| -- SPDX-License-Identifier: BSD-3-Clause |
| -- |
| -- Copyright (C) 2009 IETF Trust and the persons identified as authors |
| -- of the code |
| -- |
| -- https://www.rfc-editor.org/rfc/rfc5652#section-3 |
| |
| PKCS7ContentInfo ::= SEQUENCE { |
| contentType ContentType ({ pkcs7_check_content_type }), |
| content [0] EXPLICIT SignedData OPTIONAL |
| } |
| |
| ContentType ::= OBJECT IDENTIFIER ({ pkcs7_note_OID }) |
| |
| SignedData ::= SEQUENCE { |
| version INTEGER ({ pkcs7_note_signeddata_version }), |
| digestAlgorithms DigestAlgorithmIdentifiers, |
| contentInfo ContentInfo ({ pkcs7_note_content }), |
| certificates CHOICE { |
| certSet [0] IMPLICIT ExtendedCertificatesAndCertificates, |
| certSequence [2] IMPLICIT Certificates |
| } OPTIONAL ({ pkcs7_note_certificate_list }), |
| crls CHOICE { |
| crlSet [1] IMPLICIT CertificateRevocationLists, |
| crlSequence [3] IMPLICIT CRLSequence |
| } OPTIONAL, |
| signerInfos SignerInfos |
| } |
| |
| ContentInfo ::= SEQUENCE { |
| contentType ContentType ({ pkcs7_note_OID }), |
| content [0] EXPLICIT Data OPTIONAL |
| } |
| |
| Data ::= ANY ({ pkcs7_note_data }) |
| |
| DigestAlgorithmIdentifiers ::= CHOICE { |
| daSet SET OF DigestAlgorithmIdentifier, |
| daSequence SEQUENCE OF DigestAlgorithmIdentifier |
| } |
| |
| DigestAlgorithmIdentifier ::= SEQUENCE { |
| algorithm OBJECT IDENTIFIER ({ pkcs7_note_OID }), |
| parameters ANY OPTIONAL |
| } |
| |
| -- |
| -- Certificates and certificate lists |
| -- |
| ExtendedCertificatesAndCertificates ::= SET OF ExtendedCertificateOrCertificate |
| |
| ExtendedCertificateOrCertificate ::= CHOICE { |
| certificate Certificate, -- X.509 |
| extendedCertificate [0] IMPLICIT ExtendedCertificate -- PKCS#6 |
| } |
| |
| ExtendedCertificate ::= Certificate -- cheating |
| |
| Certificates ::= SEQUENCE OF Certificate |
| |
| CertificateRevocationLists ::= SET OF CertificateList |
| |
| CertificateList ::= SEQUENCE OF Certificate -- This may be defined incorrectly |
| |
| CRLSequence ::= SEQUENCE OF CertificateList |
| |
| Certificate ::= ANY ({ pkcs7_extract_cert }) -- X.509 |
| |
| -- |
| -- Signer information |
| -- |
| SignerInfos ::= CHOICE { |
| siSet SET OF SignerInfo, |
| siSequence SEQUENCE OF SignerInfo |
| } |
| |
| SignerInfo ::= SEQUENCE { |
| version INTEGER ({ pkcs7_note_signerinfo_version }), |
| sid SignerIdentifier, -- CMS variant, not PKCS#7 |
| digestAlgorithm DigestAlgorithmIdentifier ({ pkcs7_sig_note_digest_algo }), |
| authenticatedAttributes CHOICE { |
| aaSet [0] IMPLICIT SetOfAuthenticatedAttribute |
| ({ pkcs7_sig_note_set_of_authattrs }), |
| aaSequence [2] EXPLICIT SEQUENCE OF AuthenticatedAttribute |
| -- Explicit because easier to compute digest on |
| -- sequence of attributes and then reuse encoded |
| -- sequence in aaSequence. |
| } OPTIONAL, |
| digestEncryptionAlgorithm |
| DigestEncryptionAlgorithmIdentifier ({ pkcs7_sig_note_pkey_algo }), |
| encryptedDigest EncryptedDigest, |
| unauthenticatedAttributes CHOICE { |
| uaSet [1] IMPLICIT SET OF UnauthenticatedAttribute, |
| uaSequence [3] IMPLICIT SEQUENCE OF UnauthenticatedAttribute |
| } OPTIONAL |
| } ({ pkcs7_note_signed_info }) |
| |
| SignerIdentifier ::= CHOICE { |
| -- RFC5652 sec 5.3 |
| issuerAndSerialNumber IssuerAndSerialNumber, |
| subjectKeyIdentifier [0] IMPLICIT SubjectKeyIdentifier |
| } |
| |
| IssuerAndSerialNumber ::= SEQUENCE { |
| issuer Name ({ pkcs7_sig_note_issuer }), |
| serialNumber CertificateSerialNumber ({ pkcs7_sig_note_serial }) |
| } |
| |
| CertificateSerialNumber ::= INTEGER |
| |
| SubjectKeyIdentifier ::= OCTET STRING ({ pkcs7_sig_note_skid }) |
| |
| SetOfAuthenticatedAttribute ::= SET OF AuthenticatedAttribute |
| |
| AuthenticatedAttribute ::= SEQUENCE { |
| type OBJECT IDENTIFIER ({ pkcs7_note_OID }), |
| values SET OF ANY ({ pkcs7_sig_note_authenticated_attr }) |
| } |
| |
| UnauthenticatedAttribute ::= SEQUENCE { |
| type OBJECT IDENTIFIER, |
| values SET OF ANY |
| } |
| |
| DigestEncryptionAlgorithmIdentifier ::= SEQUENCE { |
| algorithm OBJECT IDENTIFIER ({ pkcs7_note_OID }), |
| parameters ANY OPTIONAL |
| } |
| |
| EncryptedDigest ::= OCTET STRING ({ pkcs7_sig_note_signature }) |
| |
| --- |
| --- X.500 Name |
| --- |
| Name ::= SEQUENCE OF RelativeDistinguishedName |
| |
| RelativeDistinguishedName ::= SET OF AttributeValueAssertion |
| |
| AttributeValueAssertion ::= SEQUENCE { |
| attributeType OBJECT IDENTIFIER ({ pkcs7_note_OID }), |
| attributeValue ANY |
| } |