1# 2# This file is part of pyasn1-modules software. 3# 4# Created by Russ Housley with assistance from asn1ate v.0.6.0. 5# 6# Copyright (c) 2019, Vigil Security, LLC 7# License: http://snmplabs.com/pyasn1/license.html 8# 9# Use of the RSA-KEM Key Transport Algorithm in the CMS 10# 11# ASN.1 source from: 12# https://www.rfc-editor.org/rfc/rfc5990.txt 13# 14 15from pyasn1.type import constraint 16from pyasn1.type import namedtype 17from pyasn1.type import univ 18 19from pyasn1_modules import rfc5280 20 21MAX = float('inf') 22 23def _OID(*components): 24 output = [] 25 for x in tuple(components): 26 if isinstance(x, univ.ObjectIdentifier): 27 output.extend(list(x)) 28 else: 29 output.append(int(x)) 30 return univ.ObjectIdentifier(output) 31 32 33# Imports from RFC 5280 34 35AlgorithmIdentifier = rfc5280.AlgorithmIdentifier 36 37 38# Useful types and definitions 39 40class NullParms(univ.Null): 41 pass 42 43 44# Object identifier arcs 45 46is18033_2 = _OID(1, 0, 18033, 2) 47 48nistAlgorithm = _OID(2, 16, 840, 1, 101, 3, 4) 49 50pkcs_1 = _OID(1, 2, 840, 113549, 1, 1) 51 52x9_44 = _OID(1, 3, 133, 16, 840, 9, 44) 53 54x9_44_components = _OID(x9_44, 1) 55 56 57# Types for algorithm identifiers 58 59class Camellia_KeyWrappingScheme(AlgorithmIdentifier): 60 pass 61 62class DataEncapsulationMechanism(AlgorithmIdentifier): 63 pass 64 65class KDF2_HashFunction(AlgorithmIdentifier): 66 pass 67 68class KDF3_HashFunction(AlgorithmIdentifier): 69 pass 70 71class KeyDerivationFunction(AlgorithmIdentifier): 72 pass 73 74class KeyEncapsulationMechanism(AlgorithmIdentifier): 75 pass 76 77class X9_SymmetricKeyWrappingScheme(AlgorithmIdentifier): 78 pass 79 80 81# RSA-KEM Key Transport Algorithm 82 83id_rsa_kem = _OID(1, 2, 840, 113549, 1, 9, 16, 3, 14) 84 85 86class GenericHybridParameters(univ.Sequence): 87 pass 88 89GenericHybridParameters.componentType = namedtype.NamedTypes( 90 namedtype.NamedType('kem', KeyEncapsulationMechanism()), 91 namedtype.NamedType('dem', DataEncapsulationMechanism()) 92) 93 94 95rsa_kem = AlgorithmIdentifier() 96rsa_kem['algorithm'] = id_rsa_kem 97rsa_kem['parameters'] = GenericHybridParameters() 98 99 100# KEM-RSA Key Encapsulation Mechanism 101 102id_kem_rsa = _OID(is18033_2, 2, 4) 103 104 105class KeyLength(univ.Integer): 106 pass 107 108KeyLength.subtypeSpec = constraint.ValueRangeConstraint(1, MAX) 109 110 111class RsaKemParameters(univ.Sequence): 112 pass 113 114RsaKemParameters.componentType = namedtype.NamedTypes( 115 namedtype.NamedType('keyDerivationFunction', KeyDerivationFunction()), 116 namedtype.NamedType('keyLength', KeyLength()) 117) 118 119 120kem_rsa = AlgorithmIdentifier() 121kem_rsa['algorithm'] = id_kem_rsa 122kem_rsa['parameters'] = RsaKemParameters() 123 124 125# Key Derivation Functions 126 127id_kdf_kdf2 = _OID(x9_44_components, 1) 128 129id_kdf_kdf3 = _OID(x9_44_components, 2) 130 131 132kdf2 = AlgorithmIdentifier() 133kdf2['algorithm'] = id_kdf_kdf2 134kdf2['parameters'] = KDF2_HashFunction() 135 136kdf3 = AlgorithmIdentifier() 137kdf3['algorithm'] = id_kdf_kdf3 138kdf3['parameters'] = KDF3_HashFunction() 139 140 141# Hash Functions 142 143id_sha1 = _OID(1, 3, 14, 3, 2, 26) 144 145id_sha224 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 4) 146 147id_sha256 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 1) 148 149id_sha384 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 2) 150 151id_sha512 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 3) 152 153 154sha1 = AlgorithmIdentifier() 155sha1['algorithm'] = id_sha1 156sha1['parameters'] = univ.Null("") 157 158sha224 = AlgorithmIdentifier() 159sha224['algorithm'] = id_sha224 160sha224['parameters'] = univ.Null("") 161 162sha256 = AlgorithmIdentifier() 163sha256['algorithm'] = id_sha256 164sha256['parameters'] = univ.Null("") 165 166sha384 = AlgorithmIdentifier() 167sha384['algorithm'] = id_sha384 168sha384['parameters'] = univ.Null("") 169 170sha512 = AlgorithmIdentifier() 171sha512['algorithm'] = id_sha512 172sha512['parameters'] = univ.Null("") 173 174 175# Symmetric Key-Wrapping Schemes 176 177id_aes128_Wrap = _OID(nistAlgorithm, 1, 5) 178 179id_aes192_Wrap = _OID(nistAlgorithm, 1, 25) 180 181id_aes256_Wrap = _OID(nistAlgorithm, 1, 45) 182 183id_alg_CMS3DESwrap = _OID(1, 2, 840, 113549, 1, 9, 16, 3, 6) 184 185id_camellia128_Wrap = _OID(1, 2, 392, 200011, 61, 1, 1, 3, 2) 186 187id_camellia192_Wrap = _OID(1, 2, 392, 200011, 61, 1, 1, 3, 3) 188 189id_camellia256_Wrap = _OID(1, 2, 392, 200011, 61, 1, 1, 3, 4) 190 191 192aes128_Wrap = AlgorithmIdentifier() 193aes128_Wrap['algorithm'] = id_aes128_Wrap 194# aes128_Wrap['parameters'] are absent 195 196aes192_Wrap = AlgorithmIdentifier() 197aes192_Wrap['algorithm'] = id_aes128_Wrap 198# aes192_Wrap['parameters'] are absent 199 200aes256_Wrap = AlgorithmIdentifier() 201aes256_Wrap['algorithm'] = id_sha256 202# aes256_Wrap['parameters'] are absent 203 204tdes_Wrap = AlgorithmIdentifier() 205tdes_Wrap['algorithm'] = id_alg_CMS3DESwrap 206tdes_Wrap['parameters'] = univ.Null("") 207 208camellia128_Wrap = AlgorithmIdentifier() 209camellia128_Wrap['algorithm'] = id_camellia128_Wrap 210# camellia128_Wrap['parameters'] are absent 211 212camellia192_Wrap = AlgorithmIdentifier() 213camellia192_Wrap['algorithm'] = id_camellia192_Wrap 214# camellia192_Wrap['parameters'] are absent 215 216camellia256_Wrap = AlgorithmIdentifier() 217camellia256_Wrap['algorithm'] = id_camellia256_Wrap 218# camellia256_Wrap['parameters'] are absent 219 220 221# Update the Algorithm Identifier map in rfc5280.py. 222# Note that the ones that must not have parameters are not added to the map. 223 224_algorithmIdentifierMapUpdate = { 225 id_rsa_kem: GenericHybridParameters(), 226 id_kem_rsa: RsaKemParameters(), 227 id_kdf_kdf2: KDF2_HashFunction(), 228 id_kdf_kdf3: KDF3_HashFunction(), 229 id_sha1: univ.Null(), 230 id_sha224: univ.Null(), 231 id_sha256: univ.Null(), 232 id_sha384: univ.Null(), 233 id_sha512: univ.Null(), 234 id_alg_CMS3DESwrap: univ.Null(), 235} 236 237rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate) 238