7 #include <openssl/objects.h>
8 #include <openssl/rsa.h>
9 #include <openssl/sha.h>
23 #include "keys-gcrypt.c"
26 void *crda_get_file_ptr(__u8 *db, int dblen, int structlen, __be32 ptr)
30 if (p > dblen - structlen) {
31 fprintf(stderr, "Invalid database file, bad pointer!\n");
35 return (void *)(db + p);
39 * Checks the validity of the signature found on the regulatory
40 * database against the array 'keys'. Returns 1 if there exists
41 * at least one key in the array such that the signature is valid
42 * against that key; 0 otherwise.
44 int crda_verify_db_signature(__u8 *db, int dblen, int siglen)
48 __u8 hash[SHA_DIGEST_LENGTH];
54 fprintf(stderr, "Failed to create RSA key.\n");
58 if (SHA1(db, dblen, hash) != hash) {
59 fprintf(stderr, "Failed to calculate SHA1 sum.\n");
64 for (i = 0; (i < sizeof(keys)/sizeof(keys[0])) && (!ok); i++) {
68 if (RSA_size(rsa) != siglen)
71 ok = RSA_verify(NID_sha1, hash, SHA_DIGEST_LENGTH,
72 db + dblen, siglen, rsa) == 1;
81 gcry_mpi_t mpi_e, mpi_n;
82 gcry_sexp_t rsa, signature, data;
88 gcry_check_version(NULL);
91 gcry_md_hash_buffer(GCRY_MD_SHA1, hash, db, dblen);
93 if (gcry_sexp_build(&data, NULL, "(data (flags pkcs1) (hash sha1 %b))",
95 fprintf(stderr, "Failed to build data S-expression.\n");
99 if (gcry_sexp_build(&signature, NULL, "(sig-val (rsa (s %b)))",
100 siglen, db + dblen)) {
101 fprintf(stderr, "Failed to build signature S-expression.\n");
105 for (i = 0; (i < sizeof(keys)/sizeof(keys[0])) && (!ok); i++) {
106 if (gcry_mpi_scan(&mpi_e, GCRYMPI_FMT_USG,
107 keys[i].e, keys[i].len_e, NULL) ||
108 gcry_mpi_scan(&mpi_n, GCRYMPI_FMT_USG,
109 keys[i].n, keys[i].len_n, NULL)) {
110 fprintf(stderr, "Failed to convert numbers.\n");
114 if (gcry_sexp_build(&rsa, NULL,
115 "(public-key (rsa (n %m) (e %m)))",
117 fprintf(stderr, "Failed to build RSA S-expression.\n");
121 ok = gcry_pk_verify(signature, data, rsa) == 0;
125 #if defined(USE_OPENSSL) || defined(USE_GCRYPT)
127 fprintf(stderr, "Database signature verification failed.\n");