[deliverable/linux.git] / crypto / asymmetric_keys / pkcs7_parser.c

/* PKCS#7 parser
 *
 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
 * Written by David Howells (dhowells@redhat.com)
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public Licence
 * as published by the Free Software Foundation; either version
 * 2 of the Licence, or (at your option) any later version.
 */

#define pr_fmt(fmt) "PKCS7: "fmt
#include <linux/kernel.h>
#include <linux/export.h>
#include <linux/slab.h>
#include <linux/err.h>
#include <linux/oid_registry.h>
#include "public_key.h"
#include "pkcs7_parser.h"
#include "pkcs7-asn1.h"

struct pkcs7_parse_context {
	struct pkcs7_message	*msg;		/* Message being constructed */
	struct pkcs7_signed_info *sinfo;	/* SignedInfo being constructed */
	struct pkcs7_signed_info **ppsinfo;
	struct x509_certificate *certs;		/* Certificate cache */
	struct x509_certificate **ppcerts;
	unsigned long	data;			/* Start of data */
	enum OID	last_oid;		/* Last OID encountered */
	unsigned	x509_index;
	unsigned	sinfo_index;
};

/*
 * Free a signed information block.
 */
static void pkcs7_free_signed_info(struct pkcs7_signed_info *sinfo)
{
	if (sinfo) {
		mpi_free(sinfo->sig.mpi[0]);
		kfree(sinfo->sig.digest);
		kfree(sinfo);
	}
}

/**
 * pkcs7_free_message - Free a PKCS#7 message
 * @pkcs7: The PKCS#7 message to free
 */
void pkcs7_free_message(struct pkcs7_message *pkcs7)
{
	struct x509_certificate *cert;
	struct pkcs7_signed_info *sinfo;

	if (pkcs7) {
		while (pkcs7->certs) {
			cert = pkcs7->certs;
			pkcs7->certs = cert->next;
			x509_free_certificate(cert);
		}
		while (pkcs7->crl) {
			cert = pkcs7->crl;
			pkcs7->crl = cert->next;
			x509_free_certificate(cert);
		}
		while (pkcs7->signed_infos) {
			sinfo = pkcs7->signed_infos;
			pkcs7->signed_infos = sinfo->next;
			pkcs7_free_signed_info(sinfo);
		}
		kfree(pkcs7);
	}
}
EXPORT_SYMBOL_GPL(pkcs7_free_message);

/**
 * pkcs7_parse_message - Parse a PKCS#7 message
 * @data: The raw binary ASN.1 encoded message to be parsed
 * @datalen: The size of the encoded message
 */
struct pkcs7_message *pkcs7_parse_message(const void *data, size_t datalen)
{
	struct pkcs7_parse_context *ctx;
	struct pkcs7_message *msg = ERR_PTR(-ENOMEM);
	int ret;

	ctx = kzalloc(sizeof(struct pkcs7_parse_context), GFP_KERNEL);
	if (!ctx)
		goto out_no_ctx;
	ctx->msg = kzalloc(sizeof(struct pkcs7_message), GFP_KERNEL);
	if (!ctx->msg)
		goto out_no_msg;
	ctx->sinfo = kzalloc(sizeof(struct pkcs7_signed_info), GFP_KERNEL);
	if (!ctx->sinfo)
		goto out_no_sinfo;

	ctx->data = (unsigned long)data;
	ctx->ppcerts = &ctx->certs;
	ctx->ppsinfo = &ctx->msg->signed_infos;

	/* Attempt to decode the signature */
	ret = asn1_ber_decoder(&pkcs7_decoder, ctx, data, datalen);
	if (ret < 0) {
		msg = ERR_PTR(ret);
		goto out;
	}

	msg = ctx->msg;
	ctx->msg = NULL;

out:
	while (ctx->certs) {
		struct x509_certificate *cert = ctx->certs;
		ctx->certs = cert->next;
		x509_free_certificate(cert);
	}
	pkcs7_free_signed_info(ctx->sinfo);
out_no_sinfo:
	pkcs7_free_message(ctx->msg);
out_no_msg:
	kfree(ctx);
out_no_ctx:
	return msg;
}
EXPORT_SYMBOL_GPL(pkcs7_parse_message);

/**
 * pkcs7_get_content_data - Get access to the PKCS#7 content
 * @pkcs7: The preparsed PKCS#7 message to access
 * @_data: Place to return a pointer to the data
 * @_data_len: Place to return the data length
 * @want_wrapper: True if the ASN.1 object header should be included in the data
 *
 * Get access to the data content of the PKCS#7 message, including, optionally,
 * the header of the ASN.1 object that contains it.  Returns -ENODATA if the
 * data object was missing from the message.
 */
int pkcs7_get_content_data(const struct pkcs7_message *pkcs7,
			   const void **_data, size_t *_data_len,
			   bool want_wrapper)
{
	size_t wrapper;

	if (!pkcs7->data)
		return -ENODATA;

	wrapper = want_wrapper ? pkcs7->data_hdrlen : 0;
	*_data = pkcs7->data - wrapper;
	*_data_len = pkcs7->data_len + wrapper;
	return 0;
}
EXPORT_SYMBOL_GPL(pkcs7_get_content_data);

/*
 * Note an OID when we find one for later processing when we know how
 * to interpret it.
 */
int pkcs7_note_OID(void *context, size_t hdrlen,
		   unsigned char tag,
		   const void *value, size_t vlen)
{
	struct pkcs7_parse_context *ctx = context;

	ctx->last_oid = look_up_OID(value, vlen);
	if (ctx->last_oid == OID__NR) {
		char buffer[50];
		sprint_oid(value, vlen, buffer, sizeof(buffer));
		printk("PKCS7: Unknown OID: [%lu] %s\n",
		       (unsigned long)value - ctx->data, buffer);
	}
	return 0;
}

/*
 * Note the digest algorithm for the signature.
 */
int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen,
			       unsigned char tag,
			       const void *value, size_t vlen)
{
	struct pkcs7_parse_context *ctx = context;

	switch (ctx->last_oid) {
	case OID_md4:
		ctx->sinfo->sig.pkey_hash_algo = HASH_ALGO_MD4;
		break;
	case OID_md5:
		ctx->sinfo->sig.pkey_hash_algo = HASH_ALGO_MD5;
		break;
	case OID_sha1:
		ctx->sinfo->sig.pkey_hash_algo = HASH_ALGO_SHA1;
		break;
	case OID_sha256:
		ctx->sinfo->sig.pkey_hash_algo = HASH_ALGO_SHA256;
		break;
	default:
		printk("Unsupported digest algo: %u\n", ctx->last_oid);
		return -ENOPKG;
	}
	return 0;
}

/*
 * Note the public key algorithm for the signature.
 */
int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen,
			     unsigned char tag,
			     const void *value, size_t vlen)
{
	struct pkcs7_parse_context *ctx = context;

	switch (ctx->last_oid) {
	case OID_rsaEncryption:
		ctx->sinfo->sig.pkey_algo = PKEY_ALGO_RSA;
		break;
	default:
		printk("Unsupported pkey algo: %u\n", ctx->last_oid);
		return -ENOPKG;
	}
	return 0;
}

/*
 * Extract a certificate and store it in the context.
 */
int pkcs7_extract_cert(void *context, size_t hdrlen,
		       unsigned char tag,
		       const void *value, size_t vlen)
{
	struct pkcs7_parse_context *ctx = context;
	struct x509_certificate *x509;

	if (tag != ((ASN1_UNIV << 6) | ASN1_CONS_BIT | ASN1_SEQ)) {
		pr_debug("Cert began with tag %02x at %lu\n",
			 tag, (unsigned long)ctx - ctx->data);
		return -EBADMSG;
	}

	/* We have to correct for the header so that the X.509 parser can start
	 * from the beginning.  Note that since X.509 stipulates DER, there
	 * probably shouldn't be an EOC trailer - but it is in PKCS#7 (which
	 * stipulates BER).
	 */
	value -= hdrlen;
	vlen += hdrlen;

	if (((u8*)value)[1] == 0x80)
		vlen += 2; /* Indefinite length - there should be an EOC */

	x509 = x509_cert_parse(value, vlen);
	if (IS_ERR(x509))
		return PTR_ERR(x509);

	pr_debug("Got cert for %s\n", x509->subject);
	pr_debug("- fingerprint %s\n", x509->fingerprint);

	x509->index = ++ctx->x509_index;
	*ctx->ppcerts = x509;
	ctx->ppcerts = &x509->next;
	return 0;
}

/*
 * Save the certificate list
 */
int pkcs7_note_certificate_list(void *context, size_t hdrlen,
				unsigned char tag,
				const void *value, size_t vlen)
{
	struct pkcs7_parse_context *ctx = context;

	pr_devel("Got cert list (%02x)\n", tag);

	*ctx->ppcerts = ctx->msg->certs;
	ctx->msg->certs = ctx->certs;
	ctx->certs = NULL;
	ctx->ppcerts = &ctx->certs;
	return 0;
}

/*
 * Extract the data from the message and store that and its content type OID in
 * the context.
 */
int pkcs7_note_data(void *context, size_t hdrlen,
		    unsigned char tag,
		    const void *value, size_t vlen)
{
	struct pkcs7_parse_context *ctx = context;

	pr_debug("Got data\n");

	ctx->msg->data = value;
	ctx->msg->data_len = vlen;
	ctx->msg->data_hdrlen = hdrlen;
	ctx->msg->data_type = ctx->last_oid;
	return 0;
}

/*
 * Parse authenticated attributes
 */
int pkcs7_sig_note_authenticated_attr(void *context, size_t hdrlen,
				      unsigned char tag,
				      const void *value, size_t vlen)
{
	struct pkcs7_parse_context *ctx = context;

	pr_devel("AuthAttr: %02x %zu [%*ph]\n", tag, vlen, (unsigned)vlen, value);

	switch (ctx->last_oid) {
	case OID_messageDigest:
		if (tag != ASN1_OTS)
			return -EBADMSG;
		ctx->sinfo->msgdigest = value;
		ctx->sinfo->msgdigest_len = vlen;
		return 0;
	default:
		return 0;
	}
}

/*
 * Note the set of auth attributes for digestion purposes [RFC2315 9.3]
 */
int pkcs7_sig_note_set_of_authattrs(void *context, size_t hdrlen,
				    unsigned char tag,
				    const void *value, size_t vlen)
{
	struct pkcs7_parse_context *ctx = context;

	/* We need to switch the 'CONT 0' to a 'SET OF' when we digest */
	ctx->sinfo->authattrs = value - (hdrlen - 1);
	ctx->sinfo->authattrs_len = vlen + (hdrlen - 1);
	return 0;
}

/*
 * Note the issuing certificate serial number
 */
int pkcs7_sig_note_serial(void *context, size_t hdrlen,
			  unsigned char tag,
			  const void *value, size_t vlen)
{
	struct pkcs7_parse_context *ctx = context;
	ctx->sinfo->raw_serial = value;
	ctx->sinfo->raw_serial_size = vlen;
	return 0;
}

/*
 * Note the issuer's name
 */
int pkcs7_sig_note_issuer(void *context, size_t hdrlen,
			  unsigned char tag,
			  const void *value, size_t vlen)
{
	struct pkcs7_parse_context *ctx = context;
	ctx->sinfo->raw_issuer = value;
	ctx->sinfo->raw_issuer_size = vlen;
	return 0;
}

/*
 * Note the signature data
 */
int pkcs7_sig_note_signature(void *context, size_t hdrlen,
			     unsigned char tag,
			     const void *value, size_t vlen)
{
	struct pkcs7_parse_context *ctx = context;
	MPI mpi;

	BUG_ON(ctx->sinfo->sig.pkey_algo != PKEY_ALGO_RSA);

	mpi = mpi_read_raw_data(value, vlen);
	if (!mpi)
		return -ENOMEM;

	ctx->sinfo->sig.mpi[0] = mpi;
	ctx->sinfo->sig.nr_mpi = 1;
	return 0;
}

/*
 * Note a signature information block
 */
int pkcs7_note_signed_info(void *context, size_t hdrlen,
			   unsigned char tag,
			   const void *value, size_t vlen)
{
	struct pkcs7_parse_context *ctx = context;

	ctx->sinfo->index = ++ctx->sinfo_index;
	*ctx->ppsinfo = ctx->sinfo;
	ctx->ppsinfo = &ctx->sinfo->next;
	ctx->sinfo = kzalloc(sizeof(struct pkcs7_signed_info), GFP_KERNEL);
	if (!ctx->sinfo)
		return -ENOMEM;
	return 0;
}
Commit	Line	Data
2e3fadbf DH	1	/* PKCS#7 parser
	2	*
	3	* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
	4	* Written by David Howells (dhowells@redhat.com)
	5	*
	6	* This program is free software; you can redistribute it and/or
	7	* modify it under the terms of the GNU General Public Licence
	8	* as published by the Free Software Foundation; either version
	9	* 2 of the Licence, or (at your option) any later version.
	10	*/
	11
	12	#define pr_fmt(fmt) "PKCS7: "fmt
	13	#include <linux/kernel.h>
	14	#include <linux/export.h>
	15	#include <linux/slab.h>
	16	#include <linux/err.h>
	17	#include <linux/oid_registry.h>
	18	#include "public_key.h"
	19	#include "pkcs7_parser.h"
	20	#include "pkcs7-asn1.h"
	21
	22	struct pkcs7_parse_context {
	23	struct pkcs7_message msg; / Message being constructed */
	24	struct pkcs7_signed_info sinfo; / SignedInfo being constructed */
	25	struct pkcs7_signed_info **ppsinfo;
	26	struct x509_certificate certs; / Certificate cache */
	27	struct x509_certificate **ppcerts;
	28	unsigned long data; /* Start of data */
	29	enum OID last_oid; /* Last OID encountered */
	30	unsigned x509_index;
	31	unsigned sinfo_index;
	32	};
	33
3cd0920c DH	34	/*
	35	* Free a signed information block.
	36	*/
	37	static void pkcs7_free_signed_info(struct pkcs7_signed_info *sinfo)
	38	{
	39	if (sinfo) {
	40	mpi_free(sinfo->sig.mpi[0]);
	41	kfree(sinfo->sig.digest);
	42	kfree(sinfo);
	43	}
	44	}
	45
2e3fadbf DH	46	/**
	47	* pkcs7_free_message - Free a PKCS#7 message
	48	* @pkcs7: The PKCS#7 message to free
	49	*/
	50	void pkcs7_free_message(struct pkcs7_message *pkcs7)
	51	{
	52	struct x509_certificate *cert;
	53	struct pkcs7_signed_info *sinfo;
	54
	55	if (pkcs7) {
	56	while (pkcs7->certs) {
	57	cert = pkcs7->certs;
	58	pkcs7->certs = cert->next;
	59	x509_free_certificate(cert);
	60	}
	61	while (pkcs7->crl) {
	62	cert = pkcs7->crl;
	63	pkcs7->crl = cert->next;
	64	x509_free_certificate(cert);
	65	}
	66	while (pkcs7->signed_infos) {
	67	sinfo = pkcs7->signed_infos;
	68	pkcs7->signed_infos = sinfo->next;
3cd0920c	69	pkcs7_free_signed_info(sinfo);
2e3fadbf DH	70	}
	71	kfree(pkcs7);
	72	}
	73	}
	74	EXPORT_SYMBOL_GPL(pkcs7_free_message);
	75
	76	/**
	77	* pkcs7_parse_message - Parse a PKCS#7 message
	78	* @data: The raw binary ASN.1 encoded message to be parsed
	79	* @datalen: The size of the encoded message
	80	*/
	81	struct pkcs7_message pkcs7_parse_message(const void data, size_t datalen)
	82	{
	83	struct pkcs7_parse_context *ctx;
cecf5d2e DH	84	struct pkcs7_message *msg = ERR_PTR(-ENOMEM);
cecf5d2e DH	85	int ret;
2e3fadbf	86
2e3fadbf DH	87	ctx = kzalloc(sizeof(struct pkcs7_parse_context), GFP_KERNEL);
2e3fadbf DH	88	if (!ctx)
cecf5d2e DH	89	goto out_no_ctx;
	90	ctx->msg = kzalloc(sizeof(struct pkcs7_message), GFP_KERNEL);
	91	if (!ctx->msg)
	92	goto out_no_msg;
2e3fadbf DH	93	ctx->sinfo = kzalloc(sizeof(struct pkcs7_signed_info), GFP_KERNEL);
2e3fadbf DH	94	if (!ctx->sinfo)
cecf5d2e	95	goto out_no_sinfo;
2e3fadbf	96
2e3fadbf DH	97	ctx->data = (unsigned long)data;
	98	ctx->ppcerts = &ctx->certs;
	99	ctx->ppsinfo = &ctx->msg->signed_infos;
	100
	101	/* Attempt to decode the signature */
	102	ret = asn1_ber_decoder(&pkcs7_decoder, ctx, data, datalen);
cecf5d2e DH	103	if (ret < 0) {
	104	msg = ERR_PTR(ret);
	105	goto out;
	106	}
	107
	108	msg = ctx->msg;
	109	ctx->msg = NULL;
2e3fadbf	110
cecf5d2e	111	out:
2e3fadbf DH	112	while (ctx->certs) {
	113	struct x509_certificate *cert = ctx->certs;
	114	ctx->certs = cert->next;
	115	x509_free_certificate(cert);
	116	}
3cd0920c	117	pkcs7_free_signed_info(ctx->sinfo);
cecf5d2e DH	118	out_no_sinfo:
	119	pkcs7_free_message(ctx->msg);
	120	out_no_msg:
2e3fadbf	121	kfree(ctx);
cecf5d2e	122	out_no_ctx:
2e3fadbf	123	return msg;
2e3fadbf DH	124	}
	125	EXPORT_SYMBOL_GPL(pkcs7_parse_message);
	126
	127	/**
	128	* pkcs7_get_content_data - Get access to the PKCS#7 content
	129	* @pkcs7: The preparsed PKCS#7 message to access
	130	* @_data: Place to return a pointer to the data
	131	* @_data_len: Place to return the data length
	132	* @want_wrapper: True if the ASN.1 object header should be included in the data
	133	*
	134	* Get access to the data content of the PKCS#7 message, including, optionally,
	135	* the header of the ASN.1 object that contains it. Returns -ENODATA if the
	136	* data object was missing from the message.
	137	*/
	138	int pkcs7_get_content_data(const struct pkcs7_message *pkcs7,
	139	const void *_data, size_t _data_len,
	140	bool want_wrapper)
	141	{
	142	size_t wrapper;
	143
	144	if (!pkcs7->data)
	145	return -ENODATA;
	146
	147	wrapper = want_wrapper ? pkcs7->data_hdrlen : 0;
	148	*_data = pkcs7->data - wrapper;
	149	*_data_len = pkcs7->data_len + wrapper;
	150	return 0;
	151	}
	152	EXPORT_SYMBOL_GPL(pkcs7_get_content_data);
	153
	154	/*
	155	* Note an OID when we find one for later processing when we know how
	156	* to interpret it.
	157	*/
	158	int pkcs7_note_OID(void *context, size_t hdrlen,
	159	unsigned char tag,
	160	const void *value, size_t vlen)
	161	{
	162	struct pkcs7_parse_context *ctx = context;
	163
	164	ctx->last_oid = look_up_OID(value, vlen);
	165	if (ctx->last_oid == OID__NR) {
	166	char buffer[50];
	167	sprint_oid(value, vlen, buffer, sizeof(buffer));
	168	printk("PKCS7: Unknown OID: [%lu] %s\n",
	169	(unsigned long)value - ctx->data, buffer);
	170	}
	171	return 0;
	172	}
	173
	174	/*
	175	* Note the digest algorithm for the signature.
	176	*/
	177	int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen,
	178	unsigned char tag,
	179	const void *value, size_t vlen)
	180	{
	181	struct pkcs7_parse_context *ctx = context;
	182
	183	switch (ctx->last_oid) {
	184	case OID_md4:
	185	ctx->sinfo->sig.pkey_hash_algo = HASH_ALGO_MD4;
	186	break;
	187	case OID_md5:
188	ctx->sinfo->sig.pkey_hash_algo = HASH_ALGO_MD5;
189	break;
190	case OID_sha1:
191	ctx->sinfo->sig.pkey_hash_algo = HASH_ALGO_SHA1;
192	break;
193	case OID_sha256:
194	ctx->sinfo->sig.pkey_hash_algo = HASH_ALGO_SHA256;
195	break;
196	default:
197	printk("Unsupported digest algo: %u\n", ctx->last_oid);
198	return -ENOPKG;
199	}
200	return 0;
201	}
202
203	/*
204	* Note the public key algorithm for the signature.
205	*/
206	int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen,
207	unsigned char tag,
208	const void *value, size_t vlen)
209	{
210	struct pkcs7_parse_context *ctx = context;
211
212	switch (ctx->last_oid) {
213	case OID_rsaEncryption:
214	ctx->sinfo->sig.pkey_algo = PKEY_ALGO_RSA;
215	break;
216	default:
217	printk("Unsupported pkey algo: %u\n", ctx->last_oid);
218	return -ENOPKG;
219	}
220	return 0;
221	}
222
223	/*
224	* Extract a certificate and store it in the context.
225	*/
226	int pkcs7_extract_cert(void *context, size_t hdrlen,
227	unsigned char tag,
228	const void *value, size_t vlen)
229	{
230	struct pkcs7_parse_context *ctx = context;
231	struct x509_certificate *x509;
232
233	if (tag != ((ASN1_UNIV << 6) \| ASN1_CONS_BIT \| ASN1_SEQ)) {
234	pr_debug("Cert began with tag %02x at %lu\n",
235	tag, (unsigned long)ctx - ctx->data);
236	return -EBADMSG;
237	}
238
239	/* We have to correct for the header so that the X.509 parser can start
240	* from the beginning. Note that since X.509 stipulates DER, there
241	* probably shouldn't be an EOC trailer - but it is in PKCS#7 (which
242	* stipulates BER).
243	*/
244	value -= hdrlen;
245	vlen += hdrlen;
246
247	if (((u8*)value)[1] == 0x80)
248	vlen += 2; /* Indefinite length - there should be an EOC */
249
250	x509 = x509_cert_parse(value, vlen);
251	if (IS_ERR(x509))
252	return PTR_ERR(x509);
253
254	pr_debug("Got cert for %s\n", x509->subject);
255	pr_debug("- fingerprint %s\n", x509->fingerprint);
256
257	x509->index = ++ctx->x509_index;
258	*ctx->ppcerts = x509;
259	ctx->ppcerts = &x509->next;
260	return 0;
261	}
262
263	/*
264	* Save the certificate list
265	*/
266	int pkcs7_note_certificate_list(void *context, size_t hdrlen,
267	unsigned char tag,
268	const void *value, size_t vlen)
269	{
270	struct pkcs7_parse_context *ctx = context;
271
272	pr_devel("Got cert list (%02x)\n", tag);
273
274	*ctx->ppcerts = ctx->msg->certs;
275	ctx->msg->certs = ctx->certs;
276	ctx->certs = NULL;
277	ctx->ppcerts = &ctx->certs;
278	return 0;
279	}
280
281	/*
282	* Extract the data from the message and store that and its content type OID in
283	* the context.
284	*/
285	int pkcs7_note_data(void *context, size_t hdrlen,
286	unsigned char tag,
287	const void *value, size_t vlen)
288	{
289	struct pkcs7_parse_context *ctx = context;
290
291	pr_debug("Got data\n");
292
293	ctx->msg->data = value;
294	ctx->msg->data_len = vlen;
295	ctx->msg->data_hdrlen = hdrlen;
296	ctx->msg->data_type = ctx->last_oid;
297	return 0;
298	}
299
300	/*
301	* Parse authenticated attributes
302	*/
303	int pkcs7_sig_note_authenticated_attr(void *context, size_t hdrlen,
304	unsigned char tag,
305	const void *value, size_t vlen)
306	{
307	struct pkcs7_parse_context *ctx = context;
308
309	pr_devel("AuthAttr: %02x %zu [%*ph]\n", tag, vlen, (unsigned)vlen, value);
310
311	switch (ctx->last_oid) {
312	case OID_messageDigest:
313	if (tag != ASN1_OTS)
314	return -EBADMSG;
315	ctx->sinfo->msgdigest = value;
316	ctx->sinfo->msgdigest_len = vlen;
317	return 0;
318	default:
319	return 0;
320	}
321	}
322
323	/*
324	* Note the set of auth attributes for digestion purposes [RFC2315 9.3]
325	*/
326	int pkcs7_sig_note_set_of_authattrs(void *context, size_t hdrlen,
327	unsigned char tag,
328	const void *value, size_t vlen)
329	{
330	struct pkcs7_parse_context *ctx = context;
331
332	/* We need to switch the 'CONT 0' to a 'SET OF' when we digest */
333	ctx->sinfo->authattrs = value - (hdrlen - 1);
334	ctx->sinfo->authattrs_len = vlen + (hdrlen - 1);
335	return 0;
336	}
337
338	/*
339	* Note the issuing certificate serial number
340	*/
341	int pkcs7_sig_note_serial(void *context, size_t hdrlen,
342	unsigned char tag,
343	const void *value, size_t vlen)
344	{
345	struct pkcs7_parse_context *ctx = context;
346	ctx->sinfo->raw_serial = value;
347	ctx->sinfo->raw_serial_size = vlen;
348	return 0;
349	}
350
351	/*
352	* Note the issuer's name
353	*/
354	int pkcs7_sig_note_issuer(void *context, size_t hdrlen,
355	unsigned char tag,
356	const void *value, size_t vlen)
357	{
358	struct pkcs7_parse_context *ctx = context;
359	ctx->sinfo->raw_issuer = value;
360	ctx->sinfo->raw_issuer_size = vlen;
361	return 0;
362	}
363
364	/*
365	* Note the signature data
366	*/
367	int pkcs7_sig_note_signature(void *context, size_t hdrlen,
368	unsigned char tag,
369	const void *value, size_t vlen)
370	{
371	struct pkcs7_parse_context *ctx = context;
372	MPI mpi;
373
374	BUG_ON(ctx->sinfo->sig.pkey_algo != PKEY_ALGO_RSA);
375
376	mpi = mpi_read_raw_data(value, vlen);
377	if (!mpi)
378	return -ENOMEM;
379
380	ctx->sinfo->sig.mpi[0] = mpi;
381	ctx->sinfo->sig.nr_mpi = 1;
382	return 0;
383	}
384
385	/*
386	* Note a signature information block
387	*/
388	int pkcs7_note_signed_info(void *context, size_t hdrlen,
389	unsigned char tag,
390	const void *value, size_t vlen)
391	{
392	struct pkcs7_parse_context *ctx = context;
393
394	ctx->sinfo->index = ++ctx->sinfo_index;
395	*ctx->ppsinfo = ctx->sinfo;
396	ctx->ppsinfo = &ctx->sinfo->next;
397	ctx->sinfo = kzalloc(sizeof(struct pkcs7_signed_info), GFP_KERNEL);
398	if (!ctx->sinfo)
399	return -ENOMEM;
400	return 0;
401	}