cmsasn1.c   [plain text]

/*
 * The contents of this file are subject to the Mozilla Public
 * License Version 1.1 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a copy of
 * the License at http://www.mozilla.org/MPL/
 * 
 * Software distributed under the License is distributed on an "AS
 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
 * implied. See the License for the specific language governing
 * rights and limitations under the License.
 * 
 * The Original Code is the Netscape security libraries.
 * 
 * The Initial Developer of the Original Code is Netscape
 * Communications Corporation.  Portions created by Netscape are 
 * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
 * Rights Reserved.
 * 
 * Contributor(s):
 * 
 * Alternatively, the contents of this file may be used under the
 * terms of the GNU General Public License Version 2 or later (the
 * "GPL"), in which case the provisions of the GPL are applicable 
 * instead of those above.  If you wish to allow use of your 
 * version of this file only under the terms of the GPL and not to
 * allow others to use your version of this file under the MPL,
 * indicate your decision by deleting the provisions above and
 * replace them with the notice and other provisions required by
 * the GPL.  If you do not delete the provisions above, a recipient
 * may use your version of this file under either the MPL or the
 * GPL.
 */

/*
 * CMS ASN.1 templates
 */

#include <Security/SecCmsContentInfo.h>

#include "cmslocal.h"

#include "secoid.h"
#include <security_asn1/secasn1.h>
#include <security_asn1/secerr.h>


extern const SecAsn1Template nss_cms_set_of_attribute_template[];

//SEC_ASN1_MKSUB(CERT_IssuerAndSNTemplate)
//SEC_ASN1_MKSUB(CERT_SetOfSignedCrlTemplate)
SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
SEC_ASN1_MKSUB(kSecAsn1BitStringTemplate)
SEC_ASN1_MKSUB(kSecAsn1OctetStringTemplate)
SEC_ASN1_MKSUB(kSecAsn1PointerToOctetStringTemplate)
SEC_ASN1_MKSUB(kSecAsn1SetOfAnyTemplate)

/* -----------------------------------------------------------------------------
 * MESSAGE
 * (uses SecCmsContentInfo)
 */

/* forward declaration */
static const SecAsn1Template *
nss_cms_choose_content_template(void *src_or_dest, Boolean encoding, const char *buf, void *dest);

static const SecAsn1TemplateChooserPtr nss_cms_chooser
	= nss_cms_choose_content_template;

const SecAsn1Template SecCmsMessageTemplate[] = {
    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
	  0, NULL, sizeof(SecCmsMessage) },
    { SEC_ASN1_OBJECT_ID,
	  offsetof(SecCmsMessage,contentInfo.contentType) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_DYNAMIC | SEC_ASN1_MAY_STREAM
     | SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
	  offsetof(SecCmsMessage,contentInfo.content),
	  &nss_cms_chooser },
    { 0 }
};

#if 0
static const SecAsn1Template NSS_PointerToCMSMessageTemplate[] = {
    { SEC_ASN1_POINTER, 0, SecCmsMessageTemplate }
};
#endif

/* -----------------------------------------------------------------------------
 * ENCAPSULATED & ENCRYPTED CONTENTINFO
 * (both use a SecCmsContentInfo)
 */
static const SecAsn1Template SecCmsEncapsulatedContentInfoTemplate[] = {
    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
	  0, NULL, sizeof(SecCmsContentInfo) },
    { SEC_ASN1_OBJECT_ID,
	  offsetof(SecCmsContentInfo,contentType) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | SEC_ASN1_MAY_STREAM |
	SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
	  offsetof(SecCmsContentInfo,rawContent),
	  SEC_ASN1_SUB(kSecAsn1PointerToOctetStringTemplate) },
    { 0 }
};

static const SecAsn1Template SecCmsEncryptedContentInfoTemplate[] = {
    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
	  0, NULL, sizeof(SecCmsContentInfo) },
    { SEC_ASN1_OBJECT_ID,
	  offsetof(SecCmsContentInfo,contentType) },
    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
	  offsetof(SecCmsContentInfo,contentEncAlg),
	  SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_POINTER | SEC_ASN1_MAY_STREAM | 
      SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
	  offsetof(SecCmsContentInfo,rawContent),
	  SEC_ASN1_SUB(kSecAsn1OctetStringTemplate) },
    { 0 }
};

/* -----------------------------------------------------------------------------
 * SIGNED DATA
 */

const SecAsn1Template SecCmsSignerInfoTemplate[];


const SecAsn1Template SecCmsSignedDataTemplate[] = {
    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
	  0, NULL, sizeof(SecCmsSignedData) },
    { SEC_ASN1_INTEGER | SEC_ASN1_SIGNED_INT,
	  offsetof(SecCmsSignedData,version) },
    { SEC_ASN1_SET_OF | SEC_ASN1_XTRN,
	  offsetof(SecCmsSignedData,digestAlgorithms),
	  SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
    { SEC_ASN1_INLINE,
	  offsetof(SecCmsSignedData,contentInfo),
	  SecCmsEncapsulatedContentInfoTemplate },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
      SEC_ASN1_XTRN | 0,
	  offsetof(SecCmsSignedData,rawCerts),
	  SEC_ASN1_SUB(kSecAsn1SetOfAnyTemplate) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
      SEC_ASN1_XTRN | 1,
	  offsetof(SecCmsSignedData,rawCrls),
	  SEC_ASN1_SUB(kSecAsn1SetOfAnyTemplate) },
    { SEC_ASN1_SET_OF,
	  offsetof(SecCmsSignedData,signerInfos),
	  SecCmsSignerInfoTemplate },
    { 0 }
};

const SecAsn1Template NSS_PointerToCMSSignedDataTemplate[] = {
    { SEC_ASN1_POINTER, 0, SecCmsSignedDataTemplate }
};

/* -----------------------------------------------------------------------------
 * signeridentifier
 */

static const SecAsn1Template SecCmsSignerIdentifierTemplate[] = {
    { SEC_ASN1_CHOICE,
	  offsetof(SecCmsSignerIdentifier,identifierType), NULL,
	  sizeof(SecCmsSignerIdentifier) },
    { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
	  offsetof(SecCmsSignerIdentifier,id.subjectKeyID),
	  SEC_ASN1_SUB(kSecAsn1OctetStringTemplate) ,
	  SecCmsRecipientIDSubjectKeyID },
    { SEC_ASN1_POINTER | SEC_ASN1_XTRN,
	  offsetof(SecCmsSignerIdentifier,id.issuerAndSN),
	  SEC_ASN1_SUB(SecCmsIssuerAndSNTemplate),
	  SecCmsRecipientIDIssuerSN },
    { 0 }
};

/* -----------------------------------------------------------------------------
 * signerinfo
 */

const SecAsn1Template SecCmsSignerInfoTemplate[] = {
    { SEC_ASN1_SEQUENCE,
	  0, NULL, sizeof(SecCmsSignerInfo) },
    { SEC_ASN1_INTEGER | SEC_ASN1_SIGNED_INT,
	  offsetof(SecCmsSignerInfo,version) },
    { SEC_ASN1_INLINE,
	  offsetof(SecCmsSignerInfo,signerIdentifier),
	  SecCmsSignerIdentifierTemplate },
    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
	  offsetof(SecCmsSignerInfo,digestAlg),
	  SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
	  offsetof(SecCmsSignerInfo,authAttr),
	  nss_cms_set_of_attribute_template },
    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
	  offsetof(SecCmsSignerInfo,digestEncAlg),
	  SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
    { SEC_ASN1_OCTET_STRING,
	  offsetof(SecCmsSignerInfo,encDigest) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
	  offsetof(SecCmsSignerInfo,unAuthAttr),
	  nss_cms_set_of_attribute_template },
    { 0 }
};

/* -----------------------------------------------------------------------------
 * ENVELOPED DATA
 */

static const SecAsn1Template SecCmsOriginatorInfoTemplate[] = {
    { SEC_ASN1_SEQUENCE,
	  0, NULL, sizeof(SecCmsOriginatorInfo) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
      SEC_ASN1_XTRN | 0,
	  offsetof(SecCmsOriginatorInfo,rawCerts),
	  SEC_ASN1_SUB(kSecAsn1SetOfAnyTemplate) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
      SEC_ASN1_XTRN | 1,
	  offsetof(SecCmsOriginatorInfo,rawCrls),
	  SEC_ASN1_SUB(kSecAsn1SetOfAnyTemplate) },
    { 0 }
};

const SecAsn1Template SecCmsRecipientInfoTemplate[];

const SecAsn1Template SecCmsEnvelopedDataTemplate[] = {
    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
	  0, NULL, sizeof(SecCmsEnvelopedData) },
    { SEC_ASN1_INTEGER | SEC_ASN1_SIGNED_INT,
	  offsetof(SecCmsEnvelopedData,version) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_POINTER | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
	  offsetof(SecCmsEnvelopedData,originatorInfo),
	  SecCmsOriginatorInfoTemplate },
    { SEC_ASN1_SET_OF,
	  offsetof(SecCmsEnvelopedData,recipientInfos),
	  SecCmsRecipientInfoTemplate },
    { SEC_ASN1_INLINE,
	  offsetof(SecCmsEnvelopedData,contentInfo),
	  SecCmsEncryptedContentInfoTemplate },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
	  offsetof(SecCmsEnvelopedData,unprotectedAttr),
	  nss_cms_set_of_attribute_template },
    { 0 }
};

const SecAsn1Template NSS_PointerToCMSEnvelopedDataTemplate[] = {
    { SEC_ASN1_POINTER, 0, SecCmsEnvelopedDataTemplate }
};

/* here come the 15 gazillion templates for all the v3 varieties of RecipientInfo */

/* -----------------------------------------------------------------------------
 * key transport recipient info
 */

static const SecAsn1Template SecCmsRecipientIdentifierTemplate[] = {
    { SEC_ASN1_CHOICE,
	  offsetof(SecCmsRecipientIdentifier,identifierType), NULL,
	  sizeof(SecCmsRecipientIdentifier) },
    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
      SEC_ASN1_XTRN | 0,
	  offsetof(SecCmsRecipientIdentifier,id.subjectKeyID),
	  SEC_ASN1_SUB(kSecAsn1PointerToOctetStringTemplate) ,
	  SecCmsRecipientIDSubjectKeyID },
    { SEC_ASN1_POINTER | SEC_ASN1_XTRN,
	  offsetof(SecCmsRecipientIdentifier,id.issuerAndSN),
	  SEC_ASN1_SUB(SecCmsIssuerAndSNTemplate),
	  SecCmsRecipientIDIssuerSN },
    { 0 }
};


static const SecAsn1Template SecCmsKeyTransRecipientInfoTemplate[] = {
    { SEC_ASN1_SEQUENCE,
	  0, NULL, sizeof(SecCmsKeyTransRecipientInfo) },
    { SEC_ASN1_INTEGER | SEC_ASN1_SIGNED_INT,
	  offsetof(SecCmsKeyTransRecipientInfo,version) },
    { SEC_ASN1_INLINE,
	  offsetof(SecCmsKeyTransRecipientInfo,recipientIdentifier),
	  SecCmsRecipientIdentifierTemplate },
    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
	  offsetof(SecCmsKeyTransRecipientInfo,keyEncAlg),
	  SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
    { SEC_ASN1_OCTET_STRING,
	  offsetof(SecCmsKeyTransRecipientInfo,encKey) },
    { 0 }
};

/* -----------------------------------------------------------------------------
 * key agreement recipient info
 */

static const SecAsn1Template SecCmsOriginatorPublicKeyTemplate[] = {
    { SEC_ASN1_SEQUENCE,
	  0, NULL, sizeof(SecCmsOriginatorPublicKey) },
    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
	  offsetof(SecCmsOriginatorPublicKey,algorithmIdentifier),
	  SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
	  offsetof(SecCmsOriginatorPublicKey,publicKey),
	  SEC_ASN1_SUB(kSecAsn1BitStringTemplate) },
    { 0 }
};


static const SecAsn1Template SecCmsOriginatorIdentifierOrKeyTemplate[] = {
    { SEC_ASN1_CHOICE,
	  offsetof(SecCmsOriginatorIdentifierOrKey,identifierType), NULL,
	  sizeof(SecCmsOriginatorIdentifierOrKey) },
    { SEC_ASN1_POINTER | SEC_ASN1_XTRN,
	  offsetof(SecCmsOriginatorIdentifierOrKey,id.issuerAndSN),
	  SEC_ASN1_SUB(SecCmsIssuerAndSNTemplate),
	  SecCmsOriginatorIDOrKeyIssuerSN },
    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
      /* this was tag 1 here, 2 for the next; RFC 3852 says they are 0 and 1 */
      SEC_ASN1_XTRN | 0,
	  offsetof(SecCmsOriginatorIdentifierOrKey,id.subjectKeyID),
	  kSecAsn1OctetStringTemplate,
	  SecCmsOriginatorIDOrKeySubjectKeyID },
    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
	  offsetof(SecCmsOriginatorIdentifierOrKey,id.originatorPublicKey),
	  SecCmsOriginatorPublicKeyTemplate,
	  SecCmsOriginatorIDOrKeyOriginatorPublicKey },
    { 0 }
};

const SecAsn1Template SecCmsRecipientKeyIdentifierTemplate[] = {
    { SEC_ASN1_SEQUENCE,
	  0, NULL, sizeof(SecCmsRecipientKeyIdentifier) },
    { SEC_ASN1_OCTET_STRING,
	  offsetof(SecCmsRecipientKeyIdentifier,subjectKeyIdentifier) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_OCTET_STRING,
	  offsetof(SecCmsRecipientKeyIdentifier,date) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_OCTET_STRING,
	  offsetof(SecCmsRecipientKeyIdentifier,other) },
    { 0 }
};


static const SecAsn1Template SecCmsKeyAgreeRecipientIdentifierTemplate[] = {
    { SEC_ASN1_CHOICE,
	  offsetof(SecCmsKeyAgreeRecipientIdentifier,identifierType), NULL,
	  sizeof(SecCmsKeyAgreeRecipientIdentifier) },
    { SEC_ASN1_POINTER | SEC_ASN1_XTRN,
	  offsetof(SecCmsKeyAgreeRecipientIdentifier,id.issuerAndSN),
	  SEC_ASN1_SUB(SecCmsIssuerAndSNTemplate),
	  SecCmsKeyAgreeRecipientIDIssuerSN },
    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
	  offsetof(SecCmsKeyAgreeRecipientIdentifier,id.recipientKeyIdentifier),
	  SecCmsRecipientKeyIdentifierTemplate,
	  SecCmsKeyAgreeRecipientIDRKeyID },
    { 0 }
};

static const SecAsn1Template SecCmsRecipientEncryptedKeyTemplate[] = {
    { SEC_ASN1_SEQUENCE,
	  0, NULL, sizeof(SecCmsRecipientEncryptedKey) },
    { SEC_ASN1_INLINE,
	  offsetof(SecCmsRecipientEncryptedKey,recipientIdentifier),
	  SecCmsKeyAgreeRecipientIdentifierTemplate },
    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
	  offsetof(SecCmsRecipientEncryptedKey,encKey),
	  SEC_ASN1_SUB(kSecAsn1OctetStringTemplate) },
    { 0 }
};

static const SecAsn1Template SecCmsKeyAgreeRecipientInfoTemplate[] = {
    { SEC_ASN1_SEQUENCE,
	  0, NULL, sizeof(SecCmsKeyAgreeRecipientInfo) },
    { SEC_ASN1_INTEGER | SEC_ASN1_SIGNED_INT,
	  offsetof(SecCmsKeyAgreeRecipientInfo,version) },
    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
	  offsetof(SecCmsKeyAgreeRecipientInfo,originatorIdentifierOrKey),
	  SecCmsOriginatorIdentifierOrKeyTemplate },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT |
      SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
	  offsetof(SecCmsKeyAgreeRecipientInfo,ukm),
	  SEC_ASN1_SUB(kSecAsn1OctetStringTemplate) },
    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
	  offsetof(SecCmsKeyAgreeRecipientInfo,keyEncAlg),
	  SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
    { SEC_ASN1_SEQUENCE_OF,
	  offsetof(SecCmsKeyAgreeRecipientInfo,recipientEncryptedKeys),
	  SecCmsRecipientEncryptedKeyTemplate },
    { 0 }
};

/* -----------------------------------------------------------------------------
 * KEK recipient info
 */

static const SecAsn1Template SecCmsKEKIdentifierTemplate[] = {
    { SEC_ASN1_SEQUENCE,
	  0, NULL, sizeof(SecCmsKEKIdentifier) },
    { SEC_ASN1_OCTET_STRING,
	  offsetof(SecCmsKEKIdentifier,keyIdentifier) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_OCTET_STRING,
	  offsetof(SecCmsKEKIdentifier,date) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_OCTET_STRING,
	  offsetof(SecCmsKEKIdentifier,other) },
    { 0 }
};

static const SecAsn1Template SecCmsKEKRecipientInfoTemplate[] = {
    { SEC_ASN1_SEQUENCE,
	  0, NULL, sizeof(SecCmsKEKRecipientInfo) },
    { SEC_ASN1_INTEGER | SEC_ASN1_SIGNED_INT,
	  offsetof(SecCmsKEKRecipientInfo,version) },
    { SEC_ASN1_INLINE,
	  offsetof(SecCmsKEKRecipientInfo,kekIdentifier),
	  SecCmsKEKIdentifierTemplate },
    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
	  offsetof(SecCmsKEKRecipientInfo,keyEncAlg),
	  SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
    { SEC_ASN1_OCTET_STRING,
	  offsetof(SecCmsKEKRecipientInfo,encKey) },
    { 0 }
};

/* -----------------------------------------------------------------------------
 * recipient info
 */
const SecAsn1Template SecCmsRecipientInfoTemplate[] = {
    { SEC_ASN1_CHOICE,
	  offsetof(SecCmsRecipientInfo,recipientInfoType), NULL,
	  sizeof(SecCmsRecipientInfo) },
    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
	  offsetof(SecCmsRecipientInfo,ri.keyAgreeRecipientInfo),
	  SecCmsKeyAgreeRecipientInfoTemplate,
	  SecCmsRecipientInfoIDKeyAgree },
    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 2,
	  offsetof(SecCmsRecipientInfo,ri.kekRecipientInfo),
	  SecCmsKEKRecipientInfoTemplate,
	  SecCmsRecipientInfoIDKEK },
    { SEC_ASN1_INLINE,
	  offsetof(SecCmsRecipientInfo,ri.keyTransRecipientInfo),
	  SecCmsKeyTransRecipientInfoTemplate,
	  SecCmsRecipientInfoIDKeyTrans },
    { 0 }
};

/* -----------------------------------------------------------------------------
 *
 */

const SecAsn1Template SecCmsDigestedDataTemplate[] = {
    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
	  0, NULL, sizeof(SecCmsDigestedData) },
    { SEC_ASN1_INTEGER | SEC_ASN1_SIGNED_INT,
	  offsetof(SecCmsDigestedData,version) },
    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
	  offsetof(SecCmsDigestedData,digestAlg),
	  SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
    { SEC_ASN1_INLINE,
	  offsetof(SecCmsDigestedData,contentInfo),
	  SecCmsEncapsulatedContentInfoTemplate },
    { SEC_ASN1_OCTET_STRING,
	  offsetof(SecCmsDigestedData,digest) },
    { 0 }
};

const SecAsn1Template NSS_PointerToCMSDigestedDataTemplate[] = {
    { SEC_ASN1_POINTER, 0, SecCmsDigestedDataTemplate }
};

const SecAsn1Template SecCmsEncryptedDataTemplate[] = {
    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
	  0, NULL, sizeof(SecCmsEncryptedData) },
    { SEC_ASN1_INTEGER | SEC_ASN1_SIGNED_INT,
	  offsetof(SecCmsEncryptedData,version) },
    { SEC_ASN1_INLINE,
	  offsetof(SecCmsEncryptedData,contentInfo),
	  SecCmsEncryptedContentInfoTemplate },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
	  offsetof(SecCmsEncryptedData,unprotectedAttr),
	  nss_cms_set_of_attribute_template },
    { 0 }
};

const SecAsn1Template NSS_PointerToCMSEncryptedDataTemplate[] = {
    { SEC_ASN1_POINTER, 0, SecCmsEncryptedDataTemplate }
};

/* -----------------------------------------------------------------------------
 * SetOfSignedCrlTemplate
 */
const SecAsn1Template SecCmsIssuerAndSNTemplate[] = {
    { SEC_ASN1_SEQUENCE,
          0, NULL, sizeof(SecCmsIssuerAndSN) },
#if 1 // @@@ Switch to using NSS_NameTemplate
    { SEC_ASN1_ANY,
          offsetof(SecCmsIssuerAndSN,derIssuer) },
#else
    { SEC_ASN1_INLINE,
	  offsetof(SecCmsIssuerAndSN,issuer),
	  NSS_NameTemplate },
#endif
    { SEC_ASN1_INTEGER | SEC_ASN1_SIGNED_INT,
          offsetof(SecCmsIssuerAndSN,serialNumber) },
    { 0 }
};


/* -----------------------------------------------------------------------------
 * FORTEZZA KEA
 */
const SecAsn1Template NSS_SMIMEKEAParamTemplateSkipjack[] = {
	{ SEC_ASN1_SEQUENCE,
	  0, NULL, sizeof(SecCmsSMIMEKEAParameters) },
	{ SEC_ASN1_OCTET_STRING /* | SEC_ASN1_OPTIONAL */,
	  offsetof(SecCmsSMIMEKEAParameters,originatorKEAKey) },
	{ SEC_ASN1_OCTET_STRING,
	  offsetof(SecCmsSMIMEKEAParameters,originatorRA) },
	{ 0 }
};

const SecAsn1Template NSS_SMIMEKEAParamTemplateNoSkipjack[] = {
	{ SEC_ASN1_SEQUENCE,
	  0, NULL, sizeof(SecCmsSMIMEKEAParameters) },
	{ SEC_ASN1_OCTET_STRING /* | SEC_ASN1_OPTIONAL */,
	  offsetof(SecCmsSMIMEKEAParameters,originatorKEAKey) },
	{ SEC_ASN1_OCTET_STRING,
	  offsetof(SecCmsSMIMEKEAParameters,originatorRA) },
	{ SEC_ASN1_OCTET_STRING  | SEC_ASN1_OPTIONAL ,
	  offsetof(SecCmsSMIMEKEAParameters,nonSkipjackIV) },
	{ 0 }
};

const SecAsn1Template NSS_SMIMEKEAParamTemplateAllParams[] = {
	{ SEC_ASN1_SEQUENCE,
	  0, NULL, sizeof(SecCmsSMIMEKEAParameters) },
	{ SEC_ASN1_OCTET_STRING /* | SEC_ASN1_OPTIONAL */,
	  offsetof(SecCmsSMIMEKEAParameters,originatorKEAKey) },
	{ SEC_ASN1_OCTET_STRING,
	  offsetof(SecCmsSMIMEKEAParameters,originatorRA) },
	{ SEC_ASN1_OCTET_STRING  | SEC_ASN1_OPTIONAL ,
	  offsetof(SecCmsSMIMEKEAParameters,nonSkipjackIV) },
	{ SEC_ASN1_OCTET_STRING  | SEC_ASN1_OPTIONAL ,
	  offsetof(SecCmsSMIMEKEAParameters,bulkKeySize) },
	{ 0 }
};

const SecAsn1Template *
nss_cms_get_kea_template(SecCmsKEATemplateSelector whichTemplate)
{
	const SecAsn1Template *returnVal = NULL;

	switch(whichTemplate)
	{
	case SecCmsKEAUsesNonSkipjack:
		returnVal = NSS_SMIMEKEAParamTemplateNoSkipjack;
		break;
	case SecCmsKEAUsesSkipjack:
		returnVal = NSS_SMIMEKEAParamTemplateSkipjack;
		break;
	case SecCmsKEAUsesNonSkipjackWithPaddedEncKey:
	default:
		returnVal = NSS_SMIMEKEAParamTemplateAllParams;
		break;
	}
	return returnVal;
}

/* -----------------------------------------------------------------------------
 *
 */
static const SecAsn1Template *
nss_cms_choose_content_template(void *src_or_dest, Boolean encoding, const char *buf, void *dest)
{
    const SecAsn1Template *theTemplate;
    SecCmsContentInfoRef cinfo;

    PORT_Assert (src_or_dest != NULL);
    if (src_or_dest == NULL)
	return NULL;

    cinfo = (SecCmsContentInfoRef)src_or_dest;
    switch (SecCmsContentInfoGetContentTypeTag(cinfo)) {
    default:
	theTemplate = SEC_ASN1_GET(kSecAsn1PointerToAnyTemplate);
	break;
    case SEC_OID_PKCS7_DATA:
    case SEC_OID_OTHER:
	theTemplate = SEC_ASN1_GET(kSecAsn1PointerToOctetStringTemplate);
	break;
    case SEC_OID_PKCS7_SIGNED_DATA:
	theTemplate = NSS_PointerToCMSSignedDataTemplate;
	break;
    case SEC_OID_PKCS7_ENVELOPED_DATA:
	theTemplate = NSS_PointerToCMSEnvelopedDataTemplate;
	break;
    case SEC_OID_PKCS7_DIGESTED_DATA:
	theTemplate = NSS_PointerToCMSDigestedDataTemplate;
	break;
    case SEC_OID_PKCS7_ENCRYPTED_DATA:
	theTemplate = NSS_PointerToCMSEncryptedDataTemplate;
	break;
    }
    return theTemplate;
}