Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add hardware-accelerated encryption to rosbags #1

Merged
merged 12 commits into from
Feb 22, 2018
Merged

Add hardware-accelerated encryption to rosbags #1

merged 12 commits into from
Feb 22, 2018

Conversation

madsciencetist
Copy link

Start with ros#1206, in which encryption was added to rosbags upstream. An asymmetric GPG public key encrypts a symmetric AES cipher, which encrypts the data itself. To decrypt, the corresponding private key is looked up and used to decrypt the AES cipher to decrypt the data.

The Bag class is in ros_comm, the lowest-level ROS package. ros#1206 added a dependency on pluginlib and changed the Bag ABI, so it could not be added to ROS Kinetic and was instead targeted for ROS Lunar and later. We need it for Kinetic though, so @Burgos backported it to Kinetic. We will have to be careful about the ABI change. Any ros-kinetic-* package that creates a Bag object in C++ will be break. Conveniently, I don't think there are any; the only nodes/tools I know of that work with Bag objects are in this repo.

Benchmarking on my desktop, turning on encryption raised record CPU usage from 40% to 50%, which would be unacceptable given out lack of CPU headroom. @Burgos upgraded the aes_encryptor to use AES-NI hardware-accelerated AES encryption instead of the default software implementation. With AES-NI, turning on encryption only raises record CPU usage from 40% to 41%.

I created this kinetic-release branch off of tag 1.12.12, which is currently the most recently released version of ros-kinetic-ros-comm.

mikepurvis and others added 10 commits February 18, 2018 17:08
@mikepurvis @Burgos
Implement Bag encryption/decryption. (ros#1206)
eacc750 
Ported to 1.12.12
@jwon02 @Burgos
Python Bag class supports encryption; all the rosbag tools work for e…
305afd2 
…ncrypted bags. (ros#1206)
@jwon02 @Burgos
Improve exception messages raised when a public key is missing.
4a262b0
@jwon02 @Burgos
Randomize initialization vectors for encrypt/decrypt.
e606260
@guillaumeautran @Burgos
Fix bag encryption routine (ros#1310)
5d5da5f 
Bag encryption routine was truncating the recorded block by the size of the IV.
@Burgos
Drop const qualifier from *::decryptChunk methods
2864f0c 
Since decryption can change EVP's context, these methods
can't be const anymore.
@Burgos
Move encryption to from openssl software aes to EVP API
56e3c7c
@Burgos
Check EVP API results
065388c
@Burgos
Add EncryptionOptions to Recorder
f534547
@Burgos
Parse encryption and encryption-param options in the record executable
5ecaeed
r2dkennobi
r2dkennobi approved these changes Feb 21, 2018
View reviewed changes
Copy link

@r2dkennobi r2dkennobi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't find anything glaringly obvious. Would've liked to have kept the software AES option just in case but otherwise, looks good. Wish I knew more about the gpgme and openssl libraries.

@madsciencetist
Fix rostests
a0d5d61 
- With ninja, when `_rostest_ARGS` is empty, the space right before it
gets escaped, and the command that ultimately gets executed has a
trailing slash.
- rospy.log testing fails because our ROSCONSOLE_FORMAT does not print
severity
- bag.py had a bug in get_info_str() that has been fixed upstream
- bz2 performs a few bytes better than expected, failing the rosbag
compression test
- roswtf tests had an outdated dependency list (TBH I don't understand
what this list is)
@madsciencetist madsciencetist merged commit 902ea3a into kinetic-release Feb 22, 2018
@madsciencetist madsciencetist deleted the aes_ni branch February 22, 2018 01:41
@mikepurvis mikepurvis mentioned this pull request May 19, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@r2dkennobi r2dkennobi r2dkennobi approved these changes

@AdamDorwart AdamDorwart Awaiting requested review from AdamDorwart

Assignees

@r2dkennobi r2dkennobi

Labels
None yet
Projects
None yet
Milestone
No milestone
6 participants
@madsciencetist @r2dkennobi @mikepurvis @jwon02 @guillaumeautran @Burgos