summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLaurent Pinchart <laurent.pinchart@ideasonboard.com>2020-03-29 07:12:01 +0300
committerLaurent Pinchart <laurent.pinchart@ideasonboard.com>2020-04-14 02:03:29 +0300
commiteab143ee69064092b6bb47297022efa80f47c120 (patch)
tree891d5398197c3e221eeb58992778beca5469a6df /src
parent4b11facde4ef3499690b84428c6155bea867fba8 (diff)
libcamera: ipa_manager: Verify IPA module signature
Decide whether to isolate the IPA module using the module signature instead of its license. Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com> Reviewed-by: Niklas Söderlund <niklas.soderlund@ragnatech.se>
Diffstat (limited to 'src')
-rw-r--r--src/libcamera/include/ipa_manager.h2
-rw-r--r--src/libcamera/include/ipa_module.h2
-rw-r--r--src/libcamera/ipa_manager.cpp26
-rw-r--r--src/libcamera/ipa_module.cpp25
4 files changed, 25 insertions, 30 deletions
diff --git a/src/libcamera/include/ipa_manager.h b/src/libcamera/include/ipa_manager.h
index 26edf087..0b5fd2ac 100644
--- a/src/libcamera/include/ipa_manager.h
+++ b/src/libcamera/include/ipa_manager.h
@@ -38,6 +38,8 @@ private:
std::vector<std::string> &files);
unsigned int addDir(const char *libDir, unsigned int maxDepth = 0);
+ bool isSignatureValid(IPAModule *ipa) const;
+
static const uint8_t publicKeyData_[];
static const PubKey pubKey_;
};
diff --git a/src/libcamera/include/ipa_module.h b/src/libcamera/include/ipa_module.h
index ec367185..a9a35117 100644
--- a/src/libcamera/include/ipa_module.h
+++ b/src/libcamera/include/ipa_module.h
@@ -37,8 +37,6 @@ public:
bool match(PipelineHandler *pipe,
uint32_t minVersion, uint32_t maxVersion) const;
- bool isOpenSource() const;
-
private:
struct IPAModuleInfo info_;
std::vector<uint8_t> signature_;
diff --git a/src/libcamera/ipa_manager.cpp b/src/libcamera/ipa_manager.cpp
index 6d23f470..7de1404e 100644
--- a/src/libcamera/ipa_manager.cpp
+++ b/src/libcamera/ipa_manager.cpp
@@ -12,6 +12,7 @@
#include <string.h>
#include <sys/types.h>
+#include "file.h"
#include "ipa_module.h"
#include "ipa_proxy.h"
#include "log.h"
@@ -271,12 +272,12 @@ std::unique_ptr<IPAInterface> IPAManager::createIPA(PipelineHandler *pipe,
return nullptr;
/*
- * Load and run the IPA module in a thread if it is open-source, or
- * isolate it in a separate process otherwise.
+ * Load and run the IPA module in a thread if it has a valid signature,
+ * or isolate it in a separate process otherwise.
*
* \todo Implement a better proxy selection
*/
- const char *proxyName = m->isOpenSource()
+ const char *proxyName = isSignatureValid(m)
? "IPAProxyThread" : "IPAProxyLinux";
IPAProxyFactory *pf = nullptr;
@@ -301,4 +302,23 @@ std::unique_ptr<IPAInterface> IPAManager::createIPA(PipelineHandler *pipe,
return proxy;
}
+bool IPAManager::isSignatureValid(IPAModule *ipa) const
+{
+ File file{ ipa->path() };
+ if (!file.open(File::ReadOnly))
+ return false;
+
+ Span<uint8_t> data = file.map();
+ if (data.empty())
+ return false;
+
+ bool valid = pubKey_.verify(data, ipa->signature());
+
+ LOG(IPAManager, Debug)
+ << "IPA module " << ipa->path() << " signature is "
+ << (valid ? "valid" : "not valid");
+
+ return valid;
+}
+
} /* namespace libcamera */
diff --git a/src/libcamera/ipa_module.cpp b/src/libcamera/ipa_module.cpp
index 51b238a6..96b44f13 100644
--- a/src/libcamera/ipa_module.cpp
+++ b/src/libcamera/ipa_module.cpp
@@ -472,29 +472,4 @@ bool IPAModule::match(PipelineHandler *pipe,
!strcmp(info_.pipelineName, pipe->name());
}
-/**
- * \brief Verify if the IPA module is open source
- *
- * \sa IPAModuleInfo::license
- */
-bool IPAModule::isOpenSource() const
-{
- static const char *osLicenses[] = {
- "GPL-2.0-only",
- "GPL-2.0-or-later",
- "GPL-3.0-only",
- "GPL-3.0-or-later",
- "LGPL-2.1-only",
- "LGPL-2.1-or-later",
- "LGPL-3.0-only",
- "LGPL-3.0-or-later",
- };
-
- for (unsigned int i = 0; i < ARRAY_SIZE(osLicenses); i++)
- if (!strcmp(osLicenses[i], info_.license))
- return true;
-
- return false;
-}
-
} /* namespace libcamera */