libcamera: ipa_manager: Embed IPA module signing public key

In preparation for verifying the signature of IPA modules, generate a public key from the private signing key and embed it in the IPAManager class. Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com> Reviewed-by: Niklas Söderlund <niklas.soderlund@ragnatech.se>
2020-03-29 04:52:30 +03:00
parent 462d6508a2
commit 4b11facde4
4 changed files with 79 additions and 0 deletions
--- a/src/libcamera/gen-ipa-pub-key.py
+++ b/src/libcamera/gen-ipa-pub-key.py
@@ -0,0 +1,46 @@
+#!/usr/bin/env python3
+# SPDX-License-Identifier: GPL-2.0-or-later
+# Copyright (C) 2020, Google Inc.
+#
+# Author: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
+#
+# ipa-gen-key.py - Generate the IPA module signing public key
+
+import string
+import subprocess
+import sys
+
+
+def main(argv):
+    if len(argv) != 4:
+        print('Usage: %s priv-key template output' % argv[0])
+        return 1
+
+    priv_key = argv[1]
+    template = argv[2]
+    output = argv[3]
+
+    try:
+        ret = subprocess.run(['openssl', 'rsa', '-pubout', '-in', priv_key,
+                              '-outform', 'DER'],
+                             stdout=subprocess.PIPE)
+    except FileNotFoundError:
+        print('Please install openssl to sign IPA modules')
+        return 1
+
+    ipa_key = ', '.join(['0x%02x' % c for c in ret.stdout])
+    data = {'ipa_key': ipa_key}
+
+    template = open(template, 'rb').read()
+    template = template.decode('utf-8')
+    template = string.Template(template)
+
+    f = open(output, 'wb')
+    f.write(template.substitute(data).encode('utf-8'))
+    f.close()
+
+    return 0
+
+
+if __name__ == '__main__':
+    sys.exit(main(sys.argv))
--- a/src/libcamera/include/ipa_manager.h
+++ b/src/libcamera/include/ipa_manager.h
@@ -7,6 +7,7 @@
 #ifndef __LIBCAMERA_IPA_MANAGER_H__
 #define __LIBCAMERA_IPA_MANAGER_H__

+#include <stdint.h>
 #include <vector>

 #include <ipa/ipa_interface.h>
@@ -14,6 +15,7 @@

 #include "ipa_module.h"
 #include "pipeline_handler.h"
+#include "pub_key.h"

 namespace libcamera {

@@ -35,6 +37,9 @@ private:
 	void parseDir(const char *libDir, unsigned int maxDepth,
 		      std::vector<std::string> &files);
 	unsigned int addDir(const char *libDir, unsigned int maxDepth = 0);
+
+	static const uint8_t publicKeyData_[];
+	static const PubKey pubKey_;
 };

 } /* namespace libcamera */
--- a/src/libcamera/ipa_pub_key.cpp.in
+++ b/src/libcamera/ipa_pub_key.cpp.in
@@ -0,0 +1,20 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+/*
+ * Copyright (C) 2020, Laurent Pinchart <laurent.pinchart@ideasonboard.com>
+ *
+ * ipa_key.cpp - IPA module signing public key
+ *
+ * This file is auto-generated. Do not edit.
+ */
+
+#include "ipa_manager.h"
+
+namespace libcamera {
+
+const uint8_t IPAManager::publicKeyData_[] = {
+	${ipa_key}
+};
+
+const PubKey IPAManager::pubKey_{ { IPAManager::publicKeyData_ } };
+
+} /* namespace libcamera */
--- a/src/libcamera/meson.build
+++ b/src/libcamera/meson.build
@@ -101,6 +101,14 @@ version_cpp = vcs_tag(command : [gen_version, meson.build_root()],

 libcamera_sources += version_cpp

+gen_ipa_pub_key = files('gen-ipa-pub-key.py')
+ipa_pub_key_cpp = custom_target('ipa_pub_key_cpp',
+                                input : [ ipa_priv_key, 'ipa_pub_key.cpp.in' ],
+                                output : 'ipa_pub_key.cpp',
+                                command : [ gen_ipa_pub_key, '@INPUT@', '@OUTPUT@' ])
+
+libcamera_sources += ipa_pub_key_cpp
+
 libcamera_deps = [
    libatomic,
    libdl,