2 * Central Regulatory Domain Agent for Linux
4 * Userspace helper which sends regulatory domains to Linux via nl80211
13 #include <arpa/inet.h>
15 #include <netlink/genl/genl.h>
16 #include <netlink/genl/family.h>
17 #include <netlink/genl/ctrl.h>
18 #include <netlink/msg.h>
19 #include <netlink/attr.h>
20 #include <linux/nl80211.h>
25 #include <openssl/objects.h>
26 #include <openssl/bn.h>
27 #include <openssl/rsa.h>
28 #include <openssl/sha.h>
36 #include "keys-gcrypt.c"
39 struct nl80211_state {
40 struct nl_handle *nl_handle;
41 struct nl_cache *nl_cache;
42 struct genl_family *nl80211;
45 static int nl80211_init(struct nl80211_state *state)
49 state->nl_handle = nl_handle_alloc();
50 if (!state->nl_handle) {
51 fprintf(stderr, "Failed to allocate netlink handle.\n");
55 if (genl_connect(state->nl_handle)) {
56 fprintf(stderr, "Failed to connect to generic netlink.\n");
58 goto out_handle_destroy;
61 state->nl_cache = genl_ctrl_alloc_cache(state->nl_handle);
62 if (!state->nl_cache) {
63 fprintf(stderr, "Failed to allocate generic netlink cache.\n");
65 goto out_handle_destroy;
68 state->nl80211 = genl_ctrl_search_by_name(state->nl_cache, "nl80211");
69 if (!state->nl80211) {
70 fprintf(stderr, "nl80211 not found.\n");
78 nl_cache_free(state->nl_cache);
80 nl_handle_destroy(state->nl_handle);
84 static void nl80211_cleanup(struct nl80211_state *state)
86 genl_family_put(state->nl80211);
87 nl_cache_free(state->nl_cache);
88 nl_handle_destroy(state->nl_handle);
91 static int reg_handler(struct nl_msg *msg, void *arg)
96 static int wait_handler(struct nl_msg *msg, void *arg)
104 static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err, void *arg)
106 fprintf(stderr, "nl80211 error %d\n", err->error);
110 int isalpha_upper(char letter)
112 if (letter >= 'A' && letter <= 'Z')
117 static int is_alpha2(const char *alpha2)
119 if (isalpha_upper(alpha2[0]) && isalpha_upper(alpha2[1]))
124 static int is_world_regdom(const char *alpha2)
126 if (alpha2[0] == '0' && alpha2[1] == '0')
131 static int is_valid_regdom(const char * alpha2)
133 if (strlen(alpha2) != 2)
136 if (!is_alpha2(alpha2) && !is_world_regdom(alpha2)) {
143 /* ptr is 32 big endian. You don't need to convert it before passing to this
146 static void *get_file_ptr(__u8 *db, int dblen, int structlen, __be32 ptr)
148 __u32 p = ntohl(ptr);
150 if (p > dblen - structlen) {
151 fprintf(stderr, "Invalid database file, bad pointer!\n");
155 return (void *)(db + p);
158 static int put_reg_rule(__u8 *db, int dblen, __be32 ruleptr, struct nl_msg *msg)
160 struct regdb_file_reg_rule *rule;
161 struct regdb_file_freq_range *freq;
162 struct regdb_file_power_rule *power;
164 rule = get_file_ptr(db, dblen, sizeof(*rule), ruleptr);
165 freq = get_file_ptr(db, dblen, sizeof(*freq), rule->freq_range_ptr);
166 power = get_file_ptr(db, dblen, sizeof(*power), rule->power_rule_ptr);
168 NLA_PUT_U32(msg, NL80211_ATTR_REG_RULE_FLAGS, ntohl(rule->flags));
169 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_START, ntohl(freq->start_freq));
170 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_END, ntohl(freq->end_freq));
171 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW, ntohl(freq->max_bandwidth));
172 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN, ntohl(power->max_antenna_gain));
173 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP, ntohl(power->max_eirp));
181 int main(int argc, char **argv)
186 struct regdb_file_header *header;
187 struct regdb_file_reg_country *countries;
188 int dblen, siglen, num_countries, i, j, r;
191 struct nl80211_state nlstate;
192 struct nl_cb *cb = NULL;
194 int found_country = 0;
197 struct regdb_file_reg_rules_collection *rcoll;
198 struct regdb_file_reg_country *country;
199 struct nlattr *nl_reg_rules;
204 __u8 hash[SHA_DIGEST_LENGTH];
208 gcry_mpi_t mpi_e, mpi_n;
209 gcry_sexp_t rsa, signature, data;
214 const char regdb[] = "/usr/lib/crda/regulatory.bin";
217 fprintf(stderr, "Usage: %s\n", argv[0]);
221 env_country = getenv("COUNTRY");
223 fprintf(stderr, "COUNTRY environment variable not set.\n");
227 if (!is_valid_regdom(env_country)) {
228 fprintf(stderr, "COUNTRY environment variable must be an "
229 "ISO ISO 3166-1-alpha-2 (uppercase) or 00\n");
233 memcpy(alpha2, env_country, 2);
235 fd = open(regdb, O_RDONLY);
237 perror("failed to open db file");
241 if (fstat(fd, &stat)) {
242 perror("failed to fstat db file");
246 dblen = stat.st_size;
248 db = mmap(NULL, dblen, PROT_READ, MAP_PRIVATE, fd, 0);
249 if (db == MAP_FAILED) {
250 perror("failed to mmap db file");
254 /* db file starts with a struct regdb_file_header */
255 header = get_file_ptr(db, dblen, sizeof(*header), 0);
257 if (ntohl(header->magic) != REGDB_MAGIC) {
258 fprintf(stderr, "Invalid database magic\n");
262 if (ntohl(header->version) != REGDB_VERSION) {
263 fprintf(stderr, "Invalid database version\n");
267 siglen = ntohl(header->signature_length);
268 /* adjust dblen so later sanity checks don't run into the signature */
271 if (dblen <= sizeof(*header)) {
272 fprintf(stderr, "Invalid signature length %d\n", siglen);
276 /* verify signature */
280 fprintf(stderr, "Failed to create RSA key\n");
284 if (SHA1(db, dblen, hash) != hash) {
285 fprintf(stderr, "Failed to calculate SHA sum\n");
290 for (i = 0; i < sizeof(keys)/sizeof(keys[0]); i++) {
294 if (RSA_size(rsa) != siglen)
297 ok = RSA_verify(NID_sha1, hash, SHA_DIGEST_LENGTH,
298 db + dblen, siglen, rsa) == 1;
308 fprintf(stderr, "Database signature wrong\n");
312 BN_print_fp(stdout, &keys[0].n);
317 gcry_check_version(NULL);
320 gcry_md_hash_buffer(GCRY_MD_SHA1, hash, db, dblen);
322 if (gcry_sexp_build(&data, NULL, "(data (flags pkcs1) (hash sha1 %b))",
324 fprintf(stderr, "failed to build data expression\n");
328 if (gcry_sexp_build(&signature, NULL, "(sig-val (rsa (s %b)))",
329 siglen, db + dblen)) {
330 fprintf(stderr, "failed to build signature expression\n");
334 for (i = 0; i < sizeof(keys)/sizeof(keys[0]); i++) {
335 if (gcry_mpi_scan(&mpi_e, GCRYMPI_FMT_USG,
336 keys[0].e, keys[0].len_e, NULL) ||
337 gcry_mpi_scan(&mpi_n, GCRYMPI_FMT_USG,
338 keys[0].n, keys[0].len_n, NULL)) {
339 fprintf(stderr, "failed to convert numbers\n");
343 if (gcry_sexp_build(&rsa, NULL,
344 "(public-key (rsa (n %m) (e %m)))",
346 fprintf(stderr, "failed to build rsa key\n");
350 if (!gcry_pk_verify(signature, data, rsa)) {
357 fprintf(stderr, "Database signature wrong\n");
362 num_countries = ntohl(header->reg_country_num);
363 countries = get_file_ptr(db, dblen,
364 sizeof(struct regdb_file_reg_country) * num_countries,
365 header->reg_country_ptr);
367 for (i = 0; i < num_countries; i++) {
368 country = countries + i;
369 if (memcmp(country->alpha2, alpha2, 2) == 0) {
375 if (!found_country) {
376 fprintf(stderr, "failed to find a country match in regulatory database\n");
380 r = nl80211_init(&nlstate);
386 fprintf(stderr, "Failed to allocate netlink message.\n");
391 genlmsg_put(msg, 0, 0, genl_family_get_id(nlstate.nl80211), 0,
392 0, NL80211_CMD_SET_REG, 0);
394 rcoll = get_file_ptr(db, dblen, sizeof(*rcoll), country->reg_collection_ptr);
395 num_rules = ntohl(rcoll->reg_rule_num);
396 /* re-get pointer with sanity checking for num_rules */
397 rcoll = get_file_ptr(db, dblen,
398 sizeof(*rcoll) + num_rules * sizeof(__be32),
399 country->reg_collection_ptr);
401 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, (char *) country->alpha2);
403 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
406 goto nla_put_failure;
409 for (j = 0; j < num_rules; j++) {
410 struct nlattr *nl_reg_rule;
411 nl_reg_rule = nla_nest_start(msg, i);
413 goto nla_put_failure;
415 r = put_reg_rule(db, dblen, rcoll->reg_rule_ptrs[j], msg);
417 goto nla_put_failure;
419 nla_nest_end(msg, nl_reg_rule);
422 nla_nest_end(msg, nl_reg_rules);
424 cb = nl_cb_alloc(NL_CB_CUSTOM);
428 r = nl_send_auto_complete(nlstate.nl_handle, msg);
431 fprintf(stderr, "failed to send regulatory request: %d\n", r);
435 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, reg_handler, NULL);
436 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, wait_handler, &finished);
437 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, NULL);
440 r = nl_wait_for_ack(nlstate.nl_handle);
442 fprintf(stderr, "failed to set regulatory domain: %d\n", r);
452 nl80211_cleanup(&nlstate);