SigningChannel Class Reference

Owns MAVLink signing state for one channel: signing/streams structs, key hint, and RW lock. More...

#include <SigningChannel.h>

Classes
struct	TimestampSnapshot

Public Member Functions
	SigningChannel ()=default
	~SigningChannel ()=default
	SigningChannel (const SigningChannel &)=delete
SigningChannel &	operator= (const SigningChannel &)=delete
	SigningChannel (SigningChannel &&)=delete
SigningChannel &	operator= (SigningChannel &&)=delete
bool	init (mavlink_channel_t channel, QByteArrayView key, mavlink_accept_unsigned_t callback, uint64_t persistedTimestamp=0, const QString &keyName={}, bool signOutgoing=true)
bool	setAcceptUnsignedCallback (mavlink_accept_unsigned_t callback)
	Swap the accept-unsigned callback without resetting the key. Returns false if signing isn't enabled.
bool	isEnabled () const
int	streamCount () const
QString	keyHint () const
void	setKeyHint (const QString &name)
void	clearKeyHint ()
TimestampSnapshot	currentTimestampAndName () const
	Returns current timestamp and active key name. Returns {0, ""} when signing is not enabled.
bool	isAutoDetectSuspended () const
	While suspended, tryDetectKey is suppressed to block stale-key installs during pending enable.
QGC::AutoSuspendGuard	suspendAutoDetect ()
	RAII handle that suspends auto-detect for the guard's lifetime; release is automatic on destruction.
bool	isInDetectCooldown () const
	Throttles detect misses; HMAC per packet per key is expensive. Monotonic timer to avoid wall-clock skew.
void	recordDetectMiss ()
void	clearDetectCooldown ()
MAVLinkSigning::DetectSnapshot	detectSnapshot () const
	Single-lock snapshot; 3 separate reads have TOCTOU window vs MockLink's thread.
bool	consumeStatusTransition (mavlink_channel_t channel)
	True if last_status changed since previous call; sole transition-detection source.

Static Public Attributes
static constexpr uint64_t	kPersistedTimestampSafetyBumpTicks = 6'000'000
	60s post-reboot timestamp bump (matches ArduPilot GCS_Signing.cpp); absorbs SIGKILL/suspend/NTP/clock-skew gaps.
static constexpr qint64	kDetectCooldownMs = 2000

Friends
class	SigningController

Detailed Description

Owns MAVLink signing state for one channel: signing/streams structs, key hint, and RW lock.

Definition at line 18 of file SigningChannel.h.

Constructor & Destructor Documentation

SigningChannel() [1/3]

SigningChannel::SigningChannel ( )

default

~SigningChannel()

SigningChannel::~SigningChannel ( )

default

SigningChannel() [2/3]

SigningChannel::SigningChannel ( const SigningChannel &  )

delete

SigningChannel() [3/3]

SigningChannel::SigningChannel ( SigningChannel &&  )

delete

Member Function Documentation

clearDetectCooldown()

void SigningChannel::clearDetectCooldown

(

)

Definition at line 138 of file SigningChannel.cc.

Referenced by SigningController::clearDetectCooldown(), and SigningController::clearSigning().

clearKeyHint()

void SigningChannel::clearKeyHint

(

)

Definition at line 144 of file SigningChannel.cc.

consumeStatusTransition()

bool SigningChannel::consumeStatusTransition

(

mavlink_channel_t

channel

)

True if last_status changed since previous call; sole transition-detection source.

Definition at line 163 of file SigningChannel.cc.

References mavlink_get_channel_status().

Referenced by SigningController::processFrame().

currentTimestampAndName()

SigningChannel::TimestampSnapshot SigningChannel::currentTimestampAndName

(

)

const

Returns current timestamp and active key name. Returns {0, ""} when signing is not enabled.

Definition at line 64 of file SigningChannel.cc.

Referenced by SigningController::clearSigning().

detectSnapshot()

MAVLinkSigning::DetectSnapshot SigningChannel::detectSnapshot

(

)

const

Single-lock snapshot; 3 separate reads have TOCTOU window vs MockLink's thread.

Definition at line 150 of file SigningChannel.cc.

References MAVLinkSigning::DetectSnapshot::autoDetectSuspended, MAVLinkSigning::DetectSnapshot::inCooldown, and MAVLinkSigning::DetectSnapshot::keyHint.

Referenced by MAVLinkSigningKeys::tryDetectKey().

init()

bool SigningChannel::init	(	mavlink_channel_t	channel,
		QByteArrayView	key,
		mavlink_accept_unsigned_t	callback,
		uint64_t	persistedTimestamp = 0,
		const QString &	keyName = {},
		bool	signOutgoing = true
	)

Initialize signing for channel; empty key disables. signOutgoing=false is inbound-verify-only (pending-enable). Non-empty keyName seeds _signing.timestamp with max(wallClock, persistedTimestamp+safetyBump) and records keyHint.

Definition at line 12 of file SigningChannel.cc.

References MAVLinkSigning::currentSigningTimestampTicks(), mavlink_get_channel_status(), and QGC::secureZero().

Referenced by SigningController::clearSigning(), SigningController::initSigningImmediate(), SigningController::tryBeginEnable(), and SigningController::~SigningController().

isAutoDetectSuspended()

bool SigningChannel::isAutoDetectSuspended

(

)

const

While suspended, tryDetectKey is suppressed to block stale-key installs during pending enable.

Definition at line 121 of file SigningChannel.cc.

isEnabled()

bool SigningChannel::isEnabled

(

)

const

Definition at line 97 of file SigningChannel.cc.

Referenced by SigningController::clearSigning(), SigningController::processFrame(), SigningController::state(), and SigningController::statusText().

isInDetectCooldown()

bool SigningChannel::isInDetectCooldown

(

)

const

Throttles detect misses; HMAC per packet per key is expensive. Monotonic timer to avoid wall-clock skew.

Definition at line 126 of file SigningChannel.cc.

keyHint()

QString SigningChannel::keyHint

(

)

const

Definition at line 109 of file SigningChannel.cc.

Referenced by SigningController::keyName(), and SigningController::status().

operator=() [1/2]

SigningChannel & SigningChannel::operator= ( const SigningChannel &  )

delete

operator=() [2/2]

SigningChannel & SigningChannel::operator= ( SigningChannel &&  )

delete

recordDetectMiss()

void SigningChannel::recordDetectMiss

(

)

Definition at line 132 of file SigningChannel.cc.

References kDetectCooldownMs.

Referenced by SigningController::recordDetectMiss().

setAcceptUnsignedCallback()

bool SigningChannel::setAcceptUnsignedCallback

(

mavlink_accept_unsigned_t

callback

)

Swap the accept-unsigned callback without resetting the key. Returns false if signing isn't enabled.

Definition at line 73 of file SigningChannel.cc.

Referenced by SigningController::tryBeginDisable().

setKeyHint()

void SigningChannel::setKeyHint

(

const QString &

name

)

Definition at line 115 of file SigningChannel.cc.

streamCount()

int SigningChannel::streamCount

(

)

const

Definition at line 103 of file SigningChannel.cc.

Referenced by SigningController::status(), and SigningController::streamCount().

suspendAutoDetect()

QGC::AutoSuspendGuard SigningChannel::suspendAutoDetect ( )

inline

RAII handle that suspends auto-detect for the guard's lifetime; release is automatic on destruction.

Definition at line 59 of file SigningChannel.h.

Referenced by SigningController::tryBeginEnable().

Friends And Related Symbol Documentation

SigningController

friend class SigningController

friend

Definition at line 74 of file SigningChannel.h.

Member Data Documentation

kDetectCooldownMs

constexpr qint64 SigningChannel::kDetectCooldownMs = 2000

staticconstexpr

Definition at line 65 of file SigningChannel.h.

Referenced by recordDetectMiss().

kPersistedTimestampSafetyBumpTicks

constexpr uint64_t SigningChannel::kPersistedTimestampSafetyBumpTicks = 6'000'000

staticconstexpr

60s post-reboot timestamp bump (matches ArduPilot GCS_Signing.cpp); absorbs SIGKILL/suspend/NTP/clock-skew gaps.

Definition at line 29 of file SigningChannel.h.

---

The documentation for this class was generated from the following files:

• src/MAVLink/Signing/SigningChannel.h
• src/MAVLink/Signing/SigningChannel.cc