PKCS#7: Check content type and versions (2c7fd367) · Commits · e / devices / android_kernel_fairphone_FP3

crypto/asymmetric_keys/pkcs7.asn1

+3 −3

Original line number	Original line	Diff line number	Diff line
	PKCS7ContentInfo ::= SEQUENCE {		PKCS7ContentInfo ::= SEQUENCE {
	contentType ContentType,		contentType ContentType ({ pkcs7_check_content_type }),
	content [0] EXPLICIT SignedData OPTIONAL		content [0] EXPLICIT SignedData OPTIONAL
	}		}

	ContentType ::= OBJECT IDENTIFIER ({ pkcs7_note_OID })		ContentType ::= OBJECT IDENTIFIER ({ pkcs7_note_OID })

	SignedData ::= SEQUENCE {		SignedData ::= SEQUENCE {
	version INTEGER,		version INTEGER ({ pkcs7_note_signeddata_version }),
	digestAlgorithms DigestAlgorithmIdentifiers,		digestAlgorithms DigestAlgorithmIdentifiers,
	contentInfo ContentInfo,		contentInfo ContentInfo,
	certificates CHOICE {		certificates CHOICE {
	@@ -68,7 +68,7 @@ SignerInfos ::= CHOICE {
	}		}

	SignerInfo ::= SEQUENCE {		SignerInfo ::= SEQUENCE {
	version INTEGER,		version INTEGER ({ pkcs7_note_signerinfo_version }),
	issuerAndSerialNumber IssuerAndSerialNumber,		issuerAndSerialNumber IssuerAndSerialNumber,
	digestAlgorithm DigestAlgorithmIdentifier ({ pkcs7_sig_note_digest_algo }),		digestAlgorithm DigestAlgorithmIdentifier ({ pkcs7_sig_note_digest_algo }),
	authenticatedAttributes CHOICE {		authenticatedAttributes CHOICE {

crypto/asymmetric_keys/pkcs7_parser.c

+74 −1

Original line number	Original line	Diff line number	Diff line
	@@ -225,6 +225,79 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen,
	return 0;		return 0;
	}		}

			/*
			* We only support signed data [RFC2315 sec 9].
			*/
			int pkcs7_check_content_type(void *context, size_t hdrlen,
			unsigned char tag,
			const void *value, size_t vlen)
			{
			struct pkcs7_parse_context *ctx = context;

			if (ctx->last_oid != OID_signed_data) {
			pr_warn("Only support pkcs7_signedData type\n");
			return -EINVAL;
			}

			return 0;
			}

			/*
			* Note the SignedData version
			*/
			int pkcs7_note_signeddata_version(void *context, size_t hdrlen,
			unsigned char tag,
			const void *value, size_t vlen)
			{
			unsigned version;

			if (vlen != 1)
			goto unsupported;

			version = (const u8 )value;
			switch (version) {
			case 1:
			/* PKCS#7 SignedData [RFC2315 sec 9.1] */
			break;
			default:
			goto unsupported;
			}

			return 0;

			unsupported:
			pr_warn("Unsupported SignedData version\n");
			return -EINVAL;
			}

			/*
			* Note the SignerInfo version
			*/
			int pkcs7_note_signerinfo_version(void *context, size_t hdrlen,
			unsigned char tag,
			const void *value, size_t vlen)
			{
			unsigned version;

			if (vlen != 1)
			goto unsupported;

			version = (const u8 )value;
			switch (version) {
			case 1:
			/* PKCS#7 SignerInfo [RFC2315 sec 9.2] */
			break;
			default:
			goto unsupported;
			}

			return 0;

			unsupported:
			pr_warn("Unsupported SignerInfo version\n");
			return -EINVAL;
			}

	/*		/*
	* Extract a certificate and store it in the context.		* Extract a certificate and store it in the context.
	*/		*/
	@@ -326,7 +399,7 @@ int pkcs7_sig_note_authenticated_attr(void *context, size_t hdrlen,
	}		}

	/*		/*
	* Note the set of auth attributes for digestion purposes [RFC2315 9.3]		* Note the set of auth attributes for digestion purposes [RFC2315 sec 9.3]
	*/		*/
	int pkcs7_sig_note_set_of_authattrs(void *context, size_t hdrlen,		int pkcs7_sig_note_set_of_authattrs(void *context, size_t hdrlen,
	unsigned char tag,		unsigned char tag,