dbafe16da7
We build libcamera with -Wno-unused-parameter and this doesn't cause much issue internally. However, it prevents catching unused parameters in inline functions defined in public headers. This can lead to compilation warnings for applications compiled without -Wno-unused-parameter. To catch those issues, remove -Wno-unused-parameter and fix all the related warnings with [[maybe_unused]]. Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com> Reviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com> Reviewed-by: Niklas Söderlund <niklas.soderlund@ragnatech.se>
99 lines
2.1 KiB
C++
99 lines
2.1 KiB
C++
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
|
/*
|
|
* Copyright (C) 2020, Google Inc.
|
|
*
|
|
* pub_key.cpp - Public key signature verification
|
|
*/
|
|
|
|
#include "libcamera/internal/pub_key.h"
|
|
|
|
#if HAVE_GNUTLS
|
|
#include <gnutls/abstract.h>
|
|
#endif
|
|
|
|
/**
|
|
* \file pub_key.h
|
|
* \brief Public key signature verification
|
|
*/
|
|
|
|
namespace libcamera {
|
|
|
|
/**
|
|
* \class PubKey
|
|
* \brief Public key wrapper for signature verification
|
|
*
|
|
* The PubKey class wraps a public key and implements signature verification. It
|
|
* only supports RSA keys and the RSA-SHA256 signature algorithm.
|
|
*/
|
|
|
|
/**
|
|
* \brief Construct a PubKey from key data
|
|
* \param[in] key Key data encoded in DER format
|
|
*/
|
|
PubKey::PubKey([[maybe_unused]] Span<const uint8_t> key)
|
|
: valid_(false)
|
|
{
|
|
#if HAVE_GNUTLS
|
|
int ret = gnutls_pubkey_init(&pubkey_);
|
|
if (ret < 0)
|
|
return;
|
|
|
|
const gnutls_datum_t gnuTlsKey{
|
|
const_cast<unsigned char *>(key.data()),
|
|
static_cast<unsigned int>(key.size())
|
|
};
|
|
ret = gnutls_pubkey_import(pubkey_, &gnuTlsKey, GNUTLS_X509_FMT_DER);
|
|
if (ret < 0)
|
|
return;
|
|
|
|
valid_ = true;
|
|
#endif
|
|
}
|
|
|
|
PubKey::~PubKey()
|
|
{
|
|
#if HAVE_GNUTLS
|
|
gnutls_pubkey_deinit(pubkey_);
|
|
#endif
|
|
}
|
|
|
|
/**
|
|
* \fn bool PubKey::isValid() const
|
|
* \brief Check is the public key is valid
|
|
* \return True if the public key is valid, false otherwise
|
|
*/
|
|
|
|
/**
|
|
* \brief Verify signature on data
|
|
* \param[in] data The signed data
|
|
* \param[in] sig The signature
|
|
*
|
|
* Verify that the signature \a sig matches the signed \a data for the public
|
|
* key. The signture algorithm is hardcoded to RSA-SHA256.
|
|
*
|
|
* \return True if the signature is valid, false otherwise
|
|
*/
|
|
bool PubKey::verify([[maybe_unused]] Span<const uint8_t> data,
|
|
[[maybe_unused]] Span<const uint8_t> sig) const
|
|
{
|
|
#if HAVE_GNUTLS
|
|
const gnutls_datum_t gnuTlsData{
|
|
const_cast<unsigned char *>(data.data()),
|
|
static_cast<unsigned int>(data.size())
|
|
};
|
|
|
|
const gnutls_datum_t gnuTlsSig{
|
|
const_cast<unsigned char *>(sig.data()),
|
|
static_cast<unsigned int>(sig.size())
|
|
};
|
|
|
|
int ret = gnutls_pubkey_verify_data2(pubkey_, GNUTLS_SIGN_RSA_SHA256, 0,
|
|
&gnuTlsData, &gnuTlsSig);
|
|
return ret >= 0;
|
|
#else
|
|
return false;
|
|
#endif
|
|
}
|
|
|
|
} /* namespace libcamera */
|