Commit | Line | Data |
---|---|---|
201c0da4 LW |
1 | -- SPDX-License-Identifier: BSD-3-Clause |
2 | -- | |
3 | -- Copyright (C) 2009 IETF Trust and the persons identified as authors | |
4 | -- of the code | |
5 | -- | |
6 | -- https://www.rfc-editor.org/rfc/rfc5652#section-3 | |
7 | ||
2e3fadbf | 8 | PKCS7ContentInfo ::= SEQUENCE { |
2c7fd367 | 9 | contentType ContentType ({ pkcs7_check_content_type }), |
2e3fadbf DH |
10 | content [0] EXPLICIT SignedData OPTIONAL |
11 | } | |
12 | ||
13 | ContentType ::= OBJECT IDENTIFIER ({ pkcs7_note_OID }) | |
14 | ||
15 | SignedData ::= SEQUENCE { | |
2c7fd367 | 16 | version INTEGER ({ pkcs7_note_signeddata_version }), |
2e3fadbf | 17 | digestAlgorithms DigestAlgorithmIdentifiers, |
99db4435 | 18 | contentInfo ContentInfo ({ pkcs7_note_content }), |
2e3fadbf DH |
19 | certificates CHOICE { |
20 | certSet [0] IMPLICIT ExtendedCertificatesAndCertificates, | |
21 | certSequence [2] IMPLICIT Certificates | |
22 | } OPTIONAL ({ pkcs7_note_certificate_list }), | |
23 | crls CHOICE { | |
24 | crlSet [1] IMPLICIT CertificateRevocationLists, | |
25 | crlSequence [3] IMPLICIT CRLSequence | |
26 | } OPTIONAL, | |
27 | signerInfos SignerInfos | |
28 | } | |
29 | ||
30 | ContentInfo ::= SEQUENCE { | |
99db4435 | 31 | contentType ContentType ({ pkcs7_note_OID }), |
2e3fadbf DH |
32 | content [0] EXPLICIT Data OPTIONAL |
33 | } | |
34 | ||
35 | Data ::= ANY ({ pkcs7_note_data }) | |
36 | ||
37 | DigestAlgorithmIdentifiers ::= CHOICE { | |
38 | daSet SET OF DigestAlgorithmIdentifier, | |
39 | daSequence SEQUENCE OF DigestAlgorithmIdentifier | |
40 | } | |
41 | ||
42 | DigestAlgorithmIdentifier ::= SEQUENCE { | |
43 | algorithm OBJECT IDENTIFIER ({ pkcs7_note_OID }), | |
44 | parameters ANY OPTIONAL | |
45 | } | |
46 | ||
47 | -- | |
48 | -- Certificates and certificate lists | |
49 | -- | |
50 | ExtendedCertificatesAndCertificates ::= SET OF ExtendedCertificateOrCertificate | |
51 | ||
52 | ExtendedCertificateOrCertificate ::= CHOICE { | |
53 | certificate Certificate, -- X.509 | |
54 | extendedCertificate [0] IMPLICIT ExtendedCertificate -- PKCS#6 | |
55 | } | |
56 | ||
57 | ExtendedCertificate ::= Certificate -- cheating | |
58 | ||
59 | Certificates ::= SEQUENCE OF Certificate | |
60 | ||
61 | CertificateRevocationLists ::= SET OF CertificateList | |
62 | ||
63 | CertificateList ::= SEQUENCE OF Certificate -- This may be defined incorrectly | |
64 | ||
65 | CRLSequence ::= SEQUENCE OF CertificateList | |
66 | ||
67 | Certificate ::= ANY ({ pkcs7_extract_cert }) -- X.509 | |
68 | ||
69 | -- | |
70 | -- Signer information | |
71 | -- | |
72 | SignerInfos ::= CHOICE { | |
73 | siSet SET OF SignerInfo, | |
74 | siSequence SEQUENCE OF SignerInfo | |
75 | } | |
76 | ||
77 | SignerInfo ::= SEQUENCE { | |
2c7fd367 | 78 | version INTEGER ({ pkcs7_note_signerinfo_version }), |
60d65cac | 79 | sid SignerIdentifier, -- CMS variant, not PKCS#7 |
2e3fadbf DH |
80 | digestAlgorithm DigestAlgorithmIdentifier ({ pkcs7_sig_note_digest_algo }), |
81 | authenticatedAttributes CHOICE { | |
82 | aaSet [0] IMPLICIT SetOfAuthenticatedAttribute | |
83 | ({ pkcs7_sig_note_set_of_authattrs }), | |
84 | aaSequence [2] EXPLICIT SEQUENCE OF AuthenticatedAttribute | |
85 | -- Explicit because easier to compute digest on | |
86 | -- sequence of attributes and then reuse encoded | |
87 | -- sequence in aaSequence. | |
88 | } OPTIONAL, | |
89 | digestEncryptionAlgorithm | |
90 | DigestEncryptionAlgorithmIdentifier ({ pkcs7_sig_note_pkey_algo }), | |
91 | encryptedDigest EncryptedDigest, | |
92 | unauthenticatedAttributes CHOICE { | |
93 | uaSet [1] IMPLICIT SET OF UnauthenticatedAttribute, | |
94 | uaSequence [3] IMPLICIT SEQUENCE OF UnauthenticatedAttribute | |
95 | } OPTIONAL | |
96 | } ({ pkcs7_note_signed_info }) | |
97 | ||
60d65cac DH |
98 | SignerIdentifier ::= CHOICE { |
99 | -- RFC5652 sec 5.3 | |
100 | issuerAndSerialNumber IssuerAndSerialNumber, | |
101 | subjectKeyIdentifier [0] IMPLICIT SubjectKeyIdentifier | |
102 | } | |
103 | ||
2e3fadbf DH |
104 | IssuerAndSerialNumber ::= SEQUENCE { |
105 | issuer Name ({ pkcs7_sig_note_issuer }), | |
106 | serialNumber CertificateSerialNumber ({ pkcs7_sig_note_serial }) | |
107 | } | |
108 | ||
109 | CertificateSerialNumber ::= INTEGER | |
110 | ||
60d65cac DH |
111 | SubjectKeyIdentifier ::= OCTET STRING ({ pkcs7_sig_note_skid }) |
112 | ||
2e3fadbf DH |
113 | SetOfAuthenticatedAttribute ::= SET OF AuthenticatedAttribute |
114 | ||
115 | AuthenticatedAttribute ::= SEQUENCE { | |
116 | type OBJECT IDENTIFIER ({ pkcs7_note_OID }), | |
117 | values SET OF ANY ({ pkcs7_sig_note_authenticated_attr }) | |
118 | } | |
119 | ||
120 | UnauthenticatedAttribute ::= SEQUENCE { | |
99db4435 | 121 | type OBJECT IDENTIFIER, |
2e3fadbf DH |
122 | values SET OF ANY |
123 | } | |
124 | ||
125 | DigestEncryptionAlgorithmIdentifier ::= SEQUENCE { | |
126 | algorithm OBJECT IDENTIFIER ({ pkcs7_note_OID }), | |
127 | parameters ANY OPTIONAL | |
128 | } | |
129 | ||
130 | EncryptedDigest ::= OCTET STRING ({ pkcs7_sig_note_signature }) | |
131 | ||
132 | --- | |
133 | --- X.500 Name | |
134 | --- | |
135 | Name ::= SEQUENCE OF RelativeDistinguishedName | |
136 | ||
137 | RelativeDistinguishedName ::= SET OF AttributeValueAssertion | |
138 | ||
139 | AttributeValueAssertion ::= SEQUENCE { | |
140 | attributeType OBJECT IDENTIFIER ({ pkcs7_note_OID }), | |
141 | attributeValue ANY | |
142 | } |