[{"id":4399,"web_url":"https://patchwork.libcamera.org/comment/4399/","msgid":"<20200407203632.GO1716317@oden.dyn.berto.se>","date":"2020-04-07T20:36:32","subject":"Re: [libcamera-devel] [PATCH 09/11] libcamera: ipa_manager: Embed\n\tIPA module signing public key","submitter":{"id":5,"url":"https://patchwork.libcamera.org/api/people/5/","name":"Niklas Söderlund","email":"niklas.soderlund@ragnatech.se"},"content":"Hi Laurent,\n\nThanks for your work.\n\nOn 2020-04-04 04:56:22 +0300, Laurent Pinchart wrote:\n> In preparation for verifying the signature of IPA modules, generate a\n> public key from the private signing key and embed it in the IPAManager\n> class.\n> \n> Signed-off-by: Laurent Pinchart \n\nI have not take the python script for a spin nor linted it so I might \nhave missed a miss spelled variable or function, but I trust you have \ntested it and it generates the correct template file ;-)\n\nReviewed-by: Niklas Söderlund \n\n> ---\n> src/libcamera/gen-ipa-pub-key.py | 46 +++++++++++++++++++++++++++++\n> src/libcamera/include/ipa_manager.h | 5 ++++\n> src/libcamera/ipa_pub_key.cpp.in | 20 +++++++++++++\n> src/libcamera/meson.build | 8 +++++\n> 4 files changed, 79 insertions(+)\n> create mode 100755 src/libcamera/gen-ipa-pub-key.py\n> create mode 100644 src/libcamera/ipa_pub_key.cpp.in\n> \n> diff --git a/src/libcamera/gen-ipa-pub-key.py b/src/libcamera/gen-ipa-pub-key.py\n> new file mode 100755\n> index 000000000000..ad575b18c922\n> --- /dev/null\n> +++ b/src/libcamera/gen-ipa-pub-key.py\n> @@ -0,0 +1,46 @@\n> +#!/usr/bin/env python3\n> +# SPDX-License-Identifier: GPL-2.0-or-later\n> +# Copyright (C) 2020, Google Inc.\n> +#\n> +# Author: Laurent Pinchart \n> +#\n> +# ipa-gen-key.py - Generate the IPA module signing public key\n> +\n> +import string\n> +import subprocess\n> +import sys\n> +\n> +\n> +def main(argv):\n> + if len(argv) != 4:\n> + print('Usage: %s priv-key template output' % argv[0])\n> + return 1\n> +\n> + priv_key = argv[1]\n> + template = argv[2]\n> + output = argv[3]\n> +\n> + try:\n> + ret = subprocess.run(['openssl', 'rsa', '-pubout', '-in', priv_key,\n> + '-outform', 'DER'],\n> + stdout=subprocess.PIPE)\n> + except FileNotFoundError:\n> + print('Please install openssl to sign IPA modules')\n> + return 1\n> +\n> + ipa_key = ', '.join(['0x%02x' % c for c in ret.stdout])\n> + data = {'ipa_key': ipa_key}\n> +\n> + template = open(template, 'rb').read()\n> + template = template.decode('utf-8')\n> + template = string.Template(template)\n> +\n> + f = open(output, 'wb')\n> + f.write(template.substitute(data).encode('utf-8'))\n> + f.close()\n> +\n> + return 0\n> +\n> +\n> +if __name__ == '__main__':\n> + sys.exit(main(sys.argv))\n> diff --git a/src/libcamera/include/ipa_manager.h b/src/libcamera/include/ipa_manager.h\n> index 467658e40ce9..26edf087461e 100644\n> --- a/src/libcamera/include/ipa_manager.h\n> +++ b/src/libcamera/include/ipa_manager.h\n> @@ -7,6 +7,7 @@\n> #ifndef __LIBCAMERA_IPA_MANAGER_H__\n> #define __LIBCAMERA_IPA_MANAGER_H__\n> \n> +#include \n> #include \n> \n> #include \n> @@ -14,6 +15,7 @@\n> \n> #include \"ipa_module.h\"\n> #include \"pipeline_handler.h\"\n> +#include \"pub_key.h\"\n> \n> namespace libcamera {\n> \n> @@ -35,6 +37,9 @@ private:\n> \tvoid parseDir(const char *libDir, unsigned int maxDepth,\n> \t\t std::vector &files);\n> \tunsigned int addDir(const char *libDir, unsigned int maxDepth = 0);\n> +\n> +\tstatic const uint8_t publicKeyData_[];\n> +\tstatic const PubKey pubKey_;\n> };\n> \n> } /* namespace libcamera */\n> diff --git a/src/libcamera/ipa_pub_key.cpp.in b/src/libcamera/ipa_pub_key.cpp.in\n> new file mode 100644\n> index 000000000000..e1fe287c160e\n> --- /dev/null\n> +++ b/src/libcamera/ipa_pub_key.cpp.in\n> @@ -0,0 +1,20 @@\n> +/* SPDX-License-Identifier: LGPL-2.1-or-later */\n> +/*\n> + * Copyright (C) 2020, Laurent Pinchart \n> + *\n> + * ipa_key.cpp - IPA module signing public key\n> + *\n> + * This file is auto-generated. Do not edit.\n> + */\n> +\n> +#include \"ipa_manager.h\"\n> +\n> +namespace libcamera {\n> +\n> +const uint8_t IPAManager::publicKeyData_[] = {\n> +\t${ipa_key}\n> +};\n> +\n> +const PubKey IPAManager::pubKey_{ { IPAManager::publicKeyData_ } };\n> +\n> +} /* namespace libcamera */\n> diff --git a/src/libcamera/meson.build b/src/libcamera/meson.build\n> index c2a657e4938c..c502450c4b2d 100644\n> --- a/src/libcamera/meson.build\n> +++ b/src/libcamera/meson.build\n> @@ -101,6 +101,14 @@ version_cpp = vcs_tag(command : [gen_version, meson.build_root()],\n> \n> libcamera_sources += version_cpp\n> \n> +gen_ipa_pub_key = files('gen-ipa-pub-key.py')\n> +ipa_pub_key_cpp = custom_target('ipa_pub_key_cpp',\n> + input : [ ipa_priv_key, 'ipa_pub_key.cpp.in' ],\n> + output : 'ipa_pub_key.cpp',\n> + command : [ gen_ipa_pub_key, '@INPUT@', '@OUTPUT@' ])\n> +\n> +libcamera_sources += ipa_pub_key_cpp\n> +\n> libcamera_deps = [\n> libatomic,\n> libdl,\n> -- \n> Regards,\n> \n> Laurent Pinchart\n> \n> _______________________________________________\n> libcamera-devel mailing list\n> libcamera-devel@lists.libcamera.org\n> https://lists.libcamera.org/listinfo/libcamera-devel","headers":{"Return-Path":"","Received":["from mail-lf1-x136.google.com (mail-lf1-x136.google.com\n\t[IPv6:2a00:1450:4864:20::136])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id B2D42600F0\n\tfor ;\n\tTue, 7 Apr 2020 22:36:34 +0200 (CEST)","by mail-lf1-x136.google.com with SMTP id r17so3456981lff.2\n\tfor ;\n\tTue, 07 Apr 2020 13:36:34 -0700 (PDT)","from localhost (h-200-138.A463.priv.bahnhof.se. [176.10.200.138])\n\tby smtp.gmail.com with ESMTPSA id\n\tm16sm328878ljp.12.2020.04.07.13.36.33\n\t(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n\tTue, 07 Apr 2020 13:36:33 -0700 (PDT)"],"Authentication-Results":"lancelot.ideasonboard.com; dkim=pass (2048-bit key; \n\tunprotected)\n\theader.d=ragnatech-se.20150623.gappssmtp.com\n\theader.i=@ragnatech-se.20150623.gappssmtp.com header.b=\"IIXGF+IB\"; \n\tdkim-atps=neutral","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=ragnatech-se.20150623.gappssmtp.com; s=20150623;\n\th=date:from:to:cc:subject:message-id:references:mime-version\n\t:content-disposition:content-transfer-encoding:in-reply-to;\n\tbh=TbAlioRkxH81kk6AE0yFF4RvlIgsI7DL6MiGwSsP0PU=;\n\tb=IIXGF+IBcbWpr70KkzWVdHemhxrLTYNqQtmBDG54Yh5x5hyvkVYTx3eVuuwvD+GvHY\n\t5x72G8nVWj/Cg2k0GYgVXr3AVDBM/C0TLvLrkf3FZjuwtCiqS14bQVIcB+o1OYs5BMfe\n\tcBC87EaKMzDxt67tUA/QhJCx889tbYhBOnMXbEkSuvqDlmnQk0oUxzNjt1RWxfTI+rOE\n\tNqR1zCO71UE1FQRp58X79mc2ceW3QWoTLHuvdQNaJZ1PI5fKGjkaWYDHMRZnuiqPvVvE\n\tTfXbS8MPuMsqonVBJW+ReW01eB/B/38oz/ESHOM3WtlarsyQ/KVBXztnxhad6LfN2BFI\n\tUw6A==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:date:from:to:cc:subject:message-id:references\n\t:mime-version:content-disposition:content-transfer-encoding\n\t:in-reply-to;\n\tbh=TbAlioRkxH81kk6AE0yFF4RvlIgsI7DL6MiGwSsP0PU=;\n\tb=AqGrvrmZYguTdCJVUAx2PLZgAfA5J3mPXjcM7uSIrMR45gH+x9qhWNpn3e3makIQIJ\n\tIt+sGg8KfLGtbbtqdd0+88RPgOJQIgUFS+XsH5Ma7Jp1Uxahfqc0jlHLvmhDpWuU88dt\n\txTnKbDAU9aLqw0J1LvbYnP5QchBRJpfWbsBWZdCwkJCQCRGk3q93gPr72IuNLWPkQs4k\n\tBPxdtap5Jzzb+nmkCUHHpCI3ybPuqBWNeOHMpjjl8GOgyFNDUxNbUqSVPH7+LmYI2bz9\n\t1ib0mWyyUlSNdVHS0y/r12TmRARXjl+mynYY0yzzVt7DfgmySbR6fMNV4Akc35dEzRSV\n\tVF3Q==","X-Gm-Message-State":"AGi0PuY9ndXNik4KMYO6gPNUrgBISMIuQC/ZZicYO8OD2cvac8RLjQXZ\n\tQdzp2vRqKQVjBFrBTExdDaqq3lqM0Lo=","X-Google-Smtp-Source":"APiQypLwq2Ycx01KbscLD5ZjAZTcQFVqiV6OBhML/bI1Mvfc4HSl9E1uec3iDqi5QCNS5ST5HkgbnA==","X-Received":"by 2002:ac2:4836:: with SMTP id 22mr2483109lft.52.1586291794050; \n\tTue, 07 Apr 2020 13:36:34 -0700 (PDT)","Date":"Tue, 7 Apr 2020 22:36:32 +0200","From":"Niklas =?iso-8859-1?q?S=F6derlund?= ","To":"Laurent Pinchart ","Cc":"libcamera-devel@lists.libcamera.org","Message-ID":"<20200407203632.GO1716317@oden.dyn.berto.se>","References":"<20200404015624.30440-1-laurent.pinchart@ideasonboard.com>\n\t<20200404015624.30440-10-laurent.pinchart@ideasonboard.com>","MIME-Version":"1.0","Content-Type":"text/plain; charset=iso-8859-1","Content-Disposition":"inline","Content-Transfer-Encoding":"8bit","In-Reply-To":"<20200404015624.30440-10-laurent.pinchart@ideasonboard.com>","Subject":"Re: [libcamera-devel] [PATCH 09/11] libcamera: ipa_manager: Embed\n\tIPA module signing public key","X-BeenThere":"libcamera-devel@lists.libcamera.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","X-List-Received-Date":"Tue, 07 Apr 2020 20:36:34 -0000"}},{"id":4406,"web_url":"https://patchwork.libcamera.org/comment/4406/","msgid":"<20200407225908.GL4751@pendragon.ideasonboard.com>","date":"2020-04-07T22:59:08","subject":"Re: [libcamera-devel] [PATCH 09/11] libcamera: ipa_manager: Embed\n\tIPA module signing public key","submitter":{"id":2,"url":"https://patchwork.libcamera.org/api/people/2/","name":"Laurent Pinchart","email":"laurent.pinchart@ideasonboard.com"},"content":"Hi Niklas,\n\nOn Tue, Apr 07, 2020 at 10:36:32PM +0200, Niklas Söderlund wrote:\n> On 2020-04-04 04:56:22 +0300, Laurent Pinchart wrote:\n> > In preparation for verifying the signature of IPA modules, generate a\n> > public key from the private signing key and embed it in the IPAManager\n> > class.\n> > \n> > Signed-off-by: Laurent Pinchart \n> \n> I have not take the python script for a spin nor linted it so I might \n> have missed a miss spelled variable or function, but I trust you have \n> tested it and it generates the correct template file ;-)\n\nAs far as I can tell, it does, and I've trusted checkstyle.py to report\nissues :-)\n\n> Reviewed-by: Niklas Söderlund \n> \n> > ---\n> > src/libcamera/gen-ipa-pub-key.py | 46 +++++++++++++++++++++++++++++\n> > src/libcamera/include/ipa_manager.h | 5 ++++\n> > src/libcamera/ipa_pub_key.cpp.in | 20 +++++++++++++\n> > src/libcamera/meson.build | 8 +++++\n> > 4 files changed, 79 insertions(+)\n> > create mode 100755 src/libcamera/gen-ipa-pub-key.py\n> > create mode 100644 src/libcamera/ipa_pub_key.cpp.in\n> > \n> > diff --git a/src/libcamera/gen-ipa-pub-key.py b/src/libcamera/gen-ipa-pub-key.py\n> > new file mode 100755\n> > index 000000000000..ad575b18c922\n> > --- /dev/null\n> > +++ b/src/libcamera/gen-ipa-pub-key.py\n> > @@ -0,0 +1,46 @@\n> > +#!/usr/bin/env python3\n> > +# SPDX-License-Identifier: GPL-2.0-or-later\n> > +# Copyright (C) 2020, Google Inc.\n> > +#\n> > +# Author: Laurent Pinchart \n> > +#\n> > +# ipa-gen-key.py - Generate the IPA module signing public key\n> > +\n> > +import string\n> > +import subprocess\n> > +import sys\n> > +\n> > +\n> > +def main(argv):\n> > + if len(argv) != 4:\n> > + print('Usage: %s priv-key template output' % argv[0])\n> > + return 1\n> > +\n> > + priv_key = argv[1]\n> > + template = argv[2]\n> > + output = argv[3]\n> > +\n> > + try:\n> > + ret = subprocess.run(['openssl', 'rsa', '-pubout', '-in', priv_key,\n> > + '-outform', 'DER'],\n> > + stdout=subprocess.PIPE)\n> > + except FileNotFoundError:\n> > + print('Please install openssl to sign IPA modules')\n> > + return 1\n> > +\n> > + ipa_key = ', '.join(['0x%02x' % c for c in ret.stdout])\n> > + data = {'ipa_key': ipa_key}\n> > +\n> > + template = open(template, 'rb').read()\n> > + template = template.decode('utf-8')\n> > + template = string.Template(template)\n> > +\n> > + f = open(output, 'wb')\n> > + f.write(template.substitute(data).encode('utf-8'))\n> > + f.close()\n> > +\n> > + return 0\n> > +\n> > +\n> > +if __name__ == '__main__':\n> > + sys.exit(main(sys.argv))\n> > diff --git a/src/libcamera/include/ipa_manager.h b/src/libcamera/include/ipa_manager.h\n> > index 467658e40ce9..26edf087461e 100644\n> > --- a/src/libcamera/include/ipa_manager.h\n> > +++ b/src/libcamera/include/ipa_manager.h\n> > @@ -7,6 +7,7 @@\n> > #ifndef __LIBCAMERA_IPA_MANAGER_H__\n> > #define __LIBCAMERA_IPA_MANAGER_H__\n> > \n> > +#include \n> > #include \n> > \n> > #include \n> > @@ -14,6 +15,7 @@\n> > \n> > #include \"ipa_module.h\"\n> > #include \"pipeline_handler.h\"\n> > +#include \"pub_key.h\"\n> > \n> > namespace libcamera {\n> > \n> > @@ -35,6 +37,9 @@ private:\n> > \tvoid parseDir(const char *libDir, unsigned int maxDepth,\n> > \t\t std::vector &files);\n> > \tunsigned int addDir(const char *libDir, unsigned int maxDepth = 0);\n> > +\n> > +\tstatic const uint8_t publicKeyData_[];\n> > +\tstatic const PubKey pubKey_;\n> > };\n> > \n> > } /* namespace libcamera */\n> > diff --git a/src/libcamera/ipa_pub_key.cpp.in b/src/libcamera/ipa_pub_key.cpp.in\n> > new file mode 100644\n> > index 000000000000..e1fe287c160e\n> > --- /dev/null\n> > +++ b/src/libcamera/ipa_pub_key.cpp.in\n> > @@ -0,0 +1,20 @@\n> > +/* SPDX-License-Identifier: LGPL-2.1-or-later */\n> > +/*\n> > + * Copyright (C) 2020, Laurent Pinchart \n> > + *\n> > + * ipa_key.cpp - IPA module signing public key\n> > + *\n> > + * This file is auto-generated. Do not edit.\n> > + */\n> > +\n> > +#include \"ipa_manager.h\"\n> > +\n> > +namespace libcamera {\n> > +\n> > +const uint8_t IPAManager::publicKeyData_[] = {\n> > +\t${ipa_key}\n> > +};\n> > +\n> > +const PubKey IPAManager::pubKey_{ { IPAManager::publicKeyData_ } };\n> > +\n> > +} /* namespace libcamera */\n> > diff --git a/src/libcamera/meson.build b/src/libcamera/meson.build\n> > index c2a657e4938c..c502450c4b2d 100644\n> > --- a/src/libcamera/meson.build\n> > +++ b/src/libcamera/meson.build\n> > @@ -101,6 +101,14 @@ version_cpp = vcs_tag(command : [gen_version, meson.build_root()],\n> > \n> > libcamera_sources += version_cpp\n> > \n> > +gen_ipa_pub_key = files('gen-ipa-pub-key.py')\n> > +ipa_pub_key_cpp = custom_target('ipa_pub_key_cpp',\n> > + input : [ ipa_priv_key, 'ipa_pub_key.cpp.in' ],\n> > + output : 'ipa_pub_key.cpp',\n> > + command : [ gen_ipa_pub_key, '@INPUT@', '@OUTPUT@' ])\n> > +\n> > +libcamera_sources += ipa_pub_key_cpp\n> > +\n> > libcamera_deps = [\n> > libatomic,\n> > libdl,","headers":{"Return-Path":"","Received":["from perceval.ideasonboard.com (perceval.ideasonboard.com\n\t[213.167.242.64])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id 93541600F3\n\tfor ;\n\tWed, 8 Apr 2020 00:59:18 +0200 (CEST)","from pendragon.ideasonboard.com (81-175-216-236.bb.dnainternet.fi\n\t[81.175.216.236])\n\tby perceval.ideasonboard.com (Postfix) with ESMTPSA id 152F159E;\n\tWed, 8 Apr 2020 00:59:18 +0200 (CEST)"],"Authentication-Results":"lancelot.ideasonboard.com; dkim=pass (1024-bit key; \n\tunprotected) header.d=ideasonboard.com\n\theader.i=@ideasonboard.com\n\theader.b=\"mZyLzKOb\"; dkim-atps=neutral","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;\n\ts=mail; t=1586300358;\n\tbh=dVLJ7iZiouRAwqSyiWCXpqKm2m7Bv6QWLBDuGxxrTQ4=;\n\th=Date:From:To:Cc:Subject:References:In-Reply-To:From;\n\tb=mZyLzKObEI3SbAQaMA+dArM3fOOmzrDQk65LP7AN2XLR1jZxYYIM74kR/KYL1MHSC\n\t8zQ9XyxWXtrMF5xuZw8GEJDG6oN04hb5b8vHFLTmox5MgKpUp1oF9XMdfHK4sUuRC8\n\tvXnhYgp5gBvA5MQhj/bJJAdQaZdVW2DRZnrtGnGM=","Date":"Wed, 8 Apr 2020 01:59:08 +0300","From":"Laurent Pinchart ","To":"Niklas =?utf-8?q?S=C3=B6derlund?= ","Cc":"libcamera-devel@lists.libcamera.org","Message-ID":"<20200407225908.GL4751@pendragon.ideasonboard.com>","References":"<20200404015624.30440-1-laurent.pinchart@ideasonboard.com>\n\t<20200404015624.30440-10-laurent.pinchart@ideasonboard.com>\n\t<20200407203632.GO1716317@oden.dyn.berto.se>","MIME-Version":"1.0","Content-Type":"text/plain; charset=utf-8","Content-Disposition":"inline","Content-Transfer-Encoding":"8bit","In-Reply-To":"<20200407203632.GO1716317@oden.dyn.berto.se>","Subject":"Re: [libcamera-devel] [PATCH 09/11] libcamera: ipa_manager: Embed\n\tIPA module signing public key","X-BeenThere":"libcamera-devel@lists.libcamera.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","X-List-Received-Date":"Tue, 07 Apr 2020 22:59:18 -0000"}}]