xref: /openbmc/linux/crypto/asymmetric_keys/pkcs7.asn1 (revision f7af616c632ee2ac3af0876fe33bf9e0232e665a)
1PKCS7ContentInfo ::= SEQUENCE {
2	contentType	ContentType ({ pkcs7_check_content_type }),
3	content		[0] EXPLICIT SignedData OPTIONAL
4}
5
6ContentType ::= OBJECT IDENTIFIER ({ pkcs7_note_OID })
7
8SignedData ::= SEQUENCE {
9	version			INTEGER ({ pkcs7_note_signeddata_version }),
10	digestAlgorithms	DigestAlgorithmIdentifiers,
11	contentInfo		ContentInfo ({ pkcs7_note_content }),
12	certificates		CHOICE {
13		certSet		[0] IMPLICIT ExtendedCertificatesAndCertificates,
14		certSequence	[2] IMPLICIT Certificates
15	} OPTIONAL ({ pkcs7_note_certificate_list }),
16	crls CHOICE {
17		crlSet		[1] IMPLICIT CertificateRevocationLists,
18		crlSequence	[3] IMPLICIT CRLSequence
19	} OPTIONAL,
20	signerInfos		SignerInfos
21}
22
23ContentInfo ::= SEQUENCE {
24	contentType	ContentType ({ pkcs7_note_OID }),
25	content		[0] EXPLICIT Data OPTIONAL
26}
27
28Data ::= ANY ({ pkcs7_note_data })
29
30DigestAlgorithmIdentifiers ::= CHOICE {
31	daSet			SET OF DigestAlgorithmIdentifier,
32	daSequence		SEQUENCE OF DigestAlgorithmIdentifier
33}
34
35DigestAlgorithmIdentifier ::= SEQUENCE {
36	algorithm   OBJECT IDENTIFIER ({ pkcs7_note_OID }),
37	parameters  ANY OPTIONAL
38}
39
40--
41-- Certificates and certificate lists
42--
43ExtendedCertificatesAndCertificates ::= SET OF ExtendedCertificateOrCertificate
44
45ExtendedCertificateOrCertificate ::= CHOICE {
46  certificate		Certificate,				-- X.509
47  extendedCertificate	[0] IMPLICIT ExtendedCertificate	-- PKCS#6
48}
49
50ExtendedCertificate ::= Certificate -- cheating
51
52Certificates ::= SEQUENCE OF Certificate
53
54CertificateRevocationLists ::= SET OF CertificateList
55
56CertificateList ::= SEQUENCE OF Certificate -- This may be defined incorrectly
57
58CRLSequence ::= SEQUENCE OF CertificateList
59
60Certificate ::= ANY ({ pkcs7_extract_cert }) -- X.509
61
62--
63-- Signer information
64--
65SignerInfos ::= CHOICE {
66	siSet		SET OF SignerInfo,
67	siSequence	SEQUENCE OF SignerInfo
68}
69
70SignerInfo ::= SEQUENCE {
71	version			INTEGER ({ pkcs7_note_signerinfo_version }),
72	sid			SignerIdentifier, -- CMS variant, not PKCS#7
73	digestAlgorithm		DigestAlgorithmIdentifier ({ pkcs7_sig_note_digest_algo }),
74	authenticatedAttributes	CHOICE {
75		aaSet		[0] IMPLICIT SetOfAuthenticatedAttribute
76					({ pkcs7_sig_note_set_of_authattrs }),
77		aaSequence	[2] EXPLICIT SEQUENCE OF AuthenticatedAttribute
78			-- Explicit because easier to compute digest on
79			-- sequence of attributes and then reuse encoded
80			-- sequence in aaSequence.
81	} OPTIONAL,
82	digestEncryptionAlgorithm
83				DigestEncryptionAlgorithmIdentifier ({ pkcs7_sig_note_pkey_algo }),
84	encryptedDigest		EncryptedDigest,
85	unauthenticatedAttributes CHOICE {
86		uaSet		[1] IMPLICIT SET OF UnauthenticatedAttribute,
87		uaSequence	[3] IMPLICIT SEQUENCE OF UnauthenticatedAttribute
88	} OPTIONAL
89} ({ pkcs7_note_signed_info })
90
91SignerIdentifier ::= CHOICE {
92	-- RFC5652 sec 5.3
93	issuerAndSerialNumber IssuerAndSerialNumber,
94        subjectKeyIdentifier [0] IMPLICIT SubjectKeyIdentifier
95}
96
97IssuerAndSerialNumber ::= SEQUENCE {
98	issuer			Name ({ pkcs7_sig_note_issuer }),
99	serialNumber		CertificateSerialNumber ({ pkcs7_sig_note_serial })
100}
101
102CertificateSerialNumber ::= INTEGER
103
104SubjectKeyIdentifier ::= OCTET STRING ({ pkcs7_sig_note_skid })
105
106SetOfAuthenticatedAttribute ::= SET OF AuthenticatedAttribute
107
108AuthenticatedAttribute ::= SEQUENCE {
109	type			OBJECT IDENTIFIER ({ pkcs7_note_OID }),
110	values			SET OF ANY ({ pkcs7_sig_note_authenticated_attr })
111}
112
113UnauthenticatedAttribute ::= SEQUENCE {
114	type			OBJECT IDENTIFIER,
115	values			SET OF ANY
116}
117
118DigestEncryptionAlgorithmIdentifier ::= SEQUENCE {
119	algorithm		OBJECT IDENTIFIER ({ pkcs7_note_OID }),
120	parameters		ANY OPTIONAL
121}
122
123EncryptedDigest ::= OCTET STRING ({ pkcs7_sig_note_signature })
124
125---
126--- X.500 Name
127---
128Name ::= SEQUENCE OF RelativeDistinguishedName
129
130RelativeDistinguishedName ::= SET OF AttributeValueAssertion
131
132AttributeValueAssertion ::= SEQUENCE {
133	attributeType		OBJECT IDENTIFIER ({ pkcs7_note_OID }),
134	attributeValue		ANY
135}
136