123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237 |
- #
- # This file is part of pyasn1-modules software.
- #
- # Created by Russ Housley with assistance from asn1ate v.0.6.0.
- #
- # Copyright (c) 2019, Vigil Security, LLC
- # License: http://snmplabs.com/pyasn1/license.html
- #
- # Use of the RSA-KEM Key Transport Algorithm in the CMS
- #
- # ASN.1 source from:
- # https://www.rfc-editor.org/rfc/rfc5990.txt
- #
-
- from pyasn1.type import constraint
- from pyasn1.type import namedtype
- from pyasn1.type import univ
-
- from pyasn1_modules import rfc5280
-
- MAX = float('inf')
-
- def _OID(*components):
- output = []
- for x in tuple(components):
- if isinstance(x, univ.ObjectIdentifier):
- output.extend(list(x))
- else:
- output.append(int(x))
- return univ.ObjectIdentifier(output)
-
-
- # Imports from RFC 5280
-
- AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
-
-
- # Useful types and definitions
-
- class NullParms(univ.Null):
- pass
-
-
- # Object identifier arcs
-
- is18033_2 = _OID(1, 0, 18033, 2)
-
- nistAlgorithm = _OID(2, 16, 840, 1, 101, 3, 4)
-
- pkcs_1 = _OID(1, 2, 840, 113549, 1, 1)
-
- x9_44 = _OID(1, 3, 133, 16, 840, 9, 44)
-
- x9_44_components = _OID(x9_44, 1)
-
-
- # Types for algorithm identifiers
-
- class Camellia_KeyWrappingScheme(AlgorithmIdentifier):
- pass
-
- class DataEncapsulationMechanism(AlgorithmIdentifier):
- pass
-
- class KDF2_HashFunction(AlgorithmIdentifier):
- pass
-
- class KDF3_HashFunction(AlgorithmIdentifier):
- pass
-
- class KeyDerivationFunction(AlgorithmIdentifier):
- pass
-
- class KeyEncapsulationMechanism(AlgorithmIdentifier):
- pass
-
- class X9_SymmetricKeyWrappingScheme(AlgorithmIdentifier):
- pass
-
-
- # RSA-KEM Key Transport Algorithm
-
- id_rsa_kem = _OID(1, 2, 840, 113549, 1, 9, 16, 3, 14)
-
-
- class GenericHybridParameters(univ.Sequence):
- pass
-
- GenericHybridParameters.componentType = namedtype.NamedTypes(
- namedtype.NamedType('kem', KeyEncapsulationMechanism()),
- namedtype.NamedType('dem', DataEncapsulationMechanism())
- )
-
-
- rsa_kem = AlgorithmIdentifier()
- rsa_kem['algorithm'] = id_rsa_kem
- rsa_kem['parameters'] = GenericHybridParameters()
-
-
- # KEM-RSA Key Encapsulation Mechanism
-
- id_kem_rsa = _OID(is18033_2, 2, 4)
-
-
- class KeyLength(univ.Integer):
- pass
-
- KeyLength.subtypeSpec = constraint.ValueRangeConstraint(1, MAX)
-
-
- class RsaKemParameters(univ.Sequence):
- pass
-
- RsaKemParameters.componentType = namedtype.NamedTypes(
- namedtype.NamedType('keyDerivationFunction', KeyDerivationFunction()),
- namedtype.NamedType('keyLength', KeyLength())
- )
-
-
- kem_rsa = AlgorithmIdentifier()
- kem_rsa['algorithm'] = id_kem_rsa
- kem_rsa['parameters'] = RsaKemParameters()
-
-
- # Key Derivation Functions
-
- id_kdf_kdf2 = _OID(x9_44_components, 1)
-
- id_kdf_kdf3 = _OID(x9_44_components, 2)
-
-
- kdf2 = AlgorithmIdentifier()
- kdf2['algorithm'] = id_kdf_kdf2
- kdf2['parameters'] = KDF2_HashFunction()
-
- kdf3 = AlgorithmIdentifier()
- kdf3['algorithm'] = id_kdf_kdf3
- kdf3['parameters'] = KDF3_HashFunction()
-
-
- # Hash Functions
-
- id_sha1 = _OID(1, 3, 14, 3, 2, 26)
-
- id_sha224 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 4)
-
- id_sha256 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 1)
-
- id_sha384 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 2)
-
- id_sha512 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 3)
-
-
- sha1 = AlgorithmIdentifier()
- sha1['algorithm'] = id_sha1
- sha1['parameters'] = univ.Null("")
-
- sha224 = AlgorithmIdentifier()
- sha224['algorithm'] = id_sha224
- sha224['parameters'] = univ.Null("")
-
- sha256 = AlgorithmIdentifier()
- sha256['algorithm'] = id_sha256
- sha256['parameters'] = univ.Null("")
-
- sha384 = AlgorithmIdentifier()
- sha384['algorithm'] = id_sha384
- sha384['parameters'] = univ.Null("")
-
- sha512 = AlgorithmIdentifier()
- sha512['algorithm'] = id_sha512
- sha512['parameters'] = univ.Null("")
-
-
- # Symmetric Key-Wrapping Schemes
-
- id_aes128_Wrap = _OID(nistAlgorithm, 1, 5)
-
- id_aes192_Wrap = _OID(nistAlgorithm, 1, 25)
-
- id_aes256_Wrap = _OID(nistAlgorithm, 1, 45)
-
- id_alg_CMS3DESwrap = _OID(1, 2, 840, 113549, 1, 9, 16, 3, 6)
-
- id_camellia128_Wrap = _OID(1, 2, 392, 200011, 61, 1, 1, 3, 2)
-
- id_camellia192_Wrap = _OID(1, 2, 392, 200011, 61, 1, 1, 3, 3)
-
- id_camellia256_Wrap = _OID(1, 2, 392, 200011, 61, 1, 1, 3, 4)
-
-
- aes128_Wrap = AlgorithmIdentifier()
- aes128_Wrap['algorithm'] = id_aes128_Wrap
- # aes128_Wrap['parameters'] are absent
-
- aes192_Wrap = AlgorithmIdentifier()
- aes192_Wrap['algorithm'] = id_aes128_Wrap
- # aes192_Wrap['parameters'] are absent
-
- aes256_Wrap = AlgorithmIdentifier()
- aes256_Wrap['algorithm'] = id_sha256
- # aes256_Wrap['parameters'] are absent
-
- tdes_Wrap = AlgorithmIdentifier()
- tdes_Wrap['algorithm'] = id_alg_CMS3DESwrap
- tdes_Wrap['parameters'] = univ.Null("")
-
- camellia128_Wrap = AlgorithmIdentifier()
- camellia128_Wrap['algorithm'] = id_camellia128_Wrap
- # camellia128_Wrap['parameters'] are absent
-
- camellia192_Wrap = AlgorithmIdentifier()
- camellia192_Wrap['algorithm'] = id_camellia192_Wrap
- # camellia192_Wrap['parameters'] are absent
-
- camellia256_Wrap = AlgorithmIdentifier()
- camellia256_Wrap['algorithm'] = id_camellia256_Wrap
- # camellia256_Wrap['parameters'] are absent
-
-
- # Update the Algorithm Identifier map in rfc5280.py.
- # Note that the ones that must not have parameters are not added to the map.
-
- _algorithmIdentifierMapUpdate = {
- id_rsa_kem: GenericHybridParameters(),
- id_kem_rsa: RsaKemParameters(),
- id_kdf_kdf2: KDF2_HashFunction(),
- id_kdf_kdf3: KDF3_HashFunction(),
- id_sha1: univ.Null(),
- id_sha224: univ.Null(),
- id_sha256: univ.Null(),
- id_sha384: univ.Null(),
- id_sha512: univ.Null(),
- id_alg_CMS3DESwrap: univ.Null(),
- }
-
- rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)
|