cfg80211: implement regdb signature checking

Currently CRDA implements the signature checking, and the previous commits added the ability to load the whole regulatory database into the kernel. However, we really can't lose the signature checking, so implement it in the kernel by loading a detached signature (regulatory.db.p7s) and check it against built-in keys. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
author: Johannes Berg <johannes.berg@intel.com> 2017-09-13 22:21:08 +0200
committer: Johannes Berg <johannes.berg@intel.com> 2017-10-11 14:24:24 +0200
commit: 90a53e4432b12288316efaa5f308adafb8d304b0 (patch)
tree: 0d284c2cc1e9c2749f0216031066ed64bd0417f2 /net/wireless/reg.h
parent: c8c240e284b3d821011b4f680b3eaa99569b3756 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/net/wireless/reg.h b/net/wireless/reg.h
index 9529c522611a..9ceeb5f3a7cb 100644
--- a/net/wireless/reg.h
+++ b/net/wireless/reg.h
@@ -1,5 +1,8 @@
 #ifndef __NET_WIRELESS_REG_H
 #define __NET_WIRELESS_REG_H
+
+#include <net/cfg80211.h>
+
 /*
  * Copyright 2008-2011	Luis R. Rodriguez <mcgrof@qca.qualcomm.com>
  *
@@ -185,4 +188,9 @@ bool reg_dfs_domain_same(struct wiphy *wiphy1, struct wiphy *wiphy2);
  */
 int reg_reload_regdb(void);
 
+extern const u8 shipped_regdb_certs[];
+extern unsigned int shipped_regdb_certs_len;
+extern const u8 extra_regdb_certs[];
+extern unsigned int extra_regdb_certs_len;
+
 #endif  /* __NET_WIRELESS_REG_H */
author	Johannes Berg <johannes.berg@intel.com>	2017-09-13 22:21:08 +0200
committer	Johannes Berg <johannes.berg@intel.com>	2017-10-11 14:24:24 +0200
commit	90a53e4432b12288316efaa5f308adafb8d304b0 (patch)
tree	0d284c2cc1e9c2749f0216031066ed64bd0417f2 /net/wireless/reg.h
parent	c8c240e284b3d821011b4f680b3eaa99569b3756 (diff)