Funktionierender Prototyp des Serious Games zur Vermittlung von Wissen zu Software-Engineering-Arbeitsmodellen.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

rfc8018.py 6.0KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260
  1. #
  2. # This file is part of pyasn1-modules software.
  3. #
  4. # Created by Russ Housley.
  5. #
  6. # Copyright (c) 2019, Vigil Security, LLC
  7. # License: http://snmplabs.com/pyasn1/license.html
  8. #
  9. # PKCS #5: Password-Based Cryptography Specification, Version 2.1
  10. #
  11. # ASN.1 source from:
  12. # https://www.rfc-editor.org/rfc/rfc8018.txt
  13. #
  14. from pyasn1.type import constraint
  15. from pyasn1.type import namedtype
  16. from pyasn1.type import namedval
  17. from pyasn1.type import univ
  18. from pyasn1_modules import rfc3565
  19. from pyasn1_modules import rfc5280
  20. MAX = float('inf')
  21. def _OID(*components):
  22. output = []
  23. for x in tuple(components):
  24. if isinstance(x, univ.ObjectIdentifier):
  25. output.extend(list(x))
  26. else:
  27. output.append(int(x))
  28. return univ.ObjectIdentifier(output)
  29. # Import from RFC 3565
  30. AES_IV = rfc3565.AES_IV
  31. # Import from RFC 5280
  32. AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
  33. # Basic object identifiers
  34. nistAlgorithms = _OID(2, 16, 840, 1, 101, 3, 4)
  35. aes = _OID(nistAlgorithms, 1)
  36. oiw = _OID(1, 3, 14)
  37. rsadsi = _OID(1, 2, 840, 113549)
  38. pkcs = _OID(rsadsi, 1)
  39. digestAlgorithm = _OID(rsadsi, 2)
  40. encryptionAlgorithm = _OID(rsadsi, 3)
  41. pkcs_5 = _OID(pkcs, 5)
  42. # HMAC object identifiers
  43. id_hmacWithSHA1 = _OID(digestAlgorithm, 7)
  44. id_hmacWithSHA224 = _OID(digestAlgorithm, 8)
  45. id_hmacWithSHA256 = _OID(digestAlgorithm, 9)
  46. id_hmacWithSHA384 = _OID(digestAlgorithm, 10)
  47. id_hmacWithSHA512 = _OID(digestAlgorithm, 11)
  48. id_hmacWithSHA512_224 = _OID(digestAlgorithm, 12)
  49. id_hmacWithSHA512_256 = _OID(digestAlgorithm, 13)
  50. # PBES1 object identifiers
  51. pbeWithMD2AndDES_CBC = _OID(pkcs_5, 1)
  52. pbeWithMD2AndRC2_CBC = _OID(pkcs_5, 4)
  53. pbeWithMD5AndDES_CBC = _OID(pkcs_5, 3)
  54. pbeWithMD5AndRC2_CBC = _OID(pkcs_5, 6)
  55. pbeWithSHA1AndDES_CBC = _OID(pkcs_5, 10)
  56. pbeWithSHA1AndRC2_CBC = _OID(pkcs_5, 11)
  57. # Supporting techniques object identifiers
  58. desCBC = _OID(oiw, 3, 2, 7)
  59. des_EDE3_CBC = _OID(encryptionAlgorithm, 7)
  60. rc2CBC = _OID(encryptionAlgorithm, 2)
  61. rc5_CBC_PAD = _OID(encryptionAlgorithm, 9)
  62. aes128_CBC_PAD = _OID(aes, 2)
  63. aes192_CBC_PAD = _OID(aes, 22)
  64. aes256_CBC_PAD = _OID(aes, 42)
  65. # PBES1
  66. class PBEParameter(univ.Sequence):
  67. pass
  68. PBEParameter.componentType = namedtype.NamedTypes(
  69. namedtype.NamedType('salt', univ.OctetString().subtype(
  70. subtypeSpec=constraint.ValueSizeConstraint(8, 8))),
  71. namedtype.NamedType('iterationCount', univ.Integer())
  72. )
  73. # PBES2
  74. id_PBES2 = _OID(pkcs_5, 13)
  75. class PBES2_params(univ.Sequence):
  76. pass
  77. PBES2_params.componentType = namedtype.NamedTypes(
  78. namedtype.NamedType('keyDerivationFunc', AlgorithmIdentifier()),
  79. namedtype.NamedType('encryptionScheme', AlgorithmIdentifier())
  80. )
  81. # PBMAC1
  82. id_PBMAC1 = _OID(pkcs_5, 14)
  83. class PBMAC1_params(univ.Sequence):
  84. pass
  85. PBMAC1_params.componentType = namedtype.NamedTypes(
  86. namedtype.NamedType('keyDerivationFunc', AlgorithmIdentifier()),
  87. namedtype.NamedType('messageAuthScheme', AlgorithmIdentifier())
  88. )
  89. # PBKDF2
  90. id_PBKDF2 = _OID(pkcs_5, 12)
  91. algid_hmacWithSHA1 = AlgorithmIdentifier()
  92. algid_hmacWithSHA1['algorithm'] = id_hmacWithSHA1
  93. algid_hmacWithSHA1['parameters'] = univ.Null("")
  94. class PBKDF2_params(univ.Sequence):
  95. pass
  96. PBKDF2_params.componentType = namedtype.NamedTypes(
  97. namedtype.NamedType('salt', univ.Choice(componentType=namedtype.NamedTypes(
  98. namedtype.NamedType('specified', univ.OctetString()),
  99. namedtype.NamedType('otherSource', AlgorithmIdentifier())
  100. ))),
  101. namedtype.NamedType('iterationCount', univ.Integer().subtype(
  102. subtypeSpec=constraint.ValueRangeConstraint(1, MAX))),
  103. namedtype.OptionalNamedType('keyLength', univ.Integer().subtype(
  104. subtypeSpec=constraint.ValueRangeConstraint(1, MAX))),
  105. namedtype.DefaultedNamedType('prf', algid_hmacWithSHA1)
  106. )
  107. # RC2 CBC algorithm parameter
  108. class RC2_CBC_Parameter(univ.Sequence):
  109. pass
  110. RC2_CBC_Parameter.componentType = namedtype.NamedTypes(
  111. namedtype.OptionalNamedType('rc2ParameterVersion', univ.Integer()),
  112. namedtype.NamedType('iv', univ.OctetString().subtype(
  113. subtypeSpec=constraint.ValueSizeConstraint(8, 8)))
  114. )
  115. # RC5 CBC algorithm parameter
  116. class RC5_CBC_Parameters(univ.Sequence):
  117. pass
  118. RC5_CBC_Parameters.componentType = namedtype.NamedTypes(
  119. namedtype.NamedType('version',
  120. univ.Integer(namedValues=namedval.NamedValues(('v1_0', 16))).subtype(
  121. subtypeSpec=constraint.SingleValueConstraint(16))),
  122. namedtype.NamedType('rounds',
  123. univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(8, 127))),
  124. namedtype.NamedType('blockSizeInBits',
  125. univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(64, 128))),
  126. namedtype.OptionalNamedType('iv', univ.OctetString())
  127. )
  128. # Initialization Vector for AES: OCTET STRING (SIZE(16))
  129. class AES_IV(univ.OctetString):
  130. pass
  131. AES_IV.subtypeSpec = constraint.ValueSizeConstraint(16, 16)
  132. # Initialization Vector for DES: OCTET STRING (SIZE(8))
  133. class DES_IV(univ.OctetString):
  134. pass
  135. DES_IV.subtypeSpec = constraint.ValueSizeConstraint(8, 8)
  136. # Update the Algorithm Identifier map
  137. _algorithmIdentifierMapUpdate = {
  138. # PBKDF2-PRFs
  139. id_hmacWithSHA1: univ.Null(),
  140. id_hmacWithSHA224: univ.Null(),
  141. id_hmacWithSHA256: univ.Null(),
  142. id_hmacWithSHA384: univ.Null(),
  143. id_hmacWithSHA512: univ.Null(),
  144. id_hmacWithSHA512_224: univ.Null(),
  145. id_hmacWithSHA512_256: univ.Null(),
  146. # PBES1Algorithms
  147. pbeWithMD2AndDES_CBC: PBEParameter(),
  148. pbeWithMD2AndRC2_CBC: PBEParameter(),
  149. pbeWithMD5AndDES_CBC: PBEParameter(),
  150. pbeWithMD5AndRC2_CBC: PBEParameter(),
  151. pbeWithSHA1AndDES_CBC: PBEParameter(),
  152. pbeWithSHA1AndRC2_CBC: PBEParameter(),
  153. # PBES2Algorithms
  154. id_PBES2: PBES2_params(),
  155. # PBES2-KDFs
  156. id_PBKDF2: PBKDF2_params(),
  157. # PBMAC1Algorithms
  158. id_PBMAC1: PBMAC1_params(),
  159. # SupportingAlgorithms
  160. desCBC: DES_IV(),
  161. des_EDE3_CBC: DES_IV(),
  162. rc2CBC: RC2_CBC_Parameter(),
  163. rc5_CBC_PAD: RC5_CBC_Parameters(),
  164. aes128_CBC_PAD: AES_IV(),
  165. aes192_CBC_PAD: AES_IV(),
  166. aes256_CBC_PAD: AES_IV(),
  167. }
  168. rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)