xref: /linux/crypto/asymmetric_keys/pkcs7.asn1 (revision eb01fe7abbe2d0b38824d2a93fdb4cc3eaf2ccc1)
1-- SPDX-License-Identifier: BSD-3-Clause
2--
3-- Copyright (C) 2009 IETF Trust and the persons identified as authors
4-- of the code
5--
6-- https://www.rfc-editor.org/rfc/rfc5652#section-3
7
8PKCS7ContentInfo ::= SEQUENCE {
9	contentType	ContentType ({ pkcs7_check_content_type }),
10	content		[0] EXPLICIT SignedData OPTIONAL
11}
12
13ContentType ::= OBJECT IDENTIFIER ({ pkcs7_note_OID })
14
15SignedData ::= SEQUENCE {
16	version			INTEGER ({ pkcs7_note_signeddata_version }),
17	digestAlgorithms	DigestAlgorithmIdentifiers,
18	contentInfo		ContentInfo ({ pkcs7_note_content }),
19	certificates		CHOICE {
20		certSet		[0] IMPLICIT ExtendedCertificatesAndCertificates,
21		certSequence	[2] IMPLICIT Certificates
22	} OPTIONAL ({ pkcs7_note_certificate_list }),
23	crls CHOICE {
24		crlSet		[1] IMPLICIT CertificateRevocationLists,
25		crlSequence	[3] IMPLICIT CRLSequence
26	} OPTIONAL,
27	signerInfos		SignerInfos
28}
29
30ContentInfo ::= SEQUENCE {
31	contentType	ContentType ({ pkcs7_note_OID }),
32	content		[0] EXPLICIT Data OPTIONAL
33}
34
35Data ::= ANY ({ pkcs7_note_data })
36
37DigestAlgorithmIdentifiers ::= CHOICE {
38	daSet			SET OF DigestAlgorithmIdentifier,
39	daSequence		SEQUENCE OF DigestAlgorithmIdentifier
40}
41
42DigestAlgorithmIdentifier ::= SEQUENCE {
43	algorithm   OBJECT IDENTIFIER ({ pkcs7_note_OID }),
44	parameters  ANY OPTIONAL
45}
46
47--
48-- Certificates and certificate lists
49--
50ExtendedCertificatesAndCertificates ::= SET OF ExtendedCertificateOrCertificate
51
52ExtendedCertificateOrCertificate ::= CHOICE {
53  certificate		Certificate,				-- X.509
54  extendedCertificate	[0] IMPLICIT ExtendedCertificate	-- PKCS#6
55}
56
57ExtendedCertificate ::= Certificate -- cheating
58
59Certificates ::= SEQUENCE OF Certificate
60
61CertificateRevocationLists ::= SET OF CertificateList
62
63CertificateList ::= SEQUENCE OF Certificate -- This may be defined incorrectly
64
65CRLSequence ::= SEQUENCE OF CertificateList
66
67Certificate ::= ANY ({ pkcs7_extract_cert }) -- X.509
68
69--
70-- Signer information
71--
72SignerInfos ::= CHOICE {
73	siSet		SET OF SignerInfo,
74	siSequence	SEQUENCE OF SignerInfo
75}
76
77SignerInfo ::= SEQUENCE {
78	version			INTEGER ({ pkcs7_note_signerinfo_version }),
79	sid			SignerIdentifier, -- CMS variant, not PKCS#7
80	digestAlgorithm		DigestAlgorithmIdentifier ({ pkcs7_sig_note_digest_algo }),
81	authenticatedAttributes	CHOICE {
82		aaSet		[0] IMPLICIT SetOfAuthenticatedAttribute
83					({ pkcs7_sig_note_set_of_authattrs }),
84		aaSequence	[2] EXPLICIT SEQUENCE OF AuthenticatedAttribute
85			-- Explicit because easier to compute digest on
86			-- sequence of attributes and then reuse encoded
87			-- sequence in aaSequence.
88	} OPTIONAL,
89	digestEncryptionAlgorithm
90				DigestEncryptionAlgorithmIdentifier ({ pkcs7_sig_note_pkey_algo }),
91	encryptedDigest		EncryptedDigest,
92	unauthenticatedAttributes CHOICE {
93		uaSet		[1] IMPLICIT SET OF UnauthenticatedAttribute,
94		uaSequence	[3] IMPLICIT SEQUENCE OF UnauthenticatedAttribute
95	} OPTIONAL
96} ({ pkcs7_note_signed_info })
97
98SignerIdentifier ::= CHOICE {
99	-- RFC5652 sec 5.3
100	issuerAndSerialNumber IssuerAndSerialNumber,
101        subjectKeyIdentifier [0] IMPLICIT SubjectKeyIdentifier
102}
103
104IssuerAndSerialNumber ::= SEQUENCE {
105	issuer			Name ({ pkcs7_sig_note_issuer }),
106	serialNumber		CertificateSerialNumber ({ pkcs7_sig_note_serial })
107}
108
109CertificateSerialNumber ::= INTEGER
110
111SubjectKeyIdentifier ::= OCTET STRING ({ pkcs7_sig_note_skid })
112
113SetOfAuthenticatedAttribute ::= SET OF AuthenticatedAttribute
114
115AuthenticatedAttribute ::= SEQUENCE {
116	type			OBJECT IDENTIFIER ({ pkcs7_note_OID }),
117	values			SET OF ANY ({ pkcs7_sig_note_authenticated_attr })
118}
119
120UnauthenticatedAttribute ::= SEQUENCE {
121	type			OBJECT IDENTIFIER,
122	values			SET OF ANY
123}
124
125DigestEncryptionAlgorithmIdentifier ::= SEQUENCE {
126	algorithm		OBJECT IDENTIFIER ({ pkcs7_note_OID }),
127	parameters		ANY OPTIONAL
128}
129
130EncryptedDigest ::= OCTET STRING ({ pkcs7_sig_note_signature })
131
132---
133--- X.500 Name
134---
135Name ::= SEQUENCE OF RelativeDistinguishedName
136
137RelativeDistinguishedName ::= SET OF AttributeValueAssertion
138
139AttributeValueAssertion ::= SEQUENCE {
140	attributeType		OBJECT IDENTIFIER ({ pkcs7_note_OID }),
141	attributeValue		ANY
142}
143