[{"id":4400,"web_url":"https://patchwork.libcamera.org/comment/4400/","msgid":"<20200407203741.GP1716317@oden.dyn.berto.se>","date":"2020-04-07T20:37:41","subject":"Re: [libcamera-devel] [PATCH 10/11] libcamera: ipa_manager: Verify\n\tIPA module signature","submitter":{"id":5,"url":"https://patchwork.libcamera.org/api/people/5/","name":"Niklas Söderlund","email":"niklas.soderlund@ragnatech.se"},"content":"Hi Laurent,\n\nThanks for your patch.\n\nOn 2020-04-04 04:56:23 +0300, Laurent Pinchart wrote:\n> Decide whether to isolate the IPA module using the module signature\n> instead of its license.\n> \n> Signed-off-by: Laurent Pinchart \n\nReviewed-by: Niklas Söderlund \n\n> ---\n> src/libcamera/include/ipa_manager.h | 2 ++\n> src/libcamera/include/ipa_module.h | 2 --\n> src/libcamera/ipa_manager.cpp | 22 +++++++++++++++++++++-\n> src/libcamera/ipa_module.cpp | 25 -------------------------\n> 4 files changed, 23 insertions(+), 28 deletions(-)\n> \n> diff --git a/src/libcamera/include/ipa_manager.h b/src/libcamera/include/ipa_manager.h\n> index 26edf087461e..0b5fd2ac1f12 100644\n> --- a/src/libcamera/include/ipa_manager.h\n> +++ b/src/libcamera/include/ipa_manager.h\n> @@ -38,6 +38,8 @@ private:\n> \t\t std::vector &files);\n> \tunsigned int addDir(const char *libDir, unsigned int maxDepth = 0);\n> \n> +\tbool isSignatureValid(IPAModule *ipa) const;\n> +\n> \tstatic const uint8_t publicKeyData_[];\n> \tstatic const PubKey pubKey_;\n> };\n> diff --git a/src/libcamera/include/ipa_module.h b/src/libcamera/include/ipa_module.h\n> index ec3671857a61..a9a3511701d4 100644\n> --- a/src/libcamera/include/ipa_module.h\n> +++ b/src/libcamera/include/ipa_module.h\n> @@ -37,8 +37,6 @@ public:\n> \tbool match(PipelineHandler *pipe,\n> \t\t uint32_t minVersion, uint32_t maxVersion) const;\n> \n> -\tbool isOpenSource() const;\n> -\n> private:\n> \tstruct IPAModuleInfo info_;\n> \tstd::vector signature_;\n> diff --git a/src/libcamera/ipa_manager.cpp b/src/libcamera/ipa_manager.cpp\n> index bcaae3564ea1..2b0112885274 100644\n> --- a/src/libcamera/ipa_manager.cpp\n> +++ b/src/libcamera/ipa_manager.cpp\n> @@ -12,6 +12,7 @@\n> #include \n> #include \n> \n> +#include \"file.h\"\n> #include \"ipa_context_wrapper.h\"\n> #include \"ipa_module.h\"\n> #include \"ipa_proxy.h\"\n> @@ -271,7 +272,7 @@ std::unique_ptr IPAManager::createIPA(PipelineHandler *pipe,\n> \tif (!m)\n> \t\treturn nullptr;\n> \n> -\tif (!m->isOpenSource()) {\n> +\tif (!isSignatureValid(m)) {\n> \t\tIPAProxyFactory *pf = nullptr;\n> \t\tstd::vector &factories = IPAProxyFactory::factories();\n> \n> @@ -307,4 +308,23 @@ std::unique_ptr IPAManager::createIPA(PipelineHandler *pipe,\n> \treturn std::make_unique(ctx);\n> }\n> \n> +bool IPAManager::isSignatureValid(IPAModule *ipa) const\n> +{\n> +\tFile file{ ipa->path() };\n> +\tif (!file.open(File::ReadOnly))\n> +\t\treturn false;\n> +\n> +\tSpan data = file.map();\n> +\tif (data.empty())\n> +\t\treturn false;\n> +\n> +\tbool valid = pubKey_.verify(data, ipa->signature());\n> +\n> +\tLOG(IPAManager, Debug)\n> +\t\t<< \"IPA module \" << ipa->path() << \" signature is \"\n> +\t\t<< (valid ? \"valid\" : \"not valid\");\n> +\n> +\treturn valid;\n> +}\n> +\n> } /* namespace libcamera */\n> diff --git a/src/libcamera/ipa_module.cpp b/src/libcamera/ipa_module.cpp\n> index 51b238a698f2..96b44f13192c 100644\n> --- a/src/libcamera/ipa_module.cpp\n> +++ b/src/libcamera/ipa_module.cpp\n> @@ -472,29 +472,4 @@ bool IPAModule::match(PipelineHandler *pipe,\n> \t !strcmp(info_.pipelineName, pipe->name());\n> }\n> \n> -/**\n> - * \\brief Verify if the IPA module is open source\n> - *\n> - * \\sa IPAModuleInfo::license\n> - */\n> -bool IPAModule::isOpenSource() const\n> -{\n> -\tstatic const char *osLicenses[] = {\n> -\t\t\"GPL-2.0-only\",\n> -\t\t\"GPL-2.0-or-later\",\n> -\t\t\"GPL-3.0-only\",\n> -\t\t\"GPL-3.0-or-later\",\n> -\t\t\"LGPL-2.1-only\",\n> -\t\t\"LGPL-2.1-or-later\",\n> -\t\t\"LGPL-3.0-only\",\n> -\t\t\"LGPL-3.0-or-later\",\n> -\t};\n> -\n> -\tfor (unsigned int i = 0; i < ARRAY_SIZE(osLicenses); i++)\n> -\t\tif (!strcmp(osLicenses[i], info_.license))\n> -\t\t\treturn true;\n> -\n> -\treturn false;\n> -}\n> -\n> } /* namespace libcamera */\n> -- \n> Regards,\n> \n> Laurent Pinchart\n> \n> _______________________________________________\n> libcamera-devel mailing list\n> libcamera-devel@lists.libcamera.org\n> https://lists.libcamera.org/listinfo/libcamera-devel","headers":{"Return-Path":"","Received":["from mail-lj1-x244.google.com (mail-lj1-x244.google.com\n\t[IPv6:2a00:1450:4864:20::244])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id 0F780600F0\n\tfor ;\n\tTue, 7 Apr 2020 22:37:43 +0200 (CEST)","by mail-lj1-x244.google.com with SMTP id r24so5276315ljd.4\n\tfor ;\n\tTue, 07 Apr 2020 13:37:43 -0700 (PDT)","from localhost (h-200-138.A463.priv.bahnhof.se. [176.10.200.138])\n\tby smtp.gmail.com with ESMTPSA id\n\tq30sm17051561lfn.18.2020.04.07.13.37.41\n\t(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n\tTue, 07 Apr 2020 13:37:41 -0700 (PDT)"],"Authentication-Results":"lancelot.ideasonboard.com; dkim=pass (2048-bit key; \n\tunprotected)\n\theader.d=ragnatech-se.20150623.gappssmtp.com\n\theader.i=@ragnatech-se.20150623.gappssmtp.com header.b=\"xv7dRxcG\"; \n\tdkim-atps=neutral","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=ragnatech-se.20150623.gappssmtp.com; s=20150623;\n\th=date:from:to:cc:subject:message-id:references:mime-version\n\t:content-disposition:content-transfer-encoding:in-reply-to;\n\tbh=qg3NZOqZabS4DrYk1nK/H/LUoKVbdfT5eVBC0YHwtso=;\n\tb=xv7dRxcGINpSDAZl4Gqx8zm+UHKh6WVetwyvCMB13dM7V8ddXFmhmFhnGId+YtN0av\n\tlwQWzlJPEXl6aR+vfj2C8ZSznujR18pi/ER0pEFCQm40IUZtexRF7y5kDeE9w8/m4bT4\n\tKrMBpckbIrgG8Zm5v9fyOug3PZ9/7I8XSaGbD+4Pa067yS1EIEeuMuZerRD+Hv52ddqx\n\t7Y9OB3TVO77Us7TGHDUrksOwEEgLSlhyZwzeNYfii/igA7OeOP5vtdA2lscXdJug0vys\n\ta3pTdlzMUTYlk4dEZIy/3nbEeVHkMMk5qHIEIdsIXo+5XHlkBIVgbJiv5b/Zke19Tr9e\n\tmzQA==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:date:from:to:cc:subject:message-id:references\n\t:mime-version:content-disposition:content-transfer-encoding\n\t:in-reply-to;\n\tbh=qg3NZOqZabS4DrYk1nK/H/LUoKVbdfT5eVBC0YHwtso=;\n\tb=Pxem1dNFBFNMx0M8nH60H3SKatfqDYbc5SPwJdXfbBF0SJbqt3e4Yfvuv0yJ+FoBDt\n\tChleOgmheoy3ZnflLpx7SIbcBwKIUmdBuC72fYxdVsTxxx7HoYWxHWCQXOTnmzosXPtK\n\tmDeRVJOiDvVCGhXzCOngeXZ3qPlyZ/qZTolaizWm8tmwDqoSYD+bsBOJuHq89vW2sxp3\n\tLzJ1birpdEkESNWQ4aOZyFI3S+VlobC3SIeinai/9MBt4r4UzPX/Pz4+ik5MqB0hLSS1\n\tN97aAHR2pOLcJpW0VSttwaSIcd+NxBCJndsCuWWELO5B0qUtcRH+PLtKjKXmHU6Qdsa7\n\tUCaw==","X-Gm-Message-State":"AGi0PuaRr33KTjW38DNmt4pyh3EaFNZrpBErO6fEP6GcPzUErhwF/AcS\n\th1wm93amy2YYqDHl51CWCkUXIg==","X-Google-Smtp-Source":"APiQypIaQElqMGZc08QfYj0KcwZL6rRoDGpx8y90cBdqHXqsSRsZsHADBNeZ2uk30G4vn3cEbGYYqQ==","X-Received":"by 2002:a2e:9bc6:: with SMTP id w6mr2818227ljj.105.1586291862474;\n\tTue, 07 Apr 2020 13:37:42 -0700 (PDT)","Date":"Tue, 7 Apr 2020 22:37:41 +0200","From":"Niklas =?iso-8859-1?q?S=F6derlund?= ","To":"Laurent Pinchart ","Cc":"libcamera-devel@lists.libcamera.org","Message-ID":"<20200407203741.GP1716317@oden.dyn.berto.se>","References":"<20200404015624.30440-1-laurent.pinchart@ideasonboard.com>\n\t<20200404015624.30440-11-laurent.pinchart@ideasonboard.com>","MIME-Version":"1.0","Content-Type":"text/plain; charset=iso-8859-1","Content-Disposition":"inline","Content-Transfer-Encoding":"8bit","In-Reply-To":"<20200404015624.30440-11-laurent.pinchart@ideasonboard.com>","Subject":"Re: [libcamera-devel] [PATCH 10/11] libcamera: ipa_manager: Verify\n\tIPA module signature","X-BeenThere":"libcamera-devel@lists.libcamera.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","X-List-Received-Date":"Tue, 07 Apr 2020 20:37:43 -0000"}}]