You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
259 lines
10 KiB
259 lines
10 KiB
2 years ago
|
#
|
||
|
# This file is part of pyasn1-modules software.
|
||
|
#
|
||
|
# Created by Russ Housley with a very small amount of assistance from
|
||
|
# asn1ate v.0.6.0.
|
||
|
# Modified by Russ Housley to add maps for opentypes.
|
||
|
#
|
||
|
# Copyright (c) 2019, Vigil Security, LLC
|
||
|
# License: http://snmplabs.com/pyasn1/license.html
|
||
|
#
|
||
|
# Additional Algorithms and Identifiers for RSA Cryptography
|
||
|
# for use in Certificates and CRLs
|
||
|
#
|
||
|
# ASN.1 source from:
|
||
|
# https://www.rfc-editor.org/rfc/rfc4055.txt
|
||
|
#
|
||
|
from pyasn1.type import namedtype
|
||
|
from pyasn1.type import tag
|
||
|
from pyasn1.type import univ
|
||
|
|
||
|
from pyasn1_modules import rfc5280
|
||
|
|
||
|
|
||
|
def _OID(*components):
|
||
|
output = []
|
||
|
for x in tuple(components):
|
||
|
if isinstance(x, univ.ObjectIdentifier):
|
||
|
output.extend(list(x))
|
||
|
else:
|
||
|
output.append(int(x))
|
||
|
return univ.ObjectIdentifier(output)
|
||
|
|
||
|
|
||
|
id_sha1 = _OID(1, 3, 14, 3, 2, 26)
|
||
|
|
||
|
id_sha256 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 1)
|
||
|
|
||
|
id_sha384 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 2)
|
||
|
|
||
|
id_sha512 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 3)
|
||
|
|
||
|
id_sha224 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 4)
|
||
|
|
||
|
rsaEncryption = _OID(1, 2, 840, 113549, 1, 1, 1)
|
||
|
|
||
|
id_mgf1 = _OID(1, 2, 840, 113549, 1, 1, 8)
|
||
|
|
||
|
id_RSAES_OAEP = _OID(1, 2, 840, 113549, 1, 1, 7)
|
||
|
|
||
|
id_pSpecified = _OID(1, 2, 840, 113549, 1, 1, 9)
|
||
|
|
||
|
id_RSASSA_PSS = _OID(1, 2, 840, 113549, 1, 1, 10)
|
||
|
|
||
|
sha256WithRSAEncryption = _OID(1, 2, 840, 113549, 1, 1, 11)
|
||
|
|
||
|
sha384WithRSAEncryption = _OID(1, 2, 840, 113549, 1, 1, 12)
|
||
|
|
||
|
sha512WithRSAEncryption = _OID(1, 2, 840, 113549, 1, 1, 13)
|
||
|
|
||
|
sha224WithRSAEncryption = _OID(1, 2, 840, 113549, 1, 1, 14)
|
||
|
|
||
|
sha1Identifier = rfc5280.AlgorithmIdentifier()
|
||
|
sha1Identifier['algorithm'] = id_sha1
|
||
|
sha1Identifier['parameters'] = univ.Null("")
|
||
|
|
||
|
sha224Identifier = rfc5280.AlgorithmIdentifier()
|
||
|
sha224Identifier['algorithm'] = id_sha224
|
||
|
sha224Identifier['parameters'] = univ.Null("")
|
||
|
|
||
|
sha256Identifier = rfc5280.AlgorithmIdentifier()
|
||
|
sha256Identifier['algorithm'] = id_sha256
|
||
|
sha256Identifier['parameters'] = univ.Null("")
|
||
|
|
||
|
sha384Identifier = rfc5280.AlgorithmIdentifier()
|
||
|
sha384Identifier['algorithm'] = id_sha384
|
||
|
sha384Identifier['parameters'] = univ.Null("")
|
||
|
|
||
|
sha512Identifier = rfc5280.AlgorithmIdentifier()
|
||
|
sha512Identifier['algorithm'] = id_sha512
|
||
|
sha512Identifier['parameters'] = univ.Null("")
|
||
|
|
||
|
mgf1SHA1Identifier = rfc5280.AlgorithmIdentifier()
|
||
|
mgf1SHA1Identifier['algorithm'] = id_mgf1
|
||
|
mgf1SHA1Identifier['parameters'] = sha1Identifier
|
||
|
|
||
|
mgf1SHA224Identifier = rfc5280.AlgorithmIdentifier()
|
||
|
mgf1SHA224Identifier['algorithm'] = id_mgf1
|
||
|
mgf1SHA224Identifier['parameters'] = sha224Identifier
|
||
|
|
||
|
mgf1SHA256Identifier = rfc5280.AlgorithmIdentifier()
|
||
|
mgf1SHA256Identifier['algorithm'] = id_mgf1
|
||
|
mgf1SHA256Identifier['parameters'] = sha256Identifier
|
||
|
|
||
|
mgf1SHA384Identifier = rfc5280.AlgorithmIdentifier()
|
||
|
mgf1SHA384Identifier['algorithm'] = id_mgf1
|
||
|
mgf1SHA384Identifier['parameters'] = sha384Identifier
|
||
|
|
||
|
mgf1SHA512Identifier = rfc5280.AlgorithmIdentifier()
|
||
|
mgf1SHA512Identifier['algorithm'] = id_mgf1
|
||
|
mgf1SHA512Identifier['parameters'] = sha512Identifier
|
||
|
|
||
|
pSpecifiedEmptyIdentifier = rfc5280.AlgorithmIdentifier()
|
||
|
pSpecifiedEmptyIdentifier['algorithm'] = id_pSpecified
|
||
|
pSpecifiedEmptyIdentifier['parameters'] = univ.OctetString(value='')
|
||
|
|
||
|
|
||
|
class RSAPublicKey(univ.Sequence):
|
||
|
pass
|
||
|
|
||
|
RSAPublicKey.componentType = namedtype.NamedTypes(
|
||
|
namedtype.NamedType('modulus', univ.Integer()),
|
||
|
namedtype.NamedType('publicExponent', univ.Integer())
|
||
|
)
|
||
|
|
||
|
|
||
|
class HashAlgorithm(rfc5280.AlgorithmIdentifier):
|
||
|
pass
|
||
|
|
||
|
|
||
|
class MaskGenAlgorithm(rfc5280.AlgorithmIdentifier):
|
||
|
pass
|
||
|
|
||
|
|
||
|
class RSAES_OAEP_params(univ.Sequence):
|
||
|
pass
|
||
|
|
||
|
RSAES_OAEP_params.componentType = namedtype.NamedTypes(
|
||
|
namedtype.OptionalNamedType('hashFunc', rfc5280.AlgorithmIdentifier().subtype(
|
||
|
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
|
||
|
namedtype.OptionalNamedType('maskGenFunc', rfc5280.AlgorithmIdentifier().subtype(
|
||
|
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
|
||
|
namedtype.OptionalNamedType('pSourceFunc', rfc5280.AlgorithmIdentifier().subtype(
|
||
|
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
|
||
|
)
|
||
|
|
||
|
rSAES_OAEP_Default_Params = RSAES_OAEP_params()
|
||
|
|
||
|
rSAES_OAEP_Default_Identifier = rfc5280.AlgorithmIdentifier()
|
||
|
rSAES_OAEP_Default_Identifier['algorithm'] = id_RSAES_OAEP
|
||
|
rSAES_OAEP_Default_Identifier['parameters'] = rSAES_OAEP_Default_Params
|
||
|
|
||
|
rSAES_OAEP_SHA224_Params = RSAES_OAEP_params()
|
||
|
rSAES_OAEP_SHA224_Params['hashFunc'] = sha224Identifier.subtype(
|
||
|
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True)
|
||
|
rSAES_OAEP_SHA224_Params['maskGenFunc'] = mgf1SHA224Identifier.subtype(
|
||
|
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True)
|
||
|
|
||
|
rSAES_OAEP_SHA224_Identifier = rfc5280.AlgorithmIdentifier()
|
||
|
rSAES_OAEP_SHA224_Identifier['algorithm'] = id_RSAES_OAEP
|
||
|
rSAES_OAEP_SHA224_Identifier['parameters'] = rSAES_OAEP_SHA224_Params
|
||
|
|
||
|
rSAES_OAEP_SHA256_Params = RSAES_OAEP_params()
|
||
|
rSAES_OAEP_SHA256_Params['hashFunc'] = sha256Identifier.subtype(
|
||
|
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True)
|
||
|
rSAES_OAEP_SHA256_Params['maskGenFunc'] = mgf1SHA256Identifier.subtype(
|
||
|
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True)
|
||
|
|
||
|
rSAES_OAEP_SHA256_Identifier = rfc5280.AlgorithmIdentifier()
|
||
|
rSAES_OAEP_SHA256_Identifier['algorithm'] = id_RSAES_OAEP
|
||
|
rSAES_OAEP_SHA256_Identifier['parameters'] = rSAES_OAEP_SHA256_Params
|
||
|
|
||
|
rSAES_OAEP_SHA384_Params = RSAES_OAEP_params()
|
||
|
rSAES_OAEP_SHA384_Params['hashFunc'] = sha384Identifier.subtype(
|
||
|
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True)
|
||
|
rSAES_OAEP_SHA384_Params['maskGenFunc'] = mgf1SHA384Identifier.subtype(
|
||
|
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True)
|
||
|
|
||
|
rSAES_OAEP_SHA384_Identifier = rfc5280.AlgorithmIdentifier()
|
||
|
rSAES_OAEP_SHA384_Identifier['algorithm'] = id_RSAES_OAEP
|
||
|
rSAES_OAEP_SHA384_Identifier['parameters'] = rSAES_OAEP_SHA384_Params
|
||
|
|
||
|
rSAES_OAEP_SHA512_Params = RSAES_OAEP_params()
|
||
|
rSAES_OAEP_SHA512_Params['hashFunc'] = sha512Identifier.subtype(
|
||
|
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True)
|
||
|
rSAES_OAEP_SHA512_Params['maskGenFunc'] = mgf1SHA512Identifier.subtype(
|
||
|
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True)
|
||
|
|
||
|
rSAES_OAEP_SHA512_Identifier = rfc5280.AlgorithmIdentifier()
|
||
|
rSAES_OAEP_SHA512_Identifier['algorithm'] = id_RSAES_OAEP
|
||
|
rSAES_OAEP_SHA512_Identifier['parameters'] = rSAES_OAEP_SHA512_Params
|
||
|
|
||
|
|
||
|
class RSASSA_PSS_params(univ.Sequence):
|
||
|
pass
|
||
|
|
||
|
RSASSA_PSS_params.componentType = namedtype.NamedTypes(
|
||
|
namedtype.OptionalNamedType('hashAlgorithm', rfc5280.AlgorithmIdentifier().subtype(
|
||
|
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
|
||
|
namedtype.OptionalNamedType('maskGenAlgorithm', rfc5280.AlgorithmIdentifier().subtype(
|
||
|
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
|
||
|
namedtype.DefaultedNamedType('saltLength', univ.Integer(value=20).subtype(
|
||
|
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
|
||
|
namedtype.DefaultedNamedType('trailerField', univ.Integer(value=1).subtype(
|
||
|
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
|
||
|
)
|
||
|
|
||
|
rSASSA_PSS_Default_Params = RSASSA_PSS_params()
|
||
|
|
||
|
rSASSA_PSS_Default_Identifier = rfc5280.AlgorithmIdentifier()
|
||
|
rSASSA_PSS_Default_Identifier['algorithm'] = id_RSASSA_PSS
|
||
|
rSASSA_PSS_Default_Identifier['parameters'] = rSASSA_PSS_Default_Params
|
||
|
|
||
|
rSASSA_PSS_SHA224_Params = RSASSA_PSS_params()
|
||
|
rSASSA_PSS_SHA224_Params['hashAlgorithm'] = sha224Identifier.subtype(
|
||
|
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True)
|
||
|
rSASSA_PSS_SHA224_Params['maskGenAlgorithm'] = mgf1SHA224Identifier.subtype(
|
||
|
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True)
|
||
|
|
||
|
rSASSA_PSS_SHA224_Identifier = rfc5280.AlgorithmIdentifier()
|
||
|
rSASSA_PSS_SHA224_Identifier['algorithm'] = id_RSASSA_PSS
|
||
|
rSASSA_PSS_SHA224_Identifier['parameters'] = rSASSA_PSS_SHA224_Params
|
||
|
|
||
|
rSASSA_PSS_SHA256_Params = RSASSA_PSS_params()
|
||
|
rSASSA_PSS_SHA256_Params['hashAlgorithm'] = sha256Identifier.subtype(
|
||
|
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True)
|
||
|
rSASSA_PSS_SHA256_Params['maskGenAlgorithm'] = mgf1SHA256Identifier.subtype(
|
||
|
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True)
|
||
|
|
||
|
rSASSA_PSS_SHA256_Identifier = rfc5280.AlgorithmIdentifier()
|
||
|
rSASSA_PSS_SHA256_Identifier['algorithm'] = id_RSASSA_PSS
|
||
|
rSASSA_PSS_SHA256_Identifier['parameters'] = rSASSA_PSS_SHA256_Params
|
||
|
|
||
|
rSASSA_PSS_SHA384_Params = RSASSA_PSS_params()
|
||
|
rSASSA_PSS_SHA384_Params['hashAlgorithm'] = sha384Identifier.subtype(
|
||
|
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True)
|
||
|
rSASSA_PSS_SHA384_Params['maskGenAlgorithm'] = mgf1SHA384Identifier.subtype(
|
||
|
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True)
|
||
|
|
||
|
rSASSA_PSS_SHA384_Identifier = rfc5280.AlgorithmIdentifier()
|
||
|
rSASSA_PSS_SHA384_Identifier['algorithm'] = id_RSASSA_PSS
|
||
|
rSASSA_PSS_SHA384_Identifier['parameters'] = rSASSA_PSS_SHA384_Params
|
||
|
|
||
|
rSASSA_PSS_SHA512_Params = RSASSA_PSS_params()
|
||
|
rSASSA_PSS_SHA512_Params['hashAlgorithm'] = sha512Identifier.subtype(
|
||
|
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True)
|
||
|
rSASSA_PSS_SHA512_Params['maskGenAlgorithm'] = mgf1SHA512Identifier.subtype(
|
||
|
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True)
|
||
|
|
||
|
rSASSA_PSS_SHA512_Identifier = rfc5280.AlgorithmIdentifier()
|
||
|
rSASSA_PSS_SHA512_Identifier['algorithm'] = id_RSASSA_PSS
|
||
|
rSASSA_PSS_SHA512_Identifier['parameters'] = rSASSA_PSS_SHA512_Params
|
||
|
|
||
|
|
||
|
# Update the Algorithm Identifier map
|
||
|
|
||
|
_algorithmIdentifierMapUpdate = {
|
||
|
id_sha1: univ.Null(),
|
||
|
id_sha224: univ.Null(),
|
||
|
id_sha256: univ.Null(),
|
||
|
id_sha384: univ.Null(),
|
||
|
id_sha512: univ.Null(),
|
||
|
id_mgf1: rfc5280.AlgorithmIdentifier(),
|
||
|
id_pSpecified: univ.OctetString(),
|
||
|
id_RSAES_OAEP: RSAES_OAEP_params(),
|
||
|
id_RSASSA_PSS: RSASSA_PSS_params(),
|
||
|
}
|
||
|
|
||
|
rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)
|