You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

337 lines
9.2 KiB

2 years ago
#
# This file is part of pyasn1-modules software.
#
# Created by Russ Housley with assistance from asn1ate v.0.6.0.
# Modified by Russ Housley to add a map for use with opentypes.
#
# Copyright (c) 2019, Vigil Security, LLC
# License: http://snmplabs.com/pyasn1/license.html
#
# Enhanced Security Services for S/MIME
#
# ASN.1 source from:
# https://www.rfc-editor.org/rfc/rfc2634.txt
#
from pyasn1.type import char
from pyasn1.type import constraint
from pyasn1.type import namedval
from pyasn1.type import namedtype
from pyasn1.type import tag
from pyasn1.type import univ
from pyasn1.type import useful
from pyasn1_modules import rfc5652
from pyasn1_modules import rfc5280
MAX = float('inf')
ContentType = rfc5652.ContentType
IssuerAndSerialNumber = rfc5652.IssuerAndSerialNumber
SubjectKeyIdentifier = rfc5652.SubjectKeyIdentifier
PolicyInformation = rfc5280.PolicyInformation
GeneralNames = rfc5280.GeneralNames
CertificateSerialNumber = rfc5280.CertificateSerialNumber
# Signing Certificate Attribute
# Warning: It is better to use SigningCertificateV2 from RFC 5035
id_aa_signingCertificate = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.12')
class Hash(univ.OctetString):
pass # SHA-1 hash of entire certificate; RFC 5035 supports other hash algorithms
class IssuerSerial(univ.Sequence):
pass
IssuerSerial.componentType = namedtype.NamedTypes(
namedtype.NamedType('issuer', GeneralNames()),
namedtype.NamedType('serialNumber', CertificateSerialNumber())
)
class ESSCertID(univ.Sequence):
pass
ESSCertID.componentType = namedtype.NamedTypes(
namedtype.NamedType('certHash', Hash()),
namedtype.OptionalNamedType('issuerSerial', IssuerSerial())
)
class SigningCertificate(univ.Sequence):
pass
SigningCertificate.componentType = namedtype.NamedTypes(
namedtype.NamedType('certs', univ.SequenceOf(
componentType=ESSCertID())),
namedtype.OptionalNamedType('policies', univ.SequenceOf(
componentType=PolicyInformation()))
)
# Mail List Expansion History Attribute
id_aa_mlExpandHistory = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.3')
ub_ml_expansion_history = univ.Integer(64)
class EntityIdentifier(univ.Choice):
pass
EntityIdentifier.componentType = namedtype.NamedTypes(
namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier())
)
class MLReceiptPolicy(univ.Choice):
pass
MLReceiptPolicy.componentType = namedtype.NamedTypes(
namedtype.NamedType('none', univ.Null().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('insteadOf', univ.SequenceOf(
componentType=GeneralNames()).subtype(
sizeSpec=constraint.ValueSizeConstraint(1, MAX)).subtype(
implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.NamedType('inAdditionTo', univ.SequenceOf(
componentType=GeneralNames()).subtype(
sizeSpec=constraint.ValueSizeConstraint(1, MAX)).subtype(
implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
)
class MLData(univ.Sequence):
pass
MLData.componentType = namedtype.NamedTypes(
namedtype.NamedType('mailListIdentifier', EntityIdentifier()),
namedtype.NamedType('expansionTime', useful.GeneralizedTime()),
namedtype.OptionalNamedType('mlReceiptPolicy', MLReceiptPolicy())
)
class MLExpansionHistory(univ.SequenceOf):
pass
MLExpansionHistory.componentType = MLData()
MLExpansionHistory.sizeSpec = constraint.ValueSizeConstraint(1, ub_ml_expansion_history)
# ESS Security Label Attribute
id_aa_securityLabel = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.2')
ub_privacy_mark_length = univ.Integer(128)
ub_security_categories = univ.Integer(64)
ub_integer_options = univ.Integer(256)
class ESSPrivacyMark(univ.Choice):
pass
ESSPrivacyMark.componentType = namedtype.NamedTypes(
namedtype.NamedType('pString', char.PrintableString().subtype(
subtypeSpec=constraint.ValueSizeConstraint(1, ub_privacy_mark_length))),
namedtype.NamedType('utf8String', char.UTF8String().subtype(
subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
)
class SecurityClassification(univ.Integer):
pass
SecurityClassification.subtypeSpec=constraint.ValueRangeConstraint(0, ub_integer_options)
SecurityClassification.namedValues = namedval.NamedValues(
('unmarked', 0),
('unclassified', 1),
('restricted', 2),
('confidential', 3),
('secret', 4),
('top-secret', 5)
)
class SecurityPolicyIdentifier(univ.ObjectIdentifier):
pass
class SecurityCategory(univ.Sequence):
pass
SecurityCategory.componentType = namedtype.NamedTypes(
namedtype.NamedType('type', univ.ObjectIdentifier().subtype(
implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('value', univ.Any().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 1)))
)
class SecurityCategories(univ.SetOf):
pass
SecurityCategories.componentType = SecurityCategory()
SecurityCategories.sizeSpec = constraint.ValueSizeConstraint(1, ub_security_categories)
class ESSSecurityLabel(univ.Set):
pass
ESSSecurityLabel.componentType = namedtype.NamedTypes(
namedtype.NamedType('security-policy-identifier', SecurityPolicyIdentifier()),
namedtype.OptionalNamedType('security-classification', SecurityClassification()),
namedtype.OptionalNamedType('privacy-mark', ESSPrivacyMark()),
namedtype.OptionalNamedType('security-categories', SecurityCategories())
)
# Equivalent Labels Attribute
id_aa_equivalentLabels = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.9')
class EquivalentLabels(univ.SequenceOf):
pass
EquivalentLabels.componentType = ESSSecurityLabel()
# Content Identifier Attribute
id_aa_contentIdentifier = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.7')
class ContentIdentifier(univ.OctetString):
pass
# Content Reference Attribute
id_aa_contentReference = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.10')
class ContentReference(univ.Sequence):
pass
ContentReference.componentType = namedtype.NamedTypes(
namedtype.NamedType('contentType', ContentType()),
namedtype.NamedType('signedContentIdentifier', ContentIdentifier()),
namedtype.NamedType('originatorSignatureValue', univ.OctetString())
)
# Message Signature Digest Attribute
id_aa_msgSigDigest = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.5')
class MsgSigDigest(univ.OctetString):
pass
# Content Hints Attribute
id_aa_contentHint = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.4')
class ContentHints(univ.Sequence):
pass
ContentHints.componentType = namedtype.NamedTypes(
namedtype.OptionalNamedType('contentDescription', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
namedtype.NamedType('contentType', ContentType())
)
# Receipt Request Attribute
class AllOrFirstTier(univ.Integer):
pass
AllOrFirstTier.namedValues = namedval.NamedValues(
('allReceipts', 0),
('firstTierRecipients', 1)
)
class ReceiptsFrom(univ.Choice):
pass
ReceiptsFrom.componentType = namedtype.NamedTypes(
namedtype.NamedType('allOrFirstTier', AllOrFirstTier().subtype(
implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('receiptList', univ.SequenceOf(
componentType=GeneralNames()).subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 1)))
)
id_aa_receiptRequest = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.1')
ub_receiptsTo = univ.Integer(16)
class ReceiptRequest(univ.Sequence):
pass
ReceiptRequest.componentType = namedtype.NamedTypes(
namedtype.NamedType('signedContentIdentifier', ContentIdentifier()),
namedtype.NamedType('receiptsFrom', ReceiptsFrom()),
namedtype.NamedType('receiptsTo', univ.SequenceOf(componentType=GeneralNames()).subtype(sizeSpec=constraint.ValueSizeConstraint(1, ub_receiptsTo)))
)
# Receipt Content Type
class ESSVersion(univ.Integer):
pass
ESSVersion.namedValues = namedval.NamedValues(
('v1', 1)
)
id_ct_receipt = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.1')
class Receipt(univ.Sequence):
pass
Receipt.componentType = namedtype.NamedTypes(
namedtype.NamedType('version', ESSVersion()),
namedtype.NamedType('contentType', ContentType()),
namedtype.NamedType('signedContentIdentifier', ContentIdentifier()),
namedtype.NamedType('originatorSignatureValue', univ.OctetString())
)
# Map of Attribute Type to the Attribute structure is added to the
# ones that are in rfc5652.py
_cmsAttributesMapUpdate = {
id_aa_signingCertificate: SigningCertificate(),
id_aa_mlExpandHistory: MLExpansionHistory(),
id_aa_securityLabel: ESSSecurityLabel(),
id_aa_equivalentLabels: EquivalentLabels(),
id_aa_contentIdentifier: ContentIdentifier(),
id_aa_contentReference: ContentReference(),
id_aa_msgSigDigest: MsgSigDigest(),
id_aa_contentHint: ContentHints(),
id_aa_receiptRequest: ReceiptRequest(),
}
rfc5652.cmsAttributesMap.update(_cmsAttributesMapUpdate)
# Map of Content Type OIDs to Content Types is added to the
# ones that are in rfc5652.py
_cmsContentTypesMapUpdate = {
id_ct_receipt: Receipt(),
}
rfc5652.cmsContentTypesMap.update(_cmsContentTypesMapUpdate)