Back to index

lightning-sunbird  0.9+nobinonly
cmst.h
Go to the documentation of this file.
00001 /* ***** BEGIN LICENSE BLOCK *****
00002  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00003  *
00004  * The contents of this file are subject to the Mozilla Public License Version
00005  * 1.1 (the "License"); you may not use this file except in compliance with
00006  * the License. You may obtain a copy of the License at
00007  * http://www.mozilla.org/MPL/
00008  *
00009  * Software distributed under the License is distributed on an "AS IS" basis,
00010  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00011  * for the specific language governing rights and limitations under the
00012  * License.
00013  *
00014  * The Original Code is the Netscape security libraries.
00015  *
00016  * The Initial Developer of the Original Code is
00017  * Netscape Communications Corporation.
00018  * Portions created by the Initial Developer are Copyright (C) 1994-2000
00019  * the Initial Developer. All Rights Reserved.
00020  *
00021  * Contributor(s):
00022  *
00023  * Alternatively, the contents of this file may be used under the terms of
00024  * either the GNU General Public License Version 2 or later (the "GPL"), or
00025  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00026  * in which case the provisions of the GPL or the LGPL are applicable instead
00027  * of those above. If you wish to allow use of your version of this file only
00028  * under the terms of either the GPL or the LGPL, and not to allow others to
00029  * use your version of this file under the terms of the MPL, indicate your
00030  * decision by deleting the provisions above and replace them with the notice
00031  * and other provisions required by the GPL or the LGPL. If you do not delete
00032  * the provisions above, a recipient may use your version of this file under
00033  * the terms of any one of the MPL, the GPL or the LGPL.
00034  *
00035  * ***** END LICENSE BLOCK ***** */
00036 
00037 /*
00038  * Header for CMS types.
00039  *
00040  * $Id: cmst.h,v 1.10 2005/06/27 22:21:19 julien.pierre.bugs%sun.com Exp $
00041  */
00042 
00043 #ifndef _CMST_H_
00044 #define _CMST_H_
00045 
00046 #include "seccomon.h"
00047 #include "secoidt.h"
00048 #include "certt.h"
00049 #include "secmodt.h"
00050 #include "secmodt.h"
00051 
00052 #include "plarena.h"
00053 
00054 /* Non-opaque objects.  NOTE, though: I want them to be treated as
00055  * opaque as much as possible.  If I could hide them completely,
00056  * I would.  (I tried, but ran into trouble that was taking me too
00057  * much time to get out of.)  I still intend to try to do so.
00058  * In fact, the only type that "outsiders" should even *name* is
00059  * NSSCMSMessage, and they should not reference its fields.
00060  */
00061 /* rjr: PKCS #11 cert handling (pk11cert.c) does use NSSCMSRecipientInfo's.
00062  * This is because when we search the recipient list for the cert and key we
00063  * want, we need to invert the order of the loops we used to have. The old
00064  * loops were:
00065  *
00066  *  For each recipient {
00067  *       find_cert = PK11_Find_AllCert(recipient->issuerSN);
00068  *       [which unrolls to... ]
00069  *       For each slot {
00070  *            Log into slot;
00071  *            search slot for cert;
00072  *      }
00073  *  }
00074  *
00075  *  the new loop searchs all the recipients at once on a slot. this allows
00076  *  PKCS #11 to order slots in such a way that logout slots don't get checked
00077  *  if we can find the cert on a logged in slot. This eliminates lots of
00078  *  spurious password prompts when smart cards are installed... so why this
00079  *  comment? If you make NSSCMSRecipientInfo completely opaque, you need
00080  *  to provide a non-opaque list of issuerSN's (the only field PKCS#11 needs
00081  *  and fix up pk11cert.c first. NOTE: Only S/MIME calls this special PKCS #11
00082  *  function.
00083  */
00084 
00085 typedef struct NSSCMSMessageStr NSSCMSMessage;
00086 
00087 typedef union NSSCMSContentUnion NSSCMSContent;
00088 typedef struct NSSCMSContentInfoStr NSSCMSContentInfo;
00089 
00090 typedef struct NSSCMSSignedDataStr NSSCMSSignedData;
00091 typedef struct NSSCMSSignerInfoStr NSSCMSSignerInfo;
00092 typedef struct NSSCMSSignerIdentifierStr NSSCMSSignerIdentifier;
00093 
00094 typedef struct NSSCMSEnvelopedDataStr NSSCMSEnvelopedData;
00095 typedef struct NSSCMSOriginatorInfoStr NSSCMSOriginatorInfo;
00096 typedef struct NSSCMSRecipientInfoStr NSSCMSRecipientInfo;
00097 
00098 typedef struct NSSCMSDigestedDataStr NSSCMSDigestedData;
00099 typedef struct NSSCMSEncryptedDataStr NSSCMSEncryptedData;
00100 
00101 typedef struct NSSCMSSMIMEKEAParametersStr NSSCMSSMIMEKEAParameters;
00102 
00103 typedef struct NSSCMSAttributeStr NSSCMSAttribute;
00104 
00105 typedef struct NSSCMSDecoderContextStr NSSCMSDecoderContext;
00106 typedef struct NSSCMSEncoderContextStr NSSCMSEncoderContext;
00107 
00108 typedef struct NSSCMSCipherContextStr NSSCMSCipherContext;
00109 typedef struct NSSCMSDigestContextStr NSSCMSDigestContext;
00110 
00111 /*
00112  * Type of function passed to NSSCMSDecode or NSSCMSDecoderStart.
00113  * If specified, this is where the content bytes (only) will be "sent"
00114  * as they are recovered during the decoding.
00115  * And:
00116  * Type of function passed to NSSCMSEncode or NSSCMSEncoderStart.
00117  * This is where the DER-encoded bytes will be "sent".
00118  *
00119  * XXX Should just combine this with NSSCMSEncoderContentCallback type
00120  * and use a simpler, common name.
00121  */
00122 typedef void (*NSSCMSContentCallback)(void *arg, const char *buf, unsigned long len);
00123 
00124 /*
00125  * Type of function passed to NSSCMSDecode or NSSCMSDecoderStart
00126  * to retrieve the decryption key.  This function is intended to be
00127  * used for EncryptedData content info's which do not have a key available
00128  * in a certificate, etc.
00129  */
00130 typedef PK11SymKey *(*NSSCMSGetDecryptKeyCallback)(void *arg, SECAlgorithmID *algid);
00131 
00132 
00133 /* =============================================================================
00134  * ENCAPSULATED CONTENTINFO & CONTENTINFO
00135  */
00136 
00137 union NSSCMSContentUnion {
00138     /* either unstructured */
00139     SECItem *               data;
00140     /* or structured data */
00141     NSSCMSDigestedData *    digestedData;
00142     NSSCMSEncryptedData     *      encryptedData;
00143     NSSCMSEnvelopedData     *      envelopedData;
00144     NSSCMSSignedData *             signedData;
00145     /* or anonymous pointer to something */
00146     void *                  pointer;
00147 };
00148 
00149 struct NSSCMSContentInfoStr {
00150     SECItem                 contentType;
00151     NSSCMSContent           content;
00152     /* --------- local; not part of encoding --------- */
00153     SECOidData *            contentTypeTag;      
00154 
00155     /* additional info for encryptedData and envelopedData */
00156     /* we waste this space for signedData and digestedData. sue me. */
00157 
00158     SECAlgorithmID          contentEncAlg;
00159     SECItem *               rawContent;          /* encrypted DER, optional */
00160                                                  /* XXXX bytes not encrypted, but encoded? */
00161     /* --------- local; not part of encoding --------- */
00162     PK11SymKey *            bulkkey;             /* bulk encryption key */
00163     int                            keysize;             /* size of bulk encryption key
00164                                                   * (only used by creation code) */
00165     SECOidTag               contentEncAlgTag;    /* oid tag of encryption algorithm
00166                                                   * (only used by creation code) */
00167     NSSCMSCipherContext            *ciphcx;             /* context for en/decryption going on */
00168     NSSCMSDigestContext            *digcx;                     /* context for digesting going on */
00169 };
00170 
00171 /* =============================================================================
00172  * MESSAGE
00173  */
00174 
00175 struct NSSCMSMessageStr {
00176     NSSCMSContentInfo       contentInfo;         /* "outer" cinfo */
00177     /* --------- local; not part of encoding --------- */
00178     PLArenaPool *    poolp;
00179     PRBool           poolp_is_ours;
00180     int                     refCount;
00181     /* properties of the "inner" data */
00182     SECAlgorithmID **       detached_digestalgs;
00183     SECItem **              detached_digests;
00184     void *           pwfn_arg;
00185     NSSCMSGetDecryptKeyCallback decrypt_key_cb;
00186     void *           decrypt_key_cb_arg;
00187 };
00188 
00189 /* =============================================================================
00190  * SIGNEDDATA
00191  */
00192 
00193 struct NSSCMSSignedDataStr {
00194     SECItem                 version;
00195     SECAlgorithmID **              digestAlgorithms;
00196     NSSCMSContentInfo              contentInfo;
00197     SECItem **                     rawCerts;
00198     CERTSignedCrl **        crls;
00199     NSSCMSSignerInfo **            signerInfos;
00200     /* --------- local; not part of encoding --------- */
00201     NSSCMSMessage *         cmsg;                /* back pointer to message */
00202     SECItem **                     digests;
00203     CERTCertificate **             certs;
00204     CERTCertificateList **  certLists;
00205     CERTCertificate **          tempCerts;              /* temporary certs, needed
00206                                                          * for example for signature
00207                                                          * verification */
00208 };
00209 #define NSS_CMS_SIGNED_DATA_VERSION_BASIC 1      /* what we *create* */
00210 #define NSS_CMS_SIGNED_DATA_VERSION_EXT          3      /* what we *create* */
00211 
00212 typedef enum {
00213     NSSCMSVS_Unverified = 0,
00214     NSSCMSVS_GoodSignature = 1,
00215     NSSCMSVS_BadSignature = 2,
00216     NSSCMSVS_DigestMismatch = 3,
00217     NSSCMSVS_SigningCertNotFound = 4,
00218     NSSCMSVS_SigningCertNotTrusted = 5,
00219     NSSCMSVS_SignatureAlgorithmUnknown = 6,
00220     NSSCMSVS_SignatureAlgorithmUnsupported = 7,
00221     NSSCMSVS_MalformedSignature = 8,
00222     NSSCMSVS_ProcessingError = 9
00223 } NSSCMSVerificationStatus;
00224 
00225 typedef enum {
00226     NSSCMSSignerID_IssuerSN = 0,
00227     NSSCMSSignerID_SubjectKeyID = 1
00228 } NSSCMSSignerIDSelector;
00229 
00230 struct NSSCMSSignerIdentifierStr {
00231     NSSCMSSignerIDSelector identifierType;
00232     union {
00233        CERTIssuerAndSN *issuerAndSN;
00234        SECItem *subjectKeyID;
00235     } id;
00236 };
00237 
00238 struct NSSCMSSignerInfoStr {
00239     SECItem                 version;
00240     NSSCMSSignerIdentifier  signerIdentifier;
00241     SECAlgorithmID          digestAlg;
00242     NSSCMSAttribute **             authAttr;
00243     SECAlgorithmID          digestEncAlg;
00244     SECItem                 encDigest;
00245     NSSCMSAttribute **             unAuthAttr;
00246     /* --------- local; not part of encoding --------- */
00247     NSSCMSMessage *         cmsg;                /* back pointer to message */
00248     CERTCertificate *              cert;
00249     CERTCertificateList *   certList;
00250     PRTime                  signingTime;
00251     NSSCMSVerificationStatus       verificationStatus;
00252     SECKEYPrivateKey *          signingKey; /* Used if we're using subjKeyID*/
00253     SECKEYPublicKey *           pubKey;
00254 };
00255 #define NSS_CMS_SIGNER_INFO_VERSION_ISSUERSN     1      /* what we *create* */
00256 #define NSS_CMS_SIGNER_INFO_VERSION_SUBJKEY      3      /* what we *create* */
00257 
00258 typedef enum {
00259     NSSCMSCM_None = 0,
00260     NSSCMSCM_CertOnly = 1,
00261     NSSCMSCM_CertChain = 2,
00262     NSSCMSCM_CertChainWithRoot = 3
00263 } NSSCMSCertChainMode;
00264 
00265 /* =============================================================================
00266  * ENVELOPED DATA
00267  */
00268 struct NSSCMSEnvelopedDataStr {
00269     SECItem                 version;
00270     NSSCMSOriginatorInfo *  originatorInfo;             /* optional */
00271     NSSCMSRecipientInfo **  recipientInfos;
00272     NSSCMSContentInfo              contentInfo;
00273     NSSCMSAttribute **             unprotectedAttr;
00274     /* --------- local; not part of encoding --------- */
00275     NSSCMSMessage *         cmsg;                /* back pointer to message */
00276 };
00277 #define NSS_CMS_ENVELOPED_DATA_VERSION_REG       0      /* what we *create* */
00278 #define NSS_CMS_ENVELOPED_DATA_VERSION_ADV       2      /* what we *create* */
00279 
00280 struct NSSCMSOriginatorInfoStr {
00281     SECItem **                     rawCerts;
00282     CERTSignedCrl **        crls;
00283     /* --------- local; not part of encoding --------- */
00284     CERTCertificate **             certs;
00285 };
00286 
00287 /* -----------------------------------------------------------------------------
00288  * key transport recipient info
00289  */
00290 typedef enum {
00291     NSSCMSRecipientID_IssuerSN = 0,
00292     NSSCMSRecipientID_SubjectKeyID = 1,
00293     NSSCMSRecipientID_BrandNew = 2
00294 } NSSCMSRecipientIDSelector;
00295 
00296 struct NSSCMSRecipientIdentifierStr {
00297     NSSCMSRecipientIDSelector      identifierType;
00298     union {
00299        CERTIssuerAndSN             *issuerAndSN;
00300        SECItem              *subjectKeyID;
00301     } id;
00302 };
00303 typedef struct NSSCMSRecipientIdentifierStr NSSCMSRecipientIdentifier;
00304 
00305 struct NSSCMSKeyTransRecipientInfoStr {
00306     SECItem                 version;
00307     NSSCMSRecipientIdentifier      recipientIdentifier;
00308     SECAlgorithmID          keyEncAlg;
00309     SECItem                 encKey;
00310 };
00311 typedef struct NSSCMSKeyTransRecipientInfoStr NSSCMSKeyTransRecipientInfo;
00312 
00313 /*
00314  * View comments before NSSCMSRecipientInfoStr for purpose of this
00315  * structure.
00316  */
00317 struct NSSCMSKeyTransRecipientInfoExStr {
00318     NSSCMSKeyTransRecipientInfo recipientInfo;
00319     int version;  /* version of this structure (0) */
00320     SECKEYPublicKey *pubKey;
00321 };
00322 
00323 typedef struct NSSCMSKeyTransRecipientInfoExStr NSSCMSKeyTransRecipientInfoEx;
00324 
00325 #define NSS_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_ISSUERSN       0      /* what we *create* */
00326 #define NSS_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_SUBJKEY        2      /* what we *create* */
00327 
00328 /* -----------------------------------------------------------------------------
00329  * key agreement recipient info
00330  */
00331 struct NSSCMSOriginatorPublicKeyStr {
00332     SECAlgorithmID                 algorithmIdentifier;
00333     SECItem                        publicKey;                  /* bit string! */
00334 };
00335 typedef struct NSSCMSOriginatorPublicKeyStr NSSCMSOriginatorPublicKey;
00336 
00337 typedef enum {
00338     NSSCMSOriginatorIDOrKey_IssuerSN = 0,
00339     NSSCMSOriginatorIDOrKey_SubjectKeyID = 1,
00340     NSSCMSOriginatorIDOrKey_OriginatorPublicKey = 2
00341 } NSSCMSOriginatorIDOrKeySelector;
00342 
00343 struct NSSCMSOriginatorIdentifierOrKeyStr {
00344     NSSCMSOriginatorIDOrKeySelector identifierType;
00345     union {
00346        CERTIssuerAndSN                    *issuerAndSN;        /* static-static */
00347        SECItem                            *subjectKeyID;              /* static-static */
00348        NSSCMSOriginatorPublicKey   originatorPublicKey; /* ephemeral-static */
00349     } id;
00350 };
00351 typedef struct NSSCMSOriginatorIdentifierOrKeyStr NSSCMSOriginatorIdentifierOrKey;
00352 
00353 struct NSSCMSRecipientKeyIdentifierStr {
00354     SECItem *                      subjectKeyIdentifier;
00355     SECItem *                      date;                /* optional */
00356     SECItem *                      other;               /* optional */
00357 };
00358 typedef struct NSSCMSRecipientKeyIdentifierStr NSSCMSRecipientKeyIdentifier;
00359 
00360 typedef enum {
00361     NSSCMSKeyAgreeRecipientID_IssuerSN = 0,
00362     NSSCMSKeyAgreeRecipientID_RKeyID = 1
00363 } NSSCMSKeyAgreeRecipientIDSelector;
00364 
00365 struct NSSCMSKeyAgreeRecipientIdentifierStr {
00366     NSSCMSKeyAgreeRecipientIDSelector     identifierType;
00367     union {
00368        CERTIssuerAndSN                    *issuerAndSN;
00369        NSSCMSRecipientKeyIdentifier       recipientKeyIdentifier;
00370     } id;
00371 };
00372 typedef struct NSSCMSKeyAgreeRecipientIdentifierStr NSSCMSKeyAgreeRecipientIdentifier;
00373 
00374 struct NSSCMSRecipientEncryptedKeyStr {
00375     NSSCMSKeyAgreeRecipientIdentifier     recipientIdentifier;
00376     SECItem                        encKey;
00377 };
00378 typedef struct NSSCMSRecipientEncryptedKeyStr NSSCMSRecipientEncryptedKey;
00379 
00380 struct NSSCMSKeyAgreeRecipientInfoStr {
00381     SECItem                        version;
00382     NSSCMSOriginatorIdentifierOrKey       originatorIdentifierOrKey;
00383     SECItem *                      ukm;                        /* optional */
00384     SECAlgorithmID                 keyEncAlg;
00385     NSSCMSRecipientEncryptedKey ** recipientEncryptedKeys;
00386 };
00387 typedef struct NSSCMSKeyAgreeRecipientInfoStr NSSCMSKeyAgreeRecipientInfo;
00388 
00389 #define NSS_CMS_KEYAGREE_RECIPIENT_INFO_VERSION  3      /* what we *create* */
00390 
00391 /* -----------------------------------------------------------------------------
00392  * KEK recipient info
00393  */
00394 struct NSSCMSKEKIdentifierStr {
00395     SECItem                 keyIdentifier;
00396     SECItem *               date;                /* optional */
00397     SECItem *               other;               /* optional */
00398 };
00399 typedef struct NSSCMSKEKIdentifierStr NSSCMSKEKIdentifier;
00400 
00401 struct NSSCMSKEKRecipientInfoStr {
00402     SECItem                 version;
00403     NSSCMSKEKIdentifier            kekIdentifier;
00404     SECAlgorithmID          keyEncAlg;
00405     SECItem                 encKey;
00406 };
00407 typedef struct NSSCMSKEKRecipientInfoStr NSSCMSKEKRecipientInfo;
00408 
00409 #define NSS_CMS_KEK_RECIPIENT_INFO_VERSION       4      /* what we *create* */
00410 
00411 /* -----------------------------------------------------------------------------
00412  * recipient info
00413  */
00414 
00415 typedef enum {
00416     NSSCMSRecipientInfoID_KeyTrans = 0,
00417     NSSCMSRecipientInfoID_KeyAgree = 1,
00418     NSSCMSRecipientInfoID_KEK = 2
00419 } NSSCMSRecipientInfoIDSelector;
00420 
00421 /*
00422  * In order to preserve backwards binary compatibility when implementing
00423  * creation of Recipient Info's that uses subjectKeyID in the 
00424  * keyTransRecipientInfo we need to stash a public key pointer in this
00425  * structure somewhere.  We figured out that NSSCMSKeyTransRecipientInfo
00426  * is the smallest member of the ri union.  We're in luck since that's
00427  * the very structure that would need to use the public key. So we created
00428  * a new structure NSSCMSKeyTransRecipientInfoEx which has a member 
00429  * NSSCMSKeyTransRecipientInfo as the first member followed by a version
00430  * and a public key pointer.  This way we can keep backwards compatibility
00431  * without changing the size of this structure.
00432  *
00433  * BTW, size of structure:
00434  * NSSCMSKeyTransRecipientInfo:  9 ints, 4 pointers
00435  * NSSCMSKeyAgreeRecipientInfo: 12 ints, 8 pointers
00436  * NSSCMSKEKRecipientInfo:      10 ints, 7 pointers
00437  *
00438  * The new structure:
00439  * NSSCMSKeyTransRecipientInfoEx: sizeof(NSSCMSKeyTransRecipientInfo) +
00440  *                                1 int, 1 pointer
00441  */
00442 
00443 struct NSSCMSRecipientInfoStr {
00444     NSSCMSRecipientInfoIDSelector recipientInfoType;
00445     union {
00446        NSSCMSKeyTransRecipientInfo keyTransRecipientInfo;
00447        NSSCMSKeyAgreeRecipientInfo keyAgreeRecipientInfo;
00448        NSSCMSKEKRecipientInfo kekRecipientInfo;
00449        NSSCMSKeyTransRecipientInfoEx keyTransRecipientInfoEx;
00450     } ri;
00451     /* --------- local; not part of encoding --------- */
00452     NSSCMSMessage *         cmsg;                /* back pointer to message */
00453     CERTCertificate *              cert;                /* recipient's certificate */
00454 };
00455 
00456 /* =============================================================================
00457  * DIGESTED DATA
00458  */
00459 struct NSSCMSDigestedDataStr {
00460     SECItem                 version;
00461     SECAlgorithmID          digestAlg;
00462     NSSCMSContentInfo              contentInfo;
00463     SECItem                 digest;
00464     /* --------- local; not part of encoding --------- */
00465     NSSCMSMessage *         cmsg;         /* back pointer */
00466     SECItem                 cdigest;      /* calculated digest */
00467 };
00468 #define NSS_CMS_DIGESTED_DATA_VERSION_DATA       0      /* what we *create* */
00469 #define NSS_CMS_DIGESTED_DATA_VERSION_ENCAP      2      /* what we *create* */
00470 
00471 /* =============================================================================
00472  * ENCRYPTED DATA
00473  */
00474 struct NSSCMSEncryptedDataStr {
00475     SECItem                 version;
00476     NSSCMSContentInfo              contentInfo;
00477     NSSCMSAttribute **             unprotectedAttr;     /* optional */
00478     /* --------- local; not part of encoding --------- */
00479     NSSCMSMessage *         cmsg;         /* back pointer */
00480 };
00481 #define NSS_CMS_ENCRYPTED_DATA_VERSION           0      /* what we *create* */
00482 #define NSS_CMS_ENCRYPTED_DATA_VERSION_UPATTR    2      /* what we *create* */
00483 
00484 /* =============================================================================
00485  * FORTEZZA KEA
00486  */
00487 
00488 /* An enumerated type used to select templates based on the encryption
00489    scenario and data specifics. */
00490 typedef enum {
00491     NSSCMSKEAInvalid = -1,
00492     NSSCMSKEAUsesSkipjack = 0,
00493     NSSCMSKEAUsesNonSkipjack = 1,
00494     NSSCMSKEAUsesNonSkipjackWithPaddedEncKey = 2
00495 } NSSCMSKEATemplateSelector;
00496 
00497 /* ### mwelch - S/MIME KEA parameters. These don't really fit here,
00498                 but I cannot think of a more appropriate place at this time. */
00499 struct NSSCMSSMIMEKEAParametersStr {
00500     SECItem originatorKEAKey;      /* sender KEA key (encrypted?) */
00501     SECItem originatorRA;   /* random number generated by sender */
00502     SECItem nonSkipjackIV;  /* init'n vector for SkipjackCBC64
00503                                 decryption of KEA key if Skipjack
00504                                is not the bulk algorithm used on
00505                                the message */
00506     SECItem bulkKeySize;    /* if Skipjack is not the bulk
00507                                 algorithm used on the message,
00508                                and the size of the bulk encryption
00509                                key is not the same as that of
00510                                originatorKEAKey (due to padding
00511                                perhaps), this field will contain
00512                                the real size of the bulk encryption
00513                                key. */
00514 };
00515 
00516 /*
00517  * *****************************************************************************
00518  * *****************************************************************************
00519  * *****************************************************************************
00520  */
00521 
00522 /*
00523  * See comment above about this type not really belonging to CMS.
00524  */
00525 struct NSSCMSAttributeStr {
00526     /* The following fields make up an encoded Attribute: */
00527     SECItem                 type;
00528     SECItem **                     values;       /* data may or may not be encoded */
00529     /* The following fields are not part of an encoded Attribute: */
00530     SECOidData *            typeTag;
00531     PRBool                  encoded;      /* when true, values are encoded */
00532 };
00533 
00534 #endif /* _CMST_H_ */