[J-u-boot.git] / lib / crypto / pkcs7.asn1

PKCS7ContentInfo ::= SEQUENCE {
	contentType	ContentType ({ pkcs7_check_content_type }),
	content		[0] EXPLICIT SignedData OPTIONAL
}

ContentType ::= OBJECT IDENTIFIER ({ pkcs7_note_OID })

SignedData ::= SEQUENCE {
	version			INTEGER ({ pkcs7_note_signeddata_version }),
	digestAlgorithms	DigestAlgorithmIdentifiers,
	contentInfo		ContentInfo ({ pkcs7_note_content }),
	certificates		CHOICE {
		certSet		[0] IMPLICIT ExtendedCertificatesAndCertificates,
		certSequence	[2] IMPLICIT Certificates
	} OPTIONAL ({ pkcs7_note_certificate_list }),
	crls CHOICE {
		crlSet		[1] IMPLICIT CertificateRevocationLists,
		crlSequence	[3] IMPLICIT CRLSequence
	} OPTIONAL,
	signerInfos		SignerInfos
}

ContentInfo ::= SEQUENCE {
	contentType	ContentType ({ pkcs7_note_OID }),
	content		[0] EXPLICIT Data OPTIONAL
}

Data ::= ANY ({ pkcs7_note_data })

DigestAlgorithmIdentifiers ::= CHOICE {
	daSet			SET OF DigestAlgorithmIdentifier,
	daSequence		SEQUENCE OF DigestAlgorithmIdentifier
}

DigestAlgorithmIdentifier ::= SEQUENCE {
	algorithm   OBJECT IDENTIFIER ({ pkcs7_note_OID }),
	parameters  ANY OPTIONAL
}

--
-- Certificates and certificate lists
--
ExtendedCertificatesAndCertificates ::= SET OF ExtendedCertificateOrCertificate

ExtendedCertificateOrCertificate ::= CHOICE {
  certificate		Certificate,				-- X.509
  extendedCertificate	[0] IMPLICIT ExtendedCertificate	-- PKCS#6
}

ExtendedCertificate ::= Certificate -- cheating

Certificates ::= SEQUENCE OF Certificate

CertificateRevocationLists ::= SET OF CertificateList

CertificateList ::= SEQUENCE OF Certificate -- This may be defined incorrectly

CRLSequence ::= SEQUENCE OF CertificateList

Certificate ::= ANY ({ pkcs7_extract_cert }) -- X.509

--
-- Signer information
--
SignerInfos ::= CHOICE {
	siSet		SET OF SignerInfo,
	siSequence	SEQUENCE OF SignerInfo
}

SignerInfo ::= SEQUENCE {
	version			INTEGER ({ pkcs7_note_signerinfo_version }),
	sid			SignerIdentifier, -- CMS variant, not PKCS#7
	digestAlgorithm		DigestAlgorithmIdentifier ({ pkcs7_sig_note_digest_algo }),
	authenticatedAttributes	CHOICE {
		aaSet		[0] IMPLICIT SetOfAuthenticatedAttribute
					({ pkcs7_sig_note_set_of_authattrs }),
		aaSequence	[2] EXPLICIT SEQUENCE OF AuthenticatedAttribute
			-- Explicit because easier to compute digest on
			-- sequence of attributes and then reuse encoded
			-- sequence in aaSequence.
	} OPTIONAL,
	digestEncryptionAlgorithm
				DigestEncryptionAlgorithmIdentifier ({ pkcs7_sig_note_pkey_algo }),
	encryptedDigest		EncryptedDigest,
	unauthenticatedAttributes CHOICE {
		uaSet		[1] IMPLICIT SET OF UnauthenticatedAttribute,
		uaSequence	[3] IMPLICIT SEQUENCE OF UnauthenticatedAttribute
	} OPTIONAL
} ({ pkcs7_note_signed_info })

SignerIdentifier ::= CHOICE {
	-- RFC5652 sec 5.3
	issuerAndSerialNumber IssuerAndSerialNumber,
        subjectKeyIdentifier [0] IMPLICIT SubjectKeyIdentifier
}

IssuerAndSerialNumber ::= SEQUENCE {
	issuer			Name ({ pkcs7_sig_note_issuer }),
	serialNumber		CertificateSerialNumber ({ pkcs7_sig_note_serial })
}

CertificateSerialNumber ::= INTEGER

SubjectKeyIdentifier ::= OCTET STRING ({ pkcs7_sig_note_skid })

SetOfAuthenticatedAttribute ::= SET OF AuthenticatedAttribute

AuthenticatedAttribute ::= SEQUENCE {
	type			OBJECT IDENTIFIER ({ pkcs7_note_OID }),
	values			SET OF ANY ({ pkcs7_sig_note_authenticated_attr })
}

UnauthenticatedAttribute ::= SEQUENCE {
	type			OBJECT IDENTIFIER,
	values			SET OF ANY
}

DigestEncryptionAlgorithmIdentifier ::= SEQUENCE {
	algorithm		OBJECT IDENTIFIER ({ pkcs7_note_OID }),
	parameters		ANY OPTIONAL
}

EncryptedDigest ::= OCTET STRING ({ pkcs7_sig_note_signature })

---
--- X.500 Name
---
Name ::= SEQUENCE OF RelativeDistinguishedName

RelativeDistinguishedName ::= SET OF AttributeValueAssertion

AttributeValueAssertion ::= SEQUENCE {
	attributeType		OBJECT IDENTIFIER ({ pkcs7_note_OID }),
	attributeValue		ANY
}
Commit	Line	Data
e85a787c AT	1	PKCS7ContentInfo ::= SEQUENCE {
	2	contentType ContentType ({ pkcs7_check_content_type }),
	3	content [0] EXPLICIT SignedData OPTIONAL
	4	}
	5
	6	ContentType ::= OBJECT IDENTIFIER ({ pkcs7_note_OID })
	7
	8	SignedData ::= SEQUENCE {
	9	version INTEGER ({ pkcs7_note_signeddata_version }),
	10	digestAlgorithms DigestAlgorithmIdentifiers,
	11	contentInfo ContentInfo ({ pkcs7_note_content }),
	12	certificates CHOICE {
	13	certSet [0] IMPLICIT ExtendedCertificatesAndCertificates,
	14	certSequence [2] IMPLICIT Certificates
	15	} OPTIONAL ({ pkcs7_note_certificate_list }),
	16	crls CHOICE {
	17	crlSet [1] IMPLICIT CertificateRevocationLists,
	18	crlSequence [3] IMPLICIT CRLSequence
	19	} OPTIONAL,
	20	signerInfos SignerInfos
	21	}
	22
	23	ContentInfo ::= SEQUENCE {
	24	contentType ContentType ({ pkcs7_note_OID }),
	25	content [0] EXPLICIT Data OPTIONAL
	26	}
	27
	28	Data ::= ANY ({ pkcs7_note_data })
	29
	30	DigestAlgorithmIdentifiers ::= CHOICE {
	31	daSet SET OF DigestAlgorithmIdentifier,
	32	daSequence SEQUENCE OF DigestAlgorithmIdentifier
	33	}
	34
	35	DigestAlgorithmIdentifier ::= SEQUENCE {
	36	algorithm OBJECT IDENTIFIER ({ pkcs7_note_OID }),
	37	parameters ANY OPTIONAL
	38	}
	39
	40	--
	41	-- Certificates and certificate lists
	42	--
	43	ExtendedCertificatesAndCertificates ::= SET OF ExtendedCertificateOrCertificate
	44
	45	ExtendedCertificateOrCertificate ::= CHOICE {
	46	certificate Certificate, -- X.509
	47	extendedCertificate [0] IMPLICIT ExtendedCertificate -- PKCS#6
	48	}
	49
	50	ExtendedCertificate ::= Certificate -- cheating
	51
	52	Certificates ::= SEQUENCE OF Certificate
	53
	54	CertificateRevocationLists ::= SET OF CertificateList
	55
	56	CertificateList ::= SEQUENCE OF Certificate -- This may be defined incorrectly
	57
	58	CRLSequence ::= SEQUENCE OF CertificateList
	59
	60	Certificate ::= ANY ({ pkcs7_extract_cert }) -- X.509
	61
	62	--
	63	-- Signer information
	64	--
65	SignerInfos ::= CHOICE {
66	siSet SET OF SignerInfo,
67	siSequence SEQUENCE OF SignerInfo
68	}
69
70	SignerInfo ::= SEQUENCE {
71	version INTEGER ({ pkcs7_note_signerinfo_version }),
72	sid SignerIdentifier, -- CMS variant, not PKCS#7
73	digestAlgorithm DigestAlgorithmIdentifier ({ pkcs7_sig_note_digest_algo }),
74	authenticatedAttributes CHOICE {
75	aaSet [0] IMPLICIT SetOfAuthenticatedAttribute
76	({ pkcs7_sig_note_set_of_authattrs }),
77	aaSequence [2] EXPLICIT SEQUENCE OF AuthenticatedAttribute
78	-- Explicit because easier to compute digest on
79	-- sequence of attributes and then reuse encoded
80	-- sequence in aaSequence.
81	} OPTIONAL,
82	digestEncryptionAlgorithm
83	DigestEncryptionAlgorithmIdentifier ({ pkcs7_sig_note_pkey_algo }),
84	encryptedDigest EncryptedDigest,
85	unauthenticatedAttributes CHOICE {
86	uaSet [1] IMPLICIT SET OF UnauthenticatedAttribute,
87	uaSequence [3] IMPLICIT SEQUENCE OF UnauthenticatedAttribute
88	} OPTIONAL
89	} ({ pkcs7_note_signed_info })
90
91	SignerIdentifier ::= CHOICE {
92	-- RFC5652 sec 5.3
93	issuerAndSerialNumber IssuerAndSerialNumber,
94	subjectKeyIdentifier [0] IMPLICIT SubjectKeyIdentifier
95	}
96
97	IssuerAndSerialNumber ::= SEQUENCE {
98	issuer Name ({ pkcs7_sig_note_issuer }),
99	serialNumber CertificateSerialNumber ({ pkcs7_sig_note_serial })
100	}
101
102	CertificateSerialNumber ::= INTEGER
103
104	SubjectKeyIdentifier ::= OCTET STRING ({ pkcs7_sig_note_skid })
105
106	SetOfAuthenticatedAttribute ::= SET OF AuthenticatedAttribute
107
108	AuthenticatedAttribute ::= SEQUENCE {
109	type OBJECT IDENTIFIER ({ pkcs7_note_OID }),
110	values SET OF ANY ({ pkcs7_sig_note_authenticated_attr })
111	}
112
113	UnauthenticatedAttribute ::= SEQUENCE {
114	type OBJECT IDENTIFIER,
115	values SET OF ANY
116	}
117
118	DigestEncryptionAlgorithmIdentifier ::= SEQUENCE {
119	algorithm OBJECT IDENTIFIER ({ pkcs7_note_OID }),
120	parameters ANY OPTIONAL
121	}
122
123	EncryptedDigest ::= OCTET STRING ({ pkcs7_sig_note_signature })
124
125	---
126	--- X.500 Name
127	---
128	Name ::= SEQUENCE OF RelativeDistinguishedName
129
130	RelativeDistinguishedName ::= SET OF AttributeValueAssertion
131
132	AttributeValueAssertion ::= SEQUENCE {
133	attributeType OBJECT IDENTIFIER ({ pkcs7_note_OID }),
134	attributeValue ANY
135	}