You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

260 lines
6.0 KiB

#
# This file is part of pyasn1-modules software.
#
# Created by Russ Housley.
#
# Copyright (c) 2019, Vigil Security, LLC
# License: http://snmplabs.com/pyasn1/license.html
#
# PKCS #5: Password-Based Cryptography Specification, Version 2.1
#
# ASN.1 source from:
# https://www.rfc-editor.org/rfc/rfc8018.txt
#
from pyasn1.type import constraint
from pyasn1.type import namedtype
from pyasn1.type import namedval
from pyasn1.type import univ
from pyasn1_modules import rfc3565
from pyasn1_modules import rfc5280
MAX = float('inf')
def _OID(*components):
output = []
for x in tuple(components):
if isinstance(x, univ.ObjectIdentifier):
output.extend(list(x))
else:
output.append(int(x))
return univ.ObjectIdentifier(output)
# Import from RFC 3565
AES_IV = rfc3565.AES_IV
# Import from RFC 5280
AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
# Basic object identifiers
nistAlgorithms = _OID(2, 16, 840, 1, 101, 3, 4)
aes = _OID(nistAlgorithms, 1)
oiw = _OID(1, 3, 14)
rsadsi = _OID(1, 2, 840, 113549)
pkcs = _OID(rsadsi, 1)
digestAlgorithm = _OID(rsadsi, 2)
encryptionAlgorithm = _OID(rsadsi, 3)
pkcs_5 = _OID(pkcs, 5)
# HMAC object identifiers
id_hmacWithSHA1 = _OID(digestAlgorithm, 7)
id_hmacWithSHA224 = _OID(digestAlgorithm, 8)
id_hmacWithSHA256 = _OID(digestAlgorithm, 9)
id_hmacWithSHA384 = _OID(digestAlgorithm, 10)
id_hmacWithSHA512 = _OID(digestAlgorithm, 11)
id_hmacWithSHA512_224 = _OID(digestAlgorithm, 12)
id_hmacWithSHA512_256 = _OID(digestAlgorithm, 13)
# PBES1 object identifiers
pbeWithMD2AndDES_CBC = _OID(pkcs_5, 1)
pbeWithMD2AndRC2_CBC = _OID(pkcs_5, 4)
pbeWithMD5AndDES_CBC = _OID(pkcs_5, 3)
pbeWithMD5AndRC2_CBC = _OID(pkcs_5, 6)
pbeWithSHA1AndDES_CBC = _OID(pkcs_5, 10)
pbeWithSHA1AndRC2_CBC = _OID(pkcs_5, 11)
# Supporting techniques object identifiers
desCBC = _OID(oiw, 3, 2, 7)
des_EDE3_CBC = _OID(encryptionAlgorithm, 7)
rc2CBC = _OID(encryptionAlgorithm, 2)
rc5_CBC_PAD = _OID(encryptionAlgorithm, 9)
aes128_CBC_PAD = _OID(aes, 2)
aes192_CBC_PAD = _OID(aes, 22)
aes256_CBC_PAD = _OID(aes, 42)
# PBES1
class PBEParameter(univ.Sequence):
pass
PBEParameter.componentType = namedtype.NamedTypes(
namedtype.NamedType('salt', univ.OctetString().subtype(
subtypeSpec=constraint.ValueSizeConstraint(8, 8))),
namedtype.NamedType('iterationCount', univ.Integer())
)
# PBES2
id_PBES2 = _OID(pkcs_5, 13)
class PBES2_params(univ.Sequence):
pass
PBES2_params.componentType = namedtype.NamedTypes(
namedtype.NamedType('keyDerivationFunc', AlgorithmIdentifier()),
namedtype.NamedType('encryptionScheme', AlgorithmIdentifier())
)
# PBMAC1
id_PBMAC1 = _OID(pkcs_5, 14)
class PBMAC1_params(univ.Sequence):
pass
PBMAC1_params.componentType = namedtype.NamedTypes(
namedtype.NamedType('keyDerivationFunc', AlgorithmIdentifier()),
namedtype.NamedType('messageAuthScheme', AlgorithmIdentifier())
)
# PBKDF2
id_PBKDF2 = _OID(pkcs_5, 12)
algid_hmacWithSHA1 = AlgorithmIdentifier()
algid_hmacWithSHA1['algorithm'] = id_hmacWithSHA1
algid_hmacWithSHA1['parameters'] = univ.Null("")
class PBKDF2_params(univ.Sequence):
pass
PBKDF2_params.componentType = namedtype.NamedTypes(
namedtype.NamedType('salt', univ.Choice(componentType=namedtype.NamedTypes(
namedtype.NamedType('specified', univ.OctetString()),
namedtype.NamedType('otherSource', AlgorithmIdentifier())
))),
namedtype.NamedType('iterationCount', univ.Integer().subtype(
subtypeSpec=constraint.ValueRangeConstraint(1, MAX))),
namedtype.OptionalNamedType('keyLength', univ.Integer().subtype(
subtypeSpec=constraint.ValueRangeConstraint(1, MAX))),
namedtype.DefaultedNamedType('prf', algid_hmacWithSHA1)
)
# RC2 CBC algorithm parameter
class RC2_CBC_Parameter(univ.Sequence):
pass
RC2_CBC_Parameter.componentType = namedtype.NamedTypes(
namedtype.OptionalNamedType('rc2ParameterVersion', univ.Integer()),
namedtype.NamedType('iv', univ.OctetString().subtype(
subtypeSpec=constraint.ValueSizeConstraint(8, 8)))
)
# RC5 CBC algorithm parameter
class RC5_CBC_Parameters(univ.Sequence):
pass
RC5_CBC_Parameters.componentType = namedtype.NamedTypes(
namedtype.NamedType('version',
univ.Integer(namedValues=namedval.NamedValues(('v1_0', 16))).subtype(
subtypeSpec=constraint.SingleValueConstraint(16))),
namedtype.NamedType('rounds',
univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(8, 127))),
namedtype.NamedType('blockSizeInBits',
univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(64, 128))),
namedtype.OptionalNamedType('iv', univ.OctetString())
)
# Initialization Vector for AES: OCTET STRING (SIZE(16))
class AES_IV(univ.OctetString):
pass
AES_IV.subtypeSpec = constraint.ValueSizeConstraint(16, 16)
# Initialization Vector for DES: OCTET STRING (SIZE(8))
class DES_IV(univ.OctetString):
pass
DES_IV.subtypeSpec = constraint.ValueSizeConstraint(8, 8)
# Update the Algorithm Identifier map
_algorithmIdentifierMapUpdate = {
# PBKDF2-PRFs
id_hmacWithSHA1: univ.Null(),
id_hmacWithSHA224: univ.Null(),
id_hmacWithSHA256: univ.Null(),
id_hmacWithSHA384: univ.Null(),
id_hmacWithSHA512: univ.Null(),
id_hmacWithSHA512_224: univ.Null(),
id_hmacWithSHA512_256: univ.Null(),
# PBES1Algorithms
pbeWithMD2AndDES_CBC: PBEParameter(),
pbeWithMD2AndRC2_CBC: PBEParameter(),
pbeWithMD5AndDES_CBC: PBEParameter(),
pbeWithMD5AndRC2_CBC: PBEParameter(),
pbeWithSHA1AndDES_CBC: PBEParameter(),
pbeWithSHA1AndRC2_CBC: PBEParameter(),
# PBES2Algorithms
id_PBES2: PBES2_params(),
# PBES2-KDFs
id_PBKDF2: PBKDF2_params(),
# PBMAC1Algorithms
id_PBMAC1: PBMAC1_params(),
# SupportingAlgorithms
desCBC: DES_IV(),
des_EDE3_CBC: DES_IV(),
rc2CBC: RC2_CBC_Parameter(),
rc5_CBC_PAD: RC5_CBC_Parameters(),
aes128_CBC_PAD: AES_IV(),
aes192_CBC_PAD: AES_IV(),
aes256_CBC_PAD: AES_IV(),
}
rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)