Skip to content

Commit

Permalink
Add more interfaces for PX4Crypto
Browse files Browse the repository at this point in the history
Add renew_nonce and and decrypt_data interfaces, and also ioctl's for memory
protected builds. Stub these functions in sw_crypto driver. the functions are
currently not used but a stub is needed in order to build properly.

Add implementation for signature_check in PX4Crypto class, there is already an
implementation in the backend, but the function is missing from the PX4Crypto
interface.

Signed-off-by: Jukka Laitinen <[email protected]>
  • Loading branch information
jlaitine committed Nov 23, 2023
1 parent 5a96854 commit a4069ea
Show file tree
Hide file tree
Showing 5 changed files with 203 additions and 17 deletions.
21 changes: 21 additions & 0 deletions platforms/common/include/px4_platform_common/crypto.h
Original file line number Diff line number Diff line change
Expand Up @@ -211,6 +211,27 @@ class PX4Crypto
uint8_t *mac,
size_t *mac_size);

/*
* Decrypt data. This always supports decryption in place
*
* De-crypts the given cipher using the given nonce and key index.
* handle: session handle, returned by oepn
* key_index: index to the key used for decryption
* cipher: the ciphertext to be decrypted
* mac: pointer to the buffer for authentication code
* mac_size: size of the authentication code buffer
* message: output buffer given by the client
* message_size: in: size of "message" buffer, out: actual result size
* returns
*/
bool decrypt_data(uint8_t key_index,
const uint8_t *cipher,
size_t cipher_size,
const uint8_t *mac,
size_t mac_size,
uint8_t *message,
size_t *message_size);

size_t get_min_blocksize(uint8_t key_idx);

static int crypto_ioctl(unsigned int cmd, unsigned long arg);
Expand Down
66 changes: 66 additions & 0 deletions platforms/common/include/px4_platform_common/crypto_backend.h
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,19 @@ bool crypto_get_encrypted_key(crypto_session_handle_t handle,
size_t *max_len,
uint8_t encryption_key_idx);

/*
* Re-create or set nonce.
*
* A nonce or intialization vector value for the selected algortithm is
* automatically generated when the crypto session is opened. If needed, the
* nonce can be set by this function.
* If this is called with NULL pointer, a new nonce is automatically random
* generated
*/
bool crypto_renew_nonce(crypto_session_handle_t handle,
const uint8_t *nonce,
size_t nonce_size);

/*
* Get the generated nonce value
*
Expand Down Expand Up @@ -192,6 +205,28 @@ bool crypto_encrypt_data(crypto_session_handle_t handle,

size_t crypto_get_min_blocksize(crypto_session_handle_t handle, uint8_t key_idx);

/*
* Decrypt data. This always supports decryption in place
*
* De-crypts the given cipher using the given nonce and key index.
* handle: session handle, returned by oepn
* key_index: index to the key used for decryption
* cipher: the ciphertext to be decrypted
* nonce: the nonce used for decryption. If NULL, using the previously set nonce
* nonce_size: size of the given nonce value (note. caller is responsible of giving a suitable nonce for the algorithm)
* message: output buffer given by the client
* message_size: in: size of "message" buffer, out: actual result size
* returns
*/
bool crypto_decrypt_data(crypto_session_handle_t handle,
uint8_t key_index,
const uint8_t *cipher,
size_t cipher_size,
const uint8_t *mac,
size_t mac_size,
uint8_t *message,
size_t *message_size);

/* Crypto IOCTLs, to access backend from user space */

#define _CRYPTOIOC(_n) (_IOC(_CRYPTOIOCBASE, _n))
Expand Down Expand Up @@ -250,6 +285,37 @@ typedef struct cryptoiocgetblocksz {
size_t ret;
} cryptoiocgetblocksz_t;

#define CRYPTOIOCRENEWNONCE _CRYPTOIOC(8)
typedef struct cryptoiocrenewnonce {
crypto_session_handle_t *handle;
const uint8_t *nonce;
size_t nonce_size;
size_t ret;
} cryptoiocrenewnonce_t;

#define CRYPTOIOCSIGNATURECHECK _CRYPTOIOC(9)
typedef struct cryptoiocsignaturecheck {
crypto_session_handle_t *handle;
uint8_t key_index;
const uint8_t *signature;
const uint8_t *message;
size_t message_size;
size_t ret;
} cryptoiocsignaturecheck_t;

#define CRYPTOIOCDECRYPTDATA _CRYPTOIOC(10)
typedef struct cryptoiocdecryptdata {
crypto_session_handle_t *handle;
uint8_t key_index;
const uint8_t *cipher;
size_t cipher_size;
const uint8_t *mac;
size_t mac_size;
uint8_t *message;
size_t *message_size;
size_t ret;
} cryptoiocdecryptdata_t;

#if defined(__cplusplus)
} // extern "C"
#endif
62 changes: 53 additions & 9 deletions platforms/nuttx/src/px4/common/px4_crypto.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,14 @@ void PX4Crypto::close()
unlock();
}

bool PX4Crypto::signature_check(uint8_t key_index,
const uint8_t *signature,
const uint8_t *message,
size_t message_size)
{
return crypto_signature_check(_crypto_handle, key_index, signature, message, message_size);
}

bool PX4Crypto::encrypt_data(uint8_t key_index,
const uint8_t *message,
size_t message_size,
Expand All @@ -128,24 +136,40 @@ bool PX4Crypto::encrypt_data(uint8_t key_index,
return crypto_encrypt_data(_crypto_handle, key_index, message, message_size, cipher, cipher_size, mac, mac_size);
}

bool PX4Crypto::generate_key(uint8_t idx,
bool persistent)
bool PX4Crypto::decrypt_data(uint8_t key_index,
const uint8_t *cipher,
size_t cipher_size,
const uint8_t *mac,
size_t mac_size,
uint8_t *message,
size_t *message_size)
{
return crypto_decrypt_data(_crypto_handle, key_index, cipher, cipher_size, mac, mac_size, message,
message_size);
}

bool PX4Crypto::generate_key(uint8_t idx,
bool persistent)
{
return crypto_generate_key(_crypto_handle, idx, persistent);
}

bool PX4Crypto::renew_nonce(const uint8_t *nonce,
size_t nonce_size)
{
return crypto_renew_nonce(_crypto_handle, nonce, nonce_size);
}

bool PX4Crypto::get_nonce(uint8_t *nonce,
size_t *nonce_len)
bool PX4Crypto::get_nonce(uint8_t *nonce,
size_t *nonce_len)
{
return crypto_get_nonce(_crypto_handle, nonce, nonce_len);
}


bool PX4Crypto::get_encrypted_key(uint8_t key_idx,
uint8_t *key,
size_t *key_len,
uint8_t encryption_key_idx)
bool PX4Crypto::get_encrypted_key(uint8_t key_idx,
uint8_t *key,
size_t *key_len,
uint8_t encryption_key_idx)
{
return crypto_get_encrypted_key(_crypto_handle, key_idx, key, key_len, encryption_key_idx);
}
Expand Down Expand Up @@ -185,6 +209,12 @@ int PX4Crypto::crypto_ioctl(unsigned int cmd, unsigned long arg)
}
break;

case CRYPTOIOCRENEWNONCE: {
cryptoiocrenewnonce_t *data = (cryptoiocrenewnonce_t *)arg;
data->ret = crypto_renew_nonce(*(data->handle), data->nonce, data->nonce_size);
}
break;

case CRYPTOIOCGETNONCE: {
cryptoiocgetnonce_t *data = (cryptoiocgetnonce_t *)arg;
data->ret = crypto_get_nonce(*(data->handle), data->nonce, data->nonce_len);
Expand All @@ -199,12 +229,26 @@ int PX4Crypto::crypto_ioctl(unsigned int cmd, unsigned long arg)
}
break;

case CRYPTOIOCSIGNATURECHECK: {
cryptoiocsignaturecheck_t *data = (cryptoiocsignaturecheck_t *)arg;
data->ret = crypto_signature_check(*(data->handle), data->key_index, data->signature, data->message,
data->message_size);
}
break;

case CRYPTOIOCGETBLOCKSZ: {
cryptoiocgetblocksz_t *data = (cryptoiocgetblocksz_t *)arg;
data->ret = crypto_get_min_blocksize(*(data->handle), data->key_idx);
}
break;

case CRYPTOIOCDECRYPTDATA: {
cryptoiocdecryptdata_t *data = (cryptoiocdecryptdata_t *)arg;
data->ret = crypto_decrypt_data(*(data->handle), data->key_index, data->cipher, data->cipher_size,
data->mac, data->mac_size, data->message, data->message_size);
}
break;

default:
ret = PX4_ERROR;
break;
Expand Down
50 changes: 42 additions & 8 deletions platforms/nuttx/src/px4/common/px4_usr_crypto.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,16 @@ void PX4Crypto::close()
boardctl(CRYPTOIOCCLOSE, reinterpret_cast<unsigned long>(&_crypto_handle));
}

bool PX4Crypto::signature_check(uint8_t key_index,
const uint8_t *signature,
const uint8_t *message,
size_t message_size)
{
cryptoiocsignaturecheck_t data = {&_crypto_handle, key_index, signature, message, message_size, false};
boardctl(CRYPTOIOCSIGNATURECHECK, reinterpret_cast<unsigned long>(&data));
return data.ret;
}

bool PX4Crypto::encrypt_data(uint8_t key_index,
const uint8_t *message,
size_t message_size,
Expand All @@ -90,26 +100,47 @@ bool PX4Crypto::encrypt_data(uint8_t key_index,
return data.ret;
}

bool PX4Crypto::generate_key(uint8_t idx,
bool persistent)
bool PX4Crypto::decrypt_data(uint8_t key_index,
const uint8_t *cipher,
size_t cipher_size,
const uint8_t *mac,
size_t mac_size,
uint8_t *message,
size_t *message_size)
{
cryptoiocdecryptdata_t data = {&_crypto_handle, key_index, cipher, cipher_size, mac, mac_size, message, message_size, false};
boardctl(CRYPTOIOCDECRYPTDATA, reinterpret_cast<unsigned long>(&data));
return data.ret;
}

bool PX4Crypto::generate_key(uint8_t idx,
bool persistent)
{
cryptoiocgenkey_t data = {&_crypto_handle, idx, persistent, false};
boardctl(CRYPTOIOCGENKEY, reinterpret_cast<unsigned long>(&data));
return data.ret;
}

bool PX4Crypto::get_nonce(uint8_t *nonce,
size_t *nonce_len)
bool PX4Crypto::renew_nonce(const uint8_t *nonce,
size_t nonce_size)
{
cryptoiocrenewnonce_t data = {&_crypto_handle, nonce, nonce_size, false};
boardctl(CRYPTOIOCRENEWNONCE, reinterpret_cast<unsigned long>(&data));
return data.ret;
}

bool PX4Crypto::get_nonce(uint8_t *nonce,
size_t *nonce_len)
{
cryptoiocgetnonce_t data = {&_crypto_handle, nonce, nonce_len, false};
boardctl(CRYPTOIOCGETNONCE, reinterpret_cast<unsigned long>(&data));
return data.ret;
}

bool PX4Crypto::get_encrypted_key(uint8_t key_idx,
uint8_t *key,
size_t *key_len,
uint8_t encryption_key_idx)
bool PX4Crypto::get_encrypted_key(uint8_t key_idx,
uint8_t *key,
size_t *key_len,
uint8_t encryption_key_idx)
{
cryptoiocgetkey_t data = {&_crypto_handle, key_idx, key, key_len, encryption_key_idx, false};
boardctl(CRYPTOIOCGETKEY, reinterpret_cast<unsigned long>(&data));
Expand All @@ -123,4 +154,7 @@ size_t PX4Crypto::get_min_blocksize(uint8_t key_idx)
return data.ret;
}




#endif
21 changes: 21 additions & 0 deletions src/drivers/sw_crypto/crypto.c
Original file line number Diff line number Diff line change
Expand Up @@ -460,3 +460,24 @@ size_t crypto_get_min_blocksize(crypto_session_handle_t handle, uint8_t key_idx)

return ret;
}

bool crypto_renew_nonce(crypto_session_handle_t handle,
const uint8_t *nonce,
size_t nonce_size)
{
/* unimplemented */
return false;
}

bool crypto_decrypt_data(crypto_session_handle_t handle,
uint8_t key_index,
const uint8_t *cipher,
size_t cipher_size,
const uint8_t *mac,
size_t mac_size,
uint8_t *message,
size_t *message_size)
{
/* unimplemented */
return false;
}

0 comments on commit a4069ea

Please sign in to comment.