Attachment #526534 for bug #652428

View | Details | Raw Unified | Return to bug 652428
Collapse All | Expand All

Lines 10-14 regdbdump Link Here

(-)a/.gitignore (-1 / +1 lines)
10	*.o	10	*.o
11	*.so	11	*.so
12	*.pyc	12	*.pyc
13	keys-*.c	13	keys.c
14	key.priv.pem	14	key.priv.pem





all_noverify: $(LIBREG) crda intersect regdbdump db2rd optimize

$(LIBREG): keys.c

ifeq ($(USE_OPENSSL),1)
CFLAGS += -DUSE_OPENSSL -DPUBKEY_DIR=\"$(RUNTIME_PUBKEY_DIR)\" `pkg-config --cflags openssl`
LDLIBS += `pkg-config --libs openssl`

$(LIBREG): keys-ssl.c

else
CFLAGS += -DUSE_GCRYPT
LDLIBS += -lgcrypt

$(LIBREG): keys-gcrypt.c

endif
MKDIR ?= mkdir -p
INSTALL ?= install

	$(NQ)
	$(Q) exit 1

keys.c: utils/key2pub.py $(wildcard $(PUBKEY_DIR)/*.pem)
	$(NQ) '  GEN ' $@
	$(NQ) '  Trusted pubkeys:' $(wildcard $(PUBKEY_DIR)/*.pem)
	$(Q)./utils/key2pub.py $(wildcard $(PUBKEY_DIR)/*.pem) $@

$(LIBREG): regdb.h reglib.h reglib.c
	$(NQ) '  CC  ' $@


clean:
	$(Q)rm -f $(LIBREG) crda regdbdump intersect db2rd optimize \
		*.o *~ *.pyc keys.c *.gz \
	udev/$(UDEV_LEVEL)regulatory.rules udev/regulatory.rules.parsed




#include <openssl/rsa.h>
#include <openssl/sha.h>
#include <openssl/pem.h>
#include <openssl/bn.h>
#endif

#ifdef USE_GCRYPT


#include "reglib.h"

#if defined(USE_OPENSSL) || defined(USE_GCRYPT)
#include "keys.c"
#endif

#ifdef USE_GCRYPT
#include "keys-gcrypt.c"
#endif

int debug = 0;

#ifdef USE_OPENSSL
int reglib_verify_db_signature(uint8_t *db, size_t dblen, size_t siglen)
{
	RSA *rsa = NULL;
	BIGNUM *rsa_e = NULL, *rsa_n = NULL;
	uint8_t hash[SHA_DIGEST_LENGTH];
	unsigned int i;
	int ok = 0;

			goto out;
		}

		rsa_e = BN_bin2bn(keys[i].e, keys[i].len_e, NULL);
		if (!rsa_e) {
			fprintf(stderr, "Failed to convert value for RSA e.\n");
			goto out;
		}
		rsa_n = BN_bin2bn(keys[i].n, keys[i].len_n, NULL);
		if (!rsa_n) {
			fprintf(stderr, "Failed to convert value for RSA n.\n");
			goto out;
		}

#if OPENSSL_VERSION_NUMBER < 0x10100000L
		rsa->e = rsa_e;
		rsa->n = rsa_n;
#else
		if (RSA_set0_key(rsa, rsa_n, rsa_e, NULL) != 1) {
			fprintf(stderr, "Failed to set RSA key.\n");
			goto out;
		}
#endif
		/* BIGNUMs now owned by the RSA object */
		rsa_e = NULL;
		rsa_n = NULL;

		ok = RSA_verify(NID_sha1, hash, SHA_DIGEST_LENGTH,
				db + dblen, siglen, rsa) == 1;

		rsa->e = NULL;
		rsa->n = NULL;
		RSA_free(rsa);
		rsa = NULL;
	}
	if (!ok && (pubkey_dir = opendir(PUBKEY_DIR))) {
		while (!ok && (nextfile = readdir(pubkey_dir))) {

					ok = RSA_verify(NID_sha1, hash, SHA_DIGEST_LENGTH,
						db + dblen, siglen, rsa) == 1;
				RSA_free(rsa);
				rsa = NULL;
				fclose(keyfile);
			}
		}

		fprintf(stderr, "Database signature verification failed.\n");

out:
	RSA_free(rsa);
	BN_free(rsa_e);
	BN_free(rsa_n);
	return ok;
}
#endif /* USE_OPENSSL */




       sys.stderr.write('On Debian GNU/Linux the package is called "python-m2crypto".\n')
       sys.exit(1)

def print_bignum(output, name, val):
    while val[0] == '\0':
        val = val[1:]
    while len(val) % 8:
        val = '\0' + val
    vnew = []
    while len(val):
        vnew.append((val[0], val[1], val[2], val[3], val[4], val[5], val[6], val[7]))
        val = val[8:]
    vnew.reverse()
    output.write('static BN_ULONG %s[%d] = {\n' % (name, len(vnew)))
    idx = 0
    for v1, v2, v3, v4, v5, v6, v7, v8 in vnew:
        if not idx:
            output.write('\t')
        output.write('0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x, ' % (ord(v1), ord(v2), ord(v3), ord(v4), ord(v5), ord(v6), ord(v7), ord(v8)))
        idx += 1
        if idx == 2:
            idx = 0
            output.write('\n')
    if idx:
        output.write('\n')
    output.write('};\n\n')

def print_ssl_32(output, name, val):
    while val[0] == '\0':
        val = val[1:]
    while len(val) % 4:
        val = '\0' + val
    vnew = []
    while len(val):
        vnew.append((val[0], val[1], val[2], val[3], ))
        val = val[4:]
    vnew.reverse()
    output.write('static BN_ULONG %s[%d] = {\n' % (name, len(vnew)))
    idx = 0
    for v1, v2, v3, v4 in vnew:
        if not idx:
            output.write('\t')
        output.write('0x%.2x%.2x%.2x%.2x, ' % (ord(v1), ord(v2), ord(v3), ord(v4)))
        idx += 1
        if idx == 4:
            idx = 0
            output.write('\n')
    if idx:
        output.write('\n')
    output.write('};\n\n')

def print_ssl(output, name, val):
    import struct
    output.write('#include <stdint.h>\n')
    if len(struct.pack('@L', 0)) == 8:
        return print_ssl_64(output, name, val)
    else:
        return print_ssl_32(output, name, val)

def print_ssl_keys(output, n):
    output.write(r'''
struct pubkey {
	struct bignum_st e, n;
};

#define KEY(data) {				\
	.d = data,				\
	.top = sizeof(data)/sizeof(data[0]),	\
}

#define KEYS(e,n)	{ KEY(e), KEY(n), }

static struct pubkey keys[] = {
''')
    for n in xrange(n + 1):
        output.write('	KEYS(e_%d, n_%d),\n' % (n, n))
    output.write('};\n')
    pass

def print_gcrypt(output, name, val):
    output.write('#include <stdint.h>\n')
    while val[0] == '\0':
        val = val[1:]
    output.write('static const uint8_t %s[%d] = {\n' % (name, len(val)))

        output.write('\n')
    output.write('};\n\n')

def print_keys(output, n):
    output.write(r'''
struct key_params {
	const uint8_t *e, *n;
	const uint32_t len_e, len_n;
};

#define KEYS(_e, _n) {			\

    for n in xrange(n + 1):
        output.write('	KEYS(e_%d, n_%d),\n' % (n, n))
    output.write('};\n')
    

modes = {
    '--ssl': (print_ssl, print_ssl_keys),
    '--gcrypt': (print_gcrypt, print_gcrypt_keys),
}

files = sys.argv[1:-1]
outfile = sys.argv[-1]
    files = sys.argv[2:-1]
    outfile = sys.argv[-1]
except IndexError:
    mode = None

if len(files) == 0:
    print 'Usage: %s input-file... output-file' % (sys.argv[0], )
    sys.exit(2)

output = open(outfile, 'w')
output.write('#include <stdint.h>\n\n\n')

# load key
idx = 0

    except RSA.RSAError:
        key = RSA.load_key(f)

    print_bignum(output, 'e_%d' % idx, key.e[4:])
    print_bignum(output, 'n_%d' % idx, key.n[4:])
    idx += 1

print_keys(output, idx - 1)
- 

Return to bug 652428

Lines 38-55 all: all_noverify verify Link Here

(-)a/Makefile (-7 / +5 lines)
38		38
39	all_noverify: $(LIBREG) crda intersect regdbdump db2rd optimize	39	all_noverify: $(LIBREG) crda intersect regdbdump db2rd optimize
40		40
		41	$(LIBREG): keys.c
		42
41	ifeq ($(USE_OPENSSL),1)	43	ifeq ($(USE_OPENSSL),1)
42	CFLAGS += -DUSE_OPENSSL -DPUBKEY_DIR=\"$(RUNTIME_PUBKEY_DIR)\" `pkg-config --cflags openssl`	44	CFLAGS += -DUSE_OPENSSL -DPUBKEY_DIR=\"$(RUNTIME_PUBKEY_DIR)\" `pkg-config --cflags openssl`
43	LDLIBS += `pkg-config --libs openssl`	45	LDLIBS += `pkg-config --libs openssl`
44		46
45	$(LIBREG): keys-ssl.c
46
47	else	47	else
48	CFLAGS += -DUSE_GCRYPT	48	CFLAGS += -DUSE_GCRYPT
49	LDLIBS += -lgcrypt	49	LDLIBS += -lgcrypt
50		50
51	$(LIBREG): keys-gcrypt.c
52
53	endif	51	endif
54	MKDIR ?= mkdir -p	52	MKDIR ?= mkdir -p
55	INSTALL ?= install	53	INSTALL ?= install
Lines 109-118 $(REG_BIN): Link Here
109	$(NQ)	107	$(NQ)
110	$(Q) exit 1	108	$(Q) exit 1
111		109
112	keys-%.c: utils/key2pub.py $(wildcard $(PUBKEY_DIR)/*.pem)	110	keys.c: utils/key2pub.py $(wildcard $(PUBKEY_DIR)/*.pem)
113	$(NQ) ' GEN ' $@	111	$(NQ) ' GEN ' $@
114	$(NQ) ' Trusted pubkeys:' $(wildcard $(PUBKEY_DIR)/*.pem)	112	$(NQ) ' Trusted pubkeys:' $(wildcard $(PUBKEY_DIR)/*.pem)
115	$(Q)./utils/key2pub.py --$* $(wildcard $(PUBKEY_DIR)/*.pem) $@	113	$(Q)./utils/key2pub.py $(wildcard $(PUBKEY_DIR)/*.pem) $@
116		114
117	$(LIBREG): regdb.h reglib.h reglib.c	115	$(LIBREG): regdb.h reglib.h reglib.c
118	$(NQ) ' CC ' $@	116	$(NQ) ' CC ' $@
Lines 187-191 install: install-libreg install-libreg-headers crda crda.8.gz regdbdump.8.gz Link Here
187		185
188	clean:	186	clean:
189	$(Q)rm -f $(LIBREG) crda regdbdump intersect db2rd optimize \	187	$(Q)rm -f $(LIBREG) crda regdbdump intersect db2rd optimize \
190	.o ~ .pyc keys-.c *.gz \	188	.o ~ .pyc keys.c .gz \
191	udev/$(UDEV_LEVEL)regulatory.rules udev/regulatory.rules.parsed	189	udev/$(UDEV_LEVEL)regulatory.rules udev/regulatory.rules.parsed

Lines 22-27 Link Here

(-)a/reglib.c (-11 / +33 lines)
22	#include <openssl/rsa.h>	22	#include <openssl/rsa.h>
23	#include <openssl/sha.h>	23	#include <openssl/sha.h>
24	#include <openssl/pem.h>	24	#include <openssl/pem.h>
		25	#include <openssl/bn.h>
25	#endif	26	#endif
26		27
27	#ifdef USE_GCRYPT	28	#ifdef USE_GCRYPT
Lines 30-41 Link Here
30		31
31	#include "reglib.h"	32	#include "reglib.h"
32		33
33	#ifdef USE_OPENSSL	34	#if defined(USE_OPENSSL) \|\| defined(USE_GCRYPT)
34	#include "keys-ssl.c"	35	#include "keys.c"
35	#endif
36
37	#ifdef USE_GCRYPT
38	#include "keys-gcrypt.c"
39	#endif	36	#endif
40		37
41	int debug = 0;	38	int debug = 0;
Lines 81-87 reglib_array_len(size_t baselen, unsigned int elemcount, size_t elemlen) Link Here
81	#ifdef USE_OPENSSL	78	#ifdef USE_OPENSSL
82	int reglib_verify_db_signature(uint8_t *db, size_t dblen, size_t siglen)	79	int reglib_verify_db_signature(uint8_t *db, size_t dblen, size_t siglen)
83	{	80	{
84	RSA *rsa;	81	RSA *rsa = NULL;
		82	BIGNUM rsa_e = NULL, rsa_n = NULL;
85	uint8_t hash[SHA_DIGEST_LENGTH];	83	uint8_t hash[SHA_DIGEST_LENGTH];
86	unsigned int i;	84	unsigned int i;
87	int ok = 0;	85	int ok = 0;
Lines 102-116 int reglib_verify_db_signature(uint8_t *db, size_t dblen, size_t siglen) Link Here
102	goto out;	100	goto out;
103	}	101	}
104		102
105	rsa->e = &keys[i].e;	103	rsa_e = BN_bin2bn(keys[i].e, keys[i].len_e, NULL);
106	rsa->n = &keys[i].n;	104	if (!rsa_e) {
		105	fprintf(stderr, "Failed to convert value for RSA e.\n");
		106	goto out;
		107	}
		108	rsa_n = BN_bin2bn(keys[i].n, keys[i].len_n, NULL);
		109	if (!rsa_n) {
		110	fprintf(stderr, "Failed to convert value for RSA n.\n");
		111	goto out;
		112	}
		113
		114	#if OPENSSL_VERSION_NUMBER < 0x10100000L
		115	rsa->e = rsa_e;
		116	rsa->n = rsa_n;
		117	#else
		118	if (RSA_set0_key(rsa, rsa_n, rsa_e, NULL) != 1) {
		119	fprintf(stderr, "Failed to set RSA key.\n");
		120	goto out;
		121	}
		122	#endif
		123	/* BIGNUMs now owned by the RSA object */
		124	rsa_e = NULL;
		125	rsa_n = NULL;
107		126
108	ok = RSA_verify(NID_sha1, hash, SHA_DIGEST_LENGTH,	127	ok = RSA_verify(NID_sha1, hash, SHA_DIGEST_LENGTH,
109	db + dblen, siglen, rsa) == 1;	128	db + dblen, siglen, rsa) == 1;
110		129
111	rsa->e = NULL;
112	rsa->n = NULL;
113	RSA_free(rsa);	130	RSA_free(rsa);
		131	rsa = NULL;
114	}	132	}
115	if (!ok && (pubkey_dir = opendir(PUBKEY_DIR))) {	133	if (!ok && (pubkey_dir = opendir(PUBKEY_DIR))) {
116	while (!ok && (nextfile = readdir(pubkey_dir))) {	134	while (!ok && (nextfile = readdir(pubkey_dir))) {
Lines 123-128 int reglib_verify_db_signature(uint8_t *db, size_t dblen, size_t siglen) Link Here
123	ok = RSA_verify(NID_sha1, hash, SHA_DIGEST_LENGTH,	141	ok = RSA_verify(NID_sha1, hash, SHA_DIGEST_LENGTH,
124	db + dblen, siglen, rsa) == 1;	142	db + dblen, siglen, rsa) == 1;
125	RSA_free(rsa);	143	RSA_free(rsa);
		144	rsa = NULL;
126	fclose(keyfile);	145	fclose(keyfile);
127	}	146	}
128	}	147	}
Lines 133-138 int reglib_verify_db_signature(uint8_t *db, size_t dblen, size_t siglen) Link Here
133	fprintf(stderr, "Database signature verification failed.\n");	152	fprintf(stderr, "Database signature verification failed.\n");
134		153
135	out:	154	out:
		155	RSA_free(rsa);
		156	BN_free(rsa_e);
		157	BN_free(rsa_n);
136	return ok;	158	return ok;
137	}	159	}
138	#endif /* USE_OPENSSL */	160	#endif /* USE_OPENSSL */

Lines 9-92 except ImportError, e: Link Here

(-)a/utils/key2pub.py (-97 / +11 lines)
9	sys.stderr.write('On Debian GNU/Linux the package is called "python-m2crypto".\n')	9	sys.stderr.write('On Debian GNU/Linux the package is called "python-m2crypto".\n')
10	sys.exit(1)	10	sys.exit(1)
11		11
12	def print_ssl_64(output, name, val):	12	def print_bignum(output, name, val):
13	while val[0] == '\0':
14	val = val[1:]
15	while len(val) % 8:
16	val = '\0' + val
17	vnew = []
18	while len(val):
19	vnew.append((val[0], val[1], val[2], val[3], val[4], val[5], val[6], val[7]))
20	val = val[8:]
21	vnew.reverse()
22	output.write('static BN_ULONG %s[%d] = {\n' % (name, len(vnew)))
23	idx = 0
24	for v1, v2, v3, v4, v5, v6, v7, v8 in vnew:
25	if not idx:
26	output.write('\t')
27	output.write('0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x, ' % (ord(v1), ord(v2), ord(v3), ord(v4), ord(v5), ord(v6), ord(v7), ord(v8)))
28	idx += 1
29	if idx == 2:
30	idx = 0
31	output.write('\n')
32	if idx:
33	output.write('\n')
34	output.write('};\n\n')
35
36	def print_ssl_32(output, name, val):
37	while val[0] == '\0':
38	val = val[1:]
39	while len(val) % 4:
40	val = '\0' + val
41	vnew = []
42	while len(val):
43	vnew.append((val[0], val[1], val[2], val[3], ))
44	val = val[4:]
45	vnew.reverse()
46	output.write('static BN_ULONG %s[%d] = {\n' % (name, len(vnew)))
47	idx = 0
48	for v1, v2, v3, v4 in vnew:
49	if not idx:
50	output.write('\t')
51	output.write('0x%.2x%.2x%.2x%.2x, ' % (ord(v1), ord(v2), ord(v3), ord(v4)))
52	idx += 1
53	if idx == 4:
54	idx = 0
55	output.write('\n')
56	if idx:
57	output.write('\n')
58	output.write('};\n\n')
59
60	def print_ssl(output, name, val):
61	import struct
62	output.write('#include <stdint.h>\n')
63	if len(struct.pack('@L', 0)) == 8:
64	return print_ssl_64(output, name, val)
65	else:
66	return print_ssl_32(output, name, val)
67
68	def print_ssl_keys(output, n):
69	output.write(r'''
70	struct pubkey {
71	struct bignum_st e, n;
72	};
73
74	#define KEY(data) { \
75	.d = data, \
76	.top = sizeof(data)/sizeof(data[0]), \
77	}
78
79	#define KEYS(e,n) { KEY(e), KEY(n), }
80
81	static struct pubkey keys[] = {
82	''')
83	for n in xrange(n + 1):
84	output.write(' KEYS(e_%d, n_%d),\n' % (n, n))
85	output.write('};\n')
86	pass
87
88	def print_gcrypt(output, name, val):
89	output.write('#include <stdint.h>\n')
90	while val[0] == '\0':	13	while val[0] == '\0':
91	val = val[1:]	14	val = val[1:]
92	output.write('static const uint8_t %s[%d] = {\n' % (name, len(val)))	15	output.write('static const uint8_t %s[%d] = {\n' % (name, len(val)))
Lines 103-113 def print_gcrypt(output, name, val): Link Here
103	output.write('\n')	26	output.write('\n')
104	output.write('};\n\n')	27	output.write('};\n\n')
105		28
106	def print_gcrypt_keys(output, n):	29	def print_keys(output, n):
107	output.write(r'''	30	output.write(r'''
108	struct key_params {	31	struct key_params {
109	const uint8_t e, n;	32	const uint8_t e, n;
110	uint32_t len_e, len_n;	33	const uint32_t len_e, len_n;
111	};	34	};
112		35
113	#define KEYS(_e, _n) { \	36	#define KEYS(_e, _n) { \
Lines 120-144 static const struct key_params __attribute__ ((unused)) keys[] = { Link Here
120	for n in xrange(n + 1):	43	for n in xrange(n + 1):
121	output.write(' KEYS(e_%d, n_%d),\n' % (n, n))	44	output.write(' KEYS(e_%d, n_%d),\n' % (n, n))
122	output.write('};\n')	45	output.write('};\n')
123
124		46
125	modes = {
126	'--ssl': (print_ssl, print_ssl_keys),
127	'--gcrypt': (print_gcrypt, print_gcrypt_keys),
128	}
129		47
130	try:	48	files = sys.argv[1:-1]
131	mode = sys.argv[1]	49	outfile = sys.argv[-1]
132	files = sys.argv[2:-1]
133	outfile = sys.argv[-1]
134	except IndexError:
135	mode = None
136		50
137	if not mode in modes:	51	if len(files) == 0:
138	print 'Usage: %s [%s] input-file... output-file' % (sys.argv[0], '\|'.join(modes.keys()))	52	print 'Usage: %s input-file... output-file' % (sys.argv[0], )
139	sys.exit(2)	53	sys.exit(2)
140		54
141	output = open(outfile, 'w')	55	output = open(outfile, 'w')
		56	output.write('#include <stdint.h>\n\n\n')
142		57
143	# load key	58	# load key
144	idx = 0	59	idx = 0
Lines 148-155 for f in files: Link Here
148	except RSA.RSAError:	63	except RSA.RSAError:
149	key = RSA.load_key(f)	64	key = RSA.load_key(f)
150		65
151	modes[mode][0](output, 'e_%d' % idx, key.e[4:])	66	print_bignum(output, 'e_%d' % idx, key.e[4:])
152	modes[mode][0](output, 'n_%d' % idx, key.n[4:])	67	print_bignum(output, 'n_%d' % idx, key.n[4:])
153	idx += 1	68	idx += 1
154		69
155	modes[mode][1](output, idx - 1)	70	print_keys(output, idx - 1)
156	-