The Tor Browser / annotate

security/nss/lib/smime/cmst.h@6474c204b198 (annotated)

security/nss/lib/smime/cmst.h

Wed, 31 Dec 2014 06:09:35 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Wed, 31 Dec 2014 06:09:35 +0100
changeset 0
6474c204b198
permissions
-rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

michael@0 1 /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0 2 * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0 4
michael@0 5 /*
michael@0 6 * Header for CMS types.
michael@0 7 */
michael@0 8
michael@0 9 #ifndef _CMST_H_
michael@0 10 #define _CMST_H_
michael@0 11
michael@0 12 #include "seccomon.h"
michael@0 13 #include "secoidt.h"
michael@0 14 #include "certt.h"
michael@0 15 #include "secmodt.h"
michael@0 16 #include "secmodt.h"
michael@0 17
michael@0 18 #include "plarena.h"
michael@0 19
michael@0 20 /* Non-opaque objects. NOTE, though: I want them to be treated as
michael@0 21 * opaque as much as possible. If I could hide them completely,
michael@0 22 * I would. (I tried, but ran into trouble that was taking me too
michael@0 23 * much time to get out of.) I still intend to try to do so.
michael@0 24 * In fact, the only type that "outsiders" should even *name* is
michael@0 25 * NSSCMSMessage, and they should not reference its fields.
michael@0 26 */
michael@0 27 /* rjr: PKCS #11 cert handling (pk11cert.c) does use NSSCMSRecipientInfo's.
michael@0 28 * This is because when we search the recipient list for the cert and key we
michael@0 29 * want, we need to invert the order of the loops we used to have. The old
michael@0 30 * loops were:
michael@0 31 *
michael@0 32 * For each recipient {
michael@0 33 * find_cert = PK11_Find_AllCert(recipient->issuerSN);
michael@0 34 * [which unrolls to... ]
michael@0 35 * For each slot {
michael@0 36 * Log into slot;
michael@0 37 * search slot for cert;
michael@0 38 * }
michael@0 39 * }
michael@0 40 *
michael@0 41 * the new loop searchs all the recipients at once on a slot. this allows
michael@0 42 * PKCS #11 to order slots in such a way that logout slots don't get checked
michael@0 43 * if we can find the cert on a logged in slot. This eliminates lots of
michael@0 44 * spurious password prompts when smart cards are installed... so why this
michael@0 45 * comment? If you make NSSCMSRecipientInfo completely opaque, you need
michael@0 46 * to provide a non-opaque list of issuerSN's (the only field PKCS#11 needs
michael@0 47 * and fix up pk11cert.c first. NOTE: Only S/MIME calls this special PKCS #11
michael@0 48 * function.
michael@0 49 */
michael@0 50
michael@0 51 typedef struct NSSCMSMessageStr NSSCMSMessage;
michael@0 52
michael@0 53 typedef union NSSCMSContentUnion NSSCMSContent;
michael@0 54 typedef struct NSSCMSContentInfoStr NSSCMSContentInfo;
michael@0 55
michael@0 56 typedef struct NSSCMSSignedDataStr NSSCMSSignedData;
michael@0 57 typedef struct NSSCMSSignerInfoStr NSSCMSSignerInfo;
michael@0 58 typedef struct NSSCMSSignerIdentifierStr NSSCMSSignerIdentifier;
michael@0 59
michael@0 60 typedef struct NSSCMSEnvelopedDataStr NSSCMSEnvelopedData;
michael@0 61 typedef struct NSSCMSOriginatorInfoStr NSSCMSOriginatorInfo;
michael@0 62 typedef struct NSSCMSRecipientInfoStr NSSCMSRecipientInfo;
michael@0 63
michael@0 64 typedef struct NSSCMSDigestedDataStr NSSCMSDigestedData;
michael@0 65 typedef struct NSSCMSEncryptedDataStr NSSCMSEncryptedData;
michael@0 66
michael@0 67 typedef struct NSSCMSGenericWrapperDataStr NSSCMSGenericWrapperData;
michael@0 68
michael@0 69 typedef struct NSSCMSAttributeStr NSSCMSAttribute;
michael@0 70
michael@0 71 typedef struct NSSCMSDecoderContextStr NSSCMSDecoderContext;
michael@0 72 typedef struct NSSCMSEncoderContextStr NSSCMSEncoderContext;
michael@0 73
michael@0 74 typedef struct NSSCMSCipherContextStr NSSCMSCipherContext;
michael@0 75 typedef struct NSSCMSDigestContextStr NSSCMSDigestContext;
michael@0 76
michael@0 77 typedef struct NSSCMSContentInfoPrivateStr NSSCMSContentInfoPrivate;
michael@0 78
michael@0 79 typedef SECStatus (*NSSCMSGenericWrapperDataCallback)
michael@0 80 (NSSCMSGenericWrapperData *);
michael@0 81 typedef void (*NSSCMSGenericWrapperDataDestroy)
michael@0 82 (NSSCMSGenericWrapperData *);
michael@0 83
michael@0 84 extern const SEC_ASN1Template NSSCMSGenericWrapperDataTemplate[];
michael@0 85 extern const SEC_ASN1Template NSS_PointerToCMSGenericWrapperDataTemplate[];
michael@0 86
michael@0 87 SEC_ASN1_CHOOSER_DECLARE(NSS_PointerToCMSGenericWrapperDataTemplate)
michael@0 88 SEC_ASN1_CHOOSER_DECLARE(NSSCMSGenericWrapperDataTemplate)
michael@0 89
michael@0 90
michael@0 91
michael@0 92 /*
michael@0 93 * Type of function passed to NSSCMSDecode or NSSCMSDecoderStart.
michael@0 94 * If specified, this is where the content bytes (only) will be "sent"
michael@0 95 * as they are recovered during the decoding.
michael@0 96 * And:
michael@0 97 * Type of function passed to NSSCMSEncode or NSSCMSEncoderStart.
michael@0 98 * This is where the DER-encoded bytes will be "sent".
michael@0 99 *
michael@0 100 * XXX Should just combine this with NSSCMSEncoderContentCallback type
michael@0 101 * and use a simpler, common name.
michael@0 102 */
michael@0 103 typedef void (*NSSCMSContentCallback)(void *arg, const char *buf, unsigned long len);
michael@0 104
michael@0 105 /*
michael@0 106 * Type of function passed to NSSCMSDecode or NSSCMSDecoderStart
michael@0 107 * to retrieve the decryption key. This function is intended to be
michael@0 108 * used for EncryptedData content info's which do not have a key available
michael@0 109 * in a certificate, etc.
michael@0 110 */
michael@0 111 typedef PK11SymKey *(*NSSCMSGetDecryptKeyCallback)(void *arg, SECAlgorithmID *algid);
michael@0 112
michael@0 113
michael@0 114 /* =============================================================================
michael@0 115 * ENCAPSULATED CONTENTINFO & CONTENTINFO
michael@0 116 */
michael@0 117
michael@0 118 union NSSCMSContentUnion {
michael@0 119 /* either unstructured */
michael@0 120 SECItem * data;
michael@0 121 /* or structured data */
michael@0 122 NSSCMSDigestedData * digestedData;
michael@0 123 NSSCMSEncryptedData * encryptedData;
michael@0 124 NSSCMSEnvelopedData * envelopedData;
michael@0 125 NSSCMSSignedData * signedData;
michael@0 126 NSSCMSGenericWrapperData * genericData;
michael@0 127 /* or anonymous pointer to something */
michael@0 128 void * pointer;
michael@0 129 };
michael@0 130
michael@0 131 struct NSSCMSContentInfoStr {
michael@0 132 SECItem contentType;
michael@0 133 NSSCMSContent content;
michael@0 134 /* --------- local; not part of encoding --------- */
michael@0 135 SECOidData * contentTypeTag;
michael@0 136
michael@0 137 /* additional info for encryptedData and envelopedData */
michael@0 138 /* we waste this space for signedData and digestedData. sue me. */
michael@0 139
michael@0 140 SECAlgorithmID contentEncAlg;
michael@0 141 SECItem * rawContent; /* encrypted DER, optional */
michael@0 142 /* XXXX bytes not encrypted, but encoded? */
michael@0 143 /* --------- local; not part of encoding --------- */
michael@0 144 PK11SymKey * bulkkey; /* bulk encryption key */
michael@0 145 int keysize; /* size of bulk encryption key
michael@0 146 * (only used by creation code) */
michael@0 147 SECOidTag contentEncAlgTag; /* oid tag of encryption algorithm
michael@0 148 * (only used by creation code) */
michael@0 149 NSSCMSContentInfoPrivate *privateInfo; /* place for NSS private info */
michael@0 150 void *reserved; /* keep binary compatibility */
michael@0 151 };
michael@0 152
michael@0 153 /* =============================================================================
michael@0 154 * MESSAGE
michael@0 155 */
michael@0 156
michael@0 157 struct NSSCMSMessageStr {
michael@0 158 NSSCMSContentInfo contentInfo; /* "outer" cinfo */
michael@0 159 /* --------- local; not part of encoding --------- */
michael@0 160 PLArenaPool * poolp;
michael@0 161 PRBool poolp_is_ours;
michael@0 162 int refCount;
michael@0 163 /* properties of the "inner" data */
michael@0 164 SECAlgorithmID ** detached_digestalgs;
michael@0 165 SECItem ** detached_digests;
michael@0 166 void * pwfn_arg;
michael@0 167 NSSCMSGetDecryptKeyCallback decrypt_key_cb;
michael@0 168 void * decrypt_key_cb_arg;
michael@0 169 };
michael@0 170
michael@0 171 /* ============================================================================
michael@0 172 * GENERIC WRAPPER
michael@0 173 *
michael@0 174 * used for user defined types.
michael@0 175 */
michael@0 176 struct NSSCMSGenericWrapperDataStr {
michael@0 177 NSSCMSContentInfo contentInfo;
michael@0 178 /* ---- local; not part of encoding ------ */
michael@0 179 NSSCMSMessage * cmsg;
michael@0 180 /* wrapperspecific data starts here */
michael@0 181 };
michael@0 182
michael@0 183 /* =============================================================================
michael@0 184 * SIGNEDDATA
michael@0 185 */
michael@0 186
michael@0 187 struct NSSCMSSignedDataStr {
michael@0 188 SECItem version;
michael@0 189 SECAlgorithmID ** digestAlgorithms;
michael@0 190 NSSCMSContentInfo contentInfo;
michael@0 191 SECItem ** rawCerts;
michael@0 192 CERTSignedCrl ** crls;
michael@0 193 NSSCMSSignerInfo ** signerInfos;
michael@0 194 /* --------- local; not part of encoding --------- */
michael@0 195 NSSCMSMessage * cmsg; /* back pointer to message */
michael@0 196 SECItem ** digests;
michael@0 197 CERTCertificate ** certs;
michael@0 198 CERTCertificateList ** certLists;
michael@0 199 CERTCertificate ** tempCerts; /* temporary certs, needed
michael@0 200 * for example for signature
michael@0 201 * verification */
michael@0 202 };
michael@0 203 #define NSS_CMS_SIGNED_DATA_VERSION_BASIC 1 /* what we *create* */
michael@0 204 #define NSS_CMS_SIGNED_DATA_VERSION_EXT 3 /* what we *create* */
michael@0 205
michael@0 206 typedef enum {
michael@0 207 NSSCMSVS_Unverified = 0,
michael@0 208 NSSCMSVS_GoodSignature = 1,
michael@0 209 NSSCMSVS_BadSignature = 2,
michael@0 210 NSSCMSVS_DigestMismatch = 3,
michael@0 211 NSSCMSVS_SigningCertNotFound = 4,
michael@0 212 NSSCMSVS_SigningCertNotTrusted = 5,
michael@0 213 NSSCMSVS_SignatureAlgorithmUnknown = 6,
michael@0 214 NSSCMSVS_SignatureAlgorithmUnsupported = 7,
michael@0 215 NSSCMSVS_MalformedSignature = 8,
michael@0 216 NSSCMSVS_ProcessingError = 9
michael@0 217 } NSSCMSVerificationStatus;
michael@0 218
michael@0 219 typedef enum {
michael@0 220 NSSCMSSignerID_IssuerSN = 0,
michael@0 221 NSSCMSSignerID_SubjectKeyID = 1
michael@0 222 } NSSCMSSignerIDSelector;
michael@0 223
michael@0 224 struct NSSCMSSignerIdentifierStr {
michael@0 225 NSSCMSSignerIDSelector identifierType;
michael@0 226 union {
michael@0 227 CERTIssuerAndSN *issuerAndSN;
michael@0 228 SECItem *subjectKeyID;
michael@0 229 } id;
michael@0 230 };
michael@0 231
michael@0 232 struct NSSCMSSignerInfoStr {
michael@0 233 SECItem version;
michael@0 234 NSSCMSSignerIdentifier signerIdentifier;
michael@0 235 SECAlgorithmID digestAlg;
michael@0 236 NSSCMSAttribute ** authAttr;
michael@0 237 SECAlgorithmID digestEncAlg;
michael@0 238 SECItem encDigest;
michael@0 239 NSSCMSAttribute ** unAuthAttr;
michael@0 240 /* --------- local; not part of encoding --------- */
michael@0 241 NSSCMSMessage * cmsg; /* back pointer to message */
michael@0 242 CERTCertificate * cert;
michael@0 243 CERTCertificateList * certList;
michael@0 244 PRTime signingTime;
michael@0 245 NSSCMSVerificationStatus verificationStatus;
michael@0 246 SECKEYPrivateKey * signingKey; /* Used if we're using subjKeyID*/
michael@0 247 SECKEYPublicKey * pubKey;
michael@0 248 };
michael@0 249 #define NSS_CMS_SIGNER_INFO_VERSION_ISSUERSN 1 /* what we *create* */
michael@0 250 #define NSS_CMS_SIGNER_INFO_VERSION_SUBJKEY 3 /* what we *create* */
michael@0 251
michael@0 252 typedef enum {
michael@0 253 NSSCMSCM_None = 0,
michael@0 254 NSSCMSCM_CertOnly = 1,
michael@0 255 NSSCMSCM_CertChain = 2,
michael@0 256 NSSCMSCM_CertChainWithRoot = 3
michael@0 257 } NSSCMSCertChainMode;
michael@0 258
michael@0 259 /* =============================================================================
michael@0 260 * ENVELOPED DATA
michael@0 261 */
michael@0 262 struct NSSCMSEnvelopedDataStr {
michael@0 263 SECItem version;
michael@0 264 NSSCMSOriginatorInfo * originatorInfo; /* optional */
michael@0 265 NSSCMSRecipientInfo ** recipientInfos;
michael@0 266 NSSCMSContentInfo contentInfo;
michael@0 267 NSSCMSAttribute ** unprotectedAttr;
michael@0 268 /* --------- local; not part of encoding --------- */
michael@0 269 NSSCMSMessage * cmsg; /* back pointer to message */
michael@0 270 };
michael@0 271 #define NSS_CMS_ENVELOPED_DATA_VERSION_REG 0 /* what we *create* */
michael@0 272 #define NSS_CMS_ENVELOPED_DATA_VERSION_ADV 2 /* what we *create* */
michael@0 273
michael@0 274 struct NSSCMSOriginatorInfoStr {
michael@0 275 SECItem ** rawCerts;
michael@0 276 CERTSignedCrl ** crls;
michael@0 277 /* --------- local; not part of encoding --------- */
michael@0 278 CERTCertificate ** certs;
michael@0 279 };
michael@0 280
michael@0 281 /* -----------------------------------------------------------------------------
michael@0 282 * key transport recipient info
michael@0 283 */
michael@0 284 typedef enum {
michael@0 285 NSSCMSRecipientID_IssuerSN = 0,
michael@0 286 NSSCMSRecipientID_SubjectKeyID = 1,
michael@0 287 NSSCMSRecipientID_BrandNew = 2
michael@0 288 } NSSCMSRecipientIDSelector;
michael@0 289
michael@0 290 struct NSSCMSRecipientIdentifierStr {
michael@0 291 NSSCMSRecipientIDSelector identifierType;
michael@0 292 union {
michael@0 293 CERTIssuerAndSN *issuerAndSN;
michael@0 294 SECItem *subjectKeyID;
michael@0 295 } id;
michael@0 296 };
michael@0 297 typedef struct NSSCMSRecipientIdentifierStr NSSCMSRecipientIdentifier;
michael@0 298
michael@0 299 struct NSSCMSKeyTransRecipientInfoStr {
michael@0 300 SECItem version;
michael@0 301 NSSCMSRecipientIdentifier recipientIdentifier;
michael@0 302 SECAlgorithmID keyEncAlg;
michael@0 303 SECItem encKey;
michael@0 304 };
michael@0 305 typedef struct NSSCMSKeyTransRecipientInfoStr NSSCMSKeyTransRecipientInfo;
michael@0 306
michael@0 307 /*
michael@0 308 * View comments before NSSCMSRecipientInfoStr for purpose of this
michael@0 309 * structure.
michael@0 310 */
michael@0 311 struct NSSCMSKeyTransRecipientInfoExStr {
michael@0 312 NSSCMSKeyTransRecipientInfo recipientInfo;
michael@0 313 int version; /* version of this structure (0) */
michael@0 314 SECKEYPublicKey *pubKey;
michael@0 315 };
michael@0 316
michael@0 317 typedef struct NSSCMSKeyTransRecipientInfoExStr NSSCMSKeyTransRecipientInfoEx;
michael@0 318
michael@0 319 #define NSS_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_ISSUERSN 0 /* what we *create* */
michael@0 320 #define NSS_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_SUBJKEY 2 /* what we *create* */
michael@0 321
michael@0 322 /* -----------------------------------------------------------------------------
michael@0 323 * key agreement recipient info
michael@0 324 */
michael@0 325 struct NSSCMSOriginatorPublicKeyStr {
michael@0 326 SECAlgorithmID algorithmIdentifier;
michael@0 327 SECItem publicKey; /* bit string! */
michael@0 328 };
michael@0 329 typedef struct NSSCMSOriginatorPublicKeyStr NSSCMSOriginatorPublicKey;
michael@0 330
michael@0 331 typedef enum {
michael@0 332 NSSCMSOriginatorIDOrKey_IssuerSN = 0,
michael@0 333 NSSCMSOriginatorIDOrKey_SubjectKeyID = 1,
michael@0 334 NSSCMSOriginatorIDOrKey_OriginatorPublicKey = 2
michael@0 335 } NSSCMSOriginatorIDOrKeySelector;
michael@0 336
michael@0 337 struct NSSCMSOriginatorIdentifierOrKeyStr {
michael@0 338 NSSCMSOriginatorIDOrKeySelector identifierType;
michael@0 339 union {
michael@0 340 CERTIssuerAndSN *issuerAndSN; /* static-static */
michael@0 341 SECItem *subjectKeyID; /* static-static */
michael@0 342 NSSCMSOriginatorPublicKey originatorPublicKey; /* ephemeral-static */
michael@0 343 } id;
michael@0 344 };
michael@0 345 typedef struct NSSCMSOriginatorIdentifierOrKeyStr NSSCMSOriginatorIdentifierOrKey;
michael@0 346
michael@0 347 struct NSSCMSRecipientKeyIdentifierStr {
michael@0 348 SECItem * subjectKeyIdentifier;
michael@0 349 SECItem * date; /* optional */
michael@0 350 SECItem * other; /* optional */
michael@0 351 };
michael@0 352 typedef struct NSSCMSRecipientKeyIdentifierStr NSSCMSRecipientKeyIdentifier;
michael@0 353
michael@0 354 typedef enum {
michael@0 355 NSSCMSKeyAgreeRecipientID_IssuerSN = 0,
michael@0 356 NSSCMSKeyAgreeRecipientID_RKeyID = 1
michael@0 357 } NSSCMSKeyAgreeRecipientIDSelector;
michael@0 358
michael@0 359 struct NSSCMSKeyAgreeRecipientIdentifierStr {
michael@0 360 NSSCMSKeyAgreeRecipientIDSelector identifierType;
michael@0 361 union {
michael@0 362 CERTIssuerAndSN *issuerAndSN;
michael@0 363 NSSCMSRecipientKeyIdentifier recipientKeyIdentifier;
michael@0 364 } id;
michael@0 365 };
michael@0 366 typedef struct NSSCMSKeyAgreeRecipientIdentifierStr NSSCMSKeyAgreeRecipientIdentifier;
michael@0 367
michael@0 368 struct NSSCMSRecipientEncryptedKeyStr {
michael@0 369 NSSCMSKeyAgreeRecipientIdentifier recipientIdentifier;
michael@0 370 SECItem encKey;
michael@0 371 };
michael@0 372 typedef struct NSSCMSRecipientEncryptedKeyStr NSSCMSRecipientEncryptedKey;
michael@0 373
michael@0 374 struct NSSCMSKeyAgreeRecipientInfoStr {
michael@0 375 SECItem version;
michael@0 376 NSSCMSOriginatorIdentifierOrKey originatorIdentifierOrKey;
michael@0 377 SECItem * ukm; /* optional */
michael@0 378 SECAlgorithmID keyEncAlg;
michael@0 379 NSSCMSRecipientEncryptedKey ** recipientEncryptedKeys;
michael@0 380 };
michael@0 381 typedef struct NSSCMSKeyAgreeRecipientInfoStr NSSCMSKeyAgreeRecipientInfo;
michael@0 382
michael@0 383 #define NSS_CMS_KEYAGREE_RECIPIENT_INFO_VERSION 3 /* what we *create* */
michael@0 384
michael@0 385 /* -----------------------------------------------------------------------------
michael@0 386 * KEK recipient info
michael@0 387 */
michael@0 388 struct NSSCMSKEKIdentifierStr {
michael@0 389 SECItem keyIdentifier;
michael@0 390 SECItem * date; /* optional */
michael@0 391 SECItem * other; /* optional */
michael@0 392 };
michael@0 393 typedef struct NSSCMSKEKIdentifierStr NSSCMSKEKIdentifier;
michael@0 394
michael@0 395 struct NSSCMSKEKRecipientInfoStr {
michael@0 396 SECItem version;
michael@0 397 NSSCMSKEKIdentifier kekIdentifier;
michael@0 398 SECAlgorithmID keyEncAlg;
michael@0 399 SECItem encKey;
michael@0 400 };
michael@0 401 typedef struct NSSCMSKEKRecipientInfoStr NSSCMSKEKRecipientInfo;
michael@0 402
michael@0 403 #define NSS_CMS_KEK_RECIPIENT_INFO_VERSION 4 /* what we *create* */
michael@0 404
michael@0 405 /* -----------------------------------------------------------------------------
michael@0 406 * recipient info
michael@0 407 */
michael@0 408
michael@0 409 typedef enum {
michael@0 410 NSSCMSRecipientInfoID_KeyTrans = 0,
michael@0 411 NSSCMSRecipientInfoID_KeyAgree = 1,
michael@0 412 NSSCMSRecipientInfoID_KEK = 2
michael@0 413 } NSSCMSRecipientInfoIDSelector;
michael@0 414
michael@0 415 /*
michael@0 416 * In order to preserve backwards binary compatibility when implementing
michael@0 417 * creation of Recipient Info's that uses subjectKeyID in the
michael@0 418 * keyTransRecipientInfo we need to stash a public key pointer in this
michael@0 419 * structure somewhere. We figured out that NSSCMSKeyTransRecipientInfo
michael@0 420 * is the smallest member of the ri union. We're in luck since that's
michael@0 421 * the very structure that would need to use the public key. So we created
michael@0 422 * a new structure NSSCMSKeyTransRecipientInfoEx which has a member
michael@0 423 * NSSCMSKeyTransRecipientInfo as the first member followed by a version
michael@0 424 * and a public key pointer. This way we can keep backwards compatibility
michael@0 425 * without changing the size of this structure.
michael@0 426 *
michael@0 427 * BTW, size of structure:
michael@0 428 * NSSCMSKeyTransRecipientInfo: 9 ints, 4 pointers
michael@0 429 * NSSCMSKeyAgreeRecipientInfo: 12 ints, 8 pointers
michael@0 430 * NSSCMSKEKRecipientInfo: 10 ints, 7 pointers
michael@0 431 *
michael@0 432 * The new structure:
michael@0 433 * NSSCMSKeyTransRecipientInfoEx: sizeof(NSSCMSKeyTransRecipientInfo) +
michael@0 434 * 1 int, 1 pointer
michael@0 435 */
michael@0 436
michael@0 437 struct NSSCMSRecipientInfoStr {
michael@0 438 NSSCMSRecipientInfoIDSelector recipientInfoType;
michael@0 439 union {
michael@0 440 NSSCMSKeyTransRecipientInfo keyTransRecipientInfo;
michael@0 441 NSSCMSKeyAgreeRecipientInfo keyAgreeRecipientInfo;
michael@0 442 NSSCMSKEKRecipientInfo kekRecipientInfo;
michael@0 443 NSSCMSKeyTransRecipientInfoEx keyTransRecipientInfoEx;
michael@0 444 } ri;
michael@0 445 /* --------- local; not part of encoding --------- */
michael@0 446 NSSCMSMessage * cmsg; /* back pointer to message */
michael@0 447 CERTCertificate * cert; /* recipient's certificate */
michael@0 448 };
michael@0 449
michael@0 450 /* =============================================================================
michael@0 451 * DIGESTED DATA
michael@0 452 */
michael@0 453 struct NSSCMSDigestedDataStr {
michael@0 454 SECItem version;
michael@0 455 SECAlgorithmID digestAlg;
michael@0 456 NSSCMSContentInfo contentInfo;
michael@0 457 SECItem digest;
michael@0 458 /* --------- local; not part of encoding --------- */
michael@0 459 NSSCMSMessage * cmsg; /* back pointer */
michael@0 460 SECItem cdigest; /* calculated digest */
michael@0 461 };
michael@0 462 #define NSS_CMS_DIGESTED_DATA_VERSION_DATA 0 /* what we *create* */
michael@0 463 #define NSS_CMS_DIGESTED_DATA_VERSION_ENCAP 2 /* what we *create* */
michael@0 464
michael@0 465 /* =============================================================================
michael@0 466 * ENCRYPTED DATA
michael@0 467 */
michael@0 468 struct NSSCMSEncryptedDataStr {
michael@0 469 SECItem version;
michael@0 470 NSSCMSContentInfo contentInfo;
michael@0 471 NSSCMSAttribute ** unprotectedAttr; /* optional */
michael@0 472 /* --------- local; not part of encoding --------- */
michael@0 473 NSSCMSMessage * cmsg; /* back pointer */
michael@0 474 };
michael@0 475 #define NSS_CMS_ENCRYPTED_DATA_VERSION 0 /* what we *create* */
michael@0 476 #define NSS_CMS_ENCRYPTED_DATA_VERSION_UPATTR 2 /* what we *create* */
michael@0 477
michael@0 478 /*
michael@0 479 * *****************************************************************************
michael@0 480 * *****************************************************************************
michael@0 481 * *****************************************************************************
michael@0 482 */
michael@0 483
michael@0 484 /*
michael@0 485 * See comment above about this type not really belonging to CMS.
michael@0 486 */
michael@0 487 struct NSSCMSAttributeStr {
michael@0 488 /* The following fields make up an encoded Attribute: */
michael@0 489 SECItem type;
michael@0 490 SECItem ** values; /* data may or may not be encoded */
michael@0 491 /* The following fields are not part of an encoded Attribute: */
michael@0 492 SECOidData * typeTag;
michael@0 493 PRBool encoded; /* when true, values are encoded */
michael@0 494 };
michael@0 495
michael@0 496 #endif /* _CMST_H_ */

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial