From patchwork Sat Apr  4 01:56:22 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
X-Patchwork-Id: 3399
Return-Path: <laurent.pinchart@ideasonboard.com>
Received: from perceval.ideasonboard.com (perceval.ideasonboard.com
	[213.167.242.64])
	by lancelot.ideasonboard.com (Postfix) with ESMTPS id 7D54F62E17
	for <libcamera-devel@lists.libcamera.org>;
	Sat,  4 Apr 2020 03:56:41 +0200 (CEST)
Authentication-Results: lancelot.ideasonboard.com; dkim=pass (1024-bit key;
	unprotected) header.d=ideasonboard.com
	header.i=@ideasonboard.com
	header.b="aId/IjFz"; dkim-atps=neutral
Received: from pendragon.bb.dnainternet.fi (81-175-216-236.bb.dnainternet.fi
	[81.175.216.236])
	by perceval.ideasonboard.com (Postfix) with ESMTPSA id 1431472E
	for <libcamera-devel@lists.libcamera.org>;
	Sat,  4 Apr 2020 03:56:41 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;
	s=mail; t=1585965401;
	bh=94jrbmSUBFyOik7a64xeUeWbK3CieQXO7EyL16yFMts=;
	h=From:To:Subject:Date:In-Reply-To:References:From;
	b=aId/IjFzLBPoZZ7HLLnf4EhCDh9jHYfddIxThDibi9L42Giou6/yfB3nmLkgqYvYa
	Lm3CQomUxifLcGQFtEeT0Ur1WWc1/cAWqK8Rqb8c2VFieC1v8kjw+iqnke1vc7Rum0
	QCBzyM0e4Lpw4yRGzrkTWUG+alWacuOLMbmUzIgs=
From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
To: libcamera-devel@lists.libcamera.org
Date: Sat,  4 Apr 2020 04:56:22 +0300
Message-Id: <20200404015624.30440-10-laurent.pinchart@ideasonboard.com>
X-Mailer: git-send-email 2.24.1
In-Reply-To: <20200404015624.30440-1-laurent.pinchart@ideasonboard.com>
References: <20200404015624.30440-1-laurent.pinchart@ideasonboard.com>
MIME-Version: 1.0
Subject: [libcamera-devel] [PATCH 09/11] libcamera: ipa_manager: Embed IPA
	module signing public key
X-BeenThere: libcamera-devel@lists.libcamera.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <libcamera-devel.lists.libcamera.org>
List-Unsubscribe: <https://lists.libcamera.org/options/libcamera-devel>,
	<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>
List-Archive: <https://lists.libcamera.org/pipermail/libcamera-devel/>
List-Post: <mailto:libcamera-devel@lists.libcamera.org>
List-Help: <mailto:libcamera-devel-request@lists.libcamera.org?subject=help>
List-Subscribe: <https://lists.libcamera.org/listinfo/libcamera-devel>,
	<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Apr 2020 01:56:44 -0000

In preparation for verifying the signature of IPA modules, generate a
public key from the private signing key and embed it in the IPAManager
class.

Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Niklas Söderlund <niklas.soderlund@ragnatech.se>
---
 src/libcamera/gen-ipa-pub-key.py    | 46 +++++++++++++++++++++++++++++
 src/libcamera/include/ipa_manager.h |  5 ++++
 src/libcamera/ipa_pub_key.cpp.in    | 20 +++++++++++++
 src/libcamera/meson.build           |  8 +++++
 4 files changed, 79 insertions(+)
 create mode 100755 src/libcamera/gen-ipa-pub-key.py
 create mode 100644 src/libcamera/ipa_pub_key.cpp.in

diff --git a/src/libcamera/gen-ipa-pub-key.py b/src/libcamera/gen-ipa-pub-key.py
new file mode 100755
index 000000000000..ad575b18c922
--- /dev/null
+++ b/src/libcamera/gen-ipa-pub-key.py
@@ -0,0 +1,46 @@
+#!/usr/bin/env python3
+# SPDX-License-Identifier: GPL-2.0-or-later
+# Copyright (C) 2020, Google Inc.
+#
+# Author: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
+#
+# ipa-gen-key.py - Generate the IPA module signing public key
+
+import string
+import subprocess
+import sys
+
+
+def main(argv):
+    if len(argv) != 4:
+        print('Usage: %s priv-key template output' % argv[0])
+        return 1
+
+    priv_key = argv[1]
+    template = argv[2]
+    output = argv[3]
+
+    try:
+        ret = subprocess.run(['openssl', 'rsa', '-pubout', '-in', priv_key,
+                              '-outform', 'DER'],
+                             stdout=subprocess.PIPE)
+    except FileNotFoundError:
+        print('Please install openssl to sign IPA modules')
+        return 1
+
+    ipa_key = ', '.join(['0x%02x' % c for c in ret.stdout])
+    data = {'ipa_key': ipa_key}
+
+    template = open(template, 'rb').read()
+    template = template.decode('utf-8')
+    template = string.Template(template)
+
+    f = open(output, 'wb')
+    f.write(template.substitute(data).encode('utf-8'))
+    f.close()
+
+    return 0
+
+
+if __name__ == '__main__':
+    sys.exit(main(sys.argv))
diff --git a/src/libcamera/include/ipa_manager.h b/src/libcamera/include/ipa_manager.h
index 467658e40ce9..26edf087461e 100644
--- a/src/libcamera/include/ipa_manager.h
+++ b/src/libcamera/include/ipa_manager.h
@@ -7,6 +7,7 @@
 #ifndef __LIBCAMERA_IPA_MANAGER_H__
 #define __LIBCAMERA_IPA_MANAGER_H__
 
+#include <stdint.h>
 #include <vector>
 
 #include <ipa/ipa_interface.h>
@@ -14,6 +15,7 @@
 
 #include "ipa_module.h"
 #include "pipeline_handler.h"
+#include "pub_key.h"
 
 namespace libcamera {
 
@@ -35,6 +37,9 @@ private:
 	void parseDir(const char *libDir, unsigned int maxDepth,
 		      std::vector<std::string> &files);
 	unsigned int addDir(const char *libDir, unsigned int maxDepth = 0);
+
+	static const uint8_t publicKeyData_[];
+	static const PubKey pubKey_;
 };
 
 } /* namespace libcamera */
diff --git a/src/libcamera/ipa_pub_key.cpp.in b/src/libcamera/ipa_pub_key.cpp.in
new file mode 100644
index 000000000000..e1fe287c160e
--- /dev/null
+++ b/src/libcamera/ipa_pub_key.cpp.in
@@ -0,0 +1,20 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+/*
+ * Copyright (C) 2020, Laurent Pinchart <laurent.pinchart@ideasonboard.com>
+ *
+ * ipa_key.cpp - IPA module signing public key
+ *
+ * This file is auto-generated. Do not edit.
+ */
+
+#include "ipa_manager.h"
+
+namespace libcamera {
+
+const uint8_t IPAManager::publicKeyData_[] = {
+	${ipa_key}
+};
+
+const PubKey IPAManager::pubKey_{ { IPAManager::publicKeyData_ } };
+
+} /* namespace libcamera */
diff --git a/src/libcamera/meson.build b/src/libcamera/meson.build
index c2a657e4938c..c502450c4b2d 100644
--- a/src/libcamera/meson.build
+++ b/src/libcamera/meson.build
@@ -101,6 +101,14 @@ version_cpp = vcs_tag(command : [gen_version, meson.build_root()],
 
 libcamera_sources += version_cpp
 
+gen_ipa_pub_key = files('gen-ipa-pub-key.py')
+ipa_pub_key_cpp = custom_target('ipa_pub_key_cpp',
+                                input : [ ipa_priv_key, 'ipa_pub_key.cpp.in' ],
+                                output : 'ipa_pub_key.cpp',
+                                command : [ gen_ipa_pub_key, '@INPUT@', '@OUTPUT@' ])
+
+libcamera_sources += ipa_pub_key_cpp
+
 libcamera_deps = [
     libatomic,
     libdl,