Patch Detail
Show a patch.
GET /api/patches/3398/?format=api
{ "id": 3398, "url": "https://patchwork.libcamera.org/api/patches/3398/?format=api", "web_url": "https://patchwork.libcamera.org/patch/3398/", "project": { "id": 1, "url": "https://patchwork.libcamera.org/api/projects/1/?format=api", "name": "libcamera", "link_name": "libcamera", "list_id": "libcamera_core", "list_email": "libcamera-devel@lists.libcamera.org", "web_url": "", "scm_url": "", "webscm_url": "" }, "msgid": "<20200404015624.30440-9-laurent.pinchart@ideasonboard.com>", "date": "2020-04-04T01:56:21", "name": "[libcamera-devel,08/11] libcamera: Add PubKey class", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": false, "hash": "b304b9746a88e90536c33353218f673919e445c4", "submitter": { "id": 2, "url": "https://patchwork.libcamera.org/api/people/2/?format=api", "name": "Laurent Pinchart", "email": "laurent.pinchart@ideasonboard.com" }, "delegate": null, "mbox": "https://patchwork.libcamera.org/patch/3398/mbox/", "series": [ { "id": 797, "url": "https://patchwork.libcamera.org/api/series/797/?format=api", "web_url": "https://patchwork.libcamera.org/project/libcamera/list/?series=797", "date": "2020-04-04T01:56:13", "name": "Sign IPA modules instead of checking their advertised license", "version": 1, "mbox": "https://patchwork.libcamera.org/series/797/mbox/" } ], "comments": "https://patchwork.libcamera.org/api/patches/3398/comments/", "check": "pending", "checks": "https://patchwork.libcamera.org/api/patches/3398/checks/", "tags": {}, "headers": { "Return-Path": "<laurent.pinchart@ideasonboard.com>", "Received": [ "from perceval.ideasonboard.com (perceval.ideasonboard.com\n\t[213.167.242.64])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id 21DA062E14\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tSat, 4 Apr 2020 03:56:41 +0200 (CEST)", "from pendragon.bb.dnainternet.fi (81-175-216-236.bb.dnainternet.fi\n\t[81.175.216.236])\n\tby perceval.ideasonboard.com (Postfix) with ESMTPSA id AD914321\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tSat, 4 Apr 2020 03:56:40 +0200 (CEST)" ], "Authentication-Results": "lancelot.ideasonboard.com; dkim=pass (1024-bit key; \n\tunprotected) header.d=ideasonboard.com\n\theader.i=@ideasonboard.com\n\theader.b=\"fIHZg9zz\"; dkim-atps=neutral", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;\n\ts=mail; t=1585965400;\n\tbh=GPxg02ZDtpZc7tnUd0P5uXuNW7EAYzq+1lj7DtG5oas=;\n\th=From:To:Subject:Date:In-Reply-To:References:From;\n\tb=fIHZg9zzqqJKKati22LdLe9jsFRGt8JIneVBheJfjhAIz0ualGvATk+o+5V/rsnVo\n\tzeuLamA4CAg8HvicSivO4trXX1IthF6jCS89k/0ZeGu3TAtnYrfCN3g0ygGqPtwbx7\n\tliLA51e9zo6JnpdPZT972puP+GZx0kiPHVTXtiCQ=", "From": "Laurent Pinchart <laurent.pinchart@ideasonboard.com>", "To": "libcamera-devel@lists.libcamera.org", "Date": "Sat, 4 Apr 2020 04:56:21 +0300", "Message-Id": "<20200404015624.30440-9-laurent.pinchart@ideasonboard.com>", "X-Mailer": "git-send-email 2.24.1", "In-Reply-To": "<20200404015624.30440-1-laurent.pinchart@ideasonboard.com>", "References": "<20200404015624.30440-1-laurent.pinchart@ideasonboard.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Subject": "[libcamera-devel] [PATCH 08/11] libcamera: Add PubKey class", "X-BeenThere": "libcamera-devel@lists.libcamera.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "<libcamera-devel.lists.libcamera.org>", "List-Unsubscribe": "<https://lists.libcamera.org/options/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>", "List-Archive": "<https://lists.libcamera.org/pipermail/libcamera-devel/>", "List-Post": "<mailto:libcamera-devel@lists.libcamera.org>", "List-Help": "<mailto:libcamera-devel-request@lists.libcamera.org?subject=help>", "List-Subscribe": "<https://lists.libcamera.org/listinfo/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>", "X-List-Received-Date": "Sat, 04 Apr 2020 01:56:43 -0000" }, "content": "Add a new PubKey class to handle public key signature verification. The\nimplementation is based on the gnutls library, which is added as an\noptional dependency. If gnutls is not found, signature verification will\nunconditionally fail.\n\nSigned-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>\n---\n src/libcamera/include/meson.build | 1 +\n src/libcamera/include/pub_key.h | 36 ++++++++++++\n src/libcamera/meson.build | 7 +++\n src/libcamera/pub_key.cpp | 97 +++++++++++++++++++++++++++++++\n 4 files changed, 141 insertions(+)\n create mode 100644 src/libcamera/include/pub_key.h\n create mode 100644 src/libcamera/pub_key.cpp", "diff": "diff --git a/src/libcamera/include/meson.build b/src/libcamera/include/meson.build\nindex 921ed5a063cb..5aaa99472e4a 100644\n--- a/src/libcamera/include/meson.build\n+++ b/src/libcamera/include/meson.build\n@@ -21,6 +21,7 @@ libcamera_headers = files([\n 'message.h',\n 'pipeline_handler.h',\n 'process.h',\n+ 'pub_key.h',\n 'semaphore.h',\n 'thread.h',\n 'utils.h',\ndiff --git a/src/libcamera/include/pub_key.h b/src/libcamera/include/pub_key.h\nnew file mode 100644\nindex 000000000000..4d3bdd69bfd8\n--- /dev/null\n+++ b/src/libcamera/include/pub_key.h\n@@ -0,0 +1,36 @@\n+/* SPDX-License-Identifier: LGPL-2.1-or-later */\n+/*\n+ * Copyright (C) 2020, Google Inc.\n+ *\n+ * pub_key.h - Public key signature verification\n+ */\n+#ifndef __LIBCAMERA_PUB_KEY_H__\n+#define __LIBCAMERA_PUB_KEY_H__\n+\n+#include <stdint.h>\n+\n+#include <libcamera/span.h>\n+\n+struct gnutls_pubkey_st;\n+\n+namespace libcamera {\n+\n+class PubKey\n+{\n+public:\n+\tPubKey(Span<const uint8_t> key);\n+\t~PubKey();\n+\n+\tbool isValid() const { return valid_; }\n+\tbool verify(Span<const uint8_t> data, Span<const uint8_t> sig) const;\n+\n+private:\n+\tbool valid_;\n+#if HAVE_GNUTLS\n+\tstruct gnutls_pubkey_st *pubkey_;\n+#endif\n+};\n+\n+} /* namespace libcamera */\n+\n+#endif /* __LIBCAMERA_PUB_KEY_H__ */\ndiff --git a/src/libcamera/meson.build b/src/libcamera/meson.build\nindex 4f5c41678781..c2a657e4938c 100644\n--- a/src/libcamera/meson.build\n+++ b/src/libcamera/meson.build\n@@ -34,6 +34,7 @@ libcamera_sources = files([\n 'pipeline_handler.cpp',\n 'pixelformats.cpp',\n 'process.cpp',\n+ 'pub_key.cpp',\n 'request.cpp',\n 'semaphore.cpp',\n 'signal.cpp',\n@@ -61,8 +62,13 @@ subdir('proxy')\n \n libatomic = cc.find_library('atomic', required : false)\n libdl = cc.find_library('dl')\n+libgnutls = cc.find_library('gnutls', required : false)\n libudev = dependency('libudev', required : false)\n \n+if libgnutls.found()\n+ config_h.set('HAVE_GNUTLS', 1)\n+endif\n+\n if libudev.found()\n config_h.set('HAVE_LIBUDEV', 1)\n libcamera_sources += files([\n@@ -98,6 +104,7 @@ libcamera_sources += version_cpp\n libcamera_deps = [\n libatomic,\n libdl,\n+ libgnutls,\n libudev,\n dependency('threads'),\n ]\ndiff --git a/src/libcamera/pub_key.cpp b/src/libcamera/pub_key.cpp\nnew file mode 100644\nindex 000000000000..064d2dd200e1\n--- /dev/null\n+++ b/src/libcamera/pub_key.cpp\n@@ -0,0 +1,97 @@\n+/* SPDX-License-Identifier: LGPL-2.1-or-later */\n+/*\n+ * Copyright (C) 2020, Google Inc.\n+ *\n+ * pub_key.cpp - Public key signature verification\n+ */\n+\n+#include \"pub_key.h\"\n+\n+#if HAVE_GNUTLS\n+#include <gnutls/abstract.h>\n+#endif\n+\n+/**\n+ * \\file pub_key.h\n+ * \\brief Public key signature verification\n+ */\n+\n+namespace libcamera {\n+\n+/**\n+ * \\class PubKey\n+ * \\brief Public key wrapper for signature verification\n+ *\n+ * The PubKey class wraps a public key and implements signature verification. It\n+ * only supports RSA keys and the RSA-SHA256 signature algorithm.\n+ */\n+\n+/**\n+ * \\brief Construct a PubKey from key data\n+ * \\param[in] key Key data encoded in DER format\n+ */\n+PubKey::PubKey(Span<const uint8_t> key)\n+\t: valid_(false)\n+{\n+#if HAVE_GNUTLS\n+\tint ret = gnutls_pubkey_init(&pubkey_);\n+\tif (ret < 0)\n+\t\treturn;\n+\n+\tconst gnutls_datum_t gnuTlsKey{\n+\t\tconst_cast<unsigned char *>(key.data()),\n+\t\tstatic_cast<unsigned int>(key.size())\n+\t};\n+\tret = gnutls_pubkey_import(pubkey_, &gnuTlsKey, GNUTLS_X509_FMT_DER);\n+\tif (ret < 0)\n+\t\treturn;\n+\n+\tvalid_ = true;\n+#endif\n+}\n+\n+PubKey::~PubKey()\n+{\n+#if HAVE_GNUTLS\n+\tgnutls_pubkey_deinit(pubkey_);\n+#endif\n+}\n+\n+/**\n+ * \\fn bool PubKey::isValid() const\n+ * \\brief Check is the public key is valid\n+ * \\return True if the public key is valid, false otherwise\n+ */\n+\n+/**\n+ * \\brief Verify signature on data\n+ * \\param[in] data The signed data\n+ * \\param[in] sig The signature\n+ *\n+ * Verify that the signature \\a sig matches the signed \\a data for the public\n+ * key. The signture algorithm is hardcoded to RSA-SHA256.\n+ *\n+ * \\return True if the signature is valid, false otherwise\n+ */\n+bool PubKey::verify(Span<const uint8_t> data, Span<const uint8_t> sig) const\n+{\n+#if HAVE_GNUTLS\n+\tconst gnutls_datum_t gnuTlsData{\n+\t\tconst_cast<unsigned char *>(data.data()),\n+\t\tstatic_cast<unsigned int>(data.size())\n+\t};\n+\n+\tconst gnutls_datum_t gnuTlsSig{\n+\t\tconst_cast<unsigned char *>(sig.data()),\n+\t\tstatic_cast<unsigned int>(sig.size())\n+\t};\n+\n+\tint ret = gnutls_pubkey_verify_data2(pubkey_, GNUTLS_SIGN_RSA_SHA256, 0,\n+\t\t\t\t\t &gnuTlsData, &gnuTlsSig);\n+\treturn ret >= 0;\n+#else\n+\treturn false;\n+#endif\n+}\n+\n+} /* namespace libcamera */\n", "prefixes": [ "libcamera-devel", "08/11" ] }