14 #include <arpa/inet.h> /* ntohl */
20 #include <openssl/objects.h>
21 #include <openssl/rsa.h>
22 #include <openssl/sha.h>
23 #include <openssl/pem.h>
37 #include "keys-gcrypt.c"
40 void *crda_get_file_ptr(uint8_t *db, int dblen, int structlen, uint32_t ptr)
42 uint32_t p = ntohl(ptr);
44 if (p > dblen - structlen) {
45 fprintf(stderr, "Invalid database file, bad pointer!\n");
49 return (void *)(db + p);
53 * Checks the validity of the signature found on the regulatory
54 * database against the array 'keys'. Returns 1 if there exists
55 * at least one key in the array such that the signature is valid
56 * against that key; 0 otherwise.
58 int crda_verify_db_signature(uint8_t *db, int dblen, int siglen)
62 uint8_t hash[SHA_DIGEST_LENGTH];
66 struct dirent *nextfile;
68 char filename[PATH_MAX];
70 if (SHA1(db, dblen, hash) != hash) {
71 fprintf(stderr, "Failed to calculate SHA1 sum.\n");
75 for (i = 0; (i < sizeof(keys)/sizeof(keys[0])) && (!ok); i++) {
78 fprintf(stderr, "Failed to create RSA key.\n");
85 ok = RSA_verify(NID_sha1, hash, SHA_DIGEST_LENGTH,
86 db + dblen, siglen, rsa) == 1;
92 if (!ok && (pubkey_dir = opendir(PUBKEY_DIR))) {
93 while (!ok && (nextfile = readdir(pubkey_dir))) {
94 snprintf(filename, PATH_MAX, "%s/%s", PUBKEY_DIR,
96 if ((keyfile = fopen(filename, "rb"))) {
97 rsa = PEM_read_RSA_PUBKEY(keyfile,
100 ok = RSA_verify(NID_sha1, hash, SHA_DIGEST_LENGTH,
101 db + dblen, siglen, rsa) == 1;
106 closedir(pubkey_dir);
111 gcry_mpi_t mpi_e, mpi_n;
112 gcry_sexp_t rsa, signature, data;
118 gcry_check_version(NULL);
121 gcry_md_hash_buffer(GCRY_MD_SHA1, hash, db, dblen);
123 if (gcry_sexp_build(&data, NULL, "(data (flags pkcs1) (hash sha1 %b))",
125 fprintf(stderr, "Failed to build data S-expression.\n");
129 if (gcry_sexp_build(&signature, NULL, "(sig-val (rsa (s %b)))",
130 siglen, db + dblen)) {
131 fprintf(stderr, "Failed to build signature S-expression.\n");
135 for (i = 0; (i < sizeof(keys)/sizeof(keys[0])) && (!ok); i++) {
136 if (gcry_mpi_scan(&mpi_e, GCRYMPI_FMT_USG,
137 keys[i].e, keys[i].len_e, NULL) ||
138 gcry_mpi_scan(&mpi_n, GCRYMPI_FMT_USG,
139 keys[i].n, keys[i].len_n, NULL)) {
140 fprintf(stderr, "Failed to convert numbers.\n");
144 if (gcry_sexp_build(&rsa, NULL,
145 "(public-key (rsa (n %m) (e %m)))",
147 fprintf(stderr, "Failed to build RSA S-expression.\n");
151 ok = gcry_pk_verify(signature, data, rsa) == 0;
155 #if defined(USE_OPENSSL) || defined(USE_GCRYPT)
157 fprintf(stderr, "Database signature verification failed.\n");
166 static void reg_rule2rd(uint8_t *db, int dblen,
167 uint32_t ruleptr, struct ieee80211_reg_rule *rd_reg_rule)
169 struct regdb_file_reg_rule *rule;
170 struct regdb_file_freq_range *freq;
171 struct regdb_file_power_rule *power;
173 struct ieee80211_freq_range *rd_freq_range = &rd_reg_rule->freq_range;
174 struct ieee80211_power_rule *rd_power_rule = &rd_reg_rule->power_rule;
176 rule = crda_get_file_ptr(db, dblen, sizeof(*rule), ruleptr);
177 freq = crda_get_file_ptr(db, dblen, sizeof(*freq), rule->freq_range_ptr);
178 power = crda_get_file_ptr(db, dblen, sizeof(*power), rule->power_rule_ptr);
180 rd_freq_range->start_freq_khz = ntohl(freq->start_freq);
181 rd_freq_range->end_freq_khz = ntohl(freq->end_freq);
182 rd_freq_range->max_bandwidth_khz = ntohl(freq->max_bandwidth);
184 rd_power_rule->max_antenna_gain = ntohl(power->max_antenna_gain);
185 rd_power_rule->max_eirp = ntohl(power->max_eirp);
187 rd_reg_rule->flags = ntohl(rule->flags);
190 /* Converts a file regdomain to ieee80211_regdomain, easier to manage */
191 static struct ieee80211_regdomain *
192 country2rd(uint8_t *db, int dblen,
193 struct regdb_file_reg_country *country)
195 struct regdb_file_reg_rules_collection *rcoll;
196 struct ieee80211_regdomain *rd;
197 int i, num_rules, size_of_rd;
199 rcoll = crda_get_file_ptr(db, dblen, sizeof(*rcoll),
200 country->reg_collection_ptr);
201 num_rules = ntohl(rcoll->reg_rule_num);
202 /* re-get pointer with sanity checking for num_rules */
203 rcoll = crda_get_file_ptr(db, dblen,
204 sizeof(*rcoll) + num_rules * sizeof(uint32_t),
205 country->reg_collection_ptr);
207 size_of_rd = sizeof(struct ieee80211_regdomain) +
208 num_rules * sizeof(struct ieee80211_reg_rule);
210 rd = malloc(size_of_rd);
214 memset(rd, 0, size_of_rd);
216 rd->alpha2[0] = country->alpha2[0];
217 rd->alpha2[1] = country->alpha2[1];
218 rd->dfs_region = country->creqs & 0x3;
219 rd->n_reg_rules = num_rules;
221 for (i = 0; i < num_rules; i++) {
222 reg_rule2rd(db, dblen, rcoll->reg_rule_ptrs[i],
229 struct ieee80211_regdomain *
230 reglib_get_rd_idx(unsigned int idx, const char *file)
235 struct regdb_file_header *header;
236 struct regdb_file_reg_country *countries;
237 int dblen, siglen, num_countries;
238 struct ieee80211_regdomain *rd = NULL;
239 struct regdb_file_reg_country *country;
241 fd = open(file, O_RDONLY);
246 if (fstat(fd, &stat))
249 dblen = stat.st_size;
251 db = mmap(NULL, dblen, PROT_READ, MAP_PRIVATE, fd, 0);
252 if (db == MAP_FAILED)
255 header = crda_get_file_ptr(db, dblen, sizeof(*header), 0);
257 if (ntohl(header->magic) != REGDB_MAGIC)
260 if (ntohl(header->version) != REGDB_VERSION)
263 siglen = ntohl(header->signature_length);
264 /* adjust dblen so later sanity checks don't run into the signature */
267 if (dblen <= (int)sizeof(*header))
270 /* verify signature */
271 if (!crda_verify_db_signature(db, dblen, siglen))
274 num_countries = ntohl(header->reg_country_num);
275 countries = crda_get_file_ptr(db, dblen,
276 sizeof(struct regdb_file_reg_country) * num_countries,
277 header->reg_country_ptr);
279 if (idx >= num_countries)
282 country = countries + idx;
284 rd = country2rd(db, dblen, country);
291 struct ieee80211_regdomain *
292 reglib_get_rd_alpha2(const char *alpha2, const char *file)
297 struct regdb_file_header *header;
298 struct regdb_file_reg_country *countries;
299 int dblen, siglen, num_countries;
300 struct ieee80211_regdomain *rd = NULL;
301 struct regdb_file_reg_country *country;
303 bool found_country = false;
305 fd = open(file, O_RDONLY);
310 if (fstat(fd, &stat))
313 dblen = stat.st_size;
315 db = mmap(NULL, dblen, PROT_READ, MAP_PRIVATE, fd, 0);
316 if (db == MAP_FAILED)
319 header = crda_get_file_ptr(db, dblen, sizeof(*header), 0);
321 if (ntohl(header->magic) != REGDB_MAGIC)
324 if (ntohl(header->version) != REGDB_VERSION)
327 siglen = ntohl(header->signature_length);
328 /* adjust dblen so later sanity checks don't run into the signature */
331 if (dblen <= (int)sizeof(*header))
334 /* verify signature */
335 if (!crda_verify_db_signature(db, dblen, siglen))
338 num_countries = ntohl(header->reg_country_num);
339 countries = crda_get_file_ptr(db, dblen,
340 sizeof(struct regdb_file_reg_country) * num_countries,
341 header->reg_country_ptr);
343 for (i = 0; i < num_countries; i++) {
344 country = countries + i;
345 if (memcmp(country->alpha2, alpha2, 2) == 0) {
354 rd = country2rd(db, dblen, country);