You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

rfc4055.py 10KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258
  1. #
  2. # This file is part of pyasn1-modules software.
  3. #
  4. # Created by Russ Housley with a very small amount of assistance from
  5. # asn1ate v.0.6.0.
  6. # Modified by Russ Housley to add maps for opentypes.
  7. #
  8. # Copyright (c) 2019, Vigil Security, LLC
  9. # License: http://snmplabs.com/pyasn1/license.html
  10. #
  11. # Additional Algorithms and Identifiers for RSA Cryptography
  12. # for use in Certificates and CRLs
  13. #
  14. # ASN.1 source from:
  15. # https://www.rfc-editor.org/rfc/rfc4055.txt
  16. #
  17. from pyasn1.type import namedtype
  18. from pyasn1.type import tag
  19. from pyasn1.type import univ
  20. from pyasn1_modules import rfc5280
  21. def _OID(*components):
  22. output = []
  23. for x in tuple(components):
  24. if isinstance(x, univ.ObjectIdentifier):
  25. output.extend(list(x))
  26. else:
  27. output.append(int(x))
  28. return univ.ObjectIdentifier(output)
  29. id_sha1 = _OID(1, 3, 14, 3, 2, 26)
  30. id_sha256 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 1)
  31. id_sha384 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 2)
  32. id_sha512 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 3)
  33. id_sha224 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 4)
  34. rsaEncryption = _OID(1, 2, 840, 113549, 1, 1, 1)
  35. id_mgf1 = _OID(1, 2, 840, 113549, 1, 1, 8)
  36. id_RSAES_OAEP = _OID(1, 2, 840, 113549, 1, 1, 7)
  37. id_pSpecified = _OID(1, 2, 840, 113549, 1, 1, 9)
  38. id_RSASSA_PSS = _OID(1, 2, 840, 113549, 1, 1, 10)
  39. sha256WithRSAEncryption = _OID(1, 2, 840, 113549, 1, 1, 11)
  40. sha384WithRSAEncryption = _OID(1, 2, 840, 113549, 1, 1, 12)
  41. sha512WithRSAEncryption = _OID(1, 2, 840, 113549, 1, 1, 13)
  42. sha224WithRSAEncryption = _OID(1, 2, 840, 113549, 1, 1, 14)
  43. sha1Identifier = rfc5280.AlgorithmIdentifier()
  44. sha1Identifier['algorithm'] = id_sha1
  45. sha1Identifier['parameters'] = univ.Null("")
  46. sha224Identifier = rfc5280.AlgorithmIdentifier()
  47. sha224Identifier['algorithm'] = id_sha224
  48. sha224Identifier['parameters'] = univ.Null("")
  49. sha256Identifier = rfc5280.AlgorithmIdentifier()
  50. sha256Identifier['algorithm'] = id_sha256
  51. sha256Identifier['parameters'] = univ.Null("")
  52. sha384Identifier = rfc5280.AlgorithmIdentifier()
  53. sha384Identifier['algorithm'] = id_sha384
  54. sha384Identifier['parameters'] = univ.Null("")
  55. sha512Identifier = rfc5280.AlgorithmIdentifier()
  56. sha512Identifier['algorithm'] = id_sha512
  57. sha512Identifier['parameters'] = univ.Null("")
  58. mgf1SHA1Identifier = rfc5280.AlgorithmIdentifier()
  59. mgf1SHA1Identifier['algorithm'] = id_mgf1
  60. mgf1SHA1Identifier['parameters'] = sha1Identifier
  61. mgf1SHA224Identifier = rfc5280.AlgorithmIdentifier()
  62. mgf1SHA224Identifier['algorithm'] = id_mgf1
  63. mgf1SHA224Identifier['parameters'] = sha224Identifier
  64. mgf1SHA256Identifier = rfc5280.AlgorithmIdentifier()
  65. mgf1SHA256Identifier['algorithm'] = id_mgf1
  66. mgf1SHA256Identifier['parameters'] = sha256Identifier
  67. mgf1SHA384Identifier = rfc5280.AlgorithmIdentifier()
  68. mgf1SHA384Identifier['algorithm'] = id_mgf1
  69. mgf1SHA384Identifier['parameters'] = sha384Identifier
  70. mgf1SHA512Identifier = rfc5280.AlgorithmIdentifier()
  71. mgf1SHA512Identifier['algorithm'] = id_mgf1
  72. mgf1SHA512Identifier['parameters'] = sha512Identifier
  73. pSpecifiedEmptyIdentifier = rfc5280.AlgorithmIdentifier()
  74. pSpecifiedEmptyIdentifier['algorithm'] = id_pSpecified
  75. pSpecifiedEmptyIdentifier['parameters'] = univ.OctetString(value='')
  76. class RSAPublicKey(univ.Sequence):
  77. pass
  78. RSAPublicKey.componentType = namedtype.NamedTypes(
  79. namedtype.NamedType('modulus', univ.Integer()),
  80. namedtype.NamedType('publicExponent', univ.Integer())
  81. )
  82. class HashAlgorithm(rfc5280.AlgorithmIdentifier):
  83. pass
  84. class MaskGenAlgorithm(rfc5280.AlgorithmIdentifier):
  85. pass
  86. class RSAES_OAEP_params(univ.Sequence):
  87. pass
  88. RSAES_OAEP_params.componentType = namedtype.NamedTypes(
  89. namedtype.OptionalNamedType('hashFunc', rfc5280.AlgorithmIdentifier().subtype(
  90. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
  91. namedtype.OptionalNamedType('maskGenFunc', rfc5280.AlgorithmIdentifier().subtype(
  92. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
  93. namedtype.OptionalNamedType('pSourceFunc', rfc5280.AlgorithmIdentifier().subtype(
  94. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
  95. )
  96. rSAES_OAEP_Default_Params = RSAES_OAEP_params()
  97. rSAES_OAEP_Default_Identifier = rfc5280.AlgorithmIdentifier()
  98. rSAES_OAEP_Default_Identifier['algorithm'] = id_RSAES_OAEP
  99. rSAES_OAEP_Default_Identifier['parameters'] = rSAES_OAEP_Default_Params
  100. rSAES_OAEP_SHA224_Params = RSAES_OAEP_params()
  101. rSAES_OAEP_SHA224_Params['hashFunc'] = sha224Identifier.subtype(
  102. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True)
  103. rSAES_OAEP_SHA224_Params['maskGenFunc'] = mgf1SHA224Identifier.subtype(
  104. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True)
  105. rSAES_OAEP_SHA224_Identifier = rfc5280.AlgorithmIdentifier()
  106. rSAES_OAEP_SHA224_Identifier['algorithm'] = id_RSAES_OAEP
  107. rSAES_OAEP_SHA224_Identifier['parameters'] = rSAES_OAEP_SHA224_Params
  108. rSAES_OAEP_SHA256_Params = RSAES_OAEP_params()
  109. rSAES_OAEP_SHA256_Params['hashFunc'] = sha256Identifier.subtype(
  110. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True)
  111. rSAES_OAEP_SHA256_Params['maskGenFunc'] = mgf1SHA256Identifier.subtype(
  112. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True)
  113. rSAES_OAEP_SHA256_Identifier = rfc5280.AlgorithmIdentifier()
  114. rSAES_OAEP_SHA256_Identifier['algorithm'] = id_RSAES_OAEP
  115. rSAES_OAEP_SHA256_Identifier['parameters'] = rSAES_OAEP_SHA256_Params
  116. rSAES_OAEP_SHA384_Params = RSAES_OAEP_params()
  117. rSAES_OAEP_SHA384_Params['hashFunc'] = sha384Identifier.subtype(
  118. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True)
  119. rSAES_OAEP_SHA384_Params['maskGenFunc'] = mgf1SHA384Identifier.subtype(
  120. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True)
  121. rSAES_OAEP_SHA384_Identifier = rfc5280.AlgorithmIdentifier()
  122. rSAES_OAEP_SHA384_Identifier['algorithm'] = id_RSAES_OAEP
  123. rSAES_OAEP_SHA384_Identifier['parameters'] = rSAES_OAEP_SHA384_Params
  124. rSAES_OAEP_SHA512_Params = RSAES_OAEP_params()
  125. rSAES_OAEP_SHA512_Params['hashFunc'] = sha512Identifier.subtype(
  126. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True)
  127. rSAES_OAEP_SHA512_Params['maskGenFunc'] = mgf1SHA512Identifier.subtype(
  128. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True)
  129. rSAES_OAEP_SHA512_Identifier = rfc5280.AlgorithmIdentifier()
  130. rSAES_OAEP_SHA512_Identifier['algorithm'] = id_RSAES_OAEP
  131. rSAES_OAEP_SHA512_Identifier['parameters'] = rSAES_OAEP_SHA512_Params
  132. class RSASSA_PSS_params(univ.Sequence):
  133. pass
  134. RSASSA_PSS_params.componentType = namedtype.NamedTypes(
  135. namedtype.OptionalNamedType('hashAlgorithm', rfc5280.AlgorithmIdentifier().subtype(
  136. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
  137. namedtype.OptionalNamedType('maskGenAlgorithm', rfc5280.AlgorithmIdentifier().subtype(
  138. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
  139. namedtype.DefaultedNamedType('saltLength', univ.Integer(value=20).subtype(
  140. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
  141. namedtype.DefaultedNamedType('trailerField', univ.Integer(value=1).subtype(
  142. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
  143. )
  144. rSASSA_PSS_Default_Params = RSASSA_PSS_params()
  145. rSASSA_PSS_Default_Identifier = rfc5280.AlgorithmIdentifier()
  146. rSASSA_PSS_Default_Identifier['algorithm'] = id_RSASSA_PSS
  147. rSASSA_PSS_Default_Identifier['parameters'] = rSASSA_PSS_Default_Params
  148. rSASSA_PSS_SHA224_Params = RSASSA_PSS_params()
  149. rSASSA_PSS_SHA224_Params['hashAlgorithm'] = sha224Identifier.subtype(
  150. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True)
  151. rSASSA_PSS_SHA224_Params['maskGenAlgorithm'] = mgf1SHA224Identifier.subtype(
  152. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True)
  153. rSASSA_PSS_SHA224_Identifier = rfc5280.AlgorithmIdentifier()
  154. rSASSA_PSS_SHA224_Identifier['algorithm'] = id_RSASSA_PSS
  155. rSASSA_PSS_SHA224_Identifier['parameters'] = rSASSA_PSS_SHA224_Params
  156. rSASSA_PSS_SHA256_Params = RSASSA_PSS_params()
  157. rSASSA_PSS_SHA256_Params['hashAlgorithm'] = sha256Identifier.subtype(
  158. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True)
  159. rSASSA_PSS_SHA256_Params['maskGenAlgorithm'] = mgf1SHA256Identifier.subtype(
  160. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True)
  161. rSASSA_PSS_SHA256_Identifier = rfc5280.AlgorithmIdentifier()
  162. rSASSA_PSS_SHA256_Identifier['algorithm'] = id_RSASSA_PSS
  163. rSASSA_PSS_SHA256_Identifier['parameters'] = rSASSA_PSS_SHA256_Params
  164. rSASSA_PSS_SHA384_Params = RSASSA_PSS_params()
  165. rSASSA_PSS_SHA384_Params['hashAlgorithm'] = sha384Identifier.subtype(
  166. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True)
  167. rSASSA_PSS_SHA384_Params['maskGenAlgorithm'] = mgf1SHA384Identifier.subtype(
  168. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True)
  169. rSASSA_PSS_SHA384_Identifier = rfc5280.AlgorithmIdentifier()
  170. rSASSA_PSS_SHA384_Identifier['algorithm'] = id_RSASSA_PSS
  171. rSASSA_PSS_SHA384_Identifier['parameters'] = rSASSA_PSS_SHA384_Params
  172. rSASSA_PSS_SHA512_Params = RSASSA_PSS_params()
  173. rSASSA_PSS_SHA512_Params['hashAlgorithm'] = sha512Identifier.subtype(
  174. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True)
  175. rSASSA_PSS_SHA512_Params['maskGenAlgorithm'] = mgf1SHA512Identifier.subtype(
  176. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True)
  177. rSASSA_PSS_SHA512_Identifier = rfc5280.AlgorithmIdentifier()
  178. rSASSA_PSS_SHA512_Identifier['algorithm'] = id_RSASSA_PSS
  179. rSASSA_PSS_SHA512_Identifier['parameters'] = rSASSA_PSS_SHA512_Params
  180. # Update the Algorithm Identifier map
  181. _algorithmIdentifierMapUpdate = {
  182. id_sha1: univ.Null(),
  183. id_sha224: univ.Null(),
  184. id_sha256: univ.Null(),
  185. id_sha384: univ.Null(),
  186. id_sha512: univ.Null(),
  187. id_mgf1: rfc5280.AlgorithmIdentifier(),
  188. id_pSpecified: univ.OctetString(),
  189. id_RSAES_OAEP: RSAES_OAEP_params(),
  190. id_RSASSA_PSS: RSASSA_PSS_params(),
  191. }
  192. rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)