^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0-or-later
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /* PKCS#7 parser
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * Written by David Howells (dhowells@redhat.com)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) #define pr_fmt(fmt) "PKCS7: "fmt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) #include <linux/kernel.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) #include <linux/module.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) #include <linux/export.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) #include <linux/err.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) #include <linux/oid_registry.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) #include <crypto/public_key.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #include "pkcs7_parser.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) #include "pkcs7.asn1.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) MODULE_DESCRIPTION("PKCS#7 parser");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) MODULE_AUTHOR("Red Hat, Inc.");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) MODULE_LICENSE("GPL");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) struct pkcs7_parse_context {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) struct pkcs7_message *msg; /* Message being constructed */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) struct pkcs7_signed_info *sinfo; /* SignedInfo being constructed */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) struct pkcs7_signed_info **ppsinfo;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) struct x509_certificate *certs; /* Certificate cache */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) struct x509_certificate **ppcerts;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) unsigned long data; /* Start of data */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) enum OID last_oid; /* Last OID encountered */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) unsigned x509_index;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) unsigned sinfo_index;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) const void *raw_serial;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) unsigned raw_serial_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) unsigned raw_issuer_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) const void *raw_issuer;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) const void *raw_skid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) unsigned raw_skid_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) bool expect_skid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) * Free a signed information block.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) static void pkcs7_free_signed_info(struct pkcs7_signed_info *sinfo)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) if (sinfo) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) public_key_signature_free(sinfo->sig);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) kfree(sinfo);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) * pkcs7_free_message - Free a PKCS#7 message
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) * @pkcs7: The PKCS#7 message to free
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) void pkcs7_free_message(struct pkcs7_message *pkcs7)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) struct x509_certificate *cert;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) struct pkcs7_signed_info *sinfo;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) if (pkcs7) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) while (pkcs7->certs) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) cert = pkcs7->certs;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) pkcs7->certs = cert->next;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) x509_free_certificate(cert);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) while (pkcs7->crl) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) cert = pkcs7->crl;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) pkcs7->crl = cert->next;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) x509_free_certificate(cert);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) while (pkcs7->signed_infos) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) sinfo = pkcs7->signed_infos;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) pkcs7->signed_infos = sinfo->next;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) pkcs7_free_signed_info(sinfo);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) kfree(pkcs7);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) EXPORT_SYMBOL_GPL(pkcs7_free_message);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) * Check authenticatedAttributes are provided or not provided consistently.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) static int pkcs7_check_authattrs(struct pkcs7_message *msg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) struct pkcs7_signed_info *sinfo;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) bool want = false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) sinfo = msg->signed_infos;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) if (!sinfo)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) goto inconsistent;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) if (sinfo->authattrs) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) want = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) msg->have_authattrs = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) for (sinfo = sinfo->next; sinfo; sinfo = sinfo->next)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) if (!!sinfo->authattrs != want)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) goto inconsistent;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) inconsistent:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) pr_warn("Inconsistently supplied authAttrs\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) * pkcs7_parse_message - Parse a PKCS#7 message
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) * @data: The raw binary ASN.1 encoded message to be parsed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) * @datalen: The size of the encoded message
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) struct pkcs7_message *pkcs7_parse_message(const void *data, size_t datalen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) struct pkcs7_parse_context *ctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) struct pkcs7_message *msg = ERR_PTR(-ENOMEM);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) ctx = kzalloc(sizeof(struct pkcs7_parse_context), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) if (!ctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) goto out_no_ctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) ctx->msg = kzalloc(sizeof(struct pkcs7_message), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) if (!ctx->msg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) goto out_no_msg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) ctx->sinfo = kzalloc(sizeof(struct pkcs7_signed_info), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) if (!ctx->sinfo)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) goto out_no_sinfo;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) ctx->sinfo->sig = kzalloc(sizeof(struct public_key_signature),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) if (!ctx->sinfo->sig)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) goto out_no_sig;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) ctx->data = (unsigned long)data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) ctx->ppcerts = &ctx->certs;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) ctx->ppsinfo = &ctx->msg->signed_infos;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) /* Attempt to decode the signature */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) ret = asn1_ber_decoder(&pkcs7_decoder, ctx, data, datalen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) if (ret < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) msg = ERR_PTR(ret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) ret = pkcs7_check_authattrs(ctx->msg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) if (ret < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) msg = ERR_PTR(ret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) msg = ctx->msg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) ctx->msg = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) while (ctx->certs) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) struct x509_certificate *cert = ctx->certs;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) ctx->certs = cert->next;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) x509_free_certificate(cert);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) out_no_sig:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) pkcs7_free_signed_info(ctx->sinfo);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) out_no_sinfo:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) pkcs7_free_message(ctx->msg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) out_no_msg:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) kfree(ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) out_no_ctx:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) return msg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) EXPORT_SYMBOL_GPL(pkcs7_parse_message);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) * pkcs7_get_content_data - Get access to the PKCS#7 content
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) * @pkcs7: The preparsed PKCS#7 message to access
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) * @_data: Place to return a pointer to the data
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) * @_data_len: Place to return the data length
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) * @_headerlen: Size of ASN.1 header not included in _data
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) * Get access to the data content of the PKCS#7 message. The size of the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) * header of the ASN.1 object that contains it is also provided and can be used
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) * to adjust *_data and *_data_len to get the entire object.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) * Returns -ENODATA if the data object was missing from the message.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) int pkcs7_get_content_data(const struct pkcs7_message *pkcs7,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) const void **_data, size_t *_data_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) size_t *_headerlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) if (!pkcs7->data)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) return -ENODATA;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) *_data = pkcs7->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) *_data_len = pkcs7->data_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) if (_headerlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) *_headerlen = pkcs7->data_hdrlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) EXPORT_SYMBOL_GPL(pkcs7_get_content_data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) * Note an OID when we find one for later processing when we know how
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) * to interpret it.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) int pkcs7_note_OID(void *context, size_t hdrlen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) unsigned char tag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) const void *value, size_t vlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) struct pkcs7_parse_context *ctx = context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) ctx->last_oid = look_up_OID(value, vlen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) if (ctx->last_oid == OID__NR) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) char buffer[50];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) sprint_oid(value, vlen, buffer, sizeof(buffer));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) printk("PKCS7: Unknown OID: [%lu] %s\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) (unsigned long)value - ctx->data, buffer);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) * Note the digest algorithm for the signature.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) unsigned char tag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) const void *value, size_t vlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) struct pkcs7_parse_context *ctx = context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) switch (ctx->last_oid) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) case OID_md4:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) ctx->sinfo->sig->hash_algo = "md4";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) case OID_md5:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) ctx->sinfo->sig->hash_algo = "md5";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) case OID_sha1:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) ctx->sinfo->sig->hash_algo = "sha1";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) case OID_sha256:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) ctx->sinfo->sig->hash_algo = "sha256";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) case OID_sha384:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) ctx->sinfo->sig->hash_algo = "sha384";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) case OID_sha512:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) ctx->sinfo->sig->hash_algo = "sha512";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) case OID_sha224:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) ctx->sinfo->sig->hash_algo = "sha224";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) printk("Unsupported digest algo: %u\n", ctx->last_oid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) return -ENOPKG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) * Note the public key algorithm for the signature.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) unsigned char tag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) const void *value, size_t vlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) struct pkcs7_parse_context *ctx = context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) switch (ctx->last_oid) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) case OID_rsaEncryption:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) ctx->sinfo->sig->pkey_algo = "rsa";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) ctx->sinfo->sig->encoding = "pkcs1";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) printk("Unsupported pkey algo: %u\n", ctx->last_oid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) return -ENOPKG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) * We only support signed data [RFC2315 sec 9].
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) int pkcs7_check_content_type(void *context, size_t hdrlen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) unsigned char tag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) const void *value, size_t vlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) struct pkcs7_parse_context *ctx = context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) if (ctx->last_oid != OID_signed_data) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) pr_warn("Only support pkcs7_signedData type\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) * Note the SignedData version
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) int pkcs7_note_signeddata_version(void *context, size_t hdrlen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) unsigned char tag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) const void *value, size_t vlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) struct pkcs7_parse_context *ctx = context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) unsigned version;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) if (vlen != 1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) goto unsupported;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) ctx->msg->version = version = *(const u8 *)value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) switch (version) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) case 1:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) /* PKCS#7 SignedData [RFC2315 sec 9.1]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313) * CMS ver 1 SignedData [RFC5652 sec 5.1]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) case 3:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) /* CMS ver 3 SignedData [RFC2315 sec 5.1] */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) goto unsupported;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) unsupported:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) pr_warn("Unsupported SignedData version\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) * Note the SignerInfo version
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) int pkcs7_note_signerinfo_version(void *context, size_t hdrlen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) unsigned char tag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) const void *value, size_t vlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) struct pkcs7_parse_context *ctx = context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) unsigned version;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) if (vlen != 1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) goto unsupported;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) version = *(const u8 *)value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) switch (version) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) case 1:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) /* PKCS#7 SignerInfo [RFC2315 sec 9.2]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) * CMS ver 1 SignerInfo [RFC5652 sec 5.3]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) if (ctx->msg->version != 1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350) goto version_mismatch;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) ctx->expect_skid = false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) case 3:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) /* CMS ver 3 SignerInfo [RFC2315 sec 5.3] */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) if (ctx->msg->version == 1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) goto version_mismatch;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) ctx->expect_skid = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) goto unsupported;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) unsupported:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) pr_warn("Unsupported SignerInfo version\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) version_mismatch:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) pr_warn("SignedData-SignerInfo version mismatch\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370) return -EBADMSG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) * Extract a certificate and store it in the context.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) int pkcs7_extract_cert(void *context, size_t hdrlen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) unsigned char tag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) const void *value, size_t vlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) struct pkcs7_parse_context *ctx = context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) struct x509_certificate *x509;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) if (tag != ((ASN1_UNIV << 6) | ASN1_CONS_BIT | ASN1_SEQ)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384) pr_debug("Cert began with tag %02x at %lu\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385) tag, (unsigned long)ctx - ctx->data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) return -EBADMSG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) /* We have to correct for the header so that the X.509 parser can start
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) * from the beginning. Note that since X.509 stipulates DER, there
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391) * probably shouldn't be an EOC trailer - but it is in PKCS#7 (which
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) * stipulates BER).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) value -= hdrlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) vlen += hdrlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) if (((u8*)value)[1] == 0x80)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398) vlen += 2; /* Indefinite length - there should be an EOC */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400) x509 = x509_cert_parse(value, vlen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) if (IS_ERR(x509))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402) return PTR_ERR(x509);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404) x509->index = ++ctx->x509_index;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405) pr_debug("Got cert %u for %s\n", x509->index, x509->subject);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406) pr_debug("- fingerprint %*phN\n", x509->id->len, x509->id->data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408) *ctx->ppcerts = x509;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409) ctx->ppcerts = &x509->next;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) * Save the certificate list
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) int pkcs7_note_certificate_list(void *context, size_t hdrlen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417) unsigned char tag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418) const void *value, size_t vlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420) struct pkcs7_parse_context *ctx = context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422) pr_devel("Got cert list (%02x)\n", tag);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) *ctx->ppcerts = ctx->msg->certs;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425) ctx->msg->certs = ctx->certs;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426) ctx->certs = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427) ctx->ppcerts = &ctx->certs;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432) * Note the content type.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434) int pkcs7_note_content(void *context, size_t hdrlen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) unsigned char tag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436) const void *value, size_t vlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438) struct pkcs7_parse_context *ctx = context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440) if (ctx->last_oid != OID_data &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441) ctx->last_oid != OID_msIndirectData) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442) pr_warn("Unsupported data type %d\n", ctx->last_oid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446) ctx->msg->data_type = ctx->last_oid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451) * Extract the data from the message and store that and its content type OID in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 452) * the context.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 453) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 454) int pkcs7_note_data(void *context, size_t hdrlen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 455) unsigned char tag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 456) const void *value, size_t vlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 457) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 458) struct pkcs7_parse_context *ctx = context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 459)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 460) pr_debug("Got data\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 461)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 462) ctx->msg->data = value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 463) ctx->msg->data_len = vlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 464) ctx->msg->data_hdrlen = hdrlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 465) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 466) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 467)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 468) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 469) * Parse authenticated attributes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 470) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 471) int pkcs7_sig_note_authenticated_attr(void *context, size_t hdrlen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 472) unsigned char tag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 473) const void *value, size_t vlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 474) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 475) struct pkcs7_parse_context *ctx = context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 476) struct pkcs7_signed_info *sinfo = ctx->sinfo;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 477) enum OID content_type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 478)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 479) pr_devel("AuthAttr: %02x %zu [%*ph]\n", tag, vlen, (unsigned)vlen, value);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 480)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 481) switch (ctx->last_oid) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 482) case OID_contentType:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 483) if (__test_and_set_bit(sinfo_has_content_type, &sinfo->aa_set))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 484) goto repeated;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 485) content_type = look_up_OID(value, vlen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 486) if (content_type != ctx->msg->data_type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 487) pr_warn("Mismatch between global data type (%d) and sinfo %u (%d)\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 488) ctx->msg->data_type, sinfo->index,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 489) content_type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 490) return -EBADMSG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 491) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 492) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 493)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 494) case OID_signingTime:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 495) if (__test_and_set_bit(sinfo_has_signing_time, &sinfo->aa_set))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 496) goto repeated;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 497) /* Should we check that the signing time is consistent
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 498) * with the signer's X.509 cert?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 499) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 500) return x509_decode_time(&sinfo->signing_time,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 501) hdrlen, tag, value, vlen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 502)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 503) case OID_messageDigest:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 504) if (__test_and_set_bit(sinfo_has_message_digest, &sinfo->aa_set))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 505) goto repeated;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 506) if (tag != ASN1_OTS)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 507) return -EBADMSG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 508) sinfo->msgdigest = value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 509) sinfo->msgdigest_len = vlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 510) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 511)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 512) case OID_smimeCapabilites:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 513) if (__test_and_set_bit(sinfo_has_smime_caps, &sinfo->aa_set))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 514) goto repeated;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 515) if (ctx->msg->data_type != OID_msIndirectData) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 516) pr_warn("S/MIME Caps only allowed with Authenticode\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 517) return -EKEYREJECTED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 518) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 519) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 520)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 521) /* Microsoft SpOpusInfo seems to be contain cont[0] 16-bit BE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 522) * char URLs and cont[1] 8-bit char URLs.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 523) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 524) * Microsoft StatementType seems to contain a list of OIDs that
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 525) * are also used as extendedKeyUsage types in X.509 certs.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 526) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 527) case OID_msSpOpusInfo:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 528) if (__test_and_set_bit(sinfo_has_ms_opus_info, &sinfo->aa_set))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 529) goto repeated;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 530) goto authenticode_check;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 531) case OID_msStatementType:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 532) if (__test_and_set_bit(sinfo_has_ms_statement_type, &sinfo->aa_set))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 533) goto repeated;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 534) authenticode_check:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 535) if (ctx->msg->data_type != OID_msIndirectData) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 536) pr_warn("Authenticode AuthAttrs only allowed with Authenticode\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 537) return -EKEYREJECTED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 538) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 539) /* I'm not sure how to validate these */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 540) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 541) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 542) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 543) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 544)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 545) repeated:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 546) /* We permit max one item per AuthenticatedAttribute and no repeats */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 547) pr_warn("Repeated/multivalue AuthAttrs not permitted\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 548) return -EKEYREJECTED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 549) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 550)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 551) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 552) * Note the set of auth attributes for digestion purposes [RFC2315 sec 9.3]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 553) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 554) int pkcs7_sig_note_set_of_authattrs(void *context, size_t hdrlen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 555) unsigned char tag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 556) const void *value, size_t vlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 557) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 558) struct pkcs7_parse_context *ctx = context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 559) struct pkcs7_signed_info *sinfo = ctx->sinfo;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 560)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 561) if (!test_bit(sinfo_has_content_type, &sinfo->aa_set) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 562) !test_bit(sinfo_has_message_digest, &sinfo->aa_set)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 563) pr_warn("Missing required AuthAttr\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 564) return -EBADMSG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 565) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 566)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 567) if (ctx->msg->data_type != OID_msIndirectData &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 568) test_bit(sinfo_has_ms_opus_info, &sinfo->aa_set)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 569) pr_warn("Unexpected Authenticode AuthAttr\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 570) return -EBADMSG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 571) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 572)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 573) /* We need to switch the 'CONT 0' to a 'SET OF' when we digest */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 574) sinfo->authattrs = value - (hdrlen - 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 575) sinfo->authattrs_len = vlen + (hdrlen - 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 576) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 577) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 578)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 579) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 580) * Note the issuing certificate serial number
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 581) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 582) int pkcs7_sig_note_serial(void *context, size_t hdrlen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 583) unsigned char tag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 584) const void *value, size_t vlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 585) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 586) struct pkcs7_parse_context *ctx = context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 587) ctx->raw_serial = value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 588) ctx->raw_serial_size = vlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 589) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 590) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 591)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 592) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 593) * Note the issuer's name
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 594) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 595) int pkcs7_sig_note_issuer(void *context, size_t hdrlen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 596) unsigned char tag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 597) const void *value, size_t vlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 598) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 599) struct pkcs7_parse_context *ctx = context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 600) ctx->raw_issuer = value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 601) ctx->raw_issuer_size = vlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 602) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 603) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 604)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 605) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 606) * Note the issuing cert's subjectKeyIdentifier
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 607) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 608) int pkcs7_sig_note_skid(void *context, size_t hdrlen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 609) unsigned char tag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 610) const void *value, size_t vlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 611) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 612) struct pkcs7_parse_context *ctx = context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 613)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 614) pr_devel("SKID: %02x %zu [%*ph]\n", tag, vlen, (unsigned)vlen, value);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 615)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 616) ctx->raw_skid = value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 617) ctx->raw_skid_size = vlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 618) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 619) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 620)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 621) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 622) * Note the signature data
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 623) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 624) int pkcs7_sig_note_signature(void *context, size_t hdrlen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 625) unsigned char tag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 626) const void *value, size_t vlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 627) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 628) struct pkcs7_parse_context *ctx = context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 629)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 630) ctx->sinfo->sig->s = kmemdup(value, vlen, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 631) if (!ctx->sinfo->sig->s)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 632) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 633)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 634) ctx->sinfo->sig->s_size = vlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 635) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 636) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 637)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 638) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 639) * Note a signature information block
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 640) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 641) int pkcs7_note_signed_info(void *context, size_t hdrlen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 642) unsigned char tag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 643) const void *value, size_t vlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 644) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 645) struct pkcs7_parse_context *ctx = context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 646) struct pkcs7_signed_info *sinfo = ctx->sinfo;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 647) struct asymmetric_key_id *kid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 648)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 649) if (ctx->msg->data_type == OID_msIndirectData && !sinfo->authattrs) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 650) pr_warn("Authenticode requires AuthAttrs\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 651) return -EBADMSG;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 652) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 653)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 654) /* Generate cert issuer + serial number key ID */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 655) if (!ctx->expect_skid) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 656) kid = asymmetric_key_generate_id(ctx->raw_serial,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 657) ctx->raw_serial_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 658) ctx->raw_issuer,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 659) ctx->raw_issuer_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 660) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 661) kid = asymmetric_key_generate_id(ctx->raw_skid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 662) ctx->raw_skid_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 663) "", 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 664) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 665) if (IS_ERR(kid))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 666) return PTR_ERR(kid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 667)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 668) pr_devel("SINFO KID: %u [%*phN]\n", kid->len, kid->len, kid->data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 669)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 670) sinfo->sig->auth_ids[0] = kid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 671) sinfo->index = ++ctx->sinfo_index;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 672) *ctx->ppsinfo = sinfo;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 673) ctx->ppsinfo = &sinfo->next;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 674) ctx->sinfo = kzalloc(sizeof(struct pkcs7_signed_info), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 675) if (!ctx->sinfo)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 676) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 677) ctx->sinfo->sig = kzalloc(sizeof(struct public_key_signature),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 678) GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 679) if (!ctx->sinfo->sig)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 680) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 681) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 682) }
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags