5 #include <openssl/objects.h>
6 #include <openssl/rsa.h>
7 #include <openssl/sha.h>
21 #include "keys-gcrypt.c"
24 void *crda_get_file_ptr(__u8 *db, int dblen, int structlen, __be32 ptr)
28 if (p > dblen - structlen) {
29 fprintf(stderr, "Invalid database file, bad pointer!\n");
33 return (void *)(db + p);
37 * Checks the validity of the signature found on the regulatory
38 * database against the array 'keys'. Returns 1 if there exists
39 * at least one key in the array such that the signature is valid
40 * against that key; 0 otherwise.
42 int crda_verify_db_signature(__u8 *db, int dblen, int siglen)
46 __u8 hash[SHA_DIGEST_LENGTH];
52 fprintf(stderr, "Failed to create RSA key.\n");
56 if (SHA1(db, dblen, hash) != hash) {
57 fprintf(stderr, "Failed to calculate SHA1 sum.\n");
62 for (i = 0; (i < sizeof(keys)/sizeof(keys[0])) && (!ok); i++) {
66 if (RSA_size(rsa) != siglen)
69 ok = RSA_verify(NID_sha1, hash, SHA_DIGEST_LENGTH,
70 db + dblen, siglen, rsa) == 1;
79 gcry_mpi_t mpi_e, mpi_n;
80 gcry_sexp_t rsa, signature, data;
86 gcry_check_version(NULL);
89 gcry_md_hash_buffer(GCRY_MD_SHA1, hash, db, dblen);
91 if (gcry_sexp_build(&data, NULL, "(data (flags pkcs1) (hash sha1 %b))",
93 fprintf(stderr, "Failed to build data S-expression.\n");
97 if (gcry_sexp_build(&signature, NULL, "(sig-val (rsa (s %b)))",
98 siglen, db + dblen)) {
99 fprintf(stderr, "Failed to build signature S-expression.\n");
103 for (i = 0; (i < sizeof(keys)/sizeof(keys[0])) && (!ok); i++) {
104 if (gcry_mpi_scan(&mpi_e, GCRYMPI_FMT_USG,
105 keys[i].e, keys[i].len_e, NULL) ||
106 gcry_mpi_scan(&mpi_n, GCRYMPI_FMT_USG,
107 keys[i].n, keys[i].len_n, NULL)) {
108 fprintf(stderr, "Failed to convert numbers.\n");
112 if (gcry_sexp_build(&rsa, NULL,
113 "(public-key (rsa (n %m) (e %m)))",
115 fprintf(stderr, "Failed to build RSA S-expression.\n");
119 ok = gcry_pk_verify(signature, data, rsa) == 0;
123 #if defined(USE_OPENSSL) || defined(USE_GCRYPT)
125 fprintf(stderr, "Database signature verification failed.\n");