1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/smime/cmst.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,496 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +/*
1.9 + * Header for CMS types.
1.10 + */
1.11 +
1.12 +#ifndef _CMST_H_
1.13 +#define _CMST_H_
1.14 +
1.15 +#include "seccomon.h"
1.16 +#include "secoidt.h"
1.17 +#include "certt.h"
1.18 +#include "secmodt.h"
1.19 +#include "secmodt.h"
1.20 +
1.21 +#include "plarena.h"
1.22 +
1.23 +/* Non-opaque objects. NOTE, though: I want them to be treated as
1.24 + * opaque as much as possible. If I could hide them completely,
1.25 + * I would. (I tried, but ran into trouble that was taking me too
1.26 + * much time to get out of.) I still intend to try to do so.
1.27 + * In fact, the only type that "outsiders" should even *name* is
1.28 + * NSSCMSMessage, and they should not reference its fields.
1.29 + */
1.30 +/* rjr: PKCS #11 cert handling (pk11cert.c) does use NSSCMSRecipientInfo's.
1.31 + * This is because when we search the recipient list for the cert and key we
1.32 + * want, we need to invert the order of the loops we used to have. The old
1.33 + * loops were:
1.34 + *
1.35 + * For each recipient {
1.36 + * find_cert = PK11_Find_AllCert(recipient->issuerSN);
1.37 + * [which unrolls to... ]
1.38 + * For each slot {
1.39 + * Log into slot;
1.40 + * search slot for cert;
1.41 + * }
1.42 + * }
1.43 + *
1.44 + * the new loop searchs all the recipients at once on a slot. this allows
1.45 + * PKCS #11 to order slots in such a way that logout slots don't get checked
1.46 + * if we can find the cert on a logged in slot. This eliminates lots of
1.47 + * spurious password prompts when smart cards are installed... so why this
1.48 + * comment? If you make NSSCMSRecipientInfo completely opaque, you need
1.49 + * to provide a non-opaque list of issuerSN's (the only field PKCS#11 needs
1.50 + * and fix up pk11cert.c first. NOTE: Only S/MIME calls this special PKCS #11
1.51 + * function.
1.52 + */
1.53 +
1.54 +typedef struct NSSCMSMessageStr NSSCMSMessage;
1.55 +
1.56 +typedef union NSSCMSContentUnion NSSCMSContent;
1.57 +typedef struct NSSCMSContentInfoStr NSSCMSContentInfo;
1.58 +
1.59 +typedef struct NSSCMSSignedDataStr NSSCMSSignedData;
1.60 +typedef struct NSSCMSSignerInfoStr NSSCMSSignerInfo;
1.61 +typedef struct NSSCMSSignerIdentifierStr NSSCMSSignerIdentifier;
1.62 +
1.63 +typedef struct NSSCMSEnvelopedDataStr NSSCMSEnvelopedData;
1.64 +typedef struct NSSCMSOriginatorInfoStr NSSCMSOriginatorInfo;
1.65 +typedef struct NSSCMSRecipientInfoStr NSSCMSRecipientInfo;
1.66 +
1.67 +typedef struct NSSCMSDigestedDataStr NSSCMSDigestedData;
1.68 +typedef struct NSSCMSEncryptedDataStr NSSCMSEncryptedData;
1.69 +
1.70 +typedef struct NSSCMSGenericWrapperDataStr NSSCMSGenericWrapperData;
1.71 +
1.72 +typedef struct NSSCMSAttributeStr NSSCMSAttribute;
1.73 +
1.74 +typedef struct NSSCMSDecoderContextStr NSSCMSDecoderContext;
1.75 +typedef struct NSSCMSEncoderContextStr NSSCMSEncoderContext;
1.76 +
1.77 +typedef struct NSSCMSCipherContextStr NSSCMSCipherContext;
1.78 +typedef struct NSSCMSDigestContextStr NSSCMSDigestContext;
1.79 +
1.80 +typedef struct NSSCMSContentInfoPrivateStr NSSCMSContentInfoPrivate;
1.81 +
1.82 +typedef SECStatus (*NSSCMSGenericWrapperDataCallback)
1.83 + (NSSCMSGenericWrapperData *);
1.84 +typedef void (*NSSCMSGenericWrapperDataDestroy)
1.85 + (NSSCMSGenericWrapperData *);
1.86 +
1.87 +extern const SEC_ASN1Template NSSCMSGenericWrapperDataTemplate[];
1.88 +extern const SEC_ASN1Template NSS_PointerToCMSGenericWrapperDataTemplate[];
1.89 +
1.90 +SEC_ASN1_CHOOSER_DECLARE(NSS_PointerToCMSGenericWrapperDataTemplate)
1.91 +SEC_ASN1_CHOOSER_DECLARE(NSSCMSGenericWrapperDataTemplate)
1.92 +
1.93 +
1.94 +
1.95 +/*
1.96 + * Type of function passed to NSSCMSDecode or NSSCMSDecoderStart.
1.97 + * If specified, this is where the content bytes (only) will be "sent"
1.98 + * as they are recovered during the decoding.
1.99 + * And:
1.100 + * Type of function passed to NSSCMSEncode or NSSCMSEncoderStart.
1.101 + * This is where the DER-encoded bytes will be "sent".
1.102 + *
1.103 + * XXX Should just combine this with NSSCMSEncoderContentCallback type
1.104 + * and use a simpler, common name.
1.105 + */
1.106 +typedef void (*NSSCMSContentCallback)(void *arg, const char *buf, unsigned long len);
1.107 +
1.108 +/*
1.109 + * Type of function passed to NSSCMSDecode or NSSCMSDecoderStart
1.110 + * to retrieve the decryption key. This function is intended to be
1.111 + * used for EncryptedData content info's which do not have a key available
1.112 + * in a certificate, etc.
1.113 + */
1.114 +typedef PK11SymKey *(*NSSCMSGetDecryptKeyCallback)(void *arg, SECAlgorithmID *algid);
1.115 +
1.116 +
1.117 +/* =============================================================================
1.118 + * ENCAPSULATED CONTENTINFO & CONTENTINFO
1.119 + */
1.120 +
1.121 +union NSSCMSContentUnion {
1.122 + /* either unstructured */
1.123 + SECItem * data;
1.124 + /* or structured data */
1.125 + NSSCMSDigestedData * digestedData;
1.126 + NSSCMSEncryptedData * encryptedData;
1.127 + NSSCMSEnvelopedData * envelopedData;
1.128 + NSSCMSSignedData * signedData;
1.129 + NSSCMSGenericWrapperData * genericData;
1.130 + /* or anonymous pointer to something */
1.131 + void * pointer;
1.132 +};
1.133 +
1.134 +struct NSSCMSContentInfoStr {
1.135 + SECItem contentType;
1.136 + NSSCMSContent content;
1.137 + /* --------- local; not part of encoding --------- */
1.138 + SECOidData * contentTypeTag;
1.139 +
1.140 + /* additional info for encryptedData and envelopedData */
1.141 + /* we waste this space for signedData and digestedData. sue me. */
1.142 +
1.143 + SECAlgorithmID contentEncAlg;
1.144 + SECItem * rawContent; /* encrypted DER, optional */
1.145 + /* XXXX bytes not encrypted, but encoded? */
1.146 + /* --------- local; not part of encoding --------- */
1.147 + PK11SymKey * bulkkey; /* bulk encryption key */
1.148 + int keysize; /* size of bulk encryption key
1.149 + * (only used by creation code) */
1.150 + SECOidTag contentEncAlgTag; /* oid tag of encryption algorithm
1.151 + * (only used by creation code) */
1.152 + NSSCMSContentInfoPrivate *privateInfo; /* place for NSS private info */
1.153 + void *reserved; /* keep binary compatibility */
1.154 +};
1.155 +
1.156 +/* =============================================================================
1.157 + * MESSAGE
1.158 + */
1.159 +
1.160 +struct NSSCMSMessageStr {
1.161 + NSSCMSContentInfo contentInfo; /* "outer" cinfo */
1.162 + /* --------- local; not part of encoding --------- */
1.163 + PLArenaPool * poolp;
1.164 + PRBool poolp_is_ours;
1.165 + int refCount;
1.166 + /* properties of the "inner" data */
1.167 + SECAlgorithmID ** detached_digestalgs;
1.168 + SECItem ** detached_digests;
1.169 + void * pwfn_arg;
1.170 + NSSCMSGetDecryptKeyCallback decrypt_key_cb;
1.171 + void * decrypt_key_cb_arg;
1.172 +};
1.173 +
1.174 +/* ============================================================================
1.175 + * GENERIC WRAPPER
1.176 + *
1.177 + * used for user defined types.
1.178 + */
1.179 +struct NSSCMSGenericWrapperDataStr {
1.180 + NSSCMSContentInfo contentInfo;
1.181 + /* ---- local; not part of encoding ------ */
1.182 + NSSCMSMessage * cmsg;
1.183 + /* wrapperspecific data starts here */
1.184 +};
1.185 +
1.186 +/* =============================================================================
1.187 + * SIGNEDDATA
1.188 + */
1.189 +
1.190 +struct NSSCMSSignedDataStr {
1.191 + SECItem version;
1.192 + SECAlgorithmID ** digestAlgorithms;
1.193 + NSSCMSContentInfo contentInfo;
1.194 + SECItem ** rawCerts;
1.195 + CERTSignedCrl ** crls;
1.196 + NSSCMSSignerInfo ** signerInfos;
1.197 + /* --------- local; not part of encoding --------- */
1.198 + NSSCMSMessage * cmsg; /* back pointer to message */
1.199 + SECItem ** digests;
1.200 + CERTCertificate ** certs;
1.201 + CERTCertificateList ** certLists;
1.202 + CERTCertificate ** tempCerts; /* temporary certs, needed
1.203 + * for example for signature
1.204 + * verification */
1.205 +};
1.206 +#define NSS_CMS_SIGNED_DATA_VERSION_BASIC 1 /* what we *create* */
1.207 +#define NSS_CMS_SIGNED_DATA_VERSION_EXT 3 /* what we *create* */
1.208 +
1.209 +typedef enum {
1.210 + NSSCMSVS_Unverified = 0,
1.211 + NSSCMSVS_GoodSignature = 1,
1.212 + NSSCMSVS_BadSignature = 2,
1.213 + NSSCMSVS_DigestMismatch = 3,
1.214 + NSSCMSVS_SigningCertNotFound = 4,
1.215 + NSSCMSVS_SigningCertNotTrusted = 5,
1.216 + NSSCMSVS_SignatureAlgorithmUnknown = 6,
1.217 + NSSCMSVS_SignatureAlgorithmUnsupported = 7,
1.218 + NSSCMSVS_MalformedSignature = 8,
1.219 + NSSCMSVS_ProcessingError = 9
1.220 +} NSSCMSVerificationStatus;
1.221 +
1.222 +typedef enum {
1.223 + NSSCMSSignerID_IssuerSN = 0,
1.224 + NSSCMSSignerID_SubjectKeyID = 1
1.225 +} NSSCMSSignerIDSelector;
1.226 +
1.227 +struct NSSCMSSignerIdentifierStr {
1.228 + NSSCMSSignerIDSelector identifierType;
1.229 + union {
1.230 + CERTIssuerAndSN *issuerAndSN;
1.231 + SECItem *subjectKeyID;
1.232 + } id;
1.233 +};
1.234 +
1.235 +struct NSSCMSSignerInfoStr {
1.236 + SECItem version;
1.237 + NSSCMSSignerIdentifier signerIdentifier;
1.238 + SECAlgorithmID digestAlg;
1.239 + NSSCMSAttribute ** authAttr;
1.240 + SECAlgorithmID digestEncAlg;
1.241 + SECItem encDigest;
1.242 + NSSCMSAttribute ** unAuthAttr;
1.243 + /* --------- local; not part of encoding --------- */
1.244 + NSSCMSMessage * cmsg; /* back pointer to message */
1.245 + CERTCertificate * cert;
1.246 + CERTCertificateList * certList;
1.247 + PRTime signingTime;
1.248 + NSSCMSVerificationStatus verificationStatus;
1.249 + SECKEYPrivateKey * signingKey; /* Used if we're using subjKeyID*/
1.250 + SECKEYPublicKey * pubKey;
1.251 +};
1.252 +#define NSS_CMS_SIGNER_INFO_VERSION_ISSUERSN 1 /* what we *create* */
1.253 +#define NSS_CMS_SIGNER_INFO_VERSION_SUBJKEY 3 /* what we *create* */
1.254 +
1.255 +typedef enum {
1.256 + NSSCMSCM_None = 0,
1.257 + NSSCMSCM_CertOnly = 1,
1.258 + NSSCMSCM_CertChain = 2,
1.259 + NSSCMSCM_CertChainWithRoot = 3
1.260 +} NSSCMSCertChainMode;
1.261 +
1.262 +/* =============================================================================
1.263 + * ENVELOPED DATA
1.264 + */
1.265 +struct NSSCMSEnvelopedDataStr {
1.266 + SECItem version;
1.267 + NSSCMSOriginatorInfo * originatorInfo; /* optional */
1.268 + NSSCMSRecipientInfo ** recipientInfos;
1.269 + NSSCMSContentInfo contentInfo;
1.270 + NSSCMSAttribute ** unprotectedAttr;
1.271 + /* --------- local; not part of encoding --------- */
1.272 + NSSCMSMessage * cmsg; /* back pointer to message */
1.273 +};
1.274 +#define NSS_CMS_ENVELOPED_DATA_VERSION_REG 0 /* what we *create* */
1.275 +#define NSS_CMS_ENVELOPED_DATA_VERSION_ADV 2 /* what we *create* */
1.276 +
1.277 +struct NSSCMSOriginatorInfoStr {
1.278 + SECItem ** rawCerts;
1.279 + CERTSignedCrl ** crls;
1.280 + /* --------- local; not part of encoding --------- */
1.281 + CERTCertificate ** certs;
1.282 +};
1.283 +
1.284 +/* -----------------------------------------------------------------------------
1.285 + * key transport recipient info
1.286 + */
1.287 +typedef enum {
1.288 + NSSCMSRecipientID_IssuerSN = 0,
1.289 + NSSCMSRecipientID_SubjectKeyID = 1,
1.290 + NSSCMSRecipientID_BrandNew = 2
1.291 +} NSSCMSRecipientIDSelector;
1.292 +
1.293 +struct NSSCMSRecipientIdentifierStr {
1.294 + NSSCMSRecipientIDSelector identifierType;
1.295 + union {
1.296 + CERTIssuerAndSN *issuerAndSN;
1.297 + SECItem *subjectKeyID;
1.298 + } id;
1.299 +};
1.300 +typedef struct NSSCMSRecipientIdentifierStr NSSCMSRecipientIdentifier;
1.301 +
1.302 +struct NSSCMSKeyTransRecipientInfoStr {
1.303 + SECItem version;
1.304 + NSSCMSRecipientIdentifier recipientIdentifier;
1.305 + SECAlgorithmID keyEncAlg;
1.306 + SECItem encKey;
1.307 +};
1.308 +typedef struct NSSCMSKeyTransRecipientInfoStr NSSCMSKeyTransRecipientInfo;
1.309 +
1.310 +/*
1.311 + * View comments before NSSCMSRecipientInfoStr for purpose of this
1.312 + * structure.
1.313 + */
1.314 +struct NSSCMSKeyTransRecipientInfoExStr {
1.315 + NSSCMSKeyTransRecipientInfo recipientInfo;
1.316 + int version; /* version of this structure (0) */
1.317 + SECKEYPublicKey *pubKey;
1.318 +};
1.319 +
1.320 +typedef struct NSSCMSKeyTransRecipientInfoExStr NSSCMSKeyTransRecipientInfoEx;
1.321 +
1.322 +#define NSS_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_ISSUERSN 0 /* what we *create* */
1.323 +#define NSS_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_SUBJKEY 2 /* what we *create* */
1.324 +
1.325 +/* -----------------------------------------------------------------------------
1.326 + * key agreement recipient info
1.327 + */
1.328 +struct NSSCMSOriginatorPublicKeyStr {
1.329 + SECAlgorithmID algorithmIdentifier;
1.330 + SECItem publicKey; /* bit string! */
1.331 +};
1.332 +typedef struct NSSCMSOriginatorPublicKeyStr NSSCMSOriginatorPublicKey;
1.333 +
1.334 +typedef enum {
1.335 + NSSCMSOriginatorIDOrKey_IssuerSN = 0,
1.336 + NSSCMSOriginatorIDOrKey_SubjectKeyID = 1,
1.337 + NSSCMSOriginatorIDOrKey_OriginatorPublicKey = 2
1.338 +} NSSCMSOriginatorIDOrKeySelector;
1.339 +
1.340 +struct NSSCMSOriginatorIdentifierOrKeyStr {
1.341 + NSSCMSOriginatorIDOrKeySelector identifierType;
1.342 + union {
1.343 + CERTIssuerAndSN *issuerAndSN; /* static-static */
1.344 + SECItem *subjectKeyID; /* static-static */
1.345 + NSSCMSOriginatorPublicKey originatorPublicKey; /* ephemeral-static */
1.346 + } id;
1.347 +};
1.348 +typedef struct NSSCMSOriginatorIdentifierOrKeyStr NSSCMSOriginatorIdentifierOrKey;
1.349 +
1.350 +struct NSSCMSRecipientKeyIdentifierStr {
1.351 + SECItem * subjectKeyIdentifier;
1.352 + SECItem * date; /* optional */
1.353 + SECItem * other; /* optional */
1.354 +};
1.355 +typedef struct NSSCMSRecipientKeyIdentifierStr NSSCMSRecipientKeyIdentifier;
1.356 +
1.357 +typedef enum {
1.358 + NSSCMSKeyAgreeRecipientID_IssuerSN = 0,
1.359 + NSSCMSKeyAgreeRecipientID_RKeyID = 1
1.360 +} NSSCMSKeyAgreeRecipientIDSelector;
1.361 +
1.362 +struct NSSCMSKeyAgreeRecipientIdentifierStr {
1.363 + NSSCMSKeyAgreeRecipientIDSelector identifierType;
1.364 + union {
1.365 + CERTIssuerAndSN *issuerAndSN;
1.366 + NSSCMSRecipientKeyIdentifier recipientKeyIdentifier;
1.367 + } id;
1.368 +};
1.369 +typedef struct NSSCMSKeyAgreeRecipientIdentifierStr NSSCMSKeyAgreeRecipientIdentifier;
1.370 +
1.371 +struct NSSCMSRecipientEncryptedKeyStr {
1.372 + NSSCMSKeyAgreeRecipientIdentifier recipientIdentifier;
1.373 + SECItem encKey;
1.374 +};
1.375 +typedef struct NSSCMSRecipientEncryptedKeyStr NSSCMSRecipientEncryptedKey;
1.376 +
1.377 +struct NSSCMSKeyAgreeRecipientInfoStr {
1.378 + SECItem version;
1.379 + NSSCMSOriginatorIdentifierOrKey originatorIdentifierOrKey;
1.380 + SECItem * ukm; /* optional */
1.381 + SECAlgorithmID keyEncAlg;
1.382 + NSSCMSRecipientEncryptedKey ** recipientEncryptedKeys;
1.383 +};
1.384 +typedef struct NSSCMSKeyAgreeRecipientInfoStr NSSCMSKeyAgreeRecipientInfo;
1.385 +
1.386 +#define NSS_CMS_KEYAGREE_RECIPIENT_INFO_VERSION 3 /* what we *create* */
1.387 +
1.388 +/* -----------------------------------------------------------------------------
1.389 + * KEK recipient info
1.390 + */
1.391 +struct NSSCMSKEKIdentifierStr {
1.392 + SECItem keyIdentifier;
1.393 + SECItem * date; /* optional */
1.394 + SECItem * other; /* optional */
1.395 +};
1.396 +typedef struct NSSCMSKEKIdentifierStr NSSCMSKEKIdentifier;
1.397 +
1.398 +struct NSSCMSKEKRecipientInfoStr {
1.399 + SECItem version;
1.400 + NSSCMSKEKIdentifier kekIdentifier;
1.401 + SECAlgorithmID keyEncAlg;
1.402 + SECItem encKey;
1.403 +};
1.404 +typedef struct NSSCMSKEKRecipientInfoStr NSSCMSKEKRecipientInfo;
1.405 +
1.406 +#define NSS_CMS_KEK_RECIPIENT_INFO_VERSION 4 /* what we *create* */
1.407 +
1.408 +/* -----------------------------------------------------------------------------
1.409 + * recipient info
1.410 + */
1.411 +
1.412 +typedef enum {
1.413 + NSSCMSRecipientInfoID_KeyTrans = 0,
1.414 + NSSCMSRecipientInfoID_KeyAgree = 1,
1.415 + NSSCMSRecipientInfoID_KEK = 2
1.416 +} NSSCMSRecipientInfoIDSelector;
1.417 +
1.418 +/*
1.419 + * In order to preserve backwards binary compatibility when implementing
1.420 + * creation of Recipient Info's that uses subjectKeyID in the
1.421 + * keyTransRecipientInfo we need to stash a public key pointer in this
1.422 + * structure somewhere. We figured out that NSSCMSKeyTransRecipientInfo
1.423 + * is the smallest member of the ri union. We're in luck since that's
1.424 + * the very structure that would need to use the public key. So we created
1.425 + * a new structure NSSCMSKeyTransRecipientInfoEx which has a member
1.426 + * NSSCMSKeyTransRecipientInfo as the first member followed by a version
1.427 + * and a public key pointer. This way we can keep backwards compatibility
1.428 + * without changing the size of this structure.
1.429 + *
1.430 + * BTW, size of structure:
1.431 + * NSSCMSKeyTransRecipientInfo: 9 ints, 4 pointers
1.432 + * NSSCMSKeyAgreeRecipientInfo: 12 ints, 8 pointers
1.433 + * NSSCMSKEKRecipientInfo: 10 ints, 7 pointers
1.434 + *
1.435 + * The new structure:
1.436 + * NSSCMSKeyTransRecipientInfoEx: sizeof(NSSCMSKeyTransRecipientInfo) +
1.437 + * 1 int, 1 pointer
1.438 + */
1.439 +
1.440 +struct NSSCMSRecipientInfoStr {
1.441 + NSSCMSRecipientInfoIDSelector recipientInfoType;
1.442 + union {
1.443 + NSSCMSKeyTransRecipientInfo keyTransRecipientInfo;
1.444 + NSSCMSKeyAgreeRecipientInfo keyAgreeRecipientInfo;
1.445 + NSSCMSKEKRecipientInfo kekRecipientInfo;
1.446 + NSSCMSKeyTransRecipientInfoEx keyTransRecipientInfoEx;
1.447 + } ri;
1.448 + /* --------- local; not part of encoding --------- */
1.449 + NSSCMSMessage * cmsg; /* back pointer to message */
1.450 + CERTCertificate * cert; /* recipient's certificate */
1.451 +};
1.452 +
1.453 +/* =============================================================================
1.454 + * DIGESTED DATA
1.455 + */
1.456 +struct NSSCMSDigestedDataStr {
1.457 + SECItem version;
1.458 + SECAlgorithmID digestAlg;
1.459 + NSSCMSContentInfo contentInfo;
1.460 + SECItem digest;
1.461 + /* --------- local; not part of encoding --------- */
1.462 + NSSCMSMessage * cmsg; /* back pointer */
1.463 + SECItem cdigest; /* calculated digest */
1.464 +};
1.465 +#define NSS_CMS_DIGESTED_DATA_VERSION_DATA 0 /* what we *create* */
1.466 +#define NSS_CMS_DIGESTED_DATA_VERSION_ENCAP 2 /* what we *create* */
1.467 +
1.468 +/* =============================================================================
1.469 + * ENCRYPTED DATA
1.470 + */
1.471 +struct NSSCMSEncryptedDataStr {
1.472 + SECItem version;
1.473 + NSSCMSContentInfo contentInfo;
1.474 + NSSCMSAttribute ** unprotectedAttr; /* optional */
1.475 + /* --------- local; not part of encoding --------- */
1.476 + NSSCMSMessage * cmsg; /* back pointer */
1.477 +};
1.478 +#define NSS_CMS_ENCRYPTED_DATA_VERSION 0 /* what we *create* */
1.479 +#define NSS_CMS_ENCRYPTED_DATA_VERSION_UPATTR 2 /* what we *create* */
1.480 +
1.481 +/*
1.482 + * *****************************************************************************
1.483 + * *****************************************************************************
1.484 + * *****************************************************************************
1.485 + */
1.486 +
1.487 +/*
1.488 + * See comment above about this type not really belonging to CMS.
1.489 + */
1.490 +struct NSSCMSAttributeStr {
1.491 + /* The following fields make up an encoded Attribute: */
1.492 + SECItem type;
1.493 + SECItem ** values; /* data may or may not be encoded */
1.494 + /* The following fields are not part of an encoded Attribute: */
1.495 + SECOidData * typeTag;
1.496 + PRBool encoded; /* when true, values are encoded */
1.497 +};
1.498 +
1.499 +#endif /* _CMST_H_ */
