From patchwork Sat Jan 23 12:30:21 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paul Fertser <fercerpav@gmail.com>
X-Patchwork-Id: 74896
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by demeter.kernel.org (8.14.3/8.14.2) with ESMTP id o0NCRFEq015797
	for <patchwork-linux-wireless@patchwork.kernel.org>;
	Sat, 23 Jan 2010 12:30:43 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753635Ab0AWMam (ORCPT
	<rfc822;patchwork-linux-wireless@patchwork.kernel.org>);
	Sat, 23 Jan 2010 07:30:42 -0500
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752915Ab0AWMam
	(ORCPT <rfc822;linux-wireless-outgoing>);
	Sat, 23 Jan 2010 07:30:42 -0500
Received: from mail-fx0-f221.google.com ([209.85.220.221]:45387 "EHLO
	mail-fx0-f221.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750932Ab0AWMal (ORCPT
	<rfc822;linux-wireless@vger.kernel.org>);
	Sat, 23 Jan 2010 07:30:41 -0500
Received: by fxm21 with SMTP id 21so236871fxm.29
	for <linux-wireless@vger.kernel.org>;
	Sat, 23 Jan 2010 04:30:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:received:date:from:to:cc
	:subject:message-id:references:mime-version:content-type
	:content-disposition:in-reply-to:user-agent;
	bh=EO/XL1l8nSTwfB3mlHY3TJtH5y3QSQm15uYlykka/XY=;
	b=DGpygvvGPSJWna2/o/Ka+mZ6lZc7tEowwFU69rrAWWWAU/CW4/bKun1njuY+jVt7vj
	A4Je5GsTl0w349vXL0vs80x5YH6QrXUsb/iOntb2MOcOOEw64Fp0sreFxaSyIh0FssLa
	eEJNztXM3U+9jF5T1KBg/khjFOJ3IBukAjXgI=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=date:from:to:cc:subject:message-id:references:mime-version
	:content-type:content-disposition:in-reply-to:user-agent;
	b=DITPY4LhC32o3gechPP4EIJyftaY13CUw/p85Z8JHkxi4tf5TcOjvtojbPst5geeBr
	7RjGNupCeNuW/AP29TV+rD5bAW4UkMaEXWpcnD1iwf1iXmZKH9EZGXVOCorthtgUnNTN
	137n54Z16BY03cqFEXgcklrAFHoDFQF6W/DEo=
Received: by 10.102.226.14 with SMTP id y14mr2146516mug.108.1264249828854;
	Sat, 23 Jan 2010 04:30:28 -0800 (PST)
Received: from home.pavel.comp (ppp91-77-174-107.pppoe.mtu-net.ru
	[91.77.174.107]) by mx.google.com with ESMTPS id
	u26sm12738625mug.45.2010.01.23.04.30.26
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Sat, 23 Jan 2010 04:30:27 -0800 (PST)
Received: (from pavel@localhost)
	by home.pavel.comp (8.13.8/8.13.8) id o0NCUMG0017158;
	Sat, 23 Jan 2010 15:30:22 +0300
Date: Sat, 23 Jan 2010 15:30:21 +0300
From: Paul Fertser <fercerpav@gmail.com>
To: "Luis R. Rodriguez" <lrodriguez@atheros.com>
Cc: linux-wireless@vger.kernel.org, 536502@bugs.debian.org
Subject: Re: [PATCH] Implement runtime loading of RSA public keys
Message-ID: <20100123123021.GA4261@home.pavel.comp>
References: <1264247654-21554-1-git-send-email-fercerpav@gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <1264247654-21554-1-git-send-email-fercerpav@gmail.com>
User-Agent: Mutt/1.5.17 (2007-11-30)
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org


diff --git a/Makefile b/Makefile
index 3cc61c2..b8bc7d3 100644
--- a/Makefile
+++ b/Makefile
@@ -21,6 +21,7 @@ UDEV_RULE_DIR?=/lib/udev/rules.d/
 # keys are put when building. For example you can run
 # with make PUBKEY_DIR=/usr/lib/crda/pubkeys
 PUBKEY_DIR?=pubkeys
+RUNTIME_PUBKEY_DIR?=/etc/wireless-regdb/pubkeys
 
 CFLAGS += -Wall -g
 
@@ -29,7 +30,7 @@ all: all_noverify verify
 all_noverify: crda intersect regdbdump
 
 ifeq ($(USE_OPENSSL),1)
-CFLAGS += -DUSE_OPENSSL `pkg-config --cflags openssl`
+CFLAGS += -DUSE_OPENSSL -DPUBKEY_DIR=\"$(RUNTIME_PUBKEY_DIR)\" `pkg-config --cflags openssl`
 LDLIBS += `pkg-config --libs openssl`
 
 reglib.o: keys-ssl.c
diff --git a/reglib.c b/reglib.c
index 6aeadcb..80ae062 100644
--- a/reglib.c
+++ b/reglib.c
@@ -1,12 +1,15 @@
 #include <errno.h>
 #include <stdio.h>
 #include <arpa/inet.h>
+#include <sys/types.h>
+#include <dirent.h>
 #include "reglib.h"
 
 #ifdef USE_OPENSSL
 #include <openssl/objects.h>
 #include <openssl/rsa.h>
 #include <openssl/sha.h>
+#include <openssl/pem.h>
 #endif
 
 #ifdef USE_GCRYPT
@@ -48,6 +51,10 @@ int crda_verify_db_signature(__u8 *db, int dblen, int siglen)
 	__u8 hash[SHA_DIGEST_LENGTH];
 	unsigned int i;
 	int ok = 0;
+	DIR *pubkey_dir;
+	struct dirent *nextfile;
+	FILE *keyfile;
+	char filename[PATH_MAX];
 
 	if (SHA1(db, dblen, hash) != hash) {
 		fprintf(stderr, "Failed to calculate SHA1 sum.\n");
@@ -71,6 +78,22 @@ int crda_verify_db_signature(__u8 *db, int dblen, int siglen)
 		rsa->n = NULL;
 		RSA_free(rsa);
 	}
+	if (!ok && (pubkey_dir = opendir(PUBKEY_DIR))) {
+		while (!ok && (nextfile = readdir(pubkey_dir))) {
+			snprintf(filename, PATH_MAX, "%s/%s", PUBKEY_DIR,
+				nextfile->d_name);
+			if ((keyfile = fopen(filename, "rb"))) {
+				rsa = PEM_read_RSA_PUBKEY(keyfile,
+					NULL, NULL, NULL);
+				if (rsa) 
+					ok = RSA_verify(NID_sha1, hash, SHA_DIGEST_LENGTH,
+						db + dblen, siglen, rsa) == 1;
+				RSA_free(rsa);
+				fclose(keyfile);
+			}
+		}
+		closedir(pubkey_dir);
+	}
 #endif
 
 #ifdef USE_GCRYPT