Message ID | 20200404015624.30440-10-laurent.pinchart@ideasonboard.com |
---|---|
State | Superseded |
Headers | show |
Series |
|
Related | show |
Hi Laurent, Thanks for your work. On 2020-04-04 04:56:22 +0300, Laurent Pinchart wrote: > In preparation for verifying the signature of IPA modules, generate a > public key from the private signing key and embed it in the IPAManager > class. > > Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com> I have not take the python script for a spin nor linted it so I might have missed a miss spelled variable or function, but I trust you have tested it and it generates the correct template file ;-) Reviewed-by: Niklas Söderlund <niklas.soderlund@ragnatech.se> > --- > src/libcamera/gen-ipa-pub-key.py | 46 +++++++++++++++++++++++++++++ > src/libcamera/include/ipa_manager.h | 5 ++++ > src/libcamera/ipa_pub_key.cpp.in | 20 +++++++++++++ > src/libcamera/meson.build | 8 +++++ > 4 files changed, 79 insertions(+) > create mode 100755 src/libcamera/gen-ipa-pub-key.py > create mode 100644 src/libcamera/ipa_pub_key.cpp.in > > diff --git a/src/libcamera/gen-ipa-pub-key.py b/src/libcamera/gen-ipa-pub-key.py > new file mode 100755 > index 000000000000..ad575b18c922 > --- /dev/null > +++ b/src/libcamera/gen-ipa-pub-key.py > @@ -0,0 +1,46 @@ > +#!/usr/bin/env python3 > +# SPDX-License-Identifier: GPL-2.0-or-later > +# Copyright (C) 2020, Google Inc. > +# > +# Author: Laurent Pinchart <laurent.pinchart@ideasonboard.com> > +# > +# ipa-gen-key.py - Generate the IPA module signing public key > + > +import string > +import subprocess > +import sys > + > + > +def main(argv): > + if len(argv) != 4: > + print('Usage: %s priv-key template output' % argv[0]) > + return 1 > + > + priv_key = argv[1] > + template = argv[2] > + output = argv[3] > + > + try: > + ret = subprocess.run(['openssl', 'rsa', '-pubout', '-in', priv_key, > + '-outform', 'DER'], > + stdout=subprocess.PIPE) > + except FileNotFoundError: > + print('Please install openssl to sign IPA modules') > + return 1 > + > + ipa_key = ', '.join(['0x%02x' % c for c in ret.stdout]) > + data = {'ipa_key': ipa_key} > + > + template = open(template, 'rb').read() > + template = template.decode('utf-8') > + template = string.Template(template) > + > + f = open(output, 'wb') > + f.write(template.substitute(data).encode('utf-8')) > + f.close() > + > + return 0 > + > + > +if __name__ == '__main__': > + sys.exit(main(sys.argv)) > diff --git a/src/libcamera/include/ipa_manager.h b/src/libcamera/include/ipa_manager.h > index 467658e40ce9..26edf087461e 100644 > --- a/src/libcamera/include/ipa_manager.h > +++ b/src/libcamera/include/ipa_manager.h > @@ -7,6 +7,7 @@ > #ifndef __LIBCAMERA_IPA_MANAGER_H__ > #define __LIBCAMERA_IPA_MANAGER_H__ > > +#include <stdint.h> > #include <vector> > > #include <ipa/ipa_interface.h> > @@ -14,6 +15,7 @@ > > #include "ipa_module.h" > #include "pipeline_handler.h" > +#include "pub_key.h" > > namespace libcamera { > > @@ -35,6 +37,9 @@ private: > void parseDir(const char *libDir, unsigned int maxDepth, > std::vector<std::string> &files); > unsigned int addDir(const char *libDir, unsigned int maxDepth = 0); > + > + static const uint8_t publicKeyData_[]; > + static const PubKey pubKey_; > }; > > } /* namespace libcamera */ > diff --git a/src/libcamera/ipa_pub_key.cpp.in b/src/libcamera/ipa_pub_key.cpp.in > new file mode 100644 > index 000000000000..e1fe287c160e > --- /dev/null > +++ b/src/libcamera/ipa_pub_key.cpp.in > @@ -0,0 +1,20 @@ > +/* SPDX-License-Identifier: LGPL-2.1-or-later */ > +/* > + * Copyright (C) 2020, Laurent Pinchart <laurent.pinchart@ideasonboard.com> > + * > + * ipa_key.cpp - IPA module signing public key > + * > + * This file is auto-generated. Do not edit. > + */ > + > +#include "ipa_manager.h" > + > +namespace libcamera { > + > +const uint8_t IPAManager::publicKeyData_[] = { > + ${ipa_key} > +}; > + > +const PubKey IPAManager::pubKey_{ { IPAManager::publicKeyData_ } }; > + > +} /* namespace libcamera */ > diff --git a/src/libcamera/meson.build b/src/libcamera/meson.build > index c2a657e4938c..c502450c4b2d 100644 > --- a/src/libcamera/meson.build > +++ b/src/libcamera/meson.build > @@ -101,6 +101,14 @@ version_cpp = vcs_tag(command : [gen_version, meson.build_root()], > > libcamera_sources += version_cpp > > +gen_ipa_pub_key = files('gen-ipa-pub-key.py') > +ipa_pub_key_cpp = custom_target('ipa_pub_key_cpp', > + input : [ ipa_priv_key, 'ipa_pub_key.cpp.in' ], > + output : 'ipa_pub_key.cpp', > + command : [ gen_ipa_pub_key, '@INPUT@', '@OUTPUT@' ]) > + > +libcamera_sources += ipa_pub_key_cpp > + > libcamera_deps = [ > libatomic, > libdl, > -- > Regards, > > Laurent Pinchart > > _______________________________________________ > libcamera-devel mailing list > libcamera-devel@lists.libcamera.org > https://lists.libcamera.org/listinfo/libcamera-devel
Hi Niklas, On Tue, Apr 07, 2020 at 10:36:32PM +0200, Niklas Söderlund wrote: > On 2020-04-04 04:56:22 +0300, Laurent Pinchart wrote: > > In preparation for verifying the signature of IPA modules, generate a > > public key from the private signing key and embed it in the IPAManager > > class. > > > > Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com> > > I have not take the python script for a spin nor linted it so I might > have missed a miss spelled variable or function, but I trust you have > tested it and it generates the correct template file ;-) As far as I can tell, it does, and I've trusted checkstyle.py to report issues :-) > Reviewed-by: Niklas Söderlund <niklas.soderlund@ragnatech.se> > > > --- > > src/libcamera/gen-ipa-pub-key.py | 46 +++++++++++++++++++++++++++++ > > src/libcamera/include/ipa_manager.h | 5 ++++ > > src/libcamera/ipa_pub_key.cpp.in | 20 +++++++++++++ > > src/libcamera/meson.build | 8 +++++ > > 4 files changed, 79 insertions(+) > > create mode 100755 src/libcamera/gen-ipa-pub-key.py > > create mode 100644 src/libcamera/ipa_pub_key.cpp.in > > > > diff --git a/src/libcamera/gen-ipa-pub-key.py b/src/libcamera/gen-ipa-pub-key.py > > new file mode 100755 > > index 000000000000..ad575b18c922 > > --- /dev/null > > +++ b/src/libcamera/gen-ipa-pub-key.py > > @@ -0,0 +1,46 @@ > > +#!/usr/bin/env python3 > > +# SPDX-License-Identifier: GPL-2.0-or-later > > +# Copyright (C) 2020, Google Inc. > > +# > > +# Author: Laurent Pinchart <laurent.pinchart@ideasonboard.com> > > +# > > +# ipa-gen-key.py - Generate the IPA module signing public key > > + > > +import string > > +import subprocess > > +import sys > > + > > + > > +def main(argv): > > + if len(argv) != 4: > > + print('Usage: %s priv-key template output' % argv[0]) > > + return 1 > > + > > + priv_key = argv[1] > > + template = argv[2] > > + output = argv[3] > > + > > + try: > > + ret = subprocess.run(['openssl', 'rsa', '-pubout', '-in', priv_key, > > + '-outform', 'DER'], > > + stdout=subprocess.PIPE) > > + except FileNotFoundError: > > + print('Please install openssl to sign IPA modules') > > + return 1 > > + > > + ipa_key = ', '.join(['0x%02x' % c for c in ret.stdout]) > > + data = {'ipa_key': ipa_key} > > + > > + template = open(template, 'rb').read() > > + template = template.decode('utf-8') > > + template = string.Template(template) > > + > > + f = open(output, 'wb') > > + f.write(template.substitute(data).encode('utf-8')) > > + f.close() > > + > > + return 0 > > + > > + > > +if __name__ == '__main__': > > + sys.exit(main(sys.argv)) > > diff --git a/src/libcamera/include/ipa_manager.h b/src/libcamera/include/ipa_manager.h > > index 467658e40ce9..26edf087461e 100644 > > --- a/src/libcamera/include/ipa_manager.h > > +++ b/src/libcamera/include/ipa_manager.h > > @@ -7,6 +7,7 @@ > > #ifndef __LIBCAMERA_IPA_MANAGER_H__ > > #define __LIBCAMERA_IPA_MANAGER_H__ > > > > +#include <stdint.h> > > #include <vector> > > > > #include <ipa/ipa_interface.h> > > @@ -14,6 +15,7 @@ > > > > #include "ipa_module.h" > > #include "pipeline_handler.h" > > +#include "pub_key.h" > > > > namespace libcamera { > > > > @@ -35,6 +37,9 @@ private: > > void parseDir(const char *libDir, unsigned int maxDepth, > > std::vector<std::string> &files); > > unsigned int addDir(const char *libDir, unsigned int maxDepth = 0); > > + > > + static const uint8_t publicKeyData_[]; > > + static const PubKey pubKey_; > > }; > > > > } /* namespace libcamera */ > > diff --git a/src/libcamera/ipa_pub_key.cpp.in b/src/libcamera/ipa_pub_key.cpp.in > > new file mode 100644 > > index 000000000000..e1fe287c160e > > --- /dev/null > > +++ b/src/libcamera/ipa_pub_key.cpp.in > > @@ -0,0 +1,20 @@ > > +/* SPDX-License-Identifier: LGPL-2.1-or-later */ > > +/* > > + * Copyright (C) 2020, Laurent Pinchart <laurent.pinchart@ideasonboard.com> > > + * > > + * ipa_key.cpp - IPA module signing public key > > + * > > + * This file is auto-generated. Do not edit. > > + */ > > + > > +#include "ipa_manager.h" > > + > > +namespace libcamera { > > + > > +const uint8_t IPAManager::publicKeyData_[] = { > > + ${ipa_key} > > +}; > > + > > +const PubKey IPAManager::pubKey_{ { IPAManager::publicKeyData_ } }; > > + > > +} /* namespace libcamera */ > > diff --git a/src/libcamera/meson.build b/src/libcamera/meson.build > > index c2a657e4938c..c502450c4b2d 100644 > > --- a/src/libcamera/meson.build > > +++ b/src/libcamera/meson.build > > @@ -101,6 +101,14 @@ version_cpp = vcs_tag(command : [gen_version, meson.build_root()], > > > > libcamera_sources += version_cpp > > > > +gen_ipa_pub_key = files('gen-ipa-pub-key.py') > > +ipa_pub_key_cpp = custom_target('ipa_pub_key_cpp', > > + input : [ ipa_priv_key, 'ipa_pub_key.cpp.in' ], > > + output : 'ipa_pub_key.cpp', > > + command : [ gen_ipa_pub_key, '@INPUT@', '@OUTPUT@' ]) > > + > > +libcamera_sources += ipa_pub_key_cpp > > + > > libcamera_deps = [ > > libatomic, > > libdl,
diff --git a/src/libcamera/gen-ipa-pub-key.py b/src/libcamera/gen-ipa-pub-key.py new file mode 100755 index 000000000000..ad575b18c922 --- /dev/null +++ b/src/libcamera/gen-ipa-pub-key.py @@ -0,0 +1,46 @@ +#!/usr/bin/env python3 +# SPDX-License-Identifier: GPL-2.0-or-later +# Copyright (C) 2020, Google Inc. +# +# Author: Laurent Pinchart <laurent.pinchart@ideasonboard.com> +# +# ipa-gen-key.py - Generate the IPA module signing public key + +import string +import subprocess +import sys + + +def main(argv): + if len(argv) != 4: + print('Usage: %s priv-key template output' % argv[0]) + return 1 + + priv_key = argv[1] + template = argv[2] + output = argv[3] + + try: + ret = subprocess.run(['openssl', 'rsa', '-pubout', '-in', priv_key, + '-outform', 'DER'], + stdout=subprocess.PIPE) + except FileNotFoundError: + print('Please install openssl to sign IPA modules') + return 1 + + ipa_key = ', '.join(['0x%02x' % c for c in ret.stdout]) + data = {'ipa_key': ipa_key} + + template = open(template, 'rb').read() + template = template.decode('utf-8') + template = string.Template(template) + + f = open(output, 'wb') + f.write(template.substitute(data).encode('utf-8')) + f.close() + + return 0 + + +if __name__ == '__main__': + sys.exit(main(sys.argv)) diff --git a/src/libcamera/include/ipa_manager.h b/src/libcamera/include/ipa_manager.h index 467658e40ce9..26edf087461e 100644 --- a/src/libcamera/include/ipa_manager.h +++ b/src/libcamera/include/ipa_manager.h @@ -7,6 +7,7 @@ #ifndef __LIBCAMERA_IPA_MANAGER_H__ #define __LIBCAMERA_IPA_MANAGER_H__ +#include <stdint.h> #include <vector> #include <ipa/ipa_interface.h> @@ -14,6 +15,7 @@ #include "ipa_module.h" #include "pipeline_handler.h" +#include "pub_key.h" namespace libcamera { @@ -35,6 +37,9 @@ private: void parseDir(const char *libDir, unsigned int maxDepth, std::vector<std::string> &files); unsigned int addDir(const char *libDir, unsigned int maxDepth = 0); + + static const uint8_t publicKeyData_[]; + static const PubKey pubKey_; }; } /* namespace libcamera */ diff --git a/src/libcamera/ipa_pub_key.cpp.in b/src/libcamera/ipa_pub_key.cpp.in new file mode 100644 index 000000000000..e1fe287c160e --- /dev/null +++ b/src/libcamera/ipa_pub_key.cpp.in @@ -0,0 +1,20 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ +/* + * Copyright (C) 2020, Laurent Pinchart <laurent.pinchart@ideasonboard.com> + * + * ipa_key.cpp - IPA module signing public key + * + * This file is auto-generated. Do not edit. + */ + +#include "ipa_manager.h" + +namespace libcamera { + +const uint8_t IPAManager::publicKeyData_[] = { + ${ipa_key} +}; + +const PubKey IPAManager::pubKey_{ { IPAManager::publicKeyData_ } }; + +} /* namespace libcamera */ diff --git a/src/libcamera/meson.build b/src/libcamera/meson.build index c2a657e4938c..c502450c4b2d 100644 --- a/src/libcamera/meson.build +++ b/src/libcamera/meson.build @@ -101,6 +101,14 @@ version_cpp = vcs_tag(command : [gen_version, meson.build_root()], libcamera_sources += version_cpp +gen_ipa_pub_key = files('gen-ipa-pub-key.py') +ipa_pub_key_cpp = custom_target('ipa_pub_key_cpp', + input : [ ipa_priv_key, 'ipa_pub_key.cpp.in' ], + output : 'ipa_pub_key.cpp', + command : [ gen_ipa_pub_key, '@INPUT@', '@OUTPUT@' ]) + +libcamera_sources += ipa_pub_key_cpp + libcamera_deps = [ libatomic, libdl,
In preparation for verifying the signature of IPA modules, generate a public key from the private signing key and embed it in the IPAManager class. Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com> --- src/libcamera/gen-ipa-pub-key.py | 46 +++++++++++++++++++++++++++++ src/libcamera/include/ipa_manager.h | 5 ++++ src/libcamera/ipa_pub_key.cpp.in | 20 +++++++++++++ src/libcamera/meson.build | 8 +++++ 4 files changed, 79 insertions(+) create mode 100755 src/libcamera/gen-ipa-pub-key.py create mode 100644 src/libcamera/ipa_pub_key.cpp.in