MethodicConfigurator icon indicating copy to clipboard operation
MethodicConfigurator copied to clipboard
verified publisher icon ArduPilot

Featuer: added MAVLink 2.0 message signing and authentication support to provide secure communication between GCS and flight controller.

Open PritamP20 opened this issue 1 month ago • 8 comments

Summary

This PR adds MAVLink 2.0 message signing and authentication support to provide secure communication between the ground control station and flight controller.

Motivation

MAVLink signing is essential for:

  • Security: Protect against unauthorized parameter changes and message injection
  • Compliance: Required for commercial drone operations in many jurisdictions
  • Safety: Prevent malicious actors from taking control of vehicles

Changes

New Files

  • ardupilot_methodic_configurator/backend_signing_keystore.py (450 lines)

    • Secure key storage using OS keyring with encrypted file fallback
    • Key generation, storage, retrieval, deletion
    • Password-protected import/export

  • ardupilot_methodic_configurator/data_model_signing_config.py (150 lines)

    • Configuration data model with validation
    • Serialization/deserialization

  • tests/test_signing_keystore.py (15 test cases)

  • tests/test_signing_config.py (15 test cases)

  • docs/mavlink_signing/ (complete documentation)

  • install_signing_dependencies.sh - Installation script

Modified Files

  • ardupilot_methodic_configurator/backend_flightcontroller.py

    • Added setup_signing() method
    • Added _send_setup_signing_command() method
    • Added _unsigned_callback() method
    • Added get_signing_status() method

  • pyproject.toml

    • Added cryptography>=41.0.0 dependency
    • Added keyring>=24.0.0 dependency

Features

Security

  • ✅ HMAC-SHA-256 message signing (authentication, not encryption)
  • ✅ OS keyring integration (Windows/macOS/Linux)
  • ✅ AES-256 encrypted file fallback
  • ✅ Cryptographically secure key generation
  • ✅ Password-protected key export/import
  • ✅ Per-vehicle key isolation
  • ✅ Timestamp-based replay protection

Key Management

  • ✅ Generate cryptographically secure 32-byte keys
  • ✅ Store keys securely per vehicle
  • ✅ Retrieve keys for signing setup
  • ✅ Delete keys when no longer needed
  • ✅ List all vehicles with configured keys
  • ✅ Export/import keys with password protection

PritamP20 avatar Nov 11 '25 18:11 PritamP20

Thanks, thiswill take a while to review. Have you tested this in multiple vehicles?

amilcarlucas avatar Nov 11 '25 19:11 amilcarlucas

Yes, I’ve tested it with multiple vehicle entries using the test_multiple_vehicles and test_list_vehicles_with_keys unit tests. These tests cover storing, retrieving, and managing keys for different vehicle IDs to ensure proper isolation and persistence between them.

PritamP20 avatar Nov 12 '25 02:11 PritamP20

Hi @amilcarlucas, just wanted to check in if you’ve had a chance to review this PR. Please let me know if there’s anything I should update or clarify further.

PritamP20 avatar Nov 12 '25 20:11 PritamP20

Thanks for working on this

  1. It needs to be tested on real hardware. Real multiple flight controllers.
  2. The two git commits on this branch should be squashed and the commit message should start with "feat(mavlink signing):"
  3. The tests should follow BDD practices as defined in the pytest_testing_instructions.md file.
  4. The two new SW dependencies must be added to LICENSES.md and CREDITS.md
  5. The CI tests bellow need to all pass (ruff, mypy, pyright, pylint pytest, ... etc)
  6. Please do not work on Phase 2 until this PR is merged.

amilcarlucas avatar Nov 13 '25 09:11 amilcarlucas

Okay @amilcarlucas, Thank you for your feedback on this PR. While Phase 2 is on hold until this PR is merged, I wanted to check if there are any other features or tasks I could work on in this repo. Additionally, if there are other repositories in the organization where I could contribute

PritamP20 avatar Nov 13 '25 09:11 PritamP20

Currently my priority is "refactoring for testability". I want to add more tests to the code, and in some parts of the code that is only possible by refactoring it first before the tests can be added. Doing it like this leads to better code and better tests. But there is no need to duplicate the efforts on that.

You could work on adding a new plugin, similar to the "motor test" plugin that does RC receiver calibration. Take a look at ARCHITECTURE_motor_test.md for inspiration. It should mimic the RC receiver calibration screen from mission planner. If you work on that we will not duplicate efforts.

Do try to finish this one first, so that you can learn more on the workflow of the project. Are you developing on Linux, or Windows?

amilcarlucas avatar Nov 13 '25 09:11 amilcarlucas

@PritamP20 any progress on this? We now have automated SITL tests that can be used to test this feature realistically. An ArduCopter SITL instance runs in CI and your tests can communicate with it

amilcarlucas avatar Nov 27 '25 14:11 amilcarlucas

yup working on it @amilcarlucas I will update the pr soon

PritamP20 avatar Nov 27 '25 18:11 PritamP20