cmst.h

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C头文件 代码 · 共 490 行 · 第 1/2 页

};
#define NSS_CMS_SIGNER_INFO_VERSION_ISSUERSN	1	/* what we *create* */
#define NSS_CMS_SIGNER_INFO_VERSION_SUBJKEY	3	/* what we *create* */

typedef enum {
    NSSCMSCM_None = 0,
    NSSCMSCM_CertOnly,
    NSSCMSCM_CertChain,
    NSSCMSCM_CertChainWithRoot
} NSSCMSCertChainMode;

/* =============================================================================
 * ENVELOPED DATA
 */
struct NSSCMSEnvelopedDataStr {
    SECItem			version;
    NSSCMSOriginatorInfo *	originatorInfo;		/* optional */
    NSSCMSRecipientInfo **	recipientInfos;
    NSSCMSContentInfo		contentInfo;
    NSSCMSAttribute **		unprotectedAttr;
    /* --------- local; not part of encoding --------- */
    NSSCMSMessage *		cmsg;			/* back pointer to message */
};
#define NSS_CMS_ENVELOPED_DATA_VERSION_REG	0	/* what we *create* */
#define NSS_CMS_ENVELOPED_DATA_VERSION_ADV	2	/* what we *create* */

struct NSSCMSOriginatorInfoStr {
    SECItem **			rawCerts;
    CERTSignedCrl **		crls;
    /* --------- local; not part of encoding --------- */
    CERTCertificate **		certs;
};

/* -----------------------------------------------------------------------------
 * key transport recipient info
 */
typedef enum {
    NSSCMSRecipientID_IssuerSN,
    NSSCMSRecipientID_SubjectKeyID
} NSSCMSRecipientIDSelector;

struct NSSCMSRecipientIdentifierStr {
    NSSCMSRecipientIDSelector	identifierType;
    union {
	CERTIssuerAndSN		*issuerAndSN;
	SECItem 		*subjectKeyID;
    } id;
};
typedef struct NSSCMSRecipientIdentifierStr NSSCMSRecipientIdentifier;

struct NSSCMSKeyTransRecipientInfoStr {
    SECItem			version;
    NSSCMSRecipientIdentifier	recipientIdentifier;
    SECAlgorithmID		keyEncAlg;
    SECItem			encKey;
};
typedef struct NSSCMSKeyTransRecipientInfoStr NSSCMSKeyTransRecipientInfo;

#define NSS_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_ISSUERSN	0	/* what we *create* */
#define NSS_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_SUBJKEY		2	/* what we *create* */

/* -----------------------------------------------------------------------------
 * key agreement recipient info
 */
struct NSSCMSOriginatorPublicKeyStr {
    SECAlgorithmID			algorithmIdentifier;
    SECItem				publicKey;			/* bit string! */
};
typedef struct NSSCMSOriginatorPublicKeyStr NSSCMSOriginatorPublicKey;

typedef enum {
    NSSCMSOriginatorIDOrKey_IssuerSN,
    NSSCMSOriginatorIDOrKey_SubjectKeyID,
    NSSCMSOriginatorIDOrKey_OriginatorPublicKey
} NSSCMSOriginatorIDOrKeySelector;

struct NSSCMSOriginatorIdentifierOrKeyStr {
    NSSCMSOriginatorIDOrKeySelector identifierType;
    union {
	CERTIssuerAndSN			*issuerAndSN;		/* static-static */
	SECItem				*subjectKeyID;		/* static-static */
	NSSCMSOriginatorPublicKey	originatorPublicKey;	/* ephemeral-static */
    } id;
};
typedef struct NSSCMSOriginatorIdentifierOrKeyStr NSSCMSOriginatorIdentifierOrKey;

struct NSSCMSRecipientKeyIdentifierStr {
    SECItem *				subjectKeyIdentifier;
    SECItem *				date;			/* optional */
    SECItem *				other;			/* optional */
};
typedef struct NSSCMSRecipientKeyIdentifierStr NSSCMSRecipientKeyIdentifier;

typedef enum {
    NSSCMSKeyAgreeRecipientID_IssuerSN,
    NSSCMSKeyAgreeRecipientID_RKeyID
} NSSCMSKeyAgreeRecipientIDSelector;

struct NSSCMSKeyAgreeRecipientIdentifierStr {
    NSSCMSKeyAgreeRecipientIDSelector	identifierType;
    union {
	CERTIssuerAndSN			*issuerAndSN;
	NSSCMSRecipientKeyIdentifier	recipientKeyIdentifier;
    } id;
};
typedef struct NSSCMSKeyAgreeRecipientIdentifierStr NSSCMSKeyAgreeRecipientIdentifier;

struct NSSCMSRecipientEncryptedKeyStr {
    NSSCMSKeyAgreeRecipientIdentifier	recipientIdentifier;
    SECItem				encKey;
};
typedef struct NSSCMSRecipientEncryptedKeyStr NSSCMSRecipientEncryptedKey;

struct NSSCMSKeyAgreeRecipientInfoStr {
    SECItem				version;
    NSSCMSOriginatorIdentifierOrKey	originatorIdentifierOrKey;
    SECItem *				ukm;				/* optional */
    SECAlgorithmID			keyEncAlg;
    NSSCMSRecipientEncryptedKey **	recipientEncryptedKeys;
};
typedef struct NSSCMSKeyAgreeRecipientInfoStr NSSCMSKeyAgreeRecipientInfo;

#define NSS_CMS_KEYAGREE_RECIPIENT_INFO_VERSION	3	/* what we *create* */

/* -----------------------------------------------------------------------------
 * KEK recipient info
 */
struct NSSCMSKEKIdentifierStr {
    SECItem			keyIdentifier;
    SECItem *			date;			/* optional */
    SECItem *			other;			/* optional */
};
typedef struct NSSCMSKEKIdentifierStr NSSCMSKEKIdentifier;

struct NSSCMSKEKRecipientInfoStr {
    SECItem			version;
    NSSCMSKEKIdentifier		kekIdentifier;
    SECAlgorithmID		keyEncAlg;
    SECItem			encKey;
};
typedef struct NSSCMSKEKRecipientInfoStr NSSCMSKEKRecipientInfo;

#define NSS_CMS_KEK_RECIPIENT_INFO_VERSION	4	/* what we *create* */

/* -----------------------------------------------------------------------------
 * recipient info
 */

typedef enum {
    NSSCMSRecipientInfoID_KeyTrans,
    NSSCMSRecipientInfoID_KeyAgree,
    NSSCMSRecipientInfoID_KEK
} NSSCMSRecipientInfoIDSelector;

struct NSSCMSRecipientInfoStr {
    NSSCMSRecipientInfoIDSelector recipientInfoType;
    union {
	NSSCMSKeyTransRecipientInfo keyTransRecipientInfo;
	NSSCMSKeyAgreeRecipientInfo keyAgreeRecipientInfo;
	NSSCMSKEKRecipientInfo kekRecipientInfo;
    } ri;
    /* --------- local; not part of encoding --------- */
    NSSCMSMessage *		cmsg;			/* back pointer to message */
    CERTCertificate *		cert;			/* recipient's certificate */
};

/* =============================================================================
 * DIGESTED DATA
 */
struct NSSCMSDigestedDataStr {
    SECItem			version;
    SECAlgorithmID		digestAlg;
    NSSCMSContentInfo		contentInfo;
    SECItem			digest;
    /* --------- local; not part of encoding --------- */
    NSSCMSMessage *		cmsg;		/* back pointer */
    SECItem			cdigest;	/* calculated digest */
};
#define NSS_CMS_DIGESTED_DATA_VERSION_DATA	0	/* what we *create* */
#define NSS_CMS_DIGESTED_DATA_VERSION_ENCAP	2	/* what we *create* */

/* =============================================================================
 * ENCRYPTED DATA
 */
struct NSSCMSEncryptedDataStr {
    SECItem			version;
    NSSCMSContentInfo		contentInfo;
    NSSCMSAttribute **		unprotectedAttr;	/* optional */
    /* --------- local; not part of encoding --------- */
    NSSCMSMessage *		cmsg;		/* back pointer */
};
#define NSS_CMS_ENCRYPTED_DATA_VERSION		0	/* what we *create* */
#define NSS_CMS_ENCRYPTED_DATA_VERSION_UPATTR	2	/* what we *create* */

/* =============================================================================
 * FORTEZZA KEA
 */

/* An enumerated type used to select templates based on the encryption
   scenario and data specifics. */
typedef enum {
    NSSCMSKEAUsesSkipjack,
    NSSCMSKEAUsesNonSkipjack,
    NSSCMSKEAUsesNonSkipjackWithPaddedEncKey
} NSSCMSKEATemplateSelector;

/* ### mwelch - S/MIME KEA parameters. These don't really fit here,
                but I cannot think of a more appropriate place at this time. */
struct NSSCMSSMIMEKEAParametersStr {
    SECItem originatorKEAKey;	/* sender KEA key (encrypted?) */
    SECItem originatorRA;	/* random number generated by sender */
    SECItem nonSkipjackIV;	/* init'n vector for SkipjackCBC64
			           decryption of KEA key if Skipjack
				   is not the bulk algorithm used on
				   the message */
    SECItem bulkKeySize;	/* if Skipjack is not the bulk
			           algorithm used on the message,
				   and the size of the bulk encryption
				   key is not the same as that of
				   originatorKEAKey (due to padding
				   perhaps), this field will contain
				   the real size of the bulk encryption
				   key. */
};

/*
 * *****************************************************************************
 * *****************************************************************************
 * *****************************************************************************
 */

/*
 * See comment above about this type not really belonging to CMS.
 */
struct NSSCMSAttributeStr {
    /* The following fields make up an encoded Attribute: */
    SECItem			type;
    SECItem **			values;	/* data may or may not be encoded */
    /* The following fields are not part of an encoded Attribute: */
    SECOidData *		typeTag;
    PRBool			encoded;	/* when true, values are encoded */
};

#endif /* _CMST_H_ */