You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

237 lines
5.4 KiB

#
# This file is part of pyasn1-modules software.
#
# Created by Russ Housley with assistance from asn1ate v.0.6.0.
#
# Copyright (c) 2019, Vigil Security, LLC
# License: http://snmplabs.com/pyasn1/license.html
#
# Use of the RSA-KEM Key Transport Algorithm in the CMS
#
# ASN.1 source from:
# https://www.rfc-editor.org/rfc/rfc5990.txt
#
from pyasn1.type import constraint
from pyasn1.type import namedtype
from pyasn1.type import univ
from pyasn1_modules import rfc5280
MAX = float('inf')
def _OID(*components):
output = []
for x in tuple(components):
if isinstance(x, univ.ObjectIdentifier):
output.extend(list(x))
else:
output.append(int(x))
return univ.ObjectIdentifier(output)
# Imports from RFC 5280
AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
# Useful types and definitions
class NullParms(univ.Null):
pass
# Object identifier arcs
is18033_2 = _OID(1, 0, 18033, 2)
nistAlgorithm = _OID(2, 16, 840, 1, 101, 3, 4)
pkcs_1 = _OID(1, 2, 840, 113549, 1, 1)
x9_44 = _OID(1, 3, 133, 16, 840, 9, 44)
x9_44_components = _OID(x9_44, 1)
# Types for algorithm identifiers
class Camellia_KeyWrappingScheme(AlgorithmIdentifier):
pass
class DataEncapsulationMechanism(AlgorithmIdentifier):
pass
class KDF2_HashFunction(AlgorithmIdentifier):
pass
class KDF3_HashFunction(AlgorithmIdentifier):
pass
class KeyDerivationFunction(AlgorithmIdentifier):
pass
class KeyEncapsulationMechanism(AlgorithmIdentifier):
pass
class X9_SymmetricKeyWrappingScheme(AlgorithmIdentifier):
pass
# RSA-KEM Key Transport Algorithm
id_rsa_kem = _OID(1, 2, 840, 113549, 1, 9, 16, 3, 14)
class GenericHybridParameters(univ.Sequence):
pass
GenericHybridParameters.componentType = namedtype.NamedTypes(
namedtype.NamedType('kem', KeyEncapsulationMechanism()),
namedtype.NamedType('dem', DataEncapsulationMechanism())
)
rsa_kem = AlgorithmIdentifier()
rsa_kem['algorithm'] = id_rsa_kem
rsa_kem['parameters'] = GenericHybridParameters()
# KEM-RSA Key Encapsulation Mechanism
id_kem_rsa = _OID(is18033_2, 2, 4)
class KeyLength(univ.Integer):
pass
KeyLength.subtypeSpec = constraint.ValueRangeConstraint(1, MAX)
class RsaKemParameters(univ.Sequence):
pass
RsaKemParameters.componentType = namedtype.NamedTypes(
namedtype.NamedType('keyDerivationFunction', KeyDerivationFunction()),
namedtype.NamedType('keyLength', KeyLength())
)
kem_rsa = AlgorithmIdentifier()
kem_rsa['algorithm'] = id_kem_rsa
kem_rsa['parameters'] = RsaKemParameters()
# Key Derivation Functions
id_kdf_kdf2 = _OID(x9_44_components, 1)
id_kdf_kdf3 = _OID(x9_44_components, 2)
kdf2 = AlgorithmIdentifier()
kdf2['algorithm'] = id_kdf_kdf2
kdf2['parameters'] = KDF2_HashFunction()
kdf3 = AlgorithmIdentifier()
kdf3['algorithm'] = id_kdf_kdf3
kdf3['parameters'] = KDF3_HashFunction()
# Hash Functions
id_sha1 = _OID(1, 3, 14, 3, 2, 26)
id_sha224 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 4)
id_sha256 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 1)
id_sha384 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 2)
id_sha512 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 3)
sha1 = AlgorithmIdentifier()
sha1['algorithm'] = id_sha1
sha1['parameters'] = univ.Null("")
sha224 = AlgorithmIdentifier()
sha224['algorithm'] = id_sha224
sha224['parameters'] = univ.Null("")
sha256 = AlgorithmIdentifier()
sha256['algorithm'] = id_sha256
sha256['parameters'] = univ.Null("")
sha384 = AlgorithmIdentifier()
sha384['algorithm'] = id_sha384
sha384['parameters'] = univ.Null("")
sha512 = AlgorithmIdentifier()
sha512['algorithm'] = id_sha512
sha512['parameters'] = univ.Null("")
# Symmetric Key-Wrapping Schemes
id_aes128_Wrap = _OID(nistAlgorithm, 1, 5)
id_aes192_Wrap = _OID(nistAlgorithm, 1, 25)
id_aes256_Wrap = _OID(nistAlgorithm, 1, 45)
id_alg_CMS3DESwrap = _OID(1, 2, 840, 113549, 1, 9, 16, 3, 6)
id_camellia128_Wrap = _OID(1, 2, 392, 200011, 61, 1, 1, 3, 2)
id_camellia192_Wrap = _OID(1, 2, 392, 200011, 61, 1, 1, 3, 3)
id_camellia256_Wrap = _OID(1, 2, 392, 200011, 61, 1, 1, 3, 4)
aes128_Wrap = AlgorithmIdentifier()
aes128_Wrap['algorithm'] = id_aes128_Wrap
# aes128_Wrap['parameters'] are absent
aes192_Wrap = AlgorithmIdentifier()
aes192_Wrap['algorithm'] = id_aes128_Wrap
# aes192_Wrap['parameters'] are absent
aes256_Wrap = AlgorithmIdentifier()
aes256_Wrap['algorithm'] = id_sha256
# aes256_Wrap['parameters'] are absent
tdes_Wrap = AlgorithmIdentifier()
tdes_Wrap['algorithm'] = id_alg_CMS3DESwrap
tdes_Wrap['parameters'] = univ.Null("")
camellia128_Wrap = AlgorithmIdentifier()
camellia128_Wrap['algorithm'] = id_camellia128_Wrap
# camellia128_Wrap['parameters'] are absent
camellia192_Wrap = AlgorithmIdentifier()
camellia192_Wrap['algorithm'] = id_camellia192_Wrap
# camellia192_Wrap['parameters'] are absent
camellia256_Wrap = AlgorithmIdentifier()
camellia256_Wrap['algorithm'] = id_camellia256_Wrap
# camellia256_Wrap['parameters'] are absent
# Update the Algorithm Identifier map in rfc5280.py.
# Note that the ones that must not have parameters are not added to the map.
_algorithmIdentifierMapUpdate = {
id_rsa_kem: GenericHybridParameters(),
id_kem_rsa: RsaKemParameters(),
id_kdf_kdf2: KDF2_HashFunction(),
id_kdf_kdf3: KDF3_HashFunction(),
id_sha1: univ.Null(),
id_sha224: univ.Null(),
id_sha256: univ.Null(),
id_sha384: univ.Null(),
id_sha512: univ.Null(),
id_alg_CMS3DESwrap: univ.Null(),
}
rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)