From 4af45819d009bf5a0d2f61e044045c6accbb7142 Mon Sep 17 00:00:00 2001 From: Kieran Bingham Date: Wed, 9 Sep 2020 12:56:07 +0100 Subject: libcamera: ipa: Move key generation to utils Move the GPLv2 utilities used for generating public and private keys to the utilities subtree. Signed-off-by: Kieran Bingham Reviewed-by: Laurent Pinchart Reviewed-by: Paul Elder --- src/ipa/gen-ipa-priv-key.sh | 11 --------- src/libcamera/gen-ipa-pub-key.py | 48 ---------------------------------------- src/libcamera/meson.build | 1 - src/meson.build | 1 - utils/gen-ipa-priv-key.sh | 11 +++++++++ utils/gen-ipa-pub-key.py | 48 ++++++++++++++++++++++++++++++++++++++++ utils/meson.build | 4 ++++ 7 files changed, 63 insertions(+), 61 deletions(-) delete mode 100755 src/ipa/gen-ipa-priv-key.sh delete mode 100755 src/libcamera/gen-ipa-pub-key.py create mode 100755 utils/gen-ipa-priv-key.sh create mode 100755 utils/gen-ipa-pub-key.py diff --git a/src/ipa/gen-ipa-priv-key.sh b/src/ipa/gen-ipa-priv-key.sh deleted file mode 100755 index 919751f2..00000000 --- a/src/ipa/gen-ipa-priv-key.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh -# SPDX-License-Identifier: GPL-2.0-or-later -# Copyright (C) 2020, Google Inc. -# -# Author: Laurent Pinchart -# -# gen-ipa-priv-key.sh - Generate an RSA private key to sign IPA modules - -key="$1" - -openssl genpkey -algorithm RSA -out "${key}" -pkeyopt rsa_keygen_bits:2048 diff --git a/src/libcamera/gen-ipa-pub-key.py b/src/libcamera/gen-ipa-pub-key.py deleted file mode 100755 index a4a1f7b7..00000000 --- a/src/libcamera/gen-ipa-pub-key.py +++ /dev/null @@ -1,48 +0,0 @@ -#!/usr/bin/env python3 -# SPDX-License-Identifier: GPL-2.0-or-later -# Copyright (C) 2020, Google Inc. -# -# Author: Laurent Pinchart -# -# ipa-gen-key.py - Generate the IPA module signing public key - -import string -import subprocess -import sys - - -def main(argv): - if len(argv) != 4: - print('Usage: %s priv-key template output' % argv[0]) - return 1 - - priv_key = argv[1] - template = argv[2] - output = argv[3] - - try: - ret = subprocess.run(['openssl', 'rsa', '-pubout', '-in', priv_key, - '-outform', 'DER'], - stdout=subprocess.PIPE) - except FileNotFoundError: - print('Please install openssl to sign IPA modules') - return 1 - - ipa_key = ['0x%02x' % c for c in ret.stdout] - ipa_key = [', '.join(ipa_key[bound:bound + 8]) for bound in range(0, len(ipa_key), 8)] - ipa_key = ',\n\t'.join(ipa_key) - data = {'ipa_key': ipa_key} - - template = open(template, 'rb').read() - template = template.decode('utf-8') - template = string.Template(template) - - f = open(output, 'wb') - f.write(template.substitute(data).encode('utf-8')) - f.close() - - return 0 - - -if __name__ == '__main__': - sys.exit(main(sys.argv)) diff --git a/src/libcamera/meson.build b/src/libcamera/meson.build index d63dacd5..18ea3261 100644 --- a/src/libcamera/meson.build +++ b/src/libcamera/meson.build @@ -100,7 +100,6 @@ version_cpp = vcs_tag(command : [gen_version, meson.build_root()], libcamera_sources += version_cpp if ipa_sign_module - gen_ipa_pub_key = files('gen-ipa-pub-key.py') ipa_pub_key_cpp = custom_target('ipa_pub_key_cpp', input : [ ipa_priv_key, 'ipa_pub_key.cpp.in' ], output : 'ipa_pub_key.cpp', diff --git a/src/meson.build b/src/meson.build index db155e68..b9c7e759 100644 --- a/src/meson.build +++ b/src/meson.build @@ -4,7 +4,6 @@ subdir('android') openssl = find_program('openssl', required : true) if openssl.found() - gen_ipa_priv_key = files('ipa/gen-ipa-priv-key.sh') ipa_priv_key = custom_target('ipa-priv-key', output : [ 'ipa-priv-key.pem' ], command : [ gen_ipa_priv_key, '@OUTPUT@' ]) diff --git a/utils/gen-ipa-priv-key.sh b/utils/gen-ipa-priv-key.sh new file mode 100755 index 00000000..919751f2 --- /dev/null +++ b/utils/gen-ipa-priv-key.sh @@ -0,0 +1,11 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0-or-later +# Copyright (C) 2020, Google Inc. +# +# Author: Laurent Pinchart +# +# gen-ipa-priv-key.sh - Generate an RSA private key to sign IPA modules + +key="$1" + +openssl genpkey -algorithm RSA -out "${key}" -pkeyopt rsa_keygen_bits:2048 diff --git a/utils/gen-ipa-pub-key.py b/utils/gen-ipa-pub-key.py new file mode 100755 index 00000000..a4a1f7b7 --- /dev/null +++ b/utils/gen-ipa-pub-key.py @@ -0,0 +1,48 @@ +#!/usr/bin/env python3 +# SPDX-License-Identifier: GPL-2.0-or-later +# Copyright (C) 2020, Google Inc. +# +# Author: Laurent Pinchart +# +# ipa-gen-key.py - Generate the IPA module signing public key + +import string +import subprocess +import sys + + +def main(argv): + if len(argv) != 4: + print('Usage: %s priv-key template output' % argv[0]) + return 1 + + priv_key = argv[1] + template = argv[2] + output = argv[3] + + try: + ret = subprocess.run(['openssl', 'rsa', '-pubout', '-in', priv_key, + '-outform', 'DER'], + stdout=subprocess.PIPE) + except FileNotFoundError: + print('Please install openssl to sign IPA modules') + return 1 + + ipa_key = ['0x%02x' % c for c in ret.stdout] + ipa_key = [', '.join(ipa_key[bound:bound + 8]) for bound in range(0, len(ipa_key), 8)] + ipa_key = ',\n\t'.join(ipa_key) + data = {'ipa_key': ipa_key} + + template = open(template, 'rb').read() + template = template.decode('utf-8') + template = string.Template(template) + + f = open(output, 'wb') + f.write(template.substitute(data).encode('utf-8')) + f.close() + + return 0 + + +if __name__ == '__main__': + sys.exit(main(sys.argv)) diff --git a/utils/meson.build b/utils/meson.build index ef5507b1..456bf7f8 100644 --- a/utils/meson.build +++ b/utils/meson.build @@ -6,3 +6,7 @@ subdir('ipu3') gen_controls = files('gen-controls.py') gen_formats = files('gen-formats.py') gen_header = files('gen-header.sh') + +## Module signing +gen_ipa_priv_key = files('gen-ipa-priv-key.sh') +gen_ipa_pub_key = files('gen-ipa-pub-key.py') -- cgit v1.2.1