git subrepo clone https://github.com/0x90/crda-ct

subrepo: subdir: "crda-ct" merged: "a6b786d" upstream: origin: "https://github.com/0x90/crda-ct" branch: "master" commit: "a6b786d" git-subrepo: version: "0.2.0" origin: "https://github.com/ingydotnet/git-subrepo" commit: "5c38bbc"
az0ne · Sep 3, 2015 · 06c125a · 06c125a
1 parent 3df41a1
commit 06c125a
Show file tree

Hide file tree

Showing 29 changed files with 7,262 additions and 0 deletions.
diff --git a/crda-ct/.gitignore b/crda-ct/.gitignore
@@ -0,0 +1,11 @@
+*~
+regulatory.sqlite
+regulatory.bin
+crda
+dump
+intersect
+regdbdump
+*.o
+*.pyc
+keys-*.c
+key.priv.pem
diff --git a/crda-ct/.gitrepo b/crda-ct/.gitrepo
@@ -0,0 +1,11 @@
+; DO NOT EDIT (unless you know what you are doing)
+;
+; This subdirectory is a git "subrepo", and this file is maintained by the
+; git-subrepo command. See https://github.com/git-commands/git-subrepo#readme
+;
+[subrepo]
+	remote = https://github.com/0x90/crda-ct
+	branch = master
+	commit = a6b786d179f9e36243c124784ec1d14421a3cc7e
+	parent = 3df41a112a5ee1092050b687086b55c556c37894
+	cmdver = 0.2.0
diff --git a/crda-ct/CONTRIBUTING b/crda-ct/CONTRIBUTING
@@ -0,0 +1,49 @@
+
+This project embraces the Developer Certificate of Origin (DCO) for
+contributions. This means you must agree to the following prior to submitting
+patches, if you agree with this developer certificate you acknowledge this by
+adding a Signed-off-by tag to your patch commit log. Every submitted patch
+must have this.
+
+The source for the DCO:
+
+http://developercertificate.org/
+
+-----------------------------------------------------------------------
+
+Developer Certificate of Origin
+Version 1.1
+
+Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
+660 York Street, Suite 102,
+San Francisco, CA 94110 USA
+
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
+
+
+Developer's Certificate of Origin 1.1
+
+By making a contribution to this project, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+    have the right to submit it under the open source license
+    indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the best
+    of my knowledge, is covered under an appropriate open source
+    license and I have the right under that license to submit that
+    work with modifications, whether created in whole or in part
+    by me, under the same open source license (unless I am
+    permitted to submit under a different license), as indicated
+    in the file; or
+
+(c) The contribution was provided directly to me by some other
+    person who certified (a), (b) or (c) and I have not modified
+    it.
+
+(d) I understand and agree that this project and the contribution
+    are public and that a record of the contribution (including all
+    personal information I submit with it, including my sign-off) is
+    maintained indefinitely and may be redistributed consistent with
+    this project or the open source license(s) involved.
diff --git a/crda-ct/LICENSE b/crda-ct/LICENSE
@@ -0,0 +1,28 @@
+Copyright (c) 2013, Luis R. Rodriguez <[email protected]>
+
+CRDA is licensed under copyleft-next 0.3.0
+
+Refer to copyleft-next-0.3.0 for license details, you can
+also always get the latest updates of copyleft-next from:
+
+https://gitorious.org/copyleft-next/
+
+This file incorporates work covered by the following copyright and
+permission notice:
+
+Copyright (c) 2008, Luis R. Rodriguez <[email protected]>
+Copyright (c) 2008, Johannes Berg <[email protected]>
+Copyright (c) 2008, Michael Green <[email protected]>
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
diff --git a/crda-ct/Makefile b/crda-ct/Makefile
@@ -0,0 +1,191 @@
+# Modify as you see fit, note this is built into crda,
+# so if you change it here you will have to change crda.c
+REG_BIN?=/lib/crda/regulatory.bin
+REG_GIT?=git://git.kernel.org/pub/scm/linux/kernel/git/sforshee/wireless-regdb.git
+
+PREFIX ?= /usr/
+MANDIR ?= $(PREFIX)/share/man/
+INCLUDE_DIR ?= $(PREFIX)/include/reglib/
+LIBDIR ?= $(PREFIX)/lib
+
+SBINDIR ?= /sbin/
+
+# Use a custom CRDA_UDEV_LEVEL when callling make install to
+# change your desired level for the udev regulatory.rules
+CRDA_UDEV_LEVEL?=85
+UDEV_LEVEL=$(CRDA_UDEV_LEVEL)-
+# You can customize this if your distributions uses
+# a different location.
+UDEV_RULE_DIR?=/lib/udev/rules.d/
+
+# If your distribution requires a custom pubkeys dir
+# you must update this variable to reflect where the
+# keys are put when building. For example you can run
+# with make PUBKEY_DIR=/usr/lib/crda/pubkeys
+PUBKEY_DIR?=pubkeys
+RUNTIME_PUBKEY_DIR?=/etc/wireless-regdb/pubkeys
+
+CFLAGS += -O2 -fpic
+CFLAGS += -std=gnu99 -Wall -Werror -pedantic
+CFLAGS += -Wall -g
+LDLIBREG += -lreg
+LDLIBS += $(LDLIBREG)
+LDLIBS += -lm
+LIBREG += libreg.so
+LDFLAGS += -L ./
+
+all: all_noverify verify
+
+all_noverify: $(LIBREG) crda intersect regdbdump db2rd optimize
+
+ifeq ($(USE_OPENSSL),1)
+CFLAGS += -DUSE_OPENSSL -DPUBKEY_DIR=\"$(RUNTIME_PUBKEY_DIR)\" `pkg-config --cflags openssl`
+LDLIBS += `pkg-config --libs openssl`
+
+$(LIBREG): keys-ssl.c
+
+else
+CFLAGS += -DUSE_GCRYPT
+LDLIBS += -lgcrypt
+
+$(LIBREG): keys-gcrypt.c
+
+endif
+MKDIR ?= mkdir -p
+INSTALL ?= install
+
+NL1FOUND := $(shell pkg-config --atleast-version=1 libnl-1 && echo Y)
+NL2FOUND := $(shell pkg-config --atleast-version=2 libnl-2.0 && echo Y)
+NL3FOUND := $(shell pkg-config --atleast-version=3 libnl-3.0 && echo Y)
+NL32FOUND := $(shell pkg-config --atleast-version=3 libnl-3.2 && echo Y)
+
+ifeq ($(NL32FOUND),Y)
+CFLAGS += -DCONFIG_LIBNL30
+NLLIBS += $(shell pkg-config --libs libnl-genl-3.2)
+NLLIBNAME = libnl-3.2
+else
+	ifeq ($(NL3FOUND),Y)
+	CFLAGS += -DCONFIG_LIBNL30
+	NLLIBS += $(shell pkg-config --libs libnl-genl-3.0)
+	NLLIBNAME = libnl-3.0
+	else
+		ifeq ($(NL2FOUND),Y)
+		CFLAGS += -DCONFIG_LIBNL20
+		NLLIBS += -lnl-genl
+		NLLIBNAME = libnl-2.0
+		else
+			ifeq ($(NL1FOUND),Y)
+			NLLIBNAME = libnl-1
+			endif
+		endif
+	endif
+endif
+
+ifeq ($(NLLIBNAME),)
+$(error Cannot find development files for any supported version of libnl)
+endif
+
+NLLIBS += `pkg-config --libs $(NLLIBNAME)`
+CFLAGS += `pkg-config --cflags $(NLLIBNAME)`
+
+ifeq ($(V),1)
+Q=
+NQ=@true
+else
+Q=@
+NQ=@echo
+endif
+
+$(REG_BIN):
+	$(NQ) '  EXIST ' $(REG_BIN)
+	$(NQ)
+	$(NQ) ERROR: The file: $(REG_BIN) is missing. You need this in place in order
+	$(NQ) to verify CRDA. You can get it from:
+	$(NQ)
+	$(NQ) $(REG_GIT)
+	$(NQ)
+	$(NQ) "Once cloned (no need to build) cp regulatory.bin to $(REG_BIN)"
+	$(NQ) "Use \"make noverify\" to disable verification"
+	$(NQ)
+	$(Q) exit 1
+
+keys-%.c: utils/key2pub.py $(wildcard $(PUBKEY_DIR)/*.pem)
+	$(NQ) '  GEN ' $@
+	$(NQ) '  Trusted pubkeys:' $(wildcard $(PUBKEY_DIR)/*.pem)
+	$(Q)./utils/key2pub.py --$* $(wildcard $(PUBKEY_DIR)/*.pem) $@
+
+$(LIBREG): regdb.h reglib.h reglib.c
+	$(NQ) '  CC  ' $@
+	$(Q)$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ -shared -Wl,-soname,$(LIBREG) $^
+
+install-libreg-headers:
+	$(NQ) '  INSTALL  libreg-headers'
+	$(Q)mkdir -p $(DESTDIR)/$(INCLUDE_DIR)
+	$(Q)cp *.h $(DESTDIR)/$(INCLUDE_DIR)/
+
+install-libreg:
+	$(NQ) '  INSTALL  libreg'
+	$(Q)mkdir -p $(DESTDIR)/$(LIBDIR)
+	$(Q)cp $(LIBREG) $(DESTDIR)/$(LIBDIR)/
+	-$(Q)ldconfig
+
+%.o: %.c regdb.h $(LIBREG)
+	$(NQ) '  CC  ' $@
+	$(Q)$(CC) -c $(CPPFLAGS) $(CFLAGS) -o $@ $<
+
+crda: crda.o
+	$(NQ) '  LD  ' $@
+	$(Q)$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^ $(LDLIBS) $(NLLIBS)
+
+regdbdump: regdbdump.o
+	$(NQ) '  LD  ' $@
+	$(Q)$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^ $(LDLIBS)
+
+intersect: intersect.o
+	$(NQ) '  LD  ' $@
+	$(Q)$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^ $(LDLIBS)
+
+db2rd: db2rd.o
+	$(NQ) '  LD  ' $@
+	$(Q)$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^ $(LDLIBS)
+
+optimize: optimize.o
+	$(NQ) '  LD  ' $@
+	$(Q)$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^ $(LDLIBS)
+
+verify: $(REG_BIN) regdbdump
+	$(NQ) '  CHK  $(REG_BIN)'
+	$(Q)\
+		LD_LIBRARY_PATH=.:$(LD_LIBRARY_PATH) \
+		./regdbdump $(REG_BIN) >/dev/null
+
+%.gz: %
+	@$(NQ) ' GZIP' $<
+	$(Q)gzip < $< > $@
+
+install: install-libreg install-libreg-headers crda crda.8.gz regdbdump.8.gz
+	$(NQ) '  INSTALL  crda'
+	$(Q)$(MKDIR) $(DESTDIR)/$(SBINDIR)
+	$(Q)$(INSTALL) -m 755 -t $(DESTDIR)/$(SBINDIR) crda
+	$(NQ) '  INSTALL  regdbdump'
+	$(Q)$(INSTALL) -m 755 -t $(DESTDIR)/$(SBINDIR) regdbdump
+	$(NQ) '  INSTALL  $(UDEV_LEVEL)regulatory.rules'
+	$(Q)$(MKDIR) $(DESTDIR)/$(UDEV_RULE_DIR)/
+	@# This removes the old rule you may have, we were not
+	@# putting it in the right place.
+	$(Q)rm -f $(DESTDIR)/etc/udev/rules.d/regulatory.rules
+	$(Q)sed 's:$$(SBINDIR):$(SBINDIR):' udev/regulatory.rules > udev/regulatory.rules.parsed
+	$(Q)ln -sf regulatory.rules.parsed udev/$(UDEV_LEVEL)regulatory.rules
+	$(Q)$(INSTALL) -m 644 -t \
+		$(DESTDIR)/$(UDEV_RULE_DIR)/ \
+		udev/$(UDEV_LEVEL)regulatory.rules
+	$(NQ) '  INSTALL  crda.8.gz'
+	$(Q)$(MKDIR) $(DESTDIR)$(MANDIR)/man8/
+	$(Q)$(INSTALL) -m 644 -t $(DESTDIR)/$(MANDIR)/man8/ crda.8.gz
+	$(NQ) '  INSTALL  regdbdump.8.gz'
+	$(Q)$(INSTALL) -m 644 -t $(DESTDIR)/$(MANDIR)/man8/ regdbdump.8.gz
+
+clean:
+	$(Q)rm -f $(LIBREG) crda regdbdump intersect db2rd optimize \
+		*.o *~ *.pyc keys-*.c *.gz \
+	udev/$(UDEV_LEVEL)regulatory.rules udev/regulatory.rules.parsed
diff --git a/crda-ct/README b/crda-ct/README
@@ -0,0 +1,98 @@
+ Central Regulatory Domain Agent (CRDA)
+========================================
+
+This is the Central Regulatory Domain Agent for Linux. It serves one
+purpose: tell Linux kernel what to enforce. In essence it is a udev
+helper for communication between the kernel and userspace. You only
+need to run this manually for debugging purposes. For manual changing
+of regulatory domains use iw (iw reg set) or wpa_supplicant (feature
+yet to be added).
+
+ HOST REQUIREMENTS
+===================
+
+CRDA is provided as a binary file so all the host needs is libc/uclibc.
+You will also need udev and at least libnl1.
+
+ BUILD REQUIREMENTS
+====================
+
+The package build requirements currently are:
+
+ * python and the m2crypto package (python-m2crypto)
+ * libgcrypt or libssl (openssl) header files
+ * nl library and header files (libnl1 and libnl-dev)
+   available at git://git.kernel.org/pub/scm/libs/netlink/libnl.git
+ * RSA public key of John Linville and Seth Forshee, we include these
+   as part of this package so you do not need to install it. The RSA
+   public keys comes from the wireless-regdb.git tree and we keep them
+   up to date here.
+ * regulatory database, clone this tree:
+
+   git://git.kernel.org/pub/scm/linux/kernel/git/sforshee/wireless-regdb.git
+
+   and then stuff regulatory.bin (no need to build) provided there in
+   REG_BIN location specified in this Makefile. This regulatory.bin file
+   is only required to verify the CRDA built here can read its database file
+   which has been signed with the RSA private key.
+
+ CALLING CRDA -- UDEV
+======================
+
+Distributions can set up a udev rule to allow the kernel's regulatory
+domain change request to be reviewed by CRDA so CRDA can pass an
+appropriate regulatory domain. An example regulatory rule is provided
+with this package as regulatory.rules
+
+ OVERVIEW
+==========
+
+The database is maintained on the wireless-regdb.git tree. This git
+tree maintains a binary regulatory database file which is produced
+using its own ASCII db.txt into binary form for size efficiency. The
+contents of the binary database are then signed using the private key.
+
+CRDA will use regulatory.bin if its signature checks out with the public
+key provided. This will prevent us from using corrupted data (in case
+of hard drive failure) in the running kernel. This separation between
+CRDA and the regulatory database also allows us to provide regulatory
+updates on distributions without having to require an update on CRDA.
+
+Note that upon updating the regulatory database it is advised the
+user reboots or all the wireless modules get unloaded and reloaded.
+
+Under certain circumstances it may be desirable to have the regulatory
+agent accept multiple keys, this can be achieved by stuffing all the keys
+desired into pubkeys. Right now we use John Linville's and Seth Forshee's
+public keys.
+
+ REGDB AUTHORS
+===============
+
+Authors of regulatory.bin first need a private key, which can be generated
+with something like this:
+
+	openssl genrsa -out your.key.priv.pem 2048
+
+You'll then need to generate the public key and publish it. You
+can generate it as follows:
+
+	openssl rsa -in your.key.priv.pem -out your.key.pub.pem -pubout -outform PEM
+
+Then with this key you can generate regulatory.bin files like this:
+
+	./utils/db2bin.py regulatory.bin db.txt your.key.priv.pem
+
+ MAGIC PATTERN
+===============
+
+Use the following magic(5) pattern to recognise CRDA binary regulatory
+database files:
+
+---- %< ----
+# CRDA Regulatory database file
+# http://git.kernel.org/?p=linux/kernel/git/mcgrof/crda.git;a=summary
+# (see regdb.h)
+0	belong		0x52474442	CRDA regulatory database file
+>4	belong		19		(Version 1)
+---- >% ----