Skip to content

Commit

Permalink
Add ed25519 signing support
Browse files Browse the repository at this point in the history
  • Loading branch information
jnippula committed May 20, 2024
1 parent 6926c05 commit 585f65b
Show file tree
Hide file tree
Showing 5 changed files with 176 additions and 22 deletions.
25 changes: 18 additions & 7 deletions platforms/common/include/px4_platform_common/crypto.h
Original file line number Diff line number Diff line change
Expand Up @@ -97,17 +97,14 @@ class PX4Crypto
/*
* Generate a key pair for asymmetric-key encryption
*
* algorithm: the key type
* key_size: size of the key in bytes
* private_idx: the private key will be stored in this index in the keystore
* public_idx: the public key will be stored in this index in the keystore
* key_idx: the keys will be stored in this index in the keystore
* persistent: whether the keys need to be stored persistently
* returns true on success, false on failure
*/

bool generate_keypair(size_t key_size,
uint8_t private_idx,
uint8_t public_idx,
uint8_t key_idx,
bool persistent);


Expand Down Expand Up @@ -173,6 +170,20 @@ class PX4Crypto
* PX4 Crypto API functions
*/

/*
* Message signing
*
* key_index: private key index in keystore
* signature: pointer to the output signature
* message: pointer to the data to be signed
* message_size: size of the message in bytes
*/

bool sign(uint8_t key_index,
uint8_t *signature,
const uint8_t *message,
size_t message_size);

/*
* Verify signature
*
Expand All @@ -182,7 +193,7 @@ class PX4Crypto
* message_size: size of the message in bytes
*/

bool signature_check(uint8_t key_index,
bool signature_check(uint8_t key_index,
const uint8_t *signature,
const uint8_t *message,
size_t message_size);
Expand All @@ -203,7 +214,7 @@ class PX4Crypto
* returns true on success, false on failure
*/

bool encrypt_data(uint8_t key_index,
bool encrypt_data(uint8_t key_index,
const uint8_t *message,
size_t message_size,
uint8_t *cipher,
Expand Down
65 changes: 57 additions & 8 deletions platforms/common/include/px4_platform_common/crypto_backend.h
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,19 @@ bool crypto_generate_key(crypto_session_handle_t handle,
uint8_t idx,
bool persistent);

/*
* Generate key pair
* handle: Open handle for the crypto session. The key will be generated for
* the crypto algorithm used by this session
* key_size: size of the private key
* key_idx: The key index, by which the keys can be used
* persistent: if set to "true", the keys will be stored into the keystore
*/
bool crypto_generate_keypair(crypto_session_handle_t handle,
size_t key_size,
uint8_t key_idx,
bool persistent);

/*
* Get a key from keystore, possibly encrypted
*
Expand Down Expand Up @@ -181,22 +194,39 @@ bool crypto_get_nonce(crypto_session_handle_t handle,
uint8_t *nonce,
size_t *nonce_len);


/*
* Perform signing using an open session to crypto
* handle: session handle, returned by open
* key_index: index to the key used for signing
* signature: pointer to output signature data
* message: pointer to the data to be signed
* message_size: size of the data
*/

bool crypto_signature_gen(crypto_session_handle_t handle,
uint8_t key_index,
uint8_t *signature,
const uint8_t *message,
size_t message_size);

/*
* Perform signature check using an open session to crypto
* handle: session handle, returned by open
* key_index: index to the key used for signature check
* signature: pointer to the signature
* message: pointer to the data to be checked
* message_size: size of the data
*/

bool crypto_signature_check(crypto_session_handle_t handle,
uint8_t key_index,
const uint8_t *signature,
uint8_t key_index,
const uint8_t *signature,
const uint8_t *message,
size_t message_size);

bool crypto_encrypt_data(crypto_session_handle_t handle,
uint8_t key_index,
uint8_t key_index,
const uint8_t *message,
size_t message_size,
uint8_t *cipher,
Expand Down Expand Up @@ -253,7 +283,7 @@ typedef struct cryptoiocopen {
#define CRYPTOIOCENCRYPT _CRYPTOIOC(3)
typedef struct cryptoiocencrypt {
crypto_session_handle_t *handle;
uint8_t key_index;
uint8_t key_index;
const uint8_t *message;
size_t message_size;
uint8_t *cipher;
Expand Down Expand Up @@ -304,17 +334,27 @@ typedef struct cryptoiocrenewnonce {
size_t ret;
} cryptoiocrenewnonce_t;

#define CRYPTOIOCSIGNATURECHECK _CRYPTOIOC(9)
#define CRYPTOIOCSIGN _CRYPTOIOC(9)
typedef struct cryptoiocsign {
crypto_session_handle_t *handle;
uint8_t key_index;
uint8_t *signature;
const uint8_t *message;
size_t message_size;
size_t ret;
} cryptoiocsign_t;

#define CRYPTOIOCSIGNATURECHECK _CRYPTOIOC(10)
typedef struct cryptoiocsignaturecheck {
crypto_session_handle_t *handle;
uint8_t key_index;
const uint8_t *signature;
uint8_t key_index;
const uint8_t *signature;
const uint8_t *message;
size_t message_size;
size_t ret;
} cryptoiocsignaturecheck_t;

#define CRYPTOIOCDECRYPTDATA _CRYPTOIOC(10)
#define CRYPTOIOCDECRYPTDATA _CRYPTOIOC(11)
typedef struct cryptoiocdecryptdata {
crypto_session_handle_t *handle;
uint8_t key_index;
Expand All @@ -327,6 +367,15 @@ typedef struct cryptoiocdecryptdata {
size_t ret;
} cryptoiocdecryptdata_t;

#define CRYPTOIOCGENKEYPAIR _CRYPTOIOC(12)
typedef struct cryptoiocgenkeypair {
crypto_session_handle_t *handle;
size_t key_size;
uint8_t key_idx;
bool persistent;
bool ret;
} cryptoiocgenkeypair_t;

#if defined(__cplusplus)
} // extern "C"
#endif
33 changes: 31 additions & 2 deletions platforms/nuttx/src/px4/common/px4_crypto.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -117,15 +117,23 @@ void PX4Crypto::close()
unlock();
}

bool PX4Crypto::signature_check(uint8_t key_index,
bool PX4Crypto::sign(uint8_t key_index,
uint8_t *signature,
const uint8_t *message,
size_t message_size)
{
return crypto_signature_gen(_crypto_handle, key_index, signature, message, message_size);
}

bool PX4Crypto::signature_check(uint8_t key_index,
const uint8_t *signature,
const uint8_t *message,
size_t message_size)
{
return crypto_signature_check(_crypto_handle, key_index, signature, message, message_size);
}

bool PX4Crypto::encrypt_data(uint8_t key_index,
bool PX4Crypto::encrypt_data(uint8_t key_index,
const uint8_t *message,
size_t message_size,
uint8_t *cipher,
Expand Down Expand Up @@ -154,6 +162,13 @@ bool PX4Crypto::generate_key(uint8_t idx,
return crypto_generate_key(_crypto_handle, idx, persistent);
}

bool PX4Crypto::generate_keypair(size_t key_size,
uint8_t key_idx,
bool persistent)
{
return crypto_generate_keypair(_crypto_handle, key_size, key_idx, persistent);
}

bool PX4Crypto::renew_nonce(const uint8_t *nonce,
size_t nonce_size)
{
Expand Down Expand Up @@ -209,6 +224,13 @@ int PX4Crypto::crypto_ioctl(unsigned int cmd, unsigned long arg)
}
break;


case CRYPTOIOCGENKEYPAIR: {
cryptoiocgenkeypair_t *data = (cryptoiocgenkeypair_t *)arg;
data->ret = crypto_generate_keypair(*(data->handle), data->key_size, data->key_idx, data->persistent);
}
break;

case CRYPTOIOCRENEWNONCE: {
cryptoiocrenewnonce_t *data = (cryptoiocrenewnonce_t *)arg;
data->ret = crypto_renew_nonce(*(data->handle), data->nonce, data->nonce_size);
Expand All @@ -229,6 +251,13 @@ int PX4Crypto::crypto_ioctl(unsigned int cmd, unsigned long arg)
}
break;

case CRYPTOIOCSIGN: {
cryptoiocsign_t *data = (cryptoiocsign_t *)arg;
data->ret = crypto_signature_gen(*(data->handle), data->key_index, data->signature, data->message,
data->message_size);
}
break;

case CRYPTOIOCSIGNATURECHECK: {
cryptoiocsignaturecheck_t *data = (cryptoiocsignaturecheck_t *)arg;
data->ret = crypto_signature_check(*(data->handle), data->key_index, data->signature, data->message,
Expand Down
23 changes: 21 additions & 2 deletions platforms/nuttx/src/px4/common/px4_usr_crypto.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ void PX4Crypto::close()
boardctl(CRYPTOIOCCLOSE, reinterpret_cast<unsigned long>(&_crypto_handle));
}

bool PX4Crypto::signature_check(uint8_t key_index,
bool PX4Crypto::signature_check(uint8_t key_index,
const uint8_t *signature,
const uint8_t *message,
size_t message_size)
Expand All @@ -87,7 +87,17 @@ bool PX4Crypto::signature_check(uint8_t key_index,
return data.ret;
}

bool PX4Crypto::encrypt_data(uint8_t key_index,
bool PX4Crypto::sign(uint8_t key_index,
uint8_t *signature,
const uint8_t *message,
size_t message_size)
{
cryptoiocsign_t data = {&_crypto_handle, key_index, signature, message, message_size, false};
boardctl(CRYPTOIOCSIGN, reinterpret_cast<unsigned long>(&data));
return data.ret;
}

bool PX4Crypto::encrypt_data(uint8_t key_index,
const uint8_t *message,
size_t message_size,
uint8_t *cipher,
Expand Down Expand Up @@ -121,6 +131,15 @@ bool PX4Crypto::generate_key(uint8_t idx,
return data.ret;
}

bool PX4Crypto::generate_keypair(size_t key_size,
uint8_t key_idx,
bool persistent)
{
cryptoiocgenkeypair_t data = {&_crypto_handle, key_size, key_idx, persistent, false};
boardctl(CRYPTOIOCGENKEYPAIR, reinterpret_cast<unsigned long>(&data));
return data.ret;
}

bool PX4Crypto::renew_nonce(const uint8_t *nonce,
size_t nonce_size)
{
Expand Down
52 changes: 49 additions & 3 deletions src/drivers/sw_crypto/crypto.c
Original file line number Diff line number Diff line change
Expand Up @@ -214,9 +214,47 @@ void crypto_close(crypto_session_handle_t *handle)
handle->context = NULL;
}

bool crypto_signature_gen(crypto_session_handle_t handle,
uint8_t key_index,
uint8_t *signature,
const uint8_t *message,
size_t message_size)
{
bool ret = false;
size_t keylen = 0;
const uint8_t *private_key = NULL;

if (crypto_session_handle_valid(handle)) {
private_key = crypto_get_key_ptr(handle.keystore_handle, key_index, &keylen);
}

if (keylen == 0 || private_key == NULL) {
return false;
}

switch (handle.algorithm) {
case CRYPTO_ED25519:
if (keylen >= 32) {
/* In the DER format ed25519 key the raw private key part is always the last 32 bytes.
* This simple "parsing" works for both "raw" key and DER format
*/
private_key += keylen - 32;
crypto_ed25519_sign(signature, private_key, 0, message, message_size);
ret = (signature != NULL);
}

break;

default:
ret = false;
}

return ret;
}

bool crypto_signature_check(crypto_session_handle_t handle,
uint8_t key_index,
const uint8_t *signature,
uint8_t key_index,
const uint8_t *signature,
const uint8_t *message,
size_t message_size)
{
Expand Down Expand Up @@ -252,7 +290,7 @@ bool crypto_signature_check(crypto_session_handle_t handle,
}

bool crypto_encrypt_data(crypto_session_handle_t handle,
uint8_t key_idx,
uint8_t key_idx,
const uint8_t *message,
size_t message_size,
uint8_t *cipher,
Expand Down Expand Up @@ -330,6 +368,14 @@ bool crypto_encrypt_data(crypto_session_handle_t handle,
return ret;
}

bool crypto_generate_keypair(crypto_session_handle_t handle,
size_t key_size, uint8_t key_idx,
bool persistent)
{
/* unimplemented */
return false;
}

bool crypto_generate_key(crypto_session_handle_t handle,
uint8_t idx, bool persistent)
{
Expand Down

0 comments on commit 585f65b

Please sign in to comment.