Add a header to logfile encryption key exchange file

Signed-off-by: Jukka Laitinen <jukkax@ssrc.tii.ae>
2021-09-15 14:26:31 +03:00 · 2021-09-15 14:26:31 +03:00 · 6cae4c92e7
parent 9a4ef709ca
commit 6cae4c92e7
3 changed files with 65 additions and 3 deletions
--- a/Tools/decrypt_ulog.py
+++ b/Tools/decrypt_ulog.py
@ -29,8 +29,26 @@ if __name__ == "__main__":

    # Read the encrypted xchacha key and the nonce
    with open(args.ulog_key, 'rb') as f:
-        ulog_key_cipher = f.read(256)
-        nonce = f.read(24)
+        ulog_key_header = f.read(22)
+
+        # Parse the header
+        try:
+            # magic
+            if not ulog_key_header.startswith(bytearray("ULogKey".encode())):
+                raise Exception()
+            # version
+            if ulog_key_header[7] != 1:
+                raise Exception()
+            # expected key exchange algorithm (RSA_OAEP)
+            if ulog_key_header[16] != 4:
+                raise Exception()
+            key_size = ulog_key_header[19] << 8 | ulog_key_header[18];
+            nonce_size = ulog_key_header[21] << 8 | ulog_key_header[20];
+            ulog_key_cipher = f.read(key_size)
+            nonce = f.read(nonce_size)
+        except:
+            print("Keyfile format error")
+            sys.exit(1);

    # Decrypt the xchacha key
    cipher_rsa = PKCS1_OAEP.new(r,SHA256)
--- a/src/modules/logger/log_writer_file.cpp
+++ b/src/modules/logger/log_writer_file.cpp
@ -175,7 +175,24 @@ bool LogWriterFile::init_logfile_encryption(const char *filename)
 		return false;
 	}

-	size_t written = ::write(key_fd, key, key_size + nonce_size);
+	// write the header to the key exchange file
+	struct ulog_key_header_s keyfile_header = {
+		.magic = {'U', 'L', 'o', 'g', 'K', 'e', 'y'},
+		.hdr_ver = 1,
+		.timestamp = hrt_absolute_time(),
+		.exchange_algorithm = CRYPTO_RSA_OAEP,
+		.exchange_key = _exchange_key_idx,
+		.key_size = (uint16_t)key_size,
+		.initdata_size = (uint16_t)nonce_size
+	};
+
+	size_t hdr_sz = ::write(key_fd, (uint8_t *)&keyfile_header, sizeof(keyfile_header));
+	size_t written = 0;
+
+	if (hdr_sz == sizeof(keyfile_header)) {
+		// Header write succeeded, write the  key
+		written = ::write(key_fd, key, key_size + nonce_size);
+	}

 	// Free temporary memory allocations
 	free(key);
--- a/src/modules/logger/messages.h
+++ b/src/modules/logger/messages.h
@ -61,6 +61,33 @@ struct ulog_file_header_s {
 	uint64_t timestamp;
 };

+/** first bytes of the crypto key file */
+struct ulog_key_header_s {
+	/* magic identifying the file content */
+	uint8_t magic[7];
+
+	/* version of this header file */
+	uint8_t hdr_ver;
+
+	/* file creation timestamp */
+	uint64_t timestamp;
+
+	/* crypto algorithm used for key exchange */
+	uint8_t exchange_algorithm;
+
+	/* encryption key index used for key exchange */
+	uint8_t exchange_key;
+
+	/* size of the key */
+	uint16_t key_size;
+
+	/* size of logfile crypto algoritm initialization data, e.g. nonce */
+	uint16_t initdata_size;
+
+	/* actual data (initdata+key) */
+	uint8_t	data[0];
+};
+
 #define ULOG_MSG_HEADER_LEN 3 //accounts for msg_size and msg_type
 struct ulog_message_header_s {
 	uint16_t msg_size;