/src/mozilla-central/security/nss/lib/smime/cmsasn1.c

Source (jump to first uncovered line)
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/*
 * CMS ASN.1 templates
 */

#include "cmslocal.h"

#include "cert.h"
#include "keyhi.h"
#include "secasn1.h"
#include "secitem.h"
#include "secoid.h"
#include "prtime.h"
#include "secerr.h"

extern const SEC_ASN1Template nss_cms_set_of_attribute_template[];

SEC_ASN1_MKSUB(CERT_IssuerAndSNTemplate)
SEC_ASN1_MKSUB(CERT_SetOfSignedCrlTemplate)
SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
SEC_ASN1_MKSUB(SEC_BitStringTemplate)
SEC_ASN1_MKSUB(SEC_OctetStringTemplate)
SEC_ASN1_MKSUB(SEC_PointerToOctetStringTemplate)
SEC_ASN1_MKSUB(SEC_SetOfAnyTemplate)

/* -----------------------------------------------------------------------------
 * MESSAGE
 * (uses NSSCMSContentInfo)
 */

/* forward declaration */
static const SEC_ASN1Template *
nss_cms_choose_content_template(void *src_or_dest, PRBool encoding);

static const SEC_ASN1TemplateChooserPtr nss_cms_chooser = nss_cms_choose_content_template;

const SEC_ASN1Template NSSCMSMessageTemplate[] = {
    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
      0, NULL, sizeof(NSSCMSMessage) },
    { SEC_ASN1_OBJECT_ID,
      offsetof(NSSCMSMessage, contentInfo.contentType) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_DYNAMIC | SEC_ASN1_MAY_STREAM |
          SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
      offsetof(NSSCMSMessage, contentInfo.content),
      &nss_cms_chooser },
    { 0 }
};

/* -----------------------------------------------------------------------------
 * ENCAPSULATED & ENCRYPTED CONTENTINFO
 * (both use a NSSCMSContentInfo)
 */
static const SEC_ASN1Template NSSCMSEncapsulatedContentInfoTemplate[] = {
    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
      0, NULL, sizeof(NSSCMSContentInfo) },
    { SEC_ASN1_OBJECT_ID,
      offsetof(NSSCMSContentInfo, contentType) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | SEC_ASN1_MAY_STREAM |
          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
      offsetof(NSSCMSContentInfo, rawContent),
      SEC_ASN1_SUB(SEC_PointerToOctetStringTemplate) },
    { 0 }
};

static const SEC_ASN1Template NSSCMSEncryptedContentInfoTemplate[] = {
    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
      0, NULL, sizeof(NSSCMSContentInfo) },
    { SEC_ASN1_OBJECT_ID,
      offsetof(NSSCMSContentInfo, contentType) },
    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
      offsetof(NSSCMSContentInfo, contentEncAlg),
      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_POINTER | SEC_ASN1_MAY_STREAM |
          SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
      offsetof(NSSCMSContentInfo, rawContent),
      SEC_ASN1_SUB(SEC_OctetStringTemplate) },
    { 0 }
};

/* -----------------------------------------------------------------------------
 * SIGNED DATA
 */

const SEC_ASN1Template NSSCMSSignerInfoTemplate[];

const SEC_ASN1Template NSSCMSSignedDataTemplate[] = {
    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
      0, NULL, sizeof(NSSCMSSignedData) },
    { SEC_ASN1_INTEGER,
      offsetof(NSSCMSSignedData, version) },
    { SEC_ASN1_SET_OF | SEC_ASN1_XTRN,
      offsetof(NSSCMSSignedData, digestAlgorithms),
      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
    { SEC_ASN1_INLINE,
      offsetof(NSSCMSSignedData, contentInfo),
      NSSCMSEncapsulatedContentInfoTemplate },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
          SEC_ASN1_XTRN | 0,
      offsetof(NSSCMSSignedData, rawCerts),
      SEC_ASN1_SUB(SEC_SetOfAnyTemplate) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
          SEC_ASN1_XTRN | 1,
      offsetof(NSSCMSSignedData, crls),
      SEC_ASN1_SUB(CERT_SetOfSignedCrlTemplate) },
    { SEC_ASN1_SET_OF,
      offsetof(NSSCMSSignedData, signerInfos),
      NSSCMSSignerInfoTemplate },
    { 0 }
};

const SEC_ASN1Template NSS_PointerToCMSSignedDataTemplate[] = {
    { SEC_ASN1_POINTER, 0, NSSCMSSignedDataTemplate }
};

/* -----------------------------------------------------------------------------
 * signeridentifier
 */

static const SEC_ASN1Template NSSCMSSignerIdentifierTemplate[] = {
    { SEC_ASN1_CHOICE,
      offsetof(NSSCMSSignerIdentifier, identifierType), NULL,
      sizeof(NSSCMSSignerIdentifier) },
    { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
      offsetof(NSSCMSSignerIdentifier, id.subjectKeyID),
      SEC_ASN1_SUB(SEC_OctetStringTemplate),
      NSSCMSRecipientID_SubjectKeyID },
    { SEC_ASN1_POINTER | SEC_ASN1_XTRN,
      offsetof(NSSCMSSignerIdentifier, id.issuerAndSN),
      SEC_ASN1_SUB(CERT_IssuerAndSNTemplate),
      NSSCMSRecipientID_IssuerSN },
    { 0 }
};

/* -----------------------------------------------------------------------------
 * signerinfo
 */

const SEC_ASN1Template NSSCMSSignerInfoTemplate[] = {
    { SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(NSSCMSSignerInfo) },
    { SEC_ASN1_INTEGER,
      offsetof(NSSCMSSignerInfo, version) },
    { SEC_ASN1_INLINE,
      offsetof(NSSCMSSignerInfo, signerIdentifier),
      NSSCMSSignerIdentifierTemplate },
    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
      offsetof(NSSCMSSignerInfo, digestAlg),
      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
      offsetof(NSSCMSSignerInfo, authAttr),
      nss_cms_set_of_attribute_template },
    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
      offsetof(NSSCMSSignerInfo, digestEncAlg),
      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
    { SEC_ASN1_OCTET_STRING,
      offsetof(NSSCMSSignerInfo, encDigest) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
      offsetof(NSSCMSSignerInfo, unAuthAttr),
      nss_cms_set_of_attribute_template },
    { 0 }
};

/* -----------------------------------------------------------------------------
 * ENVELOPED DATA
 */

static const SEC_ASN1Template NSSCMSOriginatorInfoTemplate[] = {
    { SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(NSSCMSOriginatorInfo) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
          SEC_ASN1_XTRN | 0,
      offsetof(NSSCMSOriginatorInfo, rawCerts),
      SEC_ASN1_SUB(SEC_SetOfAnyTemplate) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
          SEC_ASN1_XTRN | 1,
      offsetof(NSSCMSOriginatorInfo, crls),
      SEC_ASN1_SUB(CERT_SetOfSignedCrlTemplate) },
    { 0 }
};

const SEC_ASN1Template NSSCMSRecipientInfoTemplate[];

const SEC_ASN1Template NSSCMSEnvelopedDataTemplate[] = {
    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
      0, NULL, sizeof(NSSCMSEnvelopedData) },
    { SEC_ASN1_INTEGER,
      offsetof(NSSCMSEnvelopedData, version) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_POINTER | SEC_ASN1_CONSTRUCTED |
          SEC_ASN1_CONTEXT_SPECIFIC | 0,
      offsetof(NSSCMSEnvelopedData, originatorInfo),
      NSSCMSOriginatorInfoTemplate },
    { SEC_ASN1_SET_OF,
      offsetof(NSSCMSEnvelopedData, recipientInfos),
      NSSCMSRecipientInfoTemplate },
    { SEC_ASN1_INLINE,
      offsetof(NSSCMSEnvelopedData, contentInfo),
      NSSCMSEncryptedContentInfoTemplate },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
      offsetof(NSSCMSEnvelopedData, unprotectedAttr),
      nss_cms_set_of_attribute_template },
    { 0 }
};

const SEC_ASN1Template NSS_PointerToCMSEnvelopedDataTemplate[] = {
    { SEC_ASN1_POINTER, 0, NSSCMSEnvelopedDataTemplate }
};

/* here come the 15 gazillion templates for all the v3 varieties of RecipientInfo */

/* -----------------------------------------------------------------------------
 * key transport recipient info
 */

static const SEC_ASN1Template NSSCMSRecipientIdentifierTemplate[] = {
    { SEC_ASN1_CHOICE,
      offsetof(NSSCMSRecipientIdentifier, identifierType), NULL,
      sizeof(NSSCMSRecipientIdentifier) },
    { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
      offsetof(NSSCMSRecipientIdentifier, id.subjectKeyID),
      SEC_ASN1_SUB(SEC_OctetStringTemplate),
      NSSCMSRecipientID_SubjectKeyID },
    { SEC_ASN1_POINTER | SEC_ASN1_XTRN,
      offsetof(NSSCMSRecipientIdentifier, id.issuerAndSN),
      SEC_ASN1_SUB(CERT_IssuerAndSNTemplate),
      NSSCMSRecipientID_IssuerSN },
    { 0 }
};

static const SEC_ASN1Template NSSCMSKeyTransRecipientInfoTemplate[] = {
    { SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(NSSCMSKeyTransRecipientInfo) },
    { SEC_ASN1_INTEGER,
      offsetof(NSSCMSKeyTransRecipientInfo, version) },
    { SEC_ASN1_INLINE,
      offsetof(NSSCMSKeyTransRecipientInfo, recipientIdentifier),
      NSSCMSRecipientIdentifierTemplate },
    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
      offsetof(NSSCMSKeyTransRecipientInfo, keyEncAlg),
      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
    { SEC_ASN1_OCTET_STRING,
      offsetof(NSSCMSKeyTransRecipientInfo, encKey) },
    { 0 }
};

/* -----------------------------------------------------------------------------
 * key agreement recipient info
 */

static const SEC_ASN1Template NSSCMSOriginatorPublicKeyTemplate[] = {
    { SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(NSSCMSOriginatorPublicKey) },
    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
      offsetof(NSSCMSOriginatorPublicKey, algorithmIdentifier),
      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
      offsetof(NSSCMSOriginatorPublicKey, publicKey),
      SEC_ASN1_SUB(SEC_BitStringTemplate) },
    { 0 }
};

static const SEC_ASN1Template NSSCMSOriginatorIdentifierOrKeyTemplate[] = {
    { SEC_ASN1_CHOICE,
      offsetof(NSSCMSOriginatorIdentifierOrKey, identifierType), NULL,
      sizeof(NSSCMSOriginatorIdentifierOrKey) },
    { SEC_ASN1_POINTER | SEC_ASN1_XTRN,
      offsetof(NSSCMSOriginatorIdentifierOrKey, id.issuerAndSN),
      SEC_ASN1_SUB(CERT_IssuerAndSNTemplate),
      NSSCMSOriginatorIDOrKey_IssuerSN },
    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
          SEC_ASN1_XTRN | 1,
      offsetof(NSSCMSOriginatorIdentifierOrKey, id.subjectKeyID),
      SEC_ASN1_SUB(SEC_PointerToOctetStringTemplate),
      NSSCMSOriginatorIDOrKey_SubjectKeyID },
    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 2,
      offsetof(NSSCMSOriginatorIdentifierOrKey, id.originatorPublicKey),
      NSSCMSOriginatorPublicKeyTemplate,
      NSSCMSOriginatorIDOrKey_OriginatorPublicKey },
    { 0 }
};

const SEC_ASN1Template NSSCMSRecipientKeyIdentifierTemplate[] = {
    { SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(NSSCMSRecipientKeyIdentifier) },
    { SEC_ASN1_OCTET_STRING,
      offsetof(NSSCMSRecipientKeyIdentifier, subjectKeyIdentifier) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_OCTET_STRING,
      offsetof(NSSCMSRecipientKeyIdentifier, date) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_OCTET_STRING,
      offsetof(NSSCMSRecipientKeyIdentifier, other) },
    { 0 }
};

static const SEC_ASN1Template NSSCMSKeyAgreeRecipientIdentifierTemplate[] = {
    { SEC_ASN1_CHOICE,
      offsetof(NSSCMSKeyAgreeRecipientIdentifier, identifierType), NULL,
      sizeof(NSSCMSKeyAgreeRecipientIdentifier) },
    { SEC_ASN1_POINTER | SEC_ASN1_XTRN,
      offsetof(NSSCMSKeyAgreeRecipientIdentifier, id.issuerAndSN),
      SEC_ASN1_SUB(CERT_IssuerAndSNTemplate),
      NSSCMSKeyAgreeRecipientID_IssuerSN },
    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
      offsetof(NSSCMSKeyAgreeRecipientIdentifier, id.recipientKeyIdentifier),
      NSSCMSRecipientKeyIdentifierTemplate,
      NSSCMSKeyAgreeRecipientID_RKeyID },
    { 0 }
};

static const SEC_ASN1Template NSSCMSRecipientEncryptedKeyTemplate[] = {
    { SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(NSSCMSRecipientEncryptedKey) },
    { SEC_ASN1_INLINE,
      offsetof(NSSCMSRecipientEncryptedKey, recipientIdentifier),
      NSSCMSKeyAgreeRecipientIdentifierTemplate },
    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
      offsetof(NSSCMSRecipientEncryptedKey, encKey),
      SEC_ASN1_SUB(SEC_BitStringTemplate) },
    { 0 }
};

static const SEC_ASN1Template NSSCMSKeyAgreeRecipientInfoTemplate[] = {
    { SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(NSSCMSKeyAgreeRecipientInfo) },
    { SEC_ASN1_INTEGER,
      offsetof(NSSCMSKeyAgreeRecipientInfo, version) },
    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
      offsetof(NSSCMSKeyAgreeRecipientInfo, originatorIdentifierOrKey),
      NSSCMSOriginatorIdentifierOrKeyTemplate },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT |
          SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
      offsetof(NSSCMSKeyAgreeRecipientInfo, ukm),
      SEC_ASN1_SUB(SEC_OctetStringTemplate) },
    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
      offsetof(NSSCMSKeyAgreeRecipientInfo, keyEncAlg),
      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
    { SEC_ASN1_SEQUENCE_OF,
      offsetof(NSSCMSKeyAgreeRecipientInfo, recipientEncryptedKeys),
      NSSCMSRecipientEncryptedKeyTemplate },
    { 0 }
};

/* -----------------------------------------------------------------------------
 * KEK recipient info
 */

static const SEC_ASN1Template NSSCMSKEKIdentifierTemplate[] = {
    { SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(NSSCMSKEKIdentifier) },
    { SEC_ASN1_OCTET_STRING,
      offsetof(NSSCMSKEKIdentifier, keyIdentifier) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_OCTET_STRING,
      offsetof(NSSCMSKEKIdentifier, date) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_OCTET_STRING,
      offsetof(NSSCMSKEKIdentifier, other) },
    { 0 }
};

static const SEC_ASN1Template NSSCMSKEKRecipientInfoTemplate[] = {
    { SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(NSSCMSKEKRecipientInfo) },
    { SEC_ASN1_INTEGER,
      offsetof(NSSCMSKEKRecipientInfo, version) },
    { SEC_ASN1_INLINE,
      offsetof(NSSCMSKEKRecipientInfo, kekIdentifier),
      NSSCMSKEKIdentifierTemplate },
    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
      offsetof(NSSCMSKEKRecipientInfo, keyEncAlg),
      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
    { SEC_ASN1_OCTET_STRING,
      offsetof(NSSCMSKEKRecipientInfo, encKey) },
    { 0 }
};

/* -----------------------------------------------------------------------------
 * recipient info
 */
const SEC_ASN1Template NSSCMSRecipientInfoTemplate[] = {
    { SEC_ASN1_CHOICE,
      offsetof(NSSCMSRecipientInfo, recipientInfoType), NULL,
      sizeof(NSSCMSRecipientInfo) },
    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
      offsetof(NSSCMSRecipientInfo, ri.keyAgreeRecipientInfo),
      NSSCMSKeyAgreeRecipientInfoTemplate,
      NSSCMSRecipientInfoID_KeyAgree },
    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 2,
      offsetof(NSSCMSRecipientInfo, ri.kekRecipientInfo),
      NSSCMSKEKRecipientInfoTemplate,
      NSSCMSRecipientInfoID_KEK },
    { SEC_ASN1_INLINE,
      offsetof(NSSCMSRecipientInfo, ri.keyTransRecipientInfo),
      NSSCMSKeyTransRecipientInfoTemplate,
      NSSCMSRecipientInfoID_KeyTrans },
    { 0 }
};

/* -----------------------------------------------------------------------------
 *
 */

const SEC_ASN1Template NSSCMSDigestedDataTemplate[] = {
    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
      0, NULL, sizeof(NSSCMSDigestedData) },
    { SEC_ASN1_INTEGER,
      offsetof(NSSCMSDigestedData, version) },
    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
      offsetof(NSSCMSDigestedData, digestAlg),
      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
    { SEC_ASN1_INLINE,
      offsetof(NSSCMSDigestedData, contentInfo),
      NSSCMSEncapsulatedContentInfoTemplate },
    { SEC_ASN1_OCTET_STRING,
      offsetof(NSSCMSDigestedData, digest) },
    { 0 }
};

const SEC_ASN1Template NSS_PointerToCMSDigestedDataTemplate[] = {
    { SEC_ASN1_POINTER, 0, NSSCMSDigestedDataTemplate }
};

const SEC_ASN1Template NSSCMSEncryptedDataTemplate[] = {
    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
      0, NULL, sizeof(NSSCMSEncryptedData) },
    { SEC_ASN1_INTEGER,
      offsetof(NSSCMSEncryptedData, version) },
    { SEC_ASN1_INLINE,
      offsetof(NSSCMSEncryptedData, contentInfo),
      NSSCMSEncryptedContentInfoTemplate },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
      offsetof(NSSCMSEncryptedData, unprotectedAttr),
      nss_cms_set_of_attribute_template },
    { 0 }
};

const SEC_ASN1Template NSS_PointerToCMSEncryptedDataTemplate[] = {
    { SEC_ASN1_POINTER, 0, NSSCMSEncryptedDataTemplate }
};

const SEC_ASN1Template NSSCMSGenericWrapperDataTemplate[] = {
    { SEC_ASN1_INLINE,
      offsetof(NSSCMSGenericWrapperData, contentInfo),
      NSSCMSEncapsulatedContentInfoTemplate },
};

SEC_ASN1_CHOOSER_IMPLEMENT(NSSCMSGenericWrapperDataTemplate)

const SEC_ASN1Template NSS_PointerToCMSGenericWrapperDataTemplate[] = {
    { SEC_ASN1_POINTER, 0, NSSCMSGenericWrapperDataTemplate }
};

SEC_ASN1_CHOOSER_IMPLEMENT(NSS_PointerToCMSGenericWrapperDataTemplate)

/* -----------------------------------------------------------------------------
 *
 */
static const SEC_ASN1Template *
nss_cms_choose_content_template(void *src_or_dest, PRBool encoding)
{
    const SEC_ASN1Template *theTemplate;
    NSSCMSContentInfo *cinfo;
    SECOidTag type;

    PORT_Assert(src_or_dest != NULL);
    if (src_or_dest == NULL)
        return NULL;

    cinfo = (NSSCMSContentInfo *)src_or_dest;
    type = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
    switch (type) {
        default:
            theTemplate = NSS_CMSType_GetTemplate(type);
            break;
        case SEC_OID_PKCS7_DATA:
            theTemplate = SEC_ASN1_GET(SEC_PointerToOctetStringTemplate);
            break;
        case SEC_OID_PKCS7_SIGNED_DATA:
            theTemplate = NSS_PointerToCMSSignedDataTemplate;
            break;
        case SEC_OID_PKCS7_ENVELOPED_DATA:
            theTemplate = NSS_PointerToCMSEnvelopedDataTemplate;
            break;
        case SEC_OID_PKCS7_DIGESTED_DATA:
            theTemplate = NSS_PointerToCMSDigestedDataTemplate;
            break;
        case SEC_OID_PKCS7_ENCRYPTED_DATA:
            theTemplate = NSS_PointerToCMSEncryptedDataTemplate;
            break;
    }
    return theTemplate;
}

Coverage Report

Created: 2018-09-25 14:53

Line	Count	Source (jump to first uncovered line)
1		/* This Source Code Form is subject to the terms of the Mozilla Public
2		* License, v. 2.0. If a copy of the MPL was not distributed with this
3		* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5		/*
6		* CMS ASN.1 templates
7		*/
8
9		#include "cmslocal.h"
10
11		#include "cert.h"
12		#include "keyhi.h"
13		#include "secasn1.h"
14		#include "secitem.h"
15		#include "secoid.h"
16		#include "prtime.h"
17		#include "secerr.h"
18
19		extern const SEC_ASN1Template nss_cms_set_of_attribute_template[];
20
21		SEC_ASN1_MKSUB(CERT_IssuerAndSNTemplate)
22		SEC_ASN1_MKSUB(CERT_SetOfSignedCrlTemplate)
23		SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
24		SEC_ASN1_MKSUB(SEC_BitStringTemplate)
25		SEC_ASN1_MKSUB(SEC_OctetStringTemplate)
26		SEC_ASN1_MKSUB(SEC_PointerToOctetStringTemplate)
27		SEC_ASN1_MKSUB(SEC_SetOfAnyTemplate)
28
29		/* -----------------------------------------------------------------------------
30		* MESSAGE
31		* (uses NSSCMSContentInfo)
32		*/
33
34		/* forward declaration */
35		static const SEC_ASN1Template *
36		nss_cms_choose_content_template(void *src_or_dest, PRBool encoding);
37
38		static const SEC_ASN1TemplateChooserPtr nss_cms_chooser = nss_cms_choose_content_template;
39
40		const SEC_ASN1Template NSSCMSMessageTemplate[] = {
41		{ SEC_ASN1_SEQUENCE \| SEC_ASN1_MAY_STREAM,
42		0, NULL, sizeof(NSSCMSMessage) },
43		{ SEC_ASN1_OBJECT_ID,
44		offsetof(NSSCMSMessage, contentInfo.contentType) },
45		{ SEC_ASN1_OPTIONAL \| SEC_ASN1_DYNAMIC \| SEC_ASN1_MAY_STREAM \|
46		SEC_ASN1_EXPLICIT \| SEC_ASN1_CONSTRUCTED \| SEC_ASN1_CONTEXT_SPECIFIC \| 0,
47		offsetof(NSSCMSMessage, contentInfo.content),
48		&nss_cms_chooser },
49		{ 0 }
50		};
51
52		/* -----------------------------------------------------------------------------
53		* ENCAPSULATED & ENCRYPTED CONTENTINFO
54		* (both use a NSSCMSContentInfo)
55		*/
56		static const SEC_ASN1Template NSSCMSEncapsulatedContentInfoTemplate[] = {
57		{ SEC_ASN1_SEQUENCE \| SEC_ASN1_MAY_STREAM,
58		0, NULL, sizeof(NSSCMSContentInfo) },
59		{ SEC_ASN1_OBJECT_ID,
60		offsetof(NSSCMSContentInfo, contentType) },
61		{ SEC_ASN1_OPTIONAL \| SEC_ASN1_EXPLICIT \| SEC_ASN1_MAY_STREAM \|
62		SEC_ASN1_CONSTRUCTED \| SEC_ASN1_CONTEXT_SPECIFIC \| SEC_ASN1_XTRN \| 0,
63		offsetof(NSSCMSContentInfo, rawContent),
64		SEC_ASN1_SUB(SEC_PointerToOctetStringTemplate) },
65		{ 0 }
66		};
67
68		static const SEC_ASN1Template NSSCMSEncryptedContentInfoTemplate[] = {
69		{ SEC_ASN1_SEQUENCE \| SEC_ASN1_MAY_STREAM,
70		0, NULL, sizeof(NSSCMSContentInfo) },
71		{ SEC_ASN1_OBJECT_ID,
72		offsetof(NSSCMSContentInfo, contentType) },
73		{ SEC_ASN1_INLINE \| SEC_ASN1_XTRN,
74		offsetof(NSSCMSContentInfo, contentEncAlg),
75		SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
76		{ SEC_ASN1_OPTIONAL \| SEC_ASN1_POINTER \| SEC_ASN1_MAY_STREAM \|
77		SEC_ASN1_CONTEXT_SPECIFIC \| SEC_ASN1_XTRN \| 0,
78		offsetof(NSSCMSContentInfo, rawContent),
79		SEC_ASN1_SUB(SEC_OctetStringTemplate) },
80		{ 0 }
81		};
82
83		/* -----------------------------------------------------------------------------
84		* SIGNED DATA
85		*/
86
87		const SEC_ASN1Template NSSCMSSignerInfoTemplate[];
88
89		const SEC_ASN1Template NSSCMSSignedDataTemplate[] = {
90		{ SEC_ASN1_SEQUENCE \| SEC_ASN1_MAY_STREAM,
91		0, NULL, sizeof(NSSCMSSignedData) },
92		{ SEC_ASN1_INTEGER,
93		offsetof(NSSCMSSignedData, version) },
94		{ SEC_ASN1_SET_OF \| SEC_ASN1_XTRN,
95		offsetof(NSSCMSSignedData, digestAlgorithms),
96		SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
97		{ SEC_ASN1_INLINE,
98		offsetof(NSSCMSSignedData, contentInfo),
99		NSSCMSEncapsulatedContentInfoTemplate },
100		{ SEC_ASN1_OPTIONAL \| SEC_ASN1_CONSTRUCTED \| SEC_ASN1_CONTEXT_SPECIFIC \|
101		SEC_ASN1_XTRN \| 0,
102		offsetof(NSSCMSSignedData, rawCerts),
103		SEC_ASN1_SUB(SEC_SetOfAnyTemplate) },
104		{ SEC_ASN1_OPTIONAL \| SEC_ASN1_CONSTRUCTED \| SEC_ASN1_CONTEXT_SPECIFIC \|
105		SEC_ASN1_XTRN \| 1,
106		offsetof(NSSCMSSignedData, crls),
107		SEC_ASN1_SUB(CERT_SetOfSignedCrlTemplate) },
108		{ SEC_ASN1_SET_OF,
109		offsetof(NSSCMSSignedData, signerInfos),
110		NSSCMSSignerInfoTemplate },
111		{ 0 }
112		};
113
114		const SEC_ASN1Template NSS_PointerToCMSSignedDataTemplate[] = {
115		{ SEC_ASN1_POINTER, 0, NSSCMSSignedDataTemplate }
116		};
117
118		/* -----------------------------------------------------------------------------
119		* signeridentifier
120		*/
121
122		static const SEC_ASN1Template NSSCMSSignerIdentifierTemplate[] = {
123		{ SEC_ASN1_CHOICE,
124		offsetof(NSSCMSSignerIdentifier, identifierType), NULL,
125		sizeof(NSSCMSSignerIdentifier) },
126		{ SEC_ASN1_POINTER \| SEC_ASN1_CONTEXT_SPECIFIC \| SEC_ASN1_XTRN \| 0,
127		offsetof(NSSCMSSignerIdentifier, id.subjectKeyID),
128		SEC_ASN1_SUB(SEC_OctetStringTemplate),
129		NSSCMSRecipientID_SubjectKeyID },
130		{ SEC_ASN1_POINTER \| SEC_ASN1_XTRN,
131		offsetof(NSSCMSSignerIdentifier, id.issuerAndSN),
132		SEC_ASN1_SUB(CERT_IssuerAndSNTemplate),
133		NSSCMSRecipientID_IssuerSN },
134		{ 0 }
135		};
136
137		/* -----------------------------------------------------------------------------
138		* signerinfo
139		*/
140
141		const SEC_ASN1Template NSSCMSSignerInfoTemplate[] = {
142		{ SEC_ASN1_SEQUENCE,
143		0, NULL, sizeof(NSSCMSSignerInfo) },
144		{ SEC_ASN1_INTEGER,
145		offsetof(NSSCMSSignerInfo, version) },
146		{ SEC_ASN1_INLINE,
147		offsetof(NSSCMSSignerInfo, signerIdentifier),
148		NSSCMSSignerIdentifierTemplate },
149		{ SEC_ASN1_INLINE \| SEC_ASN1_XTRN,
150		offsetof(NSSCMSSignerInfo, digestAlg),
151		SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
152		{ SEC_ASN1_OPTIONAL \| SEC_ASN1_CONSTRUCTED \| SEC_ASN1_CONTEXT_SPECIFIC \| 0,
153		offsetof(NSSCMSSignerInfo, authAttr),
154		nss_cms_set_of_attribute_template },
155		{ SEC_ASN1_INLINE \| SEC_ASN1_XTRN,
156		offsetof(NSSCMSSignerInfo, digestEncAlg),
157		SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
158		{ SEC_ASN1_OCTET_STRING,
159		offsetof(NSSCMSSignerInfo, encDigest) },
160		{ SEC_ASN1_OPTIONAL \| SEC_ASN1_CONSTRUCTED \| SEC_ASN1_CONTEXT_SPECIFIC \| 1,
161		offsetof(NSSCMSSignerInfo, unAuthAttr),
162		nss_cms_set_of_attribute_template },
163		{ 0 }
164		};
165
166		/* -----------------------------------------------------------------------------
167		* ENVELOPED DATA
168		*/
169
170		static const SEC_ASN1Template NSSCMSOriginatorInfoTemplate[] = {
171		{ SEC_ASN1_SEQUENCE,
172		0, NULL, sizeof(NSSCMSOriginatorInfo) },
173		{ SEC_ASN1_OPTIONAL \| SEC_ASN1_CONSTRUCTED \| SEC_ASN1_CONTEXT_SPECIFIC \|
174		SEC_ASN1_XTRN \| 0,
175		offsetof(NSSCMSOriginatorInfo, rawCerts),
176		SEC_ASN1_SUB(SEC_SetOfAnyTemplate) },
177		{ SEC_ASN1_OPTIONAL \| SEC_ASN1_CONSTRUCTED \| SEC_ASN1_CONTEXT_SPECIFIC \|
178		SEC_ASN1_XTRN \| 1,
179		offsetof(NSSCMSOriginatorInfo, crls),
180		SEC_ASN1_SUB(CERT_SetOfSignedCrlTemplate) },
181		{ 0 }
182		};
183
184		const SEC_ASN1Template NSSCMSRecipientInfoTemplate[];
185
186		const SEC_ASN1Template NSSCMSEnvelopedDataTemplate[] = {
187		{ SEC_ASN1_SEQUENCE \| SEC_ASN1_MAY_STREAM,
188		0, NULL, sizeof(NSSCMSEnvelopedData) },
189		{ SEC_ASN1_INTEGER,
190		offsetof(NSSCMSEnvelopedData, version) },
191		{ SEC_ASN1_OPTIONAL \| SEC_ASN1_POINTER \| SEC_ASN1_CONSTRUCTED \|
192		SEC_ASN1_CONTEXT_SPECIFIC \| 0,
193		offsetof(NSSCMSEnvelopedData, originatorInfo),
194		NSSCMSOriginatorInfoTemplate },
195		{ SEC_ASN1_SET_OF,
196		offsetof(NSSCMSEnvelopedData, recipientInfos),
197		NSSCMSRecipientInfoTemplate },
198		{ SEC_ASN1_INLINE,
199		offsetof(NSSCMSEnvelopedData, contentInfo),
200		NSSCMSEncryptedContentInfoTemplate },
201		{ SEC_ASN1_OPTIONAL \| SEC_ASN1_CONSTRUCTED \| SEC_ASN1_CONTEXT_SPECIFIC \| 1,
202		offsetof(NSSCMSEnvelopedData, unprotectedAttr),
203		nss_cms_set_of_attribute_template },
204		{ 0 }
205		};
206
207		const SEC_ASN1Template NSS_PointerToCMSEnvelopedDataTemplate[] = {
208		{ SEC_ASN1_POINTER, 0, NSSCMSEnvelopedDataTemplate }
209		};
210
211		/* here come the 15 gazillion templates for all the v3 varieties of RecipientInfo */
212
213		/* -----------------------------------------------------------------------------
214		* key transport recipient info
215		*/
216
217		static const SEC_ASN1Template NSSCMSRecipientIdentifierTemplate[] = {
218		{ SEC_ASN1_CHOICE,
219		offsetof(NSSCMSRecipientIdentifier, identifierType), NULL,
220		sizeof(NSSCMSRecipientIdentifier) },
221		{ SEC_ASN1_POINTER \| SEC_ASN1_CONTEXT_SPECIFIC \| SEC_ASN1_XTRN \| 0,
222		offsetof(NSSCMSRecipientIdentifier, id.subjectKeyID),
223		SEC_ASN1_SUB(SEC_OctetStringTemplate),
224		NSSCMSRecipientID_SubjectKeyID },
225		{ SEC_ASN1_POINTER \| SEC_ASN1_XTRN,
226		offsetof(NSSCMSRecipientIdentifier, id.issuerAndSN),
227		SEC_ASN1_SUB(CERT_IssuerAndSNTemplate),
228		NSSCMSRecipientID_IssuerSN },
229		{ 0 }
230		};
231
232		static const SEC_ASN1Template NSSCMSKeyTransRecipientInfoTemplate[] = {
233		{ SEC_ASN1_SEQUENCE,
234		0, NULL, sizeof(NSSCMSKeyTransRecipientInfo) },
235		{ SEC_ASN1_INTEGER,
236		offsetof(NSSCMSKeyTransRecipientInfo, version) },
237		{ SEC_ASN1_INLINE,
238		offsetof(NSSCMSKeyTransRecipientInfo, recipientIdentifier),
239		NSSCMSRecipientIdentifierTemplate },
240		{ SEC_ASN1_INLINE \| SEC_ASN1_XTRN,
241		offsetof(NSSCMSKeyTransRecipientInfo, keyEncAlg),
242		SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
243		{ SEC_ASN1_OCTET_STRING,
244		offsetof(NSSCMSKeyTransRecipientInfo, encKey) },
245		{ 0 }
246		};
247
248		/* -----------------------------------------------------------------------------
249		* key agreement recipient info
250		*/
251
252		static const SEC_ASN1Template NSSCMSOriginatorPublicKeyTemplate[] = {
253		{ SEC_ASN1_SEQUENCE,
254		0, NULL, sizeof(NSSCMSOriginatorPublicKey) },
255		{ SEC_ASN1_INLINE \| SEC_ASN1_XTRN,
256		offsetof(NSSCMSOriginatorPublicKey, algorithmIdentifier),
257		SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
258		{ SEC_ASN1_INLINE \| SEC_ASN1_XTRN,
259		offsetof(NSSCMSOriginatorPublicKey, publicKey),
260		SEC_ASN1_SUB(SEC_BitStringTemplate) },
261		{ 0 }
262		};
263
264		static const SEC_ASN1Template NSSCMSOriginatorIdentifierOrKeyTemplate[] = {
265		{ SEC_ASN1_CHOICE,
266		offsetof(NSSCMSOriginatorIdentifierOrKey, identifierType), NULL,
267		sizeof(NSSCMSOriginatorIdentifierOrKey) },
268		{ SEC_ASN1_POINTER \| SEC_ASN1_XTRN,
269		offsetof(NSSCMSOriginatorIdentifierOrKey, id.issuerAndSN),
270		SEC_ASN1_SUB(CERT_IssuerAndSNTemplate),
271		NSSCMSOriginatorIDOrKey_IssuerSN },
272		{ SEC_ASN1_EXPLICIT \| SEC_ASN1_CONSTRUCTED \| SEC_ASN1_CONTEXT_SPECIFIC \|
273		SEC_ASN1_XTRN \| 1,
274		offsetof(NSSCMSOriginatorIdentifierOrKey, id.subjectKeyID),
275		SEC_ASN1_SUB(SEC_PointerToOctetStringTemplate),
276		NSSCMSOriginatorIDOrKey_SubjectKeyID },
277		{ SEC_ASN1_EXPLICIT \| SEC_ASN1_CONSTRUCTED \| SEC_ASN1_CONTEXT_SPECIFIC \| 2,
278		offsetof(NSSCMSOriginatorIdentifierOrKey, id.originatorPublicKey),
279		NSSCMSOriginatorPublicKeyTemplate,
280		NSSCMSOriginatorIDOrKey_OriginatorPublicKey },
281		{ 0 }
282		};
283
284		const SEC_ASN1Template NSSCMSRecipientKeyIdentifierTemplate[] = {
285		{ SEC_ASN1_SEQUENCE,
286		0, NULL, sizeof(NSSCMSRecipientKeyIdentifier) },
287		{ SEC_ASN1_OCTET_STRING,
288		offsetof(NSSCMSRecipientKeyIdentifier, subjectKeyIdentifier) },
289		{ SEC_ASN1_OPTIONAL \| SEC_ASN1_OCTET_STRING,
290		offsetof(NSSCMSRecipientKeyIdentifier, date) },
291		{ SEC_ASN1_OPTIONAL \| SEC_ASN1_OCTET_STRING,
292		offsetof(NSSCMSRecipientKeyIdentifier, other) },
293		{ 0 }
294		};
295
296		static const SEC_ASN1Template NSSCMSKeyAgreeRecipientIdentifierTemplate[] = {
297		{ SEC_ASN1_CHOICE,
298		offsetof(NSSCMSKeyAgreeRecipientIdentifier, identifierType), NULL,
299		sizeof(NSSCMSKeyAgreeRecipientIdentifier) },
300		{ SEC_ASN1_POINTER \| SEC_ASN1_XTRN,
301		offsetof(NSSCMSKeyAgreeRecipientIdentifier, id.issuerAndSN),
302		SEC_ASN1_SUB(CERT_IssuerAndSNTemplate),
303		NSSCMSKeyAgreeRecipientID_IssuerSN },
304		{ SEC_ASN1_CONSTRUCTED \| SEC_ASN1_CONTEXT_SPECIFIC \| 0,
305		offsetof(NSSCMSKeyAgreeRecipientIdentifier, id.recipientKeyIdentifier),
306		NSSCMSRecipientKeyIdentifierTemplate,
307		NSSCMSKeyAgreeRecipientID_RKeyID },
308		{ 0 }
309		};
310
311		static const SEC_ASN1Template NSSCMSRecipientEncryptedKeyTemplate[] = {
312		{ SEC_ASN1_SEQUENCE,
313		0, NULL, sizeof(NSSCMSRecipientEncryptedKey) },
314		{ SEC_ASN1_INLINE,
315		offsetof(NSSCMSRecipientEncryptedKey, recipientIdentifier),
316		NSSCMSKeyAgreeRecipientIdentifierTemplate },
317		{ SEC_ASN1_INLINE \| SEC_ASN1_XTRN,
318		offsetof(NSSCMSRecipientEncryptedKey, encKey),
319		SEC_ASN1_SUB(SEC_BitStringTemplate) },
320		{ 0 }
321		};
322
323		static const SEC_ASN1Template NSSCMSKeyAgreeRecipientInfoTemplate[] = {
324		{ SEC_ASN1_SEQUENCE,
325		0, NULL, sizeof(NSSCMSKeyAgreeRecipientInfo) },
326		{ SEC_ASN1_INTEGER,
327		offsetof(NSSCMSKeyAgreeRecipientInfo, version) },
328		{ SEC_ASN1_EXPLICIT \| SEC_ASN1_CONSTRUCTED \| SEC_ASN1_CONTEXT_SPECIFIC \| 0,
329		offsetof(NSSCMSKeyAgreeRecipientInfo, originatorIdentifierOrKey),
330		NSSCMSOriginatorIdentifierOrKeyTemplate },
331		{ SEC_ASN1_OPTIONAL \| SEC_ASN1_CONSTRUCTED \| SEC_ASN1_EXPLICIT \|
332		SEC_ASN1_CONTEXT_SPECIFIC \| SEC_ASN1_XTRN \| 1,
333		offsetof(NSSCMSKeyAgreeRecipientInfo, ukm),
334		SEC_ASN1_SUB(SEC_OctetStringTemplate) },
335		{ SEC_ASN1_INLINE \| SEC_ASN1_XTRN,
336		offsetof(NSSCMSKeyAgreeRecipientInfo, keyEncAlg),
337		SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
338		{ SEC_ASN1_SEQUENCE_OF,
339		offsetof(NSSCMSKeyAgreeRecipientInfo, recipientEncryptedKeys),
340		NSSCMSRecipientEncryptedKeyTemplate },
341		{ 0 }
342		};
343
344		/* -----------------------------------------------------------------------------
345		* KEK recipient info
346		*/
347
348		static const SEC_ASN1Template NSSCMSKEKIdentifierTemplate[] = {
349		{ SEC_ASN1_SEQUENCE,
350		0, NULL, sizeof(NSSCMSKEKIdentifier) },
351		{ SEC_ASN1_OCTET_STRING,
352		offsetof(NSSCMSKEKIdentifier, keyIdentifier) },
353		{ SEC_ASN1_OPTIONAL \| SEC_ASN1_OCTET_STRING,
354		offsetof(NSSCMSKEKIdentifier, date) },
355		{ SEC_ASN1_OPTIONAL \| SEC_ASN1_OCTET_STRING,
356		offsetof(NSSCMSKEKIdentifier, other) },
357		{ 0 }
358		};
359
360		static const SEC_ASN1Template NSSCMSKEKRecipientInfoTemplate[] = {
361		{ SEC_ASN1_SEQUENCE,
362		0, NULL, sizeof(NSSCMSKEKRecipientInfo) },
363		{ SEC_ASN1_INTEGER,
364		offsetof(NSSCMSKEKRecipientInfo, version) },
365		{ SEC_ASN1_INLINE,
366		offsetof(NSSCMSKEKRecipientInfo, kekIdentifier),
367		NSSCMSKEKIdentifierTemplate },
368		{ SEC_ASN1_INLINE \| SEC_ASN1_XTRN,
369		offsetof(NSSCMSKEKRecipientInfo, keyEncAlg),
370		SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
371		{ SEC_ASN1_OCTET_STRING,
372		offsetof(NSSCMSKEKRecipientInfo, encKey) },
373		{ 0 }
374		};
375
376		/* -----------------------------------------------------------------------------
377		* recipient info
378		*/
379		const SEC_ASN1Template NSSCMSRecipientInfoTemplate[] = {
380		{ SEC_ASN1_CHOICE,
381		offsetof(NSSCMSRecipientInfo, recipientInfoType), NULL,
382		sizeof(NSSCMSRecipientInfo) },
383		{ SEC_ASN1_EXPLICIT \| SEC_ASN1_CONSTRUCTED \| SEC_ASN1_CONTEXT_SPECIFIC \| 1,
384		offsetof(NSSCMSRecipientInfo, ri.keyAgreeRecipientInfo),
385		NSSCMSKeyAgreeRecipientInfoTemplate,
386		NSSCMSRecipientInfoID_KeyAgree },
387		{ SEC_ASN1_EXPLICIT \| SEC_ASN1_CONSTRUCTED \| SEC_ASN1_CONTEXT_SPECIFIC \| 2,
388		offsetof(NSSCMSRecipientInfo, ri.kekRecipientInfo),
389		NSSCMSKEKRecipientInfoTemplate,
390		NSSCMSRecipientInfoID_KEK },
391		{ SEC_ASN1_INLINE,
392		offsetof(NSSCMSRecipientInfo, ri.keyTransRecipientInfo),
393		NSSCMSKeyTransRecipientInfoTemplate,
394		NSSCMSRecipientInfoID_KeyTrans },
395		{ 0 }
396		};
397
398		/* -----------------------------------------------------------------------------
399		*
400		*/
401
402		const SEC_ASN1Template NSSCMSDigestedDataTemplate[] = {
403		{ SEC_ASN1_SEQUENCE \| SEC_ASN1_MAY_STREAM,
404		0, NULL, sizeof(NSSCMSDigestedData) },
405		{ SEC_ASN1_INTEGER,
406		offsetof(NSSCMSDigestedData, version) },
407		{ SEC_ASN1_INLINE \| SEC_ASN1_XTRN,
408		offsetof(NSSCMSDigestedData, digestAlg),
409		SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
410		{ SEC_ASN1_INLINE,
411		offsetof(NSSCMSDigestedData, contentInfo),
412		NSSCMSEncapsulatedContentInfoTemplate },
413		{ SEC_ASN1_OCTET_STRING,
414		offsetof(NSSCMSDigestedData, digest) },
415		{ 0 }
416		};
417
418		const SEC_ASN1Template NSS_PointerToCMSDigestedDataTemplate[] = {
419		{ SEC_ASN1_POINTER, 0, NSSCMSDigestedDataTemplate }
420		};
421
422		const SEC_ASN1Template NSSCMSEncryptedDataTemplate[] = {
423		{ SEC_ASN1_SEQUENCE \| SEC_ASN1_MAY_STREAM,
424		0, NULL, sizeof(NSSCMSEncryptedData) },
425		{ SEC_ASN1_INTEGER,
426		offsetof(NSSCMSEncryptedData, version) },
427		{ SEC_ASN1_INLINE,
428		offsetof(NSSCMSEncryptedData, contentInfo),
429		NSSCMSEncryptedContentInfoTemplate },
430		{ SEC_ASN1_OPTIONAL \| SEC_ASN1_CONSTRUCTED \| SEC_ASN1_CONTEXT_SPECIFIC \| 1,
431		offsetof(NSSCMSEncryptedData, unprotectedAttr),
432		nss_cms_set_of_attribute_template },
433		{ 0 }
434		};
435
436		const SEC_ASN1Template NSS_PointerToCMSEncryptedDataTemplate[] = {
437		{ SEC_ASN1_POINTER, 0, NSSCMSEncryptedDataTemplate }
438		};
439
440		const SEC_ASN1Template NSSCMSGenericWrapperDataTemplate[] = {
441		{ SEC_ASN1_INLINE,
442		offsetof(NSSCMSGenericWrapperData, contentInfo),
443		NSSCMSEncapsulatedContentInfoTemplate },
444		};
445
446		SEC_ASN1_CHOOSER_IMPLEMENT(NSSCMSGenericWrapperDataTemplate)
447
448		const SEC_ASN1Template NSS_PointerToCMSGenericWrapperDataTemplate[] = {
449		{ SEC_ASN1_POINTER, 0, NSSCMSGenericWrapperDataTemplate }
450		};
451
452		SEC_ASN1_CHOOSER_IMPLEMENT(NSS_PointerToCMSGenericWrapperDataTemplate)
453
454		/* -----------------------------------------------------------------------------
455		*
456		*/
457		static const SEC_ASN1Template *
458		nss_cms_choose_content_template(void *src_or_dest, PRBool encoding)
459	0	{
460	0	const SEC_ASN1Template *theTemplate;
461	0	NSSCMSContentInfo *cinfo;
462	0	SECOidTag type;
463	0
464	0	PORT_Assert(src_or_dest != NULL);
465	0	if (src_or_dest == NULL)
466	0	return NULL;
467	0
468	0	cinfo = (NSSCMSContentInfo *)src_or_dest;
469	0	type = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
470	0	switch (type) {
471	0	default:
472	0	theTemplate = NSS_CMSType_GetTemplate(type);
473	0	break;
474	0	case SEC_OID_PKCS7_DATA:
475	0	theTemplate = SEC_ASN1_GET(SEC_PointerToOctetStringTemplate);
476	0	break;
477	0	case SEC_OID_PKCS7_SIGNED_DATA:
478	0	theTemplate = NSS_PointerToCMSSignedDataTemplate;
479	0	break;
480	0	case SEC_OID_PKCS7_ENVELOPED_DATA:
481	0	theTemplate = NSS_PointerToCMSEnvelopedDataTemplate;
482	0	break;
483	0	case SEC_OID_PKCS7_DIGESTED_DATA:
484	0	theTemplate = NSS_PointerToCMSDigestedDataTemplate;
485	0	break;
486	0	case SEC_OID_PKCS7_ENCRYPTED_DATA:
487	0	theTemplate = NSS_PointerToCMSEncryptedDataTemplate;
488	0	break;
489	0	}
490	0	return theTemplate;
491	0	}