forked from Qortal/Brooklyn
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
135 lines
3.8 KiB
135 lines
3.8 KiB
PKCS7ContentInfo ::= SEQUENCE { |
|
contentType ContentType ({ pkcs7_check_content_type }), |
|
content [0] EXPLICIT SignedData OPTIONAL |
|
} |
|
|
|
ContentType ::= OBJECT IDENTIFIER ({ pkcs7_note_OID }) |
|
|
|
SignedData ::= SEQUENCE { |
|
version INTEGER ({ pkcs7_note_signeddata_version }), |
|
digestAlgorithms DigestAlgorithmIdentifiers, |
|
contentInfo ContentInfo ({ pkcs7_note_content }), |
|
certificates CHOICE { |
|
certSet [0] IMPLICIT ExtendedCertificatesAndCertificates, |
|
certSequence [2] IMPLICIT Certificates |
|
} OPTIONAL ({ pkcs7_note_certificate_list }), |
|
crls CHOICE { |
|
crlSet [1] IMPLICIT CertificateRevocationLists, |
|
crlSequence [3] IMPLICIT CRLSequence |
|
} OPTIONAL, |
|
signerInfos SignerInfos |
|
} |
|
|
|
ContentInfo ::= SEQUENCE { |
|
contentType ContentType ({ pkcs7_note_OID }), |
|
content [0] EXPLICIT Data OPTIONAL |
|
} |
|
|
|
Data ::= ANY ({ pkcs7_note_data }) |
|
|
|
DigestAlgorithmIdentifiers ::= CHOICE { |
|
daSet SET OF DigestAlgorithmIdentifier, |
|
daSequence SEQUENCE OF DigestAlgorithmIdentifier |
|
} |
|
|
|
DigestAlgorithmIdentifier ::= SEQUENCE { |
|
algorithm OBJECT IDENTIFIER ({ pkcs7_note_OID }), |
|
parameters ANY OPTIONAL |
|
} |
|
|
|
-- |
|
-- Certificates and certificate lists |
|
-- |
|
ExtendedCertificatesAndCertificates ::= SET OF ExtendedCertificateOrCertificate |
|
|
|
ExtendedCertificateOrCertificate ::= CHOICE { |
|
certificate Certificate, -- X.509 |
|
extendedCertificate [0] IMPLICIT ExtendedCertificate -- PKCS#6 |
|
} |
|
|
|
ExtendedCertificate ::= Certificate -- cheating |
|
|
|
Certificates ::= SEQUENCE OF Certificate |
|
|
|
CertificateRevocationLists ::= SET OF CertificateList |
|
|
|
CertificateList ::= SEQUENCE OF Certificate -- This may be defined incorrectly |
|
|
|
CRLSequence ::= SEQUENCE OF CertificateList |
|
|
|
Certificate ::= ANY ({ pkcs7_extract_cert }) -- X.509 |
|
|
|
-- |
|
-- Signer information |
|
-- |
|
SignerInfos ::= CHOICE { |
|
siSet SET OF SignerInfo, |
|
siSequence SEQUENCE OF SignerInfo |
|
} |
|
|
|
SignerInfo ::= SEQUENCE { |
|
version INTEGER ({ pkcs7_note_signerinfo_version }), |
|
sid SignerIdentifier, -- CMS variant, not PKCS#7 |
|
digestAlgorithm DigestAlgorithmIdentifier ({ pkcs7_sig_note_digest_algo }), |
|
authenticatedAttributes CHOICE { |
|
aaSet [0] IMPLICIT SetOfAuthenticatedAttribute |
|
({ pkcs7_sig_note_set_of_authattrs }), |
|
aaSequence [2] EXPLICIT SEQUENCE OF AuthenticatedAttribute |
|
-- Explicit because easier to compute digest on |
|
-- sequence of attributes and then reuse encoded |
|
-- sequence in aaSequence. |
|
} OPTIONAL, |
|
digestEncryptionAlgorithm |
|
DigestEncryptionAlgorithmIdentifier ({ pkcs7_sig_note_pkey_algo }), |
|
encryptedDigest EncryptedDigest, |
|
unauthenticatedAttributes CHOICE { |
|
uaSet [1] IMPLICIT SET OF UnauthenticatedAttribute, |
|
uaSequence [3] IMPLICIT SEQUENCE OF UnauthenticatedAttribute |
|
} OPTIONAL |
|
} ({ pkcs7_note_signed_info }) |
|
|
|
SignerIdentifier ::= CHOICE { |
|
-- RFC5652 sec 5.3 |
|
issuerAndSerialNumber IssuerAndSerialNumber, |
|
subjectKeyIdentifier [0] IMPLICIT SubjectKeyIdentifier |
|
} |
|
|
|
IssuerAndSerialNumber ::= SEQUENCE { |
|
issuer Name ({ pkcs7_sig_note_issuer }), |
|
serialNumber CertificateSerialNumber ({ pkcs7_sig_note_serial }) |
|
} |
|
|
|
CertificateSerialNumber ::= INTEGER |
|
|
|
SubjectKeyIdentifier ::= OCTET STRING ({ pkcs7_sig_note_skid }) |
|
|
|
SetOfAuthenticatedAttribute ::= SET OF AuthenticatedAttribute |
|
|
|
AuthenticatedAttribute ::= SEQUENCE { |
|
type OBJECT IDENTIFIER ({ pkcs7_note_OID }), |
|
values SET OF ANY ({ pkcs7_sig_note_authenticated_attr }) |
|
} |
|
|
|
UnauthenticatedAttribute ::= SEQUENCE { |
|
type OBJECT IDENTIFIER, |
|
values SET OF ANY |
|
} |
|
|
|
DigestEncryptionAlgorithmIdentifier ::= SEQUENCE { |
|
algorithm OBJECT IDENTIFIER ({ pkcs7_note_OID }), |
|
parameters ANY OPTIONAL |
|
} |
|
|
|
EncryptedDigest ::= OCTET STRING ({ pkcs7_sig_note_signature }) |
|
|
|
--- |
|
--- X.500 Name |
|
--- |
|
Name ::= SEQUENCE OF RelativeDistinguishedName |
|
|
|
RelativeDistinguishedName ::= SET OF AttributeValueAssertion |
|
|
|
AttributeValueAssertion ::= SEQUENCE { |
|
attributeType OBJECT IDENTIFIER ({ pkcs7_note_OID }), |
|
attributeValue ANY |
|
}
|
|
|