You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

148 lines
4.2 KiB

2 years ago
#
# This file is part of pyasn1-modules software.
#
# Created by Russ Housley with some assistance from asn1ate v.0.6.0.
#
# Copyright (c) 2019, Vigil Security, LLC
# License: http://snmplabs.com/pyasn1/license.html
#
# S/MIME Capabilities for Public Key Definitions
#
# ASN.1 source from:
# https://www.rfc-editor.org/rfc/rfc6664.txt
#
from pyasn1.type import constraint
from pyasn1.type import namedtype
from pyasn1.type import tag
from pyasn1.type import univ
from pyasn1_modules import rfc5280
from pyasn1_modules import rfc5751
from pyasn1_modules import rfc5480
from pyasn1_modules import rfc4055
from pyasn1_modules import rfc3279
MAX = float('inf')
# Imports from RFC 5280
AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
# Imports from RFC 3279
dhpublicnumber = rfc3279.dhpublicnumber
Dss_Parms = rfc3279.Dss_Parms
id_dsa = rfc3279.id_dsa
id_ecPublicKey = rfc3279.id_ecPublicKey
rsaEncryption = rfc3279.rsaEncryption
# Imports from RFC 4055
id_mgf1 = rfc4055.id_mgf1
id_RSAES_OAEP = rfc4055.id_RSAES_OAEP
id_RSASSA_PSS = rfc4055.id_RSASSA_PSS
# Imports from RFC 5480
ECParameters = rfc5480.ECParameters
id_ecDH = rfc5480.id_ecDH
id_ecMQV = rfc5480.id_ecMQV
# RSA
class RSAKeySize(univ.Integer):
# suggested values are 1024, 2048, 3072, 4096, 7680, 8192, and 15360;
# however, the integer value is not limited to these suggestions
pass
class RSAKeyCapabilities(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('minKeySize', RSAKeySize()),
namedtype.OptionalNamedType('maxKeySize', RSAKeySize())
)
class RsaSsa_Pss_sig_caps(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('hashAlg', AlgorithmIdentifier()),
namedtype.OptionalNamedType('maskAlg', AlgorithmIdentifier()),
namedtype.DefaultedNamedType('trailerField', univ.Integer().subtype(value=1))
)
# Diffie-Hellman and DSA
class DSAKeySize(univ.Integer):
subtypeSpec = constraint.SingleValueConstraint(1024, 2048, 3072, 7680, 15360)
class DSAKeyCapabilities(univ.Choice):
componentType = namedtype.NamedTypes(
namedtype.NamedType('keySizes', univ.Sequence(componentType=namedtype.NamedTypes(
namedtype.NamedType('minKeySize',
DSAKeySize()),
namedtype.OptionalNamedType('maxKeySize',
DSAKeySize()),
namedtype.OptionalNamedType('maxSizeP',
univ.Integer().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('maxSizeQ',
univ.Integer().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.OptionalNamedType('maxSizeG',
univ.Integer().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 3)))
)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
namedtype.NamedType('keyParams',
Dss_Parms().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 1)))
)
# Elliptic Curve
class EC_SMimeCaps(univ.SequenceOf):
componentType = ECParameters()
subtypeSpec=constraint.ValueSizeConstraint(1, MAX)
# Update the SMIMECapabilities Attribute Map in rfc5751.py
#
# The map can either include an entry for scap-sa-rsaSSA-PSS or
# scap-pk-rsaSSA-PSS, but not both. One is associated with the
# public key and the other is associated with the signature
# algorithm; however, they use the same OID. If you need the
# other one in your application, copy the map into a local dict,
# adjust as needed, and pass the local dict to the decoder with
# openTypes=your_local_map.
_smimeCapabilityMapUpdate = {
rsaEncryption: RSAKeyCapabilities(),
id_RSASSA_PSS: RSAKeyCapabilities(),
# id_RSASSA_PSS: RsaSsa_Pss_sig_caps(),
id_RSAES_OAEP: RSAKeyCapabilities(),
id_dsa: DSAKeyCapabilities(),
dhpublicnumber: DSAKeyCapabilities(),
id_ecPublicKey: EC_SMimeCaps(),
id_ecDH: EC_SMimeCaps(),
id_ecMQV: EC_SMimeCaps(),
id_mgf1: AlgorithmIdentifier(),
}
rfc5751.smimeCapabilityMap.update(_smimeCapabilityMapUpdate)