Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Aerobridge Guardian (trusted flight module) : JWT verification for flights / vehicle arming #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Aerobridge Guardian (trusted flight module) : JWT verification for flights / vehicle arming #1

wants to merge 1 commit into from

Conversation

nCk9
Copy link

@nCk9 nCk9 commented Jan 21, 2022

This is an initial PR for verifying the JWT signature received at the firmware from the ground control station (GCS). Post successful verification, drone arming can be performed.

Work done:

  • Added jwt-cpp as a submodule to leverage the APIs provided by the library for verification.
  • Worked on proper integration: changes to the environment variables for a proper build.
  • Added a sample script in AP_Arming.cpp for verification using the library's APIs.

Future Work:

  • The permission artifact would be present on the drone SD card. We need to find a workaround for successfully fetching that file.
  • Parsing the file, obtaining the signature, verification, and arming decision.

Let me know if you have any suggestions.
Thanks.

botmayank
botmayank reviewed Feb 3, 2022
View reviewed changes
Copy link

@botmayank botmayank left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added first impression comments

ArduCopter/AP_Arming.cpp
@@ -15,6 +15,33 @@ void AP_Arming_Copter::update(void)
display_fail = true;
pre_arm_display_counter = 0;
}
//a sample verification token
std::string rsa_pub_key = R"(-----BEGIN PUBLIC KEY-----
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should not have even test tokens in committed changes. Should move this out to an env file how Kapil did for QGC

ArduCopter/AP_Arming.cpp
auto decoded = jwt::decode(token);

verify.verify(decoded);

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does verify failure block arming? Doesn't look like it. This just seems like a call to verify and an unused retval.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@botmayank botmayank botmayank left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nCk9 @botmayank