrypted frames on the control channel before the cryptor became active. This misclassified plain control payloads (e.g. version responses) as TLS records.Fixed by adding a TLS record heuristic guard: only inject the prefix when the payload's first byte is in
0x14–0x17(TLS content-type) and the second byte is0x03(TLS version major). Also promotes frame/payload logs toinfolevel for runtime visibility.Messenger/Cryptor.cpp— SSL decrypt drain simplificationThe previous drain loop used an
available-bytesheuristic derived fromSSL_pendingcombined with a payload-length estimate. Under certain timing conditions this caused the loop to exit before the SSL layer had yielded all plaintext bytes.Replaced with a pure
while(true)drain loop with fixed 2048-byte reads that exits only onSSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE(all data drained) or a fatal error. Demotes normal drain-complete log fromwarningtodebug.Channel/Control/ControlServiceChannel.cpp— version/handshake loggingAdd
info-level log lines forsendVersionRequest(logsAASDK_MAJOR/AASDK_MINOR) andsendHandshake(logs payload size). Promote the incomingMessageIddispatch log fromdebugtoinfo.Transport/USBTransport.cpp— diagnostic loggingAdd
info/warning-level logs for the USB bulk transfer lifecycle:doSend: endpoint address + byte count on submissionsendComplete/sendError: outcome with error code + native codeenqueueReceive: endpoint address on armreceiveComplete/receiveError: outcome with byte count or error detailTesting
Validated on Pi 5 (
aarch64) against a USB-connected Android phone in AOAP mode. After a control version-request timeout and full AASDK stack reset:LIBUSB_ERROR_BUSYno longer blocks re-attach