diff options
author | Laurent Pinchart <laurent.pinchart@ideasonboard.com> | 2020-03-29 07:12:01 +0300 |
---|---|---|
committer | Laurent Pinchart <laurent.pinchart@ideasonboard.com> | 2020-04-14 02:03:29 +0300 |
commit | eab143ee69064092b6bb47297022efa80f47c120 (patch) | |
tree | 891d5398197c3e221eeb58992778beca5469a6df /src | |
parent | 4b11facde4ef3499690b84428c6155bea867fba8 (diff) |
libcamera: ipa_manager: Verify IPA module signature
Decide whether to isolate the IPA module using the module signature
instead of its license.
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Niklas Söderlund <niklas.soderlund@ragnatech.se>
Diffstat (limited to 'src')
-rw-r--r-- | src/libcamera/include/ipa_manager.h | 2 | ||||
-rw-r--r-- | src/libcamera/include/ipa_module.h | 2 | ||||
-rw-r--r-- | src/libcamera/ipa_manager.cpp | 26 | ||||
-rw-r--r-- | src/libcamera/ipa_module.cpp | 25 |
4 files changed, 25 insertions, 30 deletions
diff --git a/src/libcamera/include/ipa_manager.h b/src/libcamera/include/ipa_manager.h index 26edf087..0b5fd2ac 100644 --- a/src/libcamera/include/ipa_manager.h +++ b/src/libcamera/include/ipa_manager.h @@ -38,6 +38,8 @@ private: std::vector<std::string> &files); unsigned int addDir(const char *libDir, unsigned int maxDepth = 0); + bool isSignatureValid(IPAModule *ipa) const; + static const uint8_t publicKeyData_[]; static const PubKey pubKey_; }; diff --git a/src/libcamera/include/ipa_module.h b/src/libcamera/include/ipa_module.h index ec367185..a9a35117 100644 --- a/src/libcamera/include/ipa_module.h +++ b/src/libcamera/include/ipa_module.h @@ -37,8 +37,6 @@ public: bool match(PipelineHandler *pipe, uint32_t minVersion, uint32_t maxVersion) const; - bool isOpenSource() const; - private: struct IPAModuleInfo info_; std::vector<uint8_t> signature_; diff --git a/src/libcamera/ipa_manager.cpp b/src/libcamera/ipa_manager.cpp index 6d23f470..7de1404e 100644 --- a/src/libcamera/ipa_manager.cpp +++ b/src/libcamera/ipa_manager.cpp @@ -12,6 +12,7 @@ #include <string.h> #include <sys/types.h> +#include "file.h" #include "ipa_module.h" #include "ipa_proxy.h" #include "log.h" @@ -271,12 +272,12 @@ std::unique_ptr<IPAInterface> IPAManager::createIPA(PipelineHandler *pipe, return nullptr; /* - * Load and run the IPA module in a thread if it is open-source, or - * isolate it in a separate process otherwise. + * Load and run the IPA module in a thread if it has a valid signature, + * or isolate it in a separate process otherwise. * * \todo Implement a better proxy selection */ - const char *proxyName = m->isOpenSource() + const char *proxyName = isSignatureValid(m) ? "IPAProxyThread" : "IPAProxyLinux"; IPAProxyFactory *pf = nullptr; @@ -301,4 +302,23 @@ std::unique_ptr<IPAInterface> IPAManager::createIPA(PipelineHandler *pipe, return proxy; } +bool IPAManager::isSignatureValid(IPAModule *ipa) const +{ + File file{ ipa->path() }; + if (!file.open(File::ReadOnly)) + return false; + + Span<uint8_t> data = file.map(); + if (data.empty()) + return false; + + bool valid = pubKey_.verify(data, ipa->signature()); + + LOG(IPAManager, Debug) + << "IPA module " << ipa->path() << " signature is " + << (valid ? "valid" : "not valid"); + + return valid; +} + } /* namespace libcamera */ diff --git a/src/libcamera/ipa_module.cpp b/src/libcamera/ipa_module.cpp index 51b238a6..96b44f13 100644 --- a/src/libcamera/ipa_module.cpp +++ b/src/libcamera/ipa_module.cpp @@ -472,29 +472,4 @@ bool IPAModule::match(PipelineHandler *pipe, !strcmp(info_.pipelineName, pipe->name()); } -/** - * \brief Verify if the IPA module is open source - * - * \sa IPAModuleInfo::license - */ -bool IPAModule::isOpenSource() const -{ - static const char *osLicenses[] = { - "GPL-2.0-only", - "GPL-2.0-or-later", - "GPL-3.0-only", - "GPL-3.0-or-later", - "LGPL-2.1-only", - "LGPL-2.1-or-later", - "LGPL-3.0-only", - "LGPL-3.0-or-later", - }; - - for (unsigned int i = 0; i < ARRAY_SIZE(osLicenses); i++) - if (!strcmp(osLicenses[i], info_.license)) - return true; - - return false; -} - } /* namespace libcamera */ |