diff --git a/platforms/common/include/px4_platform_common/crypto.h b/platforms/common/include/px4_platform_common/crypto.h index 94016e0fa6b2..fddf4c3b907d 100644 --- a/platforms/common/include/px4_platform_common/crypto.h +++ b/platforms/common/include/px4_platform_common/crypto.h @@ -206,6 +206,27 @@ class PX4Crypto uint8_t *cipher, size_t *cipher_size); + /* + * Decrypt data. This always supports decryption in place + * + * De-crypts the given cipher using the given nonce and key index. + * handle: session handle, returned by oepn + * key_index: index to the key used for decryption + * cipher: the ciphertext to be decrypted + * nonce: the nonce used for decryption. If NULL, using the previously set nonce + * nonce_size: size of the given nonce value (note. caller is responsible of giving a suitable nonce for the algorithm) + * message: output buffer given by the client + * message_size: in: size of "message" buffer, out: actual result size + * returns + */ + bool decrypt_data(uint8_t key_index, + const uint8_t *cipher, + size_t cipher_size, + const uint8_t *nonce, + size_t nonce_size, + uint8_t *message, + size_t *message_size); + size_t get_min_blocksize(uint8_t key_idx); static int crypto_ioctl(unsigned int cmd, unsigned long arg); diff --git a/platforms/common/include/px4_platform_common/crypto_backend.h b/platforms/common/include/px4_platform_common/crypto_backend.h index bf5ea25580d8..a44c068bf8b5 100644 --- a/platforms/common/include/px4_platform_common/crypto_backend.h +++ b/platforms/common/include/px4_platform_common/crypto_backend.h @@ -143,6 +143,19 @@ bool crypto_get_encrypted_key(crypto_session_handle_t handle, size_t *max_len, uint8_t encryption_key_idx); +/* + * Re-create or set nonce. + * + * A nonce or intialization vector value for the selected algortithm is + * automatically generated when the crypto session is opened. If needed, the + * nonce can be set by this function. + * If this is called with NULL pointer, a new nonce is automatically random + * generated + */ +bool crypto_renew_nonce(crypto_session_handle_t handle, + const uint8_t *nonce, + size_t nonce_size); + /* * Get the generated nonce value * @@ -190,6 +203,27 @@ bool crypto_encrypt_data(crypto_session_handle_t handle, size_t crypto_get_min_blocksize(crypto_session_handle_t handle, uint8_t key_idx); +/* + * Decrypt data. This always supports decryption in place + * + * De-crypts the given cipher using the given nonce and key index. + * handle: session handle, returned by oepn + * key_index: index to the key used for decryption + * cipher: the ciphertext to be decrypted + * nonce: the nonce used for decryption. If NULL, using the previously set nonce + * nonce_size: size of the given nonce value (note. caller is responsible of giving a suitable nonce for the algorithm) + * message: output buffer given by the client + * message_size: in: size of "message" buffer, out: actual result size + * returns + */ +bool crypto_decrypt_data(crypto_session_handle_t handle, + uint8_t key_index, + const uint8_t *cipher, + size_t cipher_size, + const uint8_t *nonce, + size_t nonce_size, + uint8_t *message, + size_t *message_size); /* Crypto IOCTLs, to access backend from user space */ @@ -247,6 +281,37 @@ typedef struct cryptoiocgetblocksz { size_t ret; } cryptoiocgetblocksz_t; +#define CRYPTOIOCRENEWNONCE _CRYPTOIOC(8) +typedef struct cryptoiocrenewnonce { + crypto_session_handle_t *handle; + const uint8_t *nonce; + size_t nonce_size; + size_t ret; +} cryptoiocrenewnonce_t; + +#define CRYPTOIOCSIGNATURECHECK _CRYPTOIOC(9) +typedef struct cryptoiocsignaturecheck { + crypto_session_handle_t *handle; + uint8_t key_index; + const uint8_t *signature; + const uint8_t *message; + size_t message_size; + size_t ret; +} cryptoiocsignaturecheck_t; + +#define CRYPTOIOCDECRYPTDATA _CRYPTOIOC(10) +typedef struct cryptoiocdecryptdata { + crypto_session_handle_t *handle; + uint8_t key_index; + const uint8_t *cipher; + size_t cipher_size; + const uint8_t *nonce; + size_t nonce_size; + uint8_t *message; + size_t *message_size; + size_t ret; +} cryptoiocdecryptdata_t; + #if defined(__cplusplus) } // extern "C" #endif diff --git a/platforms/nuttx/src/px4/common/px4_crypto.cpp b/platforms/nuttx/src/px4/common/px4_crypto.cpp index b14c5782b669..617e8dc28547 100644 --- a/platforms/nuttx/src/px4/common/px4_crypto.cpp +++ b/platforms/nuttx/src/px4/common/px4_crypto.cpp @@ -117,6 +117,14 @@ void PX4Crypto::close() unlock(); } +bool PX4Crypto::signature_check(uint8_t key_index, + const uint8_t *signature, + const uint8_t *message, + size_t message_size) +{ + return crypto_signature_check(_crypto_handle, key_index, signature, message, message_size); +} + bool PX4Crypto::encrypt_data(uint8_t key_index, const uint8_t *message, size_t message_size, @@ -126,24 +134,39 @@ bool PX4Crypto::encrypt_data(uint8_t key_index, return crypto_encrypt_data(_crypto_handle, key_index, message, message_size, cipher, cipher_size); } -bool PX4Crypto::generate_key(uint8_t idx, - bool persistent) +bool PX4Crypto::decrypt_data(uint8_t key_index, + const uint8_t *cipher, + size_t cipher_size, + const uint8_t *nonce, + size_t nonce_size, + uint8_t *message, + size_t *message_size) +{ + return crypto_decrypt_data(_crypto_handle, key_index, cipher, cipher_size, nonce, nonce_size, message, message_size); +} + +bool PX4Crypto::generate_key(uint8_t idx, + bool persistent) { return crypto_generate_key(_crypto_handle, idx, persistent); } +bool PX4Crypto::renew_nonce(const uint8_t *nonce, + size_t nonce_size) +{ + return crypto_renew_nonce(_crypto_handle, nonce, nonce_size); +} -bool PX4Crypto::get_nonce(uint8_t *nonce, - size_t *nonce_len) +bool PX4Crypto::get_nonce(uint8_t *nonce, + size_t *nonce_len) { return crypto_get_nonce(_crypto_handle, nonce, nonce_len); } - -bool PX4Crypto::get_encrypted_key(uint8_t key_idx, - uint8_t *key, - size_t *key_len, - uint8_t encryption_key_idx) +bool PX4Crypto::get_encrypted_key(uint8_t key_idx, + uint8_t *key, + size_t *key_len, + uint8_t encryption_key_idx) { return crypto_get_encrypted_key(_crypto_handle, key_idx, key, key_len, encryption_key_idx); } @@ -183,6 +206,12 @@ int PX4Crypto::crypto_ioctl(unsigned int cmd, unsigned long arg) } break; + case CRYPTOIOCRENEWNONCE: { + cryptoiocrenewnonce_t *data = (cryptoiocrenewnonce_t *)arg; + data->ret = crypto_renew_nonce(*(data->handle), data->nonce, data->nonce_size); + } + break; + case CRYPTOIOCGETNONCE: { cryptoiocgetnonce_t *data = (cryptoiocgetnonce_t *)arg; data->ret = crypto_get_nonce(*(data->handle), data->nonce, data->nonce_len); @@ -197,12 +226,26 @@ int PX4Crypto::crypto_ioctl(unsigned int cmd, unsigned long arg) } break; + case CRYPTOIOCSIGNATURECHECK: { + cryptoiocsignaturecheck_t *data = (cryptoiocsignaturecheck_t *)arg; + data->ret = crypto_signature_check(*(data->handle), data->key_index, data->signature, data->message, + data->message_size); + } + break; + case CRYPTOIOCGETBLOCKSZ: { cryptoiocgetblocksz_t *data = (cryptoiocgetblocksz_t *)arg; data->ret = crypto_get_min_blocksize(*(data->handle), data->key_idx); } break; + case CRYPTOIOCDECRYPTDATA: { + cryptoiocdecryptdata_t *data = (cryptoiocdecryptdata_t *)arg; + data->ret = crypto_decrypt_data(*(data->handle), data->key_index, data->cipher, data->cipher_size, data->nonce, + data->nonce_size, data->message, data->message_size); + } + break; + default: ret = PX4_ERROR; break; diff --git a/platforms/nuttx/src/px4/common/px4_usr_crypto.cpp b/platforms/nuttx/src/px4/common/px4_usr_crypto.cpp index 4a12a3068367..f6192930efea 100644 --- a/platforms/nuttx/src/px4/common/px4_usr_crypto.cpp +++ b/platforms/nuttx/src/px4/common/px4_usr_crypto.cpp @@ -77,6 +77,16 @@ void PX4Crypto::close() boardctl(CRYPTOIOCCLOSE, reinterpret_cast(&_crypto_handle)); } +bool PX4Crypto::signature_check(uint8_t key_index, + const uint8_t *signature, + const uint8_t *message, + size_t message_size) +{ + cryptoiocsignaturecheck_t data = {&_crypto_handle, key_index, signature, message, message_size, false}; + boardctl(CRYPTOIOCSIGNATURECHECK, reinterpret_cast(&data)); + return data.ret; +} + bool PX4Crypto::encrypt_data(uint8_t key_index, const uint8_t *message, size_t message_size, @@ -88,26 +98,47 @@ bool PX4Crypto::encrypt_data(uint8_t key_index, return data.ret; } -bool PX4Crypto::generate_key(uint8_t idx, - bool persistent) +bool PX4Crypto::decrypt_data(uint8_t key_index, + const uint8_t *cipher, + size_t cipher_size, + const uint8_t *nonce, + size_t nonce_size, + uint8_t *message, + size_t *message_size) +{ + cryptoiocdecryptdata_t data = {&_crypto_handle, key_index, cipher, cipher_size, nonce, nonce_size, message, message_size, false}; + boardctl(CRYPTOIOCDECRYPTDATA, reinterpret_cast(&data)); + return data.ret; +} + +bool PX4Crypto::generate_key(uint8_t idx, + bool persistent) { cryptoiocgenkey_t data = {&_crypto_handle, idx, persistent, false}; boardctl(CRYPTOIOCGENKEY, reinterpret_cast(&data)); return data.ret; } -bool PX4Crypto::get_nonce(uint8_t *nonce, - size_t *nonce_len) +bool PX4Crypto::renew_nonce(const uint8_t *nonce, + size_t nonce_size) +{ + cryptoiocrenewnonce_t data = {&_crypto_handle, nonce, nonce_size, false}; + boardctl(CRYPTOIOCRENEWNONCE, reinterpret_cast(&data)); + return data.ret; +} + +bool PX4Crypto::get_nonce(uint8_t *nonce, + size_t *nonce_len) { cryptoiocgetnonce_t data = {&_crypto_handle, nonce, nonce_len, false}; boardctl(CRYPTOIOCGETNONCE, reinterpret_cast(&data)); return data.ret; } -bool PX4Crypto::get_encrypted_key(uint8_t key_idx, - uint8_t *key, - size_t *key_len, - uint8_t encryption_key_idx) +bool PX4Crypto::get_encrypted_key(uint8_t key_idx, + uint8_t *key, + size_t *key_len, + uint8_t encryption_key_idx) { cryptoiocgetkey_t data = {&_crypto_handle, key_idx, key, key_len, encryption_key_idx, false}; boardctl(CRYPTOIOCGETKEY, reinterpret_cast(&data)); @@ -121,4 +152,7 @@ size_t PX4Crypto::get_min_blocksize(uint8_t key_idx) return data.ret; } + + + #endif diff --git a/src/drivers/sw_crypto/crypto.c b/src/drivers/sw_crypto/crypto.c index 7bd8be449112..5215118685ee 100644 --- a/src/drivers/sw_crypto/crypto.c +++ b/src/drivers/sw_crypto/crypto.c @@ -455,3 +455,24 @@ size_t crypto_get_min_blocksize(crypto_session_handle_t handle, uint8_t key_idx) return ret; } + +bool crypto_renew_nonce(crypto_session_handle_t handle, + const uint8_t *nonce, + size_t nonce_size) +{ + /* unimplemented */ + return false; +} + +bool crypto_decrypt_data(crypto_session_handle_t handle, + uint8_t key_index, + const uint8_t *cipher, + size_t cipher_size, + const uint8_t *nonce, + size_t nonce_size, + uint8_t *message, + size_t *message_size) +{ + /* unimplemented */ + return false; +}