lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20250519014204.304611-1-chalianis1@gmail.com>
Date: Sun, 18 May 2025 21:42:04 -0400
From: chalianis1@...il.com
To: linux-kernel@...r.kernel.org
Cc: Anis Chali <chalianis1@...il.com>
Subject: [PATCH] scripts: regdb2hex: add a script to convert regulatory.db.p7s to hex for net wireless certs.

From: Anis Chali <chalianis1@...il.com>

extracts the certificate from regulatory.db.p7s and generate a hex file usable
by the kernel source code, after that take the result and put it with a patch to the kernel
source tree under net/wireless/certs

Signed-off-by: Anis Chali <chalianis1@...il.com>
---
 scripts/regdb2hex.sh | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 scripts/regdb2hex.sh

diff --git a/scripts/regdb2hex.sh b/scripts/regdb2hex.sh
new file mode 100644
index 000000000000..b28912a79094
--- /dev/null
+++ b/scripts/regdb2hex.sh
@@ -0,0 +1,37 @@
+#! /usr/bin/env bash
+
+# This script extracts the certificate from regulatory.db.p7s and generate a hex file usable
+# by the kernel source code, after that take the result and put it with a patch to the kernel
+# source tree under net/wireless/certs
+# this will be added to shiped_certs
+# to verify that your certificate has been added successfully 
+# 1. check inside 
+# /proc/keys and you will see a line with asymetric issuer and a sha
+# 2. dmesg | grep -i x.509
+# cfg80211: Loaded X.509 cert '{issuer}: {sha}'
+
+if [ $# -lt 2 ]; then
+    echo "${0} <regulatory.db.p7s> <output-filename>"
+    exit 0
+fi
+
+trap '[ -e ${2}.x509 ] && rm ${2}.x509' SIGINT SIGTERM SIGQUIT 0
+
+openssl pkcs7 -in ${1} -inform DER -print_certs | openssl x509 -inform PEM -outform DER -out ${2}.x509
+
+hex_crt=$(od -An -v -tx1 < ${2}.x509 | sed -e 's/ /\n/g' | sed -e 's/^[0-9a-f]\+$/\0/;t;d' | sed -e 's/^/0x/;s/$/,/')
+
+echo "/* ${2}'s regdb certificate */" >> ${2}.hex
+
+cnt=0
+for h in ${hex_crt}; do
+    
+    cnt=$(( cnt + 1 ))
+    nl=$(( cnt % 8 ))
+    if [ "$nl" = "0" ]; then
+        echo " $h" >> ${2}.hex
+    else
+        echo -n " $h" >> ${2}.hex
+    fi
+
+done
\ No newline at end of file
-- 
2.49.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ