QGroundControl
Ground Control Station for MAVLink Drones
Loading...
Searching...
No Matches
MAVLinkSigning Namespace Reference

Classes

struct  DetectSnapshot
 Single-lock snapshot struct; fields populated by SigningChannel::detectSnapshot(). More...
 

Typedefs

using SigningKey = std::array< uint8_t, kSigningKeySize >
 std::array avoids QByteArray COW detach so secureZero() actually wipes the bytes.
 

Enumerations

enum class  UnsignedAcceptancePolicy : uint8_t { Strict , Pending }
 

Functions

std::optional< SigningKeymakeSigningKey (QByteArrayView bytes)
 Build a SigningKey from arbitrary bytes. Returns nullopt if input is the wrong size.
 
bool secureConnectionAcceptUnsignedCallback (const mavlink_status_t *status, uint32_t message_id)
 
bool insecureConnectionAcceptUnsignedCallback (const mavlink_status_t *status, uint32_t message_id)
 
mavlink_accept_unsigned_t callbackForPolicy (UnsignedAcceptancePolicy policy)
 Maps a high-level policy to the underlying libmavlink callback.
 
void createSetupSigning (mavlink_channel_t channel, mavlink_system_t target_system, QByteArrayView keyBytes, mavlink_setup_signing_t &setup_signing)
 Build a SETUP_SIGNING payload. Empty keyBytes produces a disable payload (zero key, zero timestamp).
 
bool encodeSetupSigning (mavlink_channel_t channel, uint8_t srcSysId, uint8_t srcCompId, mavlink_system_t target_system, QByteArrayView keyBytes, mavlink_message_t &message)
 
bool isMessageSigned (const mavlink_message_t &message)
 Returns true if the message has a MAVLink2 signature.
 
void setMessageSigned (mavlink_message_t &message, bool isSigned)
 Set or clear the MAVLink2 signature incompatibility flag on a message.
 
QByteArray serializeUnsignedCopy (const mavlink_message_t &message)
 
bool verifySignature (QByteArrayView key, const mavlink_message_t &message)
 Verify a key against a signed message's signature.
 
void signMessage (QByteArrayView key, uint8_t linkId, uint64_t timestamp, mavlink_message_t &message)
 
bool verifySignature (const SigningKey &key, const mavlink_message_t &message)
 
bool checkSigningLinkId (mavlink_channel_t channel, const mavlink_message_t &message)
 
QString signingStatusString (mavlink_channel_t channel)
 
int signingStreamCount (mavlink_channel_t channel)
 
void logSigningFailure (mavlink_channel_t channel)
 
const QDateTime & signingEpoch ()
 MAVLink wire-protocol epoch; must be UTC per spec.
 
uint64_t currentSigningTimestampTicks ()
 Current signing timestamp in 10µs ticks since 2015-01-01.
 

Variables

static constexpr int kSigningKeySize = 32
 
static constexpr int kSignatureHashBytes = 6
 
static constexpr int kSignaturePrefixBytes = 7
 

Typedef Documentation

◆ SigningKey

using MAVLinkSigning::SigningKey = typedef std::array<uint8_t, kSigningKeySize>

std::array avoids QByteArray COW detach so secureZero() actually wipes the bytes.

Definition at line 25 of file MAVLinkSigning.h.

Enumeration Type Documentation

◆ UnsignedAcceptancePolicy

enum class MAVLinkSigning::UnsignedAcceptancePolicy : uint8_t
strong

Acceptance policy used by SigningController/Channel public API; mapped to a libmavlink mavlink_accept_unsigned_t callback via callbackForPolicy().

Enumerator
Strict 
Pending 

Definition at line 45 of file MAVLinkSigning.h.

Function Documentation

◆ callbackForPolicy()

mavlink_accept_unsigned_t MAVLinkSigning::callbackForPolicy ( UnsignedAcceptancePolicy  policy)

Maps a high-level policy to the underlying libmavlink callback.

Definition at line 71 of file MAVLinkSigning.cc.

References Pending, secureConnectionAcceptUnsignedCallback(), and Strict.

Referenced by SigningController::initSigningImmediate(), SigningController::tryBeginDisable(), and SigningController::tryBeginEnable().

◆ checkSigningLinkId()

bool MAVLinkSigning::checkSigningLinkId ( mavlink_channel_t  channel,
const mavlink_message_t message 
)

Definition at line 221 of file MAVLinkSigning.cc.

◆ createSetupSigning()

void MAVLinkSigning::createSetupSigning ( mavlink_channel_t  channel,
mavlink_system_t  target_system,
QByteArrayView  keyBytes,
mavlink_setup_signing_t setup_signing 
)

Build a SETUP_SIGNING payload. Empty keyBytes produces a disable payload (zero key, zero timestamp).

Definition at line 82 of file MAVLinkSigning.cc.

References currentSigningTimestampTicks().

Referenced by encodeSetupSigning().

◆ currentSigningTimestampTicks()

uint64_t MAVLinkSigning::currentSigningTimestampTicks ( )
inline

Current signing timestamp in 10µs ticks since 2015-01-01.

Definition at line 35 of file MAVLinkSigning.h.

References signingEpoch().

Referenced by createSetupSigning(), SigningChannel::init(), SigningChannel::refreshOutgoingTimestamp(), and SigningChannel::signOutgoing().

◆ encodeSetupSigning()

bool MAVLinkSigning::encodeSetupSigning ( mavlink_channel_t  channel,
uint8_t  srcSysId,
uint8_t  srcCompId,
mavlink_system_t  target_system,
QByteArrayView  keyBytes,
mavlink_message_t message 
)

Encode a complete SETUP_SIGNING message ready to send. Empty keyBytes encodes a disable. Returns false if the channel is invalid.

Definition at line 98 of file MAVLinkSigning.cc.

References createSetupSigning(), and mavlink_get_channel_status().

◆ insecureConnectionAcceptUnsignedCallback()

bool MAVLinkSigning::insecureConnectionAcceptUnsignedCallback ( const mavlink_status_t *  status,
uint32_t  message_id 
)

Definition at line 46 of file MAVLinkSigning.cc.

◆ isMessageSigned()

bool MAVLinkSigning::isMessageSigned ( const mavlink_message_t message)

Returns true if the message has a MAVLink2 signature.

Definition at line 110 of file MAVLinkSigning.cc.

Referenced by SigningController::processFrame(), and MAVLinkSigningKeys::tryDetectKey().

◆ logSigningFailure()

void MAVLinkSigning::logSigningFailure ( mavlink_channel_t  channel)

Definition at line 261 of file MAVLinkSigning.cc.

References MAVLINK_MAX_SIGNING_STREAMS.

Referenced by SigningController::processFrame().

◆ makeSigningKey()

std::optional< SigningKey > MAVLinkSigning::makeSigningKey ( QByteArrayView  bytes)

Build a SigningKey from arbitrary bytes. Returns nullopt if input is the wrong size.

Definition at line 30 of file MAVLinkSigning.cc.

References kSigningKeySize.

Referenced by MAVLinkSigningKeys::addKey(), and MAVLinkSigningKeys::addRawKey().

◆ secureConnectionAcceptUnsignedCallback()

bool MAVLinkSigning::secureConnectionAcceptUnsignedCallback ( const mavlink_status_t *  status,
uint32_t  message_id 
)

Definition at line 40 of file MAVLinkSigning.cc.

Referenced by callbackForPolicy().

◆ serializeUnsignedCopy()

QByteArray MAVLinkSigning::serializeUnsignedCopy ( const mavlink_message_t message)

Wire-format serialization of message with the MAVLink2 signature flag cleared and CRC recomputed. Use this for forward/log paths instead of touching incompat_flags directly — the stored checksum would otherwise disagree with the modified header byte and downstream parsers reject as BAD_CRC. No-op for MAVLink1 (returns the original wire bytes; mavlink1 has no signature flag).

Definition at line 124 of file MAVLinkSigning.cc.

◆ setMessageSigned()

void MAVLinkSigning::setMessageSigned ( mavlink_message_t message,
bool  isSigned 
)

Set or clear the MAVLink2 signature incompatibility flag on a message.

Definition at line 115 of file MAVLinkSigning.cc.

Referenced by signMessage().

◆ signingEpoch()

const QDateTime & MAVLinkSigning::signingEpoch ( )
inline

MAVLink wire-protocol epoch; must be UTC per spec.

Definition at line 28 of file MAVLinkSigning.h.

Referenced by currentSigningTimestampTicks().

◆ signingStatusString()

QString MAVLinkSigning::signingStatusString ( mavlink_channel_t  channel)

Definition at line 231 of file MAVLinkSigning.cc.

Referenced by SigningController::statusText().

◆ signingStreamCount()

int MAVLinkSigning::signingStreamCount ( mavlink_channel_t  channel)

Definition at line 252 of file MAVLinkSigning.cc.

References mavlink_get_channel_status().

◆ signMessage()

void MAVLinkSigning::signMessage ( QByteArrayView  key,
uint8_t  linkId,
uint64_t  timestamp,
mavlink_message_t message 
)

Re-sign an already-encoded message in place: writes link_id+timestamp into the signature block, recomputes the truncated SHA-256 hash, and sets IFLAG_SIGNED. The cached-resend path (Vehicle::sendMessageMultiple) needs this so a frozen timestamp is refreshed at send time. timestamp is the 48-bit value to stamp. Shares the exact hash layout with verifySignature so wire format can't diverge.

Definition at line 196 of file MAVLinkSigning.cc.

References kSignatureHashBytes, kSignaturePrefixBytes, kSigningKeySize, and setMessageSigned().

Referenced by SigningChannel::signOutgoing().

◆ verifySignature() [1/2]

bool MAVLinkSigning::verifySignature ( const SigningKey key,
const mavlink_message_t message 
)

Definition at line 216 of file MAVLinkSigning.cc.

References verifySignature().

◆ verifySignature() [2/2]

bool MAVLinkSigning::verifySignature ( QByteArrayView  key,
const mavlink_message_t message 
)

Verify a key against a signed message's signature.

Definition at line 184 of file MAVLinkSigning.cc.

References kSignatureHashBytes, kSignaturePrefixBytes, and kSigningKeySize.

Referenced by MAVLinkSigningKeys::tryDetectKey(), and verifySignature().

Variable Documentation

◆ kSignatureHashBytes

constexpr int MAVLinkSigning::kSignatureHashBytes = 6
staticconstexpr

Definition at line 21 of file MAVLinkSigning.h.

Referenced by signMessage(), and verifySignature().

◆ kSignaturePrefixBytes

constexpr int MAVLinkSigning::kSignaturePrefixBytes = 7
staticconstexpr

Definition at line 22 of file MAVLinkSigning.h.

Referenced by signMessage(), and verifySignature().

◆ kSigningKeySize

constexpr int MAVLinkSigning::kSigningKeySize = 32
staticconstexpr

Definition at line 20 of file MAVLinkSigning.h.

Referenced by makeSigningKey(), signMessage(), and verifySignature().