You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

rfc6031.py 12KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469
  1. #
  2. # This file is part of pyasn1-modules software.
  3. #
  4. # Created by Russ Housley with assistance from asn1ate v.0.6.0.
  5. #
  6. # Copyright (c) 2019, Vigil Security, LLC
  7. # License: http://snmplabs.com/pyasn1/license.html
  8. #
  9. # CMS Symmetric Key Package Content Type
  10. #
  11. # ASN.1 source from:
  12. # https://www.rfc-editor.org/rfc/rfc6031.txt
  13. #
  14. from pyasn1.type import char
  15. from pyasn1.type import constraint
  16. from pyasn1.type import namedtype
  17. from pyasn1.type import namedval
  18. from pyasn1.type import opentype
  19. from pyasn1.type import tag
  20. from pyasn1.type import univ
  21. from pyasn1.type import useful
  22. from pyasn1_modules import rfc5652
  23. from pyasn1_modules import rfc6019
  24. def _OID(*components):
  25. output = []
  26. for x in tuple(components):
  27. if isinstance(x, univ.ObjectIdentifier):
  28. output.extend(list(x))
  29. else:
  30. output.append(int(x))
  31. return univ.ObjectIdentifier(output)
  32. MAX = float('inf')
  33. id_pskc = univ.ObjectIdentifier('1.2.840.113549.1.9.16.12')
  34. # Symmetric Key Package Attributes
  35. id_pskc_manufacturer = _OID(id_pskc, 1)
  36. class at_pskc_manufacturer(char.UTF8String):
  37. pass
  38. id_pskc_serialNo = _OID(id_pskc, 2)
  39. class at_pskc_serialNo(char.UTF8String):
  40. pass
  41. id_pskc_model = _OID(id_pskc, 3)
  42. class at_pskc_model(char.UTF8String):
  43. pass
  44. id_pskc_issueNo = _OID(id_pskc, 4)
  45. class at_pskc_issueNo(char.UTF8String):
  46. pass
  47. id_pskc_deviceBinding = _OID(id_pskc, 5)
  48. class at_pskc_deviceBinding(char.UTF8String):
  49. pass
  50. id_pskc_deviceStartDate = _OID(id_pskc, 6)
  51. class at_pskc_deviceStartDate(useful.GeneralizedTime):
  52. pass
  53. id_pskc_deviceExpiryDate = _OID(id_pskc, 7)
  54. class at_pskc_deviceExpiryDate(useful.GeneralizedTime):
  55. pass
  56. id_pskc_moduleId = _OID(id_pskc, 8)
  57. class at_pskc_moduleId(char.UTF8String):
  58. pass
  59. id_pskc_deviceUserId = _OID(id_pskc, 26)
  60. class at_pskc_deviceUserId(char.UTF8String):
  61. pass
  62. # Symmetric Key Attributes
  63. id_pskc_keyId = _OID(id_pskc, 9)
  64. class at_pskc_keyUserId(char.UTF8String):
  65. pass
  66. id_pskc_algorithm = _OID(id_pskc, 10)
  67. class at_pskc_algorithm(char.UTF8String):
  68. pass
  69. id_pskc_issuer = _OID(id_pskc, 11)
  70. class at_pskc_issuer(char.UTF8String):
  71. pass
  72. id_pskc_keyProfileId = _OID(id_pskc, 12)
  73. class at_pskc_keyProfileId(char.UTF8String):
  74. pass
  75. id_pskc_keyReference = _OID(id_pskc, 13)
  76. class at_pskc_keyReference(char.UTF8String):
  77. pass
  78. id_pskc_friendlyName = _OID(id_pskc, 14)
  79. class FriendlyName(univ.Sequence):
  80. pass
  81. FriendlyName.componentType = namedtype.NamedTypes(
  82. namedtype.NamedType('friendlyName', char.UTF8String()),
  83. namedtype.OptionalNamedType('friendlyNameLangTag', char.UTF8String())
  84. )
  85. class at_pskc_friendlyName(FriendlyName):
  86. pass
  87. id_pskc_algorithmParameters = _OID(id_pskc, 15)
  88. class Encoding(char.UTF8String):
  89. pass
  90. Encoding.namedValues = namedval.NamedValues(
  91. ('dec', "DECIMAL"),
  92. ('hex', "HEXADECIMAL"),
  93. ('alpha', "ALPHANUMERIC"),
  94. ('b64', "BASE64"),
  95. ('bin', "BINARY")
  96. )
  97. Encoding.subtypeSpec = constraint.SingleValueConstraint(
  98. "DECIMAL", "HEXADECIMAL", "ALPHANUMERIC", "BASE64", "BINARY" )
  99. class ChallengeFormat(univ.Sequence):
  100. pass
  101. ChallengeFormat.componentType = namedtype.NamedTypes(
  102. namedtype.NamedType('encoding', Encoding()),
  103. namedtype.DefaultedNamedType('checkDigit',
  104. univ.Boolean().subtype(value=0)),
  105. namedtype.NamedType('min', univ.Integer().subtype(
  106. subtypeSpec=constraint.ValueRangeConstraint(0, MAX))),
  107. namedtype.NamedType('max', univ.Integer().subtype(
  108. subtypeSpec=constraint.ValueRangeConstraint(0, MAX)))
  109. )
  110. class ResponseFormat(univ.Sequence):
  111. pass
  112. ResponseFormat.componentType = namedtype.NamedTypes(
  113. namedtype.NamedType('encoding', Encoding()),
  114. namedtype.NamedType('length', univ.Integer().subtype(
  115. subtypeSpec=constraint.ValueRangeConstraint(0, MAX))),
  116. namedtype.DefaultedNamedType('checkDigit',
  117. univ.Boolean().subtype(value=0))
  118. )
  119. class PSKCAlgorithmParameters(univ.Choice):
  120. pass
  121. PSKCAlgorithmParameters.componentType = namedtype.NamedTypes(
  122. namedtype.NamedType('suite', char.UTF8String()),
  123. namedtype.NamedType('challengeFormat', ChallengeFormat().subtype(
  124. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
  125. namedtype.NamedType('responseFormat', ResponseFormat().subtype(
  126. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
  127. )
  128. class at_pskc_algorithmParameters(PSKCAlgorithmParameters):
  129. pass
  130. id_pskc_counter = _OID(id_pskc, 16)
  131. class at_pskc_counter(univ.Integer):
  132. pass
  133. at_pskc_counter.subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
  134. id_pskc_time = _OID(id_pskc, 17)
  135. class at_pskc_time(rfc6019.BinaryTime):
  136. pass
  137. id_pskc_timeInterval = _OID(id_pskc, 18)
  138. class at_pskc_timeInterval(univ.Integer):
  139. pass
  140. at_pskc_timeInterval.subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
  141. id_pskc_timeDrift = _OID(id_pskc, 19)
  142. class at_pskc_timeDrift(univ.Integer):
  143. pass
  144. at_pskc_timeDrift.subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
  145. id_pskc_valueMAC = _OID(id_pskc, 20)
  146. class ValueMac(univ.Sequence):
  147. pass
  148. ValueMac.componentType = namedtype.NamedTypes(
  149. namedtype.NamedType('macAlgorithm', char.UTF8String()),
  150. namedtype.NamedType('mac', char.UTF8String())
  151. )
  152. class at_pskc_valueMAC(ValueMac):
  153. pass
  154. id_pskc_keyUserId = _OID(id_pskc, 27)
  155. class at_pskc_keyId(char.UTF8String):
  156. pass
  157. id_pskc_keyStartDate = _OID(id_pskc, 21)
  158. class at_pskc_keyStartDate(useful.GeneralizedTime):
  159. pass
  160. id_pskc_keyExpiryDate = _OID(id_pskc, 22)
  161. class at_pskc_keyExpiryDate(useful.GeneralizedTime):
  162. pass
  163. id_pskc_numberOfTransactions = _OID(id_pskc, 23)
  164. class at_pskc_numberOfTransactions(univ.Integer):
  165. pass
  166. at_pskc_numberOfTransactions.subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
  167. id_pskc_keyUsages = _OID(id_pskc, 24)
  168. class PSKCKeyUsage(char.UTF8String):
  169. pass
  170. PSKCKeyUsage.namedValues = namedval.NamedValues(
  171. ('otp', "OTP"),
  172. ('cr', "CR"),
  173. ('encrypt', "Encrypt"),
  174. ('integrity', "Integrity"),
  175. ('verify', "Verify"),
  176. ('unlock', "Unlock"),
  177. ('decrypt', "Decrypt"),
  178. ('keywrap', "KeyWrap"),
  179. ('unwrap', "Unwrap"),
  180. ('derive', "Derive"),
  181. ('generate', "Generate")
  182. )
  183. PSKCKeyUsage.subtypeSpec = constraint.SingleValueConstraint(
  184. "OTP", "CR", "Encrypt", "Integrity", "Verify", "Unlock",
  185. "Decrypt", "KeyWrap", "Unwrap", "Derive", "Generate" )
  186. class PSKCKeyUsages(univ.SequenceOf):
  187. pass
  188. PSKCKeyUsages.componentType = PSKCKeyUsage()
  189. class at_pskc_keyUsage(PSKCKeyUsages):
  190. pass
  191. id_pskc_pinPolicy = _OID(id_pskc, 25)
  192. class PINUsageMode(char.UTF8String):
  193. pass
  194. PINUsageMode.namedValues = namedval.NamedValues(
  195. ("local", "Local"),
  196. ("prepend", "Prepend"),
  197. ("append", "Append"),
  198. ("algorithmic", "Algorithmic")
  199. )
  200. PINUsageMode.subtypeSpec = constraint.SingleValueConstraint(
  201. "Local", "Prepend", "Append", "Algorithmic" )
  202. class PINPolicy(univ.Sequence):
  203. pass
  204. PINPolicy.componentType = namedtype.NamedTypes(
  205. namedtype.OptionalNamedType('pinKeyId', char.UTF8String().subtype(
  206. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
  207. namedtype.NamedType('pinUsageMode', PINUsageMode().subtype(
  208. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
  209. namedtype.OptionalNamedType('maxFailedAttempts', univ.Integer().subtype(
  210. subtypeSpec=constraint.ValueRangeConstraint(0, MAX)).subtype(
  211. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
  212. namedtype.OptionalNamedType('minLength', univ.Integer().subtype(
  213. subtypeSpec=constraint.ValueRangeConstraint(0, MAX)).subtype(
  214. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
  215. namedtype.OptionalNamedType('maxLength', univ.Integer().subtype(
  216. subtypeSpec=constraint.ValueRangeConstraint(0, MAX)).subtype(
  217. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
  218. namedtype.OptionalNamedType('pinEncoding', Encoding().subtype(
  219. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5)))
  220. )
  221. class at_pskc_pinPolicy(PINPolicy):
  222. pass
  223. # Map of Symmetric Key Package Attribute OIDs to Attributes
  224. sKeyPkgAttributesMap = {
  225. id_pskc_manufacturer: at_pskc_manufacturer(),
  226. id_pskc_serialNo: at_pskc_serialNo(),
  227. id_pskc_model: at_pskc_model(),
  228. id_pskc_issueNo: at_pskc_issueNo(),
  229. id_pskc_deviceBinding: at_pskc_deviceBinding(),
  230. id_pskc_deviceStartDate: at_pskc_deviceStartDate(),
  231. id_pskc_deviceExpiryDate: at_pskc_deviceExpiryDate(),
  232. id_pskc_moduleId: at_pskc_moduleId(),
  233. id_pskc_deviceUserId: at_pskc_deviceUserId(),
  234. }
  235. # Map of Symmetric Key Attribute OIDs to Attributes
  236. sKeyAttributesMap = {
  237. id_pskc_keyId: at_pskc_keyId(),
  238. id_pskc_algorithm: at_pskc_algorithm(),
  239. id_pskc_issuer: at_pskc_issuer(),
  240. id_pskc_keyProfileId: at_pskc_keyProfileId(),
  241. id_pskc_keyReference: at_pskc_keyReference(),
  242. id_pskc_friendlyName: at_pskc_friendlyName(),
  243. id_pskc_algorithmParameters: at_pskc_algorithmParameters(),
  244. id_pskc_counter: at_pskc_counter(),
  245. id_pskc_time: at_pskc_time(),
  246. id_pskc_timeInterval: at_pskc_timeInterval(),
  247. id_pskc_timeDrift: at_pskc_timeDrift(),
  248. id_pskc_valueMAC: at_pskc_valueMAC(),
  249. id_pskc_keyUserId: at_pskc_keyUserId(),
  250. id_pskc_keyStartDate: at_pskc_keyStartDate(),
  251. id_pskc_keyExpiryDate: at_pskc_keyExpiryDate(),
  252. id_pskc_numberOfTransactions: at_pskc_numberOfTransactions(),
  253. id_pskc_keyUsages: at_pskc_keyUsage(),
  254. id_pskc_pinPolicy: at_pskc_pinPolicy(),
  255. }
  256. # This definition replaces Attribute() from rfc5652.py; it is the same except
  257. # that opentype is added with sKeyPkgAttributesMap and sKeyAttributesMap
  258. class AttributeType(univ.ObjectIdentifier):
  259. pass
  260. class AttributeValue(univ.Any):
  261. pass
  262. class SKeyAttribute(univ.Sequence):
  263. pass
  264. SKeyAttribute.componentType = namedtype.NamedTypes(
  265. namedtype.NamedType('attrType', AttributeType()),
  266. namedtype.NamedType('attrValues',
  267. univ.SetOf(componentType=AttributeValue()),
  268. openType=opentype.OpenType('attrType', sKeyAttributesMap)
  269. )
  270. )
  271. class SKeyPkgAttribute(univ.Sequence):
  272. pass
  273. SKeyPkgAttribute.componentType = namedtype.NamedTypes(
  274. namedtype.NamedType('attrType', AttributeType()),
  275. namedtype.NamedType('attrValues',
  276. univ.SetOf(componentType=AttributeValue()),
  277. openType=opentype.OpenType('attrType', sKeyPkgAttributesMap)
  278. )
  279. )
  280. # Symmetric Key Package Content Type
  281. id_ct_KP_sKeyPackage = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.25')
  282. class KeyPkgVersion(univ.Integer):
  283. pass
  284. KeyPkgVersion.namedValues = namedval.NamedValues(
  285. ('v1', 1)
  286. )
  287. class OneSymmetricKey(univ.Sequence):
  288. pass
  289. OneSymmetricKey.componentType = namedtype.NamedTypes(
  290. namedtype.OptionalNamedType('sKeyAttrs',
  291. univ.SequenceOf(componentType=SKeyAttribute()).subtype(
  292. subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
  293. namedtype.OptionalNamedType('sKey', univ.OctetString())
  294. )
  295. OneSymmetricKey.sizeSpec = univ.Sequence.sizeSpec + constraint.ValueSizeConstraint(1, 2)
  296. class SymmetricKeys(univ.SequenceOf):
  297. pass
  298. SymmetricKeys.componentType = OneSymmetricKey()
  299. SymmetricKeys.subtypeSpec=constraint.ValueSizeConstraint(1, MAX)
  300. class SymmetricKeyPackage(univ.Sequence):
  301. pass
  302. SymmetricKeyPackage.componentType = namedtype.NamedTypes(
  303. namedtype.DefaultedNamedType('version', KeyPkgVersion().subtype(value='v1')),
  304. namedtype.OptionalNamedType('sKeyPkgAttrs',
  305. univ.SequenceOf(componentType=SKeyPkgAttribute()).subtype(
  306. subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
  307. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
  308. namedtype.NamedType('sKeys', SymmetricKeys())
  309. )
  310. # Map of Content Type OIDs to Content Types are
  311. # added to the ones that are in rfc5652.py
  312. _cmsContentTypesMapUpdate = {
  313. id_ct_KP_sKeyPackage: SymmetricKeyPackage(),
  314. }
  315. rfc5652.cmsContentTypesMap.update(_cmsContentTypesMapUpdate)