2.3.2.4.3.2 SpcIndirectDataContentV2

  • Article

This structure specifies data about the digital signature and contains the hash of the data that is to be signed. This structure is specified by the following ASN.1 ([ITUX680-1994]) notation.

 SpcIndirectDataContentV2 ::= SEQUENCE {
     data               SpcAttributeTypeAndOptionalValue,
     messageDigest      DigestInfo
 }
  
 SpcAttributeTypeAndOptionalValue ::= SEQUENCE {
     type                OBJECT IDENTIFIER,
     value               [0] EXPLICIT ANY OPTIONAL
 }
  
 DigestInfo ::= SEQUENCE {
     digestAlgorithm    AlgorithmIdentifier,
     digest             OCTETSTRING
 }
  
 AlgorithmIdentifier ::= SEQUENCE {
     algorithm          OBJECT IDENTIFIER,
     parameters         [0] EXPLICIT ANY OPTIONAL
 }
  
 SigFormatDescriptorV1 ::= SEQUENCE {
     size               INTEGER,
     version            INTEGER,
     format             INTEGER
 }
  
 SigDataV1Serialized ::= SEQUENCE {
     algorithmIdSize    INTEGER,
     compiledHashSize   INTEGER,
     sourceHashSize     INTEGER,
     algorithmIdOffset  INTEGER,
     compiledHashOffset INTEGER,
     sourceHashOffset   INTEGER,
     algorithmId        OBJECT IDENTIFIER,
     compiledHash
     sourceHash         OCTETSTRING
 }
 

The fields of the SpcIndirectDataContentV2 structure MUST be constrained as follows:

  • The data field MUST be a SpcAttributeTypeAndOptionalValue structure.

  • The messageDigest field MUST be a DigestInfo structure.

The SpcAttributeTypeAndOptionalValue structure fields MUST be constrained as follows:

  • The type field MUST be an Object Identifier ([ITUX680-1994] section 3.8.35) with the value 1.3.6.1.4.1.311.2.1.31.

  • The value field MUST be an OCTETSTRING ([ITUX680-1994] section 20). The value MUST contain the DER encoding ASN.1 data of a SigFormatDescriptorV1 structure.

The SigFormatDescriptorV1 structure fields MUST be constrained as follows:

  • The size field MUST be an INTEGER ([ITUX680-1994] section 3.8.29) and the value MUST be equal to the size of the structure.

  • The version field MUST be an INTEGER ([ITUX680-1994] section 3.8.29) and the value MUST be equal to 1.

  • The format field MUST be an INTEGER ([ITUX680-1994] section 3.8.29) and the value MUST be equal to 1.

The DigestInfo structure’s fields MUST be constrained as follows:

  • The digestAlgorithm field MUST be an AlgorithmIdentifier structure. The algorithm field of digestAlgorithm specifies the Object Identifier ([ITUX680-1994] section 3.8.35) of the digest algorithm that was used to hash the VBA project contents, producing the value for the digest field. This Object Identifier ([ITUX680-1994] section 3.8.35) value MUST be set to the same algorithm identifier as specified in the digestAlgorithm field of the SignedData structure (section 2.3.2.4.1). The parameters field of digestAlgorithm MUST be set to the Null type ([ITUX680-1994] section 6.2) with a length of zero.

  • The digest field MUST be an OCTETSTRING ([ITUX680-1994] section 20). The value MUST contain the DER encoding ASN.1 data of a SigDataV1Serialized structure.

The SigDataV1Serialized structure fields MUST be constrained as follows:

  • The algorithmIdSize field MUST be an INTEGER ([ITUX680-1994] section 3.8.29) and the value MUST be equal to the size of the algorithmId field.

  • The compiledHashSize field SHOULD be zero.

  • The sourceHashSize field MUST be an INTEGER ([ITUX680-1994] section 3.8.29) and the value MUST be equal to the size of the sourceHash field.

  • The algorithmIdOffset field MUST be an INTEGER ([ITUX680-1994] section 3.8.29) and the value MUST be equal to the position in bytes of the algorithmId field from the beginning of the structure.

  • The compiledHashOffset field SHOULD be zero.

  • The sourceHashOffset field MUST be an INTEGER ([ITUX680-1994] section 3.8.29) and the value MUST be equal to the position in bytes of the sourceHash field from the beginning of the structure.

  • The algorithmId field specifies the Object Identifier ([ITUX680-1994] section 3.8.35) of the digest algorithm that was used to hash the VBA project contents, producing the value for the digest field. This Object Identifier ([ITUX680-1994] section 3.8.35) value MUST be set to the same algorithm identifier as specified in the digestAlgorithm field of the SignedData structure.

  • The compiledHash field SHOULD be empty.

  • The sourceHash field MUST be an OCTETSTRING ([ITUX680-1994] section 20). The value of the OCTETSTRING MUST be produced by means of the hash algorithm specified in [MS-OVBA] section 2.4.2.