From 6cae4c92e7b458a401b5a7f95f8d042d4b5ca3e8 Mon Sep 17 00:00:00 2001
From: Jukka Laitinen <jukkax@ssrc.tii.ae>
Date: Wed, 15 Sep 2021 14:26:31 +0300
Subject: [PATCH] Add a header to logfile encryption key exchange file

Signed-off-by: Jukka Laitinen <jukkax@ssrc.tii.ae>
---
 Tools/decrypt_ulog.py                  | 22 +++++++++++++++++++--
 src/modules/logger/log_writer_file.cpp | 19 +++++++++++++++++-
 src/modules/logger/messages.h          | 27 ++++++++++++++++++++++++++
 3 files changed, 65 insertions(+), 3 deletions(-)

diff --git a/Tools/decrypt_ulog.py b/Tools/decrypt_ulog.py
index 823be2042a..f6d888c56b 100755
--- a/Tools/decrypt_ulog.py
+++ b/Tools/decrypt_ulog.py
@@ -29,8 +29,26 @@ if __name__ == "__main__":
 
     # Read the encrypted xchacha key and the nonce
     with open(args.ulog_key, 'rb') as f:
-        ulog_key_cipher = f.read(256)
-        nonce = f.read(24)
+        ulog_key_header = f.read(22)
+
+        # Parse the header
+        try:
+            # magic
+            if not ulog_key_header.startswith(bytearray("ULogKey".encode())):
+                raise Exception()
+            # version
+            if ulog_key_header[7] != 1:
+                raise Exception()
+            # expected key exchange algorithm (RSA_OAEP)
+            if ulog_key_header[16] != 4:
+                raise Exception()
+            key_size = ulog_key_header[19] << 8 | ulog_key_header[18];
+            nonce_size = ulog_key_header[21] << 8 | ulog_key_header[20];
+            ulog_key_cipher = f.read(key_size)
+            nonce = f.read(nonce_size)
+        except:
+            print("Keyfile format error")
+            sys.exit(1);
 
     # Decrypt the xchacha key
     cipher_rsa = PKCS1_OAEP.new(r,SHA256)
diff --git a/src/modules/logger/log_writer_file.cpp b/src/modules/logger/log_writer_file.cpp
index 915aa1962b..6e420790a5 100644
--- a/src/modules/logger/log_writer_file.cpp
+++ b/src/modules/logger/log_writer_file.cpp
@@ -175,7 +175,24 @@ bool LogWriterFile::init_logfile_encryption(const char *filename)
 		return false;
 	}
 
-	size_t written = ::write(key_fd, key, key_size + nonce_size);
+	// write the header to the key exchange file
+	struct ulog_key_header_s keyfile_header = {
+		.magic = {'U', 'L', 'o', 'g', 'K', 'e', 'y'},
+		.hdr_ver = 1,
+		.timestamp = hrt_absolute_time(),
+		.exchange_algorithm = CRYPTO_RSA_OAEP,
+		.exchange_key = _exchange_key_idx,
+		.key_size = (uint16_t)key_size,
+		.initdata_size = (uint16_t)nonce_size
+	};
+
+	size_t hdr_sz = ::write(key_fd, (uint8_t *)&keyfile_header, sizeof(keyfile_header));
+	size_t written = 0;
+
+	if (hdr_sz == sizeof(keyfile_header)) {
+		// Header write succeeded, write the  key
+		written = ::write(key_fd, key, key_size + nonce_size);
+	}
 
 	// Free temporary memory allocations
 	free(key);
diff --git a/src/modules/logger/messages.h b/src/modules/logger/messages.h
index c6512db00b..59e56339e4 100644
--- a/src/modules/logger/messages.h
+++ b/src/modules/logger/messages.h
@@ -61,6 +61,33 @@ struct ulog_file_header_s {
 	uint64_t timestamp;
 };
 
+/** first bytes of the crypto key file */
+struct ulog_key_header_s {
+	/* magic identifying the file content */
+	uint8_t magic[7];
+
+	/* version of this header file */
+	uint8_t hdr_ver;
+
+	/* file creation timestamp */
+	uint64_t timestamp;
+
+	/* crypto algorithm used for key exchange */
+	uint8_t exchange_algorithm;
+
+	/* encryption key index used for key exchange */
+	uint8_t exchange_key;
+
+	/* size of the key */
+	uint16_t key_size;
+
+	/* size of logfile crypto algoritm initialization data, e.g. nonce */
+	uint16_t initdata_size;
+
+	/* actual data (initdata+key) */
+	uint8_t	data[0];
+};
+
 #define ULOG_MSG_HEADER_LEN 3 //accounts for msg_size and msg_type
 struct ulog_message_header_s {
 	uint16_t msg_size;