xref: /linux/crypto/asymmetric_keys/pkcs7.asn1 (revision 3932b9ca55b0be314a36d3e84faff3e823c081f5)
1PKCS7ContentInfo ::= SEQUENCE {
2	contentType	ContentType,
3	content		[0] EXPLICIT SignedData OPTIONAL
4}
5
6ContentType ::= OBJECT IDENTIFIER ({ pkcs7_note_OID })
7
8SignedData ::= SEQUENCE {
9	version			INTEGER,
10	digestAlgorithms	DigestAlgorithmIdentifiers,
11	contentInfo		ContentInfo,
12	certificates		CHOICE {
13		certSet		[0] IMPLICIT ExtendedCertificatesAndCertificates,
14		certSequence	[2] IMPLICIT Certificates
15	} OPTIONAL ({ pkcs7_note_certificate_list }),
16	crls CHOICE {
17		crlSet		[1] IMPLICIT CertificateRevocationLists,
18		crlSequence	[3] IMPLICIT CRLSequence
19	} OPTIONAL,
20	signerInfos		SignerInfos
21}
22
23ContentInfo ::= SEQUENCE {
24	contentType	ContentType,
25	content		[0] EXPLICIT Data OPTIONAL
26}
27
28Data ::= ANY ({ pkcs7_note_data })
29
30DigestAlgorithmIdentifiers ::= CHOICE {
31	daSet			SET OF DigestAlgorithmIdentifier,
32	daSequence		SEQUENCE OF DigestAlgorithmIdentifier
33}
34
35DigestAlgorithmIdentifier ::= SEQUENCE {
36	algorithm   OBJECT IDENTIFIER ({ pkcs7_note_OID }),
37	parameters  ANY OPTIONAL
38}
39
40--
41-- Certificates and certificate lists
42--
43ExtendedCertificatesAndCertificates ::= SET OF ExtendedCertificateOrCertificate
44
45ExtendedCertificateOrCertificate ::= CHOICE {
46  certificate		Certificate,				-- X.509
47  extendedCertificate	[0] IMPLICIT ExtendedCertificate	-- PKCS#6
48}
49
50ExtendedCertificate ::= Certificate -- cheating
51
52Certificates ::= SEQUENCE OF Certificate
53
54CertificateRevocationLists ::= SET OF CertificateList
55
56CertificateList ::= SEQUENCE OF Certificate -- This may be defined incorrectly
57
58CRLSequence ::= SEQUENCE OF CertificateList
59
60Certificate ::= ANY ({ pkcs7_extract_cert }) -- X.509
61
62--
63-- Signer information
64--
65SignerInfos ::= CHOICE {
66	siSet		SET OF SignerInfo,
67	siSequence	SEQUENCE OF SignerInfo
68}
69
70SignerInfo ::= SEQUENCE {
71	version			INTEGER,
72	issuerAndSerialNumber	IssuerAndSerialNumber,
73	digestAlgorithm		DigestAlgorithmIdentifier ({ pkcs7_sig_note_digest_algo }),
74	authenticatedAttributes	CHOICE {
75		aaSet		[0] IMPLICIT SetOfAuthenticatedAttribute
76					({ pkcs7_sig_note_set_of_authattrs }),
77		aaSequence	[2] EXPLICIT SEQUENCE OF AuthenticatedAttribute
78			-- Explicit because easier to compute digest on
79			-- sequence of attributes and then reuse encoded
80			-- sequence in aaSequence.
81	} OPTIONAL,
82	digestEncryptionAlgorithm
83				DigestEncryptionAlgorithmIdentifier ({ pkcs7_sig_note_pkey_algo }),
84	encryptedDigest		EncryptedDigest,
85	unauthenticatedAttributes CHOICE {
86		uaSet		[1] IMPLICIT SET OF UnauthenticatedAttribute,
87		uaSequence	[3] IMPLICIT SEQUENCE OF UnauthenticatedAttribute
88	} OPTIONAL
89} ({ pkcs7_note_signed_info })
90
91IssuerAndSerialNumber ::= SEQUENCE {
92	issuer			Name ({ pkcs7_sig_note_issuer }),
93	serialNumber		CertificateSerialNumber ({ pkcs7_sig_note_serial })
94}
95
96CertificateSerialNumber ::= INTEGER
97
98SetOfAuthenticatedAttribute ::= SET OF AuthenticatedAttribute
99
100AuthenticatedAttribute ::= SEQUENCE {
101	type			OBJECT IDENTIFIER ({ pkcs7_note_OID }),
102	values			SET OF ANY ({ pkcs7_sig_note_authenticated_attr })
103}
104
105UnauthenticatedAttribute ::= SEQUENCE {
106	type			OBJECT IDENTIFIER ({ pkcs7_note_OID }),
107	values			SET OF ANY
108}
109
110DigestEncryptionAlgorithmIdentifier ::= SEQUENCE {
111	algorithm		OBJECT IDENTIFIER ({ pkcs7_note_OID }),
112	parameters		ANY OPTIONAL
113}
114
115EncryptedDigest ::= OCTET STRING ({ pkcs7_sig_note_signature })
116
117---
118--- X.500 Name
119---
120Name ::= SEQUENCE OF RelativeDistinguishedName
121
122RelativeDistinguishedName ::= SET OF AttributeValueAssertion
123
124AttributeValueAssertion ::= SEQUENCE {
125	attributeType		OBJECT IDENTIFIER ({ pkcs7_note_OID }),
126	attributeValue		ANY
127}
128