diff options
| -rw-r--r-- | Makefile | 22 | ||||
| -rw-r--r-- | README | 6 | ||||
| -rw-r--r-- | daemon/Makefile | 11 | ||||
| -rw-r--r-- | dump.c (renamed from daemon/dump.c) | 180 | ||||
| -rwxr-xr-x | key2pub.py | 109 | ||||
| -rw-r--r-- | regdb.h (renamed from daemon/regdb.h) | 0 | ||||
| -rw-r--r-- | regdb.magic (renamed from daemon/regdb.magic) | 0 | ||||
| -rwxr-xr-x | scripts/mk-gcrypt-mpi.sh | 22 | ||||
| -rwxr-xr-x | scripts/mk-openssl-bignum.sh | 22 |
9 files changed, 134 insertions, 238 deletions
@@ -1,10 +1,28 @@ -all: regulatory.bin +CFLAGS += -Wall -g3 +#CFLAGS += -DVERIFY_SIGNATURE -DUSE_OPENSSL +#LDFLAGS += -lssl +CFLAGS += -DVERIFY_SIGNATURE -DUSE_GCRYPT +LDFLAGS += -lgcrypt + +all: regulatory.bin verify regulatory.bin: db2bin.py key.priv.pem db.txt dbparse.py @./db2bin.py clean: - @rm -f regulatory.bin *~ *.pyc + @rm -f regulatory.bin dump *~ *.pyc keys-*.c generate_keys: openssl genrsa -out key.priv.pem 2048 + +dump: dump.c regdb.h keys-ssl.c keys-gcrypt.c + $(CC) $(CFLAGS) $(LDFLAGS) dump.c -o dump + +keys-ssl.c: key2pub.py *.priv.pem + @./key2pub.py --ssl *.priv.pem > keys-ssl.c + +keys-gcrypt.c: key2pub.py *.priv.pem + @./key2pub.py --gcrypt *.priv.pem > keys-gcrypt.c + +verify: dump + @./dump regulatory.bin >/dev/null @@ -3,7 +3,7 @@ CRDA This is the Central Regulatory Domain Agent effort. -Primative diagram: +Primitive diagram: Db --> Fdb D can read Fdb (regulatory.bin) @@ -13,7 +13,7 @@ K enforces R Legend: Db: text file (db.txt) -Fdb: binary database (defined in daemon/regdb.h) +Fdb: binary database (defined in regdb.h) D: CRDA Daemon K: The Linux kernel R: A regulatory domain structure built by D and passed to the K @@ -23,7 +23,7 @@ Phase I We parse the text file database db.txt into the binary database that tools (including the daemon) should use. -Example C code to read Fdb is available as daemon/dump.c. +Example C code to read Fdb is available as dump.c. Phase II -------- diff --git a/daemon/Makefile b/daemon/Makefile deleted file mode 100644 index 6737efe..0000000 --- a/daemon/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -CFLAGS += -Wall -g3 - -#CFLAGS += -lssl -CFLAGS += -lgcrypt - -all: dump - -dump: dump.c regdb.h - -clean: - @rm -f dump *~ @@ -9,197 +9,21 @@ #include "regdb.h" -#define VERIFY_SIGNATURE 1 - #ifdef VERIFY_SIGNATURE -/*#define USE_OPENSSL 1*/ -#define USE_GCRYPT 1 #ifdef USE_OPENSSL #include <openssl/objects.h> #include <openssl/bn.h> #include <openssl/rsa.h> #include <openssl/sha.h> -/* - * public key - * generated using scripts/mk-openssl-bignum.sh - */ -static BN_ULONG e_1[] = { 65537, }; - -static BN_ULONG n_1[] = { - 0xee2cc72d, - 0xeddb634f, - 0xc313ca17, - 0x9ef6f746, - 0x58da646a, - 0xcce67a85, - 0xd36add15, - 0xa2344fa8, - 0x8beab5d7, - 0xb1d8e9d2, - 0xde518441, - 0x63dcde0a, - 0x067f3c4c, - 0x501f9419, - 0xc3970420, - 0xc86a42a1, - 0xf09a0b0b, - 0x63133ea0, - 0x27ff86eb, - 0x913d38e3, - 0x6b8e4c6e, - 0x5cbfd6c3, - 0x999874c2, - 0x511c441c, - 0xd5a8da9c, - 0x6e4b6856, - 0x32f8b6a0, - 0x93145101, - 0x45028223, - 0x651d4bce, - 0xfa069e17, - 0xb16602c7, - 0x86ff93e1, - 0xcb230727, - 0x952d0039, - 0x002a4fcc, - 0xd8e6d115, - 0xa9562650, - 0x0dc450f3, - 0xb4435790, - 0xa220e15f, - 0xe7c8a392, - 0x6b4898fa, - 0x9a1fe802, - 0x104a884f, - 0xe0df59b0, - 0x25ea9655, - 0xfff81b51, - 0x5c918cbe, - 0xa8904b63, - 0x822c425b, - 0xf21a1912, - 0x1f5f2caa, - 0xb6362b65, - 0xc62f9317, - 0x3da30ade, - 0x49a0bbaf, - 0x7ad769af, - 0x4ea17cbe, - 0xb59fb8cf, - 0x67939918, - 0x8965da96, - 0x1d4351c7, - 0xb8ba0078, -}; - -struct pubkey { - struct bignum_st e, n; -}; - -#define KEY(data) { \ - .d = data, \ - .top = sizeof(data)/sizeof(data[0]), \ -} -#define KEYS(e,n) { KEY(e), KEY(n), } - -static struct pubkey keys[] = { - KEYS(e_1, n_1), -}; +#include "keys-ssl.c" #endif #ifdef USE_GCRYPT #include <gcrypt.h> -struct key_params { - __u8 *e, *n; - __u32 len_e, len_n; -}; - -#define KEYS(_e, _n) { \ - .e = _e, .len_e = sizeof(_e), \ - .n = _n, .len_n = sizeof(_n), \ -} - - -/* - * public key - * generated using ./scripts/mk-gcrypt-mpi.sh - */ -static __u8 e_1[] = { 0, 1, 0, 1, }; - -static __u8 n_1[] = { - 0xb8,0xba,0x00,0x78, - 0x1d,0x43,0x51,0xc7, - 0x89,0x65,0xda,0x96, - 0x67,0x93,0x99,0x18, - 0xb5,0x9f,0xb8,0xcf, - 0x4e,0xa1,0x7c,0xbe, - 0x7a,0xd7,0x69,0xaf, - 0x49,0xa0,0xbb,0xaf, - 0x3d,0xa3,0x0a,0xde, - 0xc6,0x2f,0x93,0x17, - 0xb6,0x36,0x2b,0x65, - 0x1f,0x5f,0x2c,0xaa, - 0xf2,0x1a,0x19,0x12, - 0x82,0x2c,0x42,0x5b, - 0xa8,0x90,0x4b,0x63, - 0x5c,0x91,0x8c,0xbe, - 0xff,0xf8,0x1b,0x51, - 0x25,0xea,0x96,0x55, - 0xe0,0xdf,0x59,0xb0, - 0x10,0x4a,0x88,0x4f, - 0x9a,0x1f,0xe8,0x02, - 0x6b,0x48,0x98,0xfa, - 0xe7,0xc8,0xa3,0x92, - 0xa2,0x20,0xe1,0x5f, - 0xb4,0x43,0x57,0x90, - 0x0d,0xc4,0x50,0xf3, - 0xa9,0x56,0x26,0x50, - 0xd8,0xe6,0xd1,0x15, - 0x00,0x2a,0x4f,0xcc, - 0x95,0x2d,0x00,0x39, - 0xcb,0x23,0x07,0x27, - 0x86,0xff,0x93,0xe1, - 0xb1,0x66,0x02,0xc7, - 0xfa,0x06,0x9e,0x17, - 0x65,0x1d,0x4b,0xce, - 0x45,0x02,0x82,0x23, - 0x93,0x14,0x51,0x01, - 0x32,0xf8,0xb6,0xa0, - 0x6e,0x4b,0x68,0x56, - 0xd5,0xa8,0xda,0x9c, - 0x51,0x1c,0x44,0x1c, - 0x99,0x98,0x74,0xc2, - 0x5c,0xbf,0xd6,0xc3, - 0x6b,0x8e,0x4c,0x6e, - 0x91,0x3d,0x38,0xe3, - 0x27,0xff,0x86,0xeb, - 0x63,0x13,0x3e,0xa0, - 0xf0,0x9a,0x0b,0x0b, - 0xc8,0x6a,0x42,0xa1, - 0xc3,0x97,0x04,0x20, - 0x50,0x1f,0x94,0x19, - 0x06,0x7f,0x3c,0x4c, - 0x63,0xdc,0xde,0x0a, - 0xde,0x51,0x84,0x41, - 0xb1,0xd8,0xe9,0xd2, - 0x8b,0xea,0xb5,0xd7, - 0xa2,0x34,0x4f,0xa8, - 0xd3,0x6a,0xdd,0x15, - 0xcc,0xe6,0x7a,0x85, - 0x58,0xda,0x64,0x6a, - 0x9e,0xf6,0xf7,0x46, - 0xc3,0x13,0xca,0x17, - 0xed,0xdb,0x63,0x4f, - 0xee,0x2c,0xc7,0x2d, -}; - -static struct key_params keys[] = { - KEYS(e_1, n_1), -}; - +#include "keys-gcrypt.c" #endif #endif diff --git a/key2pub.py b/key2pub.py new file mode 100755 index 0000000..0bfb4e4 --- /dev/null +++ b/key2pub.py @@ -0,0 +1,109 @@ +#!/usr/bin/env python + +import sys +from M2Crypto import RSA + +def print_ssl(name, val): + sys.stdout.write('static BN_ULONG %s[] = {\n' % name) + idx = 0 + while val[0] == '\0': + val = val[1:] + while len(val) % 4: + val = '\0' + val + vnew = [] + while len(val): + vnew.append((val[0], val[1], val[2], val[3], )) + val = val[4:] + vnew.reverse() + for v1, v2, v3, v4 in vnew: + if not idx: + sys.stdout.write('\t') + sys.stdout.write('0x%.2x%.2x%.2x%.2x, ' % (ord(v1), ord(v2), ord(v3), ord(v4))) + idx += 1 + if idx == 4: + idx = 0 + sys.stdout.write('\n') + if idx: + sys.stdout.write('\n') + sys.stdout.write('};\n\n') + +def print_ssl_keys(n): + sys.stdout.write(r''' +struct pubkey { + struct bignum_st e, n; +}; + +#define KEY(data) { \ + .d = data, \ + .top = sizeof(data)/sizeof(data[0]), \ +} + +#define KEYS(e,n) { KEY(e), KEY(n), } + +static struct pubkey keys[] = { +''') + for n in xrange(n + 1): + sys.stdout.write(' KEYS(e_%d, n_%d),\n' % (n, n)) + sys.stdout.write('};\n') + pass + +def print_gcrypt(name, val): + sys.stdout.write('static __u8 %s[] = {\n' % name) + idx = 0 + while val[0] == '\0': + val = val[1:] + for v in val: + if not idx: + sys.stdout.write('\t') + sys.stdout.write('0x%.2x, ' % ord(v)) + idx += 1 + if idx == 8: + idx = 0 + sys.stdout.write('\n') + if idx: + sys.stdout.write('\n') + sys.stdout.write('};\n\n') + +def print_gcrypt_keys(n): + sys.stdout.write(r''' +struct key_params { + __u8 *e, *n; + __u32 len_e, len_n; +}; + +#define KEYS(_e, _n) { \ + .e = _e, .len_e = sizeof(_e), \ + .n = _n, .len_n = sizeof(_n), \ +} + +static struct key_params keys[] = { +''') + for n in xrange(n + 1): + sys.stdout.write(' KEYS(e_%d, n_%d),\n' % (n, n)) + sys.stdout.write('};\n') + + +modes = { + '--ssl': (print_ssl, print_ssl_keys), + '--gcrypt': (print_gcrypt, print_gcrypt_keys), +} + +try: + mode = sys.argv[1] + files = sys.argv[2:] +except IndexError: + mode = None + +if not mode in modes: + print 'Usage: %s [%s] files' % (sys.argv[0], '|'.join(modes.keys())) + sys.exit(2) + +# load key +idx = 0 +for f in files: + key = RSA.load_key(f) + + modes[mode][0]('e_%d' % idx, key.e[4:]) + modes[mode][0]('n_%d' % idx, key.n[4:]) + +modes[mode][1](idx) diff --git a/daemon/regdb.magic b/regdb.magic index 7afe7e0..7afe7e0 100644 --- a/daemon/regdb.magic +++ b/regdb.magic diff --git a/scripts/mk-gcrypt-mpi.sh b/scripts/mk-gcrypt-mpi.sh deleted file mode 100755 index 767123c..0000000 --- a/scripts/mk-gcrypt-mpi.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -openssl rsa -text -in key.priv.pem 2>/dev/null |\ - sed 's/^Private//;T;d' |\ - tr '\n' '\t' |\ - sed 's/privateExponent:.*//' |\ - sed 's/publicExponent:/\npublicExponent:/' |\ - sed 's/\s*//g' |\ - sed 's/publicExponent:\([^(]*\)(.*/\1/' |\ - sed 's/^modulus://' |\ - sed 's/://g' |\ -( - read modulus - read exponent - - echo 'static __u8 e_1[] = {' $((exponent>>24 & 0xFF)), $((exponent>>16 & 0xFF)), $((exponent>>8 & 0xFF)), $((exponent & 0xFF)), '};' - echo '' - echo -n 'static __u8 n_1[] = {' - modulus=$(echo $modulus | sed 's/^00//') - echo $modulus | sed 's/\(..\)\(..\)\(..\)\(..\)/0x\1,0x\2,0x\3,0x\4,\n/g' - echo '};' -) diff --git a/scripts/mk-openssl-bignum.sh b/scripts/mk-openssl-bignum.sh deleted file mode 100755 index 6046ee1..0000000 --- a/scripts/mk-openssl-bignum.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/sh - -openssl rsa -text -in key.priv.pem 2>/dev/null |\ - sed 's/^Private//;T;d' |\ - tr '\n' '\t' |\ - sed 's/privateExponent:.*//' |\ - sed 's/publicExponent:/\npublicExponent:/' |\ - sed 's/\s*//g' |\ - sed 's/publicExponent:\([^(]*\)(.*/\1/' |\ - sed 's/^modulus://' |\ - sed 's/://g' |\ -( - read modulus - read exponent - - echo 'static BN_ULONG e_1[] = {' $exponent', };' - echo '' - echo -n 'static BN_ULONG n_1[] = {' - modulus=$(echo $modulus | sed 's/^00//') - echo $modulus | sed 's/\(........\)/\t0x\1,\n/g' | tac - echo '};' -) |