Add more RFCs

Added ASN.1 modules for RFC298, RFC3770, RFC5914, RFC 6010, RFC6031,
RFC6032, RFC7030, RFC7292, and RFC8018

9 files changed, 2073 insertions, 0 deletions

diff --git a/pyasn1_modules/rfc2985.py b/pyasn1_modules/rfc2985.py
new file mode 100644
index 0000000..591d27d
--- /dev/null
+++ b/pyasn1_modules/rfc2985.py
@@ -0,0 +1,583 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# PKCS#9: Selected Attribute Types (Version 2.0)
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc2985.txt
+#
+
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import opentype
+from pyasn1.type import tag
+from pyasn1.type import univ
+from pyasn1.type import useful
+
+from pyasn1_modules import rfc7292
+from pyasn1_modules import rfc5958
+from pyasn1_modules import rfc5652
+from pyasn1_modules import rfc5280
+
+
+def _OID(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+
+    return univ.ObjectIdentifier(output)
+
+
+MAX = float('inf')
+
+
+# Imports from RFC 5280
+
+AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
+
+Attribute = rfc5280.Attribute
+
+EmailAddress = rfc5280.EmailAddress
+
+Extensions = rfc5280.Extensions
+
+Time = rfc5280.Time
+
+X520countryName = rfc5280.X520countryName
+
+X520SerialNumber = rfc5280.X520SerialNumber
+
+
+# Imports from RFC 5652
+
+ContentInfo = rfc5652.ContentInfo
+
+ContentType = rfc5652.ContentType
+
+Countersignature = rfc5652.Countersignature
+
+MessageDigest = rfc5652.MessageDigest
+
+SignerInfo = rfc5652.SignerInfo
+
+SigningTime = rfc5652.SigningTime
+
+
+# Imports from RFC 5958
+
+EncryptedPrivateKeyInfo = rfc5958.EncryptedPrivateKeyInfo
+
+
+# Imports from RFC 7292
+
+PFX = rfc7292.PFX
+
+
+# TODO:
+# Need a place to import PKCS15Token; it does not yet appear in an RFC
+
+
+# SingleAttribute is the same as Attribute in RFC 5280, except that the
+# attrValues SET must have one and only one member
+
+class AttributeType(univ.ObjectIdentifier):
+    pass
+
+
+class AttributeValue(univ.Any):
+    pass
+
+
+class AttributeValues(univ.SetOf):
+    pass
+
+AttributeValues.componentType = AttributeValue()
+
+
+class SingleAttributeValues(univ.SetOf):
+    pass
+
+SingleAttributeValues.componentType = AttributeValue()
+
+
+class SingleAttribute(univ.Sequence):
+    pass
+
+SingleAttribute.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('type', AttributeType()),
+    namedtype.NamedType('values',
+        AttributeValues().subtype(sizeSpec=constraint.ValueSizeConstraint(1, 1)),
+        openType=opentype.OpenType('type', rfc5280.certificateAttributesMap)
+    )
+)
+
+
+# CMSAttribute is the same as Attribute in RFC 5652, and CMSSingleAttribute
+# is the companion where the attrValues SET must have one and only one member
+
+CMSAttribute = rfc5652.Attribute
+
+
+class CMSSingleAttribute(univ.Sequence):
+    pass
+
+CMSSingleAttribute.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('attrType', AttributeType()),
+    namedtype.NamedType('attrValues',
+        AttributeValues().subtype(sizeSpec=constraint.ValueSizeConstraint(1, 1)),
+        openType=opentype.OpenType('attrType', rfc5652.cmsAttributesMap)
+    )
+)
+
+
+# DirectoryString is the same as RFC 5280, except the length is limited to 255
+
+class DirectoryString(univ.Choice):
+    pass
+
+DirectoryString.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('teletexString', char.TeletexString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, 255))),
+    namedtype.NamedType('printableString', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, 255))),
+    namedtype.NamedType('universalString', char.UniversalString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, 255))),
+    namedtype.NamedType('utf8String', char.UTF8String().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, 255))),
+    namedtype.NamedType('bmpString', char.BMPString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, 255)))
+)
+
+
+# PKCS9String is DirectoryString with an additional choice of IA5String,
+# and the SIZE is limited to 255
+
+class PKCS9String(univ.Choice):
+    pass
+
+PKCS9String.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('ia5String', char.IA5String().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, 255))),
+    namedtype.NamedType('directoryString', DirectoryString())
+)
+
+
+# Upper Bounds
+
+pkcs_9_ub_pkcs9String = univ.Integer(255)
+
+pkcs_9_ub_challengePassword = univ.Integer(pkcs_9_ub_pkcs9String)
+
+pkcs_9_ub_emailAddress = univ.Integer(pkcs_9_ub_pkcs9String)
+
+pkcs_9_ub_friendlyName = univ.Integer(pkcs_9_ub_pkcs9String)
+
+pkcs_9_ub_match = univ.Integer(pkcs_9_ub_pkcs9String)
+
+pkcs_9_ub_signingDescription = univ.Integer(pkcs_9_ub_pkcs9String)
+
+pkcs_9_ub_unstructuredAddress = univ.Integer(pkcs_9_ub_pkcs9String)
+
+pkcs_9_ub_unstructuredName = univ.Integer(pkcs_9_ub_pkcs9String)
+
+
+ub_name = univ.Integer(32768)
+
+pkcs_9_ub_placeOfBirth = univ.Integer(ub_name)
+
+pkcs_9_ub_pseudonym = univ.Integer(ub_name)
+
+
+# Object Identifier Arcs
+
+ietf_at = _OID(1, 3, 6, 1, 5, 5, 7, 9)
+
+id_at = _OID(2, 5, 4)
+
+pkcs_9 = _OID(1, 2, 840, 113549, 1, 9)
+
+pkcs_9_mo = _OID(pkcs_9, 0)
+
+smime = _OID(pkcs_9, 16)
+
+certTypes = _OID(pkcs_9, 22)
+
+crlTypes = _OID(pkcs_9, 23)
+
+pkcs_9_oc = _OID(pkcs_9, 24)
+
+pkcs_9_at = _OID(pkcs_9, 25)
+
+pkcs_9_sx = _OID(pkcs_9, 26)
+
+pkcs_9_mr = _OID(pkcs_9, 27)
+
+
+# Object Identifiers for Syntaxes for use with LDAP-accessible directories
+
+pkcs_9_sx_pkcs9String = _OID(pkcs_9_sx, 1)
+
+pkcs_9_sx_signingTime = _OID(pkcs_9_sx, 2)
+
+
+# Object Identifiers for object classes
+
+pkcs_9_oc_pkcsEntity = _OID(pkcs_9_oc, 1)
+
+pkcs_9_oc_naturalPerson = _OID(pkcs_9_oc, 2)
+
+
+# Object Identifiers for matching rules
+
+pkcs_9_mr_caseIgnoreMatch = _OID(pkcs_9_mr, 1)
+
+pkcs_9_mr_signingTimeMatch = _OID(pkcs_9_mr, 2)
+
+
+# PKCS #7 PDU
+
+pkcs_9_at_pkcs7PDU = _OID(pkcs_9_at, 5)
+
+pKCS7PDU = Attribute()
+pKCS7PDU['type'] = pkcs_9_at_pkcs7PDU
+pKCS7PDU['values'][0] = ContentInfo()
+
+
+# PKCS #12 token
+
+pkcs_9_at_userPKCS12 = _OID(2, 16, 840, 1, 113730, 3, 1, 216)
+
+userPKCS12 = Attribute()
+userPKCS12['type'] = pkcs_9_at_userPKCS12
+userPKCS12['values'][0] = PFX()
+
+
+# PKCS #15 token
+
+pkcs_9_at_pkcs15Token = _OID(pkcs_9_at, 1)
+
+# TODO: Once PKCS15Token can be imported, this can be included
+# 
+# pKCS15Token = Attribute()
+# userPKCS12['type'] = pkcs_9_at_pkcs15Token
+# userPKCS12['values'][0] = PKCS15Token()
+
+
+# PKCS #8 encrypted private key information
+
+pkcs_9_at_encryptedPrivateKeyInfo = _OID(pkcs_9_at, 2)
+
+encryptedPrivateKeyInfo = Attribute()
+encryptedPrivateKeyInfo['type'] = pkcs_9_at_encryptedPrivateKeyInfo
+encryptedPrivateKeyInfo['values'][0] = EncryptedPrivateKeyInfo()
+
+
+# Electronic-mail address
+
+pkcs_9_at_emailAddress = rfc5280.id_emailAddress
+
+emailAddress = Attribute()
+emailAddress['type'] = pkcs_9_at_emailAddress
+emailAddress['values'][0] = EmailAddress()
+
+
+# Unstructured name
+
+pkcs_9_at_unstructuredName = _OID(pkcs_9, 2)
+
+unstructuredName = Attribute()
+unstructuredName['type'] = pkcs_9_at_unstructuredName
+unstructuredName['values'][0] = PKCS9String()
+
+
+# Unstructured address
+
+pkcs_9_at_unstructuredAddress = _OID(pkcs_9, 8)
+
+unstructuredAddress = Attribute()
+unstructuredAddress['type'] = pkcs_9_at_unstructuredAddress
+unstructuredAddress['values'][0] = DirectoryString()
+
+
+# Date of birth
+
+pkcs_9_at_dateOfBirth = _OID(ietf_at, 1)
+
+dateOfBirth = SingleAttribute()
+dateOfBirth['type'] = pkcs_9_at_dateOfBirth
+dateOfBirth['values'][0] = useful.GeneralizedTime()
+
+
+# Place of birth
+
+pkcs_9_at_placeOfBirth = _OID(ietf_at, 2)
+
+placeOfBirth = SingleAttribute()
+placeOfBirth['type'] = pkcs_9_at_placeOfBirth
+placeOfBirth['values'][0] = DirectoryString()
+
+
+# Gender
+
+class GenderString(char.PrintableString):
+    pass
+
+GenderString.subtypeSpec = constraint.ValueSizeConstraint(1, 1)
+GenderString.subtypeSpec = constraint.SingleValueConstraint("M", "F", "m", "f")
+
+
+pkcs_9_at_gender = _OID(ietf_at, 3)
+
+gender = SingleAttribute()
+gender['type'] = pkcs_9_at_gender
+gender['values'][0] = GenderString()
+
+
+# Country of citizenship
+
+pkcs_9_at_countryOfCitizenship = _OID(ietf_at, 4)
+
+countryOfCitizenship = Attribute()
+countryOfCitizenship['type'] = pkcs_9_at_countryOfCitizenship
+countryOfCitizenship['values'][0] = X520countryName()
+
+
+#  Country of residence
+
+pkcs_9_at_countryOfResidence = _OID(ietf_at, 5)
+
+countryOfResidence = Attribute()
+countryOfResidence['type'] = pkcs_9_at_countryOfResidence
+countryOfResidence['values'][0] = X520countryName()
+
+
+# Pseudonym
+
+id_at_pseudonym = _OID(2, 5, 4, 65)
+
+pseudonym = Attribute()
+pseudonym['type'] = id_at_pseudonym
+pseudonym['values'][0] = DirectoryString()
+
+
+# Serial number
+
+id_at_serialNumber = rfc5280.id_at_serialNumber
+
+serialNumber = Attribute()
+serialNumber['type'] = id_at_serialNumber
+serialNumber['values'][0] = X520SerialNumber()
+
+
+# Content type
+
+pkcs_9_at_contentType = rfc5652.id_contentType
+
+contentType = CMSSingleAttribute()
+contentType['attrType'] = pkcs_9_at_contentType
+contentType['attrValues'][0] = ContentType()
+
+
+# Message digest
+
+pkcs_9_at_messageDigest = rfc5652.id_messageDigest
+
+messageDigest = CMSSingleAttribute()
+messageDigest['attrType'] = pkcs_9_at_messageDigest
+messageDigest['attrValues'][0] = MessageDigest()
+
+
+# Signing time
+
+pkcs_9_at_signingTime = rfc5652.id_signingTime
+
+signingTime = CMSSingleAttribute()
+signingTime['attrType'] = pkcs_9_at_signingTime
+signingTime['attrValues'][0] = SigningTime()
+
+
+# Random nonce
+
+class RandomNonce(univ.OctetString):
+    pass
+
+RandomNonce.subtypeSpec = constraint.ValueSizeConstraint(4, MAX)
+
+
+pkcs_9_at_randomNonce = _OID(pkcs_9_at, 3)
+
+randomNonce = CMSSingleAttribute()
+randomNonce['attrType'] = pkcs_9_at_randomNonce
+randomNonce['attrValues'][0] = RandomNonce()
+
+
+# Sequence number
+
+class SequenceNumber(univ.Integer):
+    pass
+
+SequenceNumber.subtypeSpec = constraint.ValueRangeConstraint(1, MAX)
+
+
+pkcs_9_at_sequenceNumber = _OID(pkcs_9_at, 4)
+
+sequenceNumber = CMSSingleAttribute()
+sequenceNumber['attrType'] = pkcs_9_at_sequenceNumber
+sequenceNumber['attrValues'][0] = SequenceNumber()
+
+
+# Countersignature
+
+pkcs_9_at_counterSignature = rfc5652.id_countersignature
+
+counterSignature = CMSAttribute()
+counterSignature['attrType'] = pkcs_9_at_counterSignature
+counterSignature['attrValues'][0] = Countersignature()
+
+
+# Challenge password
+
+pkcs_9_at_challengePassword = _OID(pkcs_9, 7)
+
+challengePassword = SingleAttribute()
+challengePassword['type'] = pkcs_9_at_challengePassword
+challengePassword['values'][0] = DirectoryString()
+
+
+# Extension request
+
+class ExtensionRequest(Extensions):
+    pass
+
+
+pkcs_9_at_extensionRequest = _OID(pkcs_9, 14)
+
+extensionRequest = SingleAttribute()
+extensionRequest['type'] = pkcs_9_at_extensionRequest
+extensionRequest['values'][0] = ExtensionRequest()
+
+
+# Extended-certificate attributes (deprecated)
+
+class AttributeSet(univ.SetOf):
+    pass
+
+AttributeSet.componentType = Attribute()
+
+
+pkcs_9_at_extendedCertificateAttributes = _OID(pkcs_9, 9)
+
+extendedCertificateAttributes = SingleAttribute()
+extendedCertificateAttributes['type'] = pkcs_9_at_extendedCertificateAttributes
+extendedCertificateAttributes['values'][0] = AttributeSet()
+
+
+# Friendly name
+
+class FriendlyName(char.BMPString):
+    pass
+
+FriendlyName.subtypeSpec = constraint.ValueSizeConstraint(1, pkcs_9_ub_friendlyName)
+
+
+pkcs_9_at_friendlyName = _OID(pkcs_9, 20)
+
+friendlyName = SingleAttribute()
+friendlyName['type'] = pkcs_9_at_friendlyName
+friendlyName['values'][0] = FriendlyName()
+
+
+# Local key identifier
+
+pkcs_9_at_localKeyId = _OID(pkcs_9, 21)
+
+localKeyId = SingleAttribute()
+localKeyId['type'] = pkcs_9_at_localKeyId
+localKeyId['values'][0] = univ.OctetString()
+
+
+# Signing description
+
+pkcs_9_at_signingDescription = _OID(pkcs_9, 13)
+
+signingDescription = CMSSingleAttribute()
+signingDescription['attrType'] = pkcs_9_at_signingDescription
+signingDescription['attrValues'][0] = DirectoryString()
+
+
+# S/MIME capabilities
+
+class SMIMECapability(AlgorithmIdentifier):
+    pass
+
+
+class SMIMECapabilities(univ.SequenceOf):
+    pass
+
+SMIMECapabilities.componentType = SMIMECapability()
+
+
+pkcs_9_at_smimeCapabilities = _OID(pkcs_9, 15)
+
+smimeCapabilities = CMSSingleAttribute()
+smimeCapabilities['attrType'] = pkcs_9_at_smimeCapabilities
+smimeCapabilities['attrValues'][0] = SMIMECapabilities()
+
+
+# Certificate Attribute Map
+
+certificateAttributesMapUpdate = {
+    # Attribute types for use with the "pkcsEntity" object class
+    pkcs_9_at_pkcs7PDU: ContentInfo(),
+    pkcs_9_at_userPKCS12: PFX(),
+    # TODO: Once PKCS15Token can be imported, this can be included
+    # pkcs_9_at_pkcs15Token: PKCS15Token(),
+    pkcs_9_at_encryptedPrivateKeyInfo: EncryptedPrivateKeyInfo(),
+    # Attribute types for use with the "naturalPerson" object class
+    pkcs_9_at_emailAddress: EmailAddress(),
+    pkcs_9_at_unstructuredName: PKCS9String(),
+    pkcs_9_at_unstructuredAddress: DirectoryString(),
+    pkcs_9_at_dateOfBirth: useful.GeneralizedTime(),
+    pkcs_9_at_placeOfBirth: DirectoryString(),
+    pkcs_9_at_gender: GenderString(),
+    pkcs_9_at_countryOfCitizenship: X520countryName(),
+    pkcs_9_at_countryOfResidence: X520countryName(),
+    id_at_pseudonym: DirectoryString(),
+    id_at_serialNumber: X520SerialNumber(),
+    # Attribute types for use with PKCS #10 certificate requests
+    pkcs_9_at_challengePassword: DirectoryString(),
+    pkcs_9_at_extensionRequest: ExtensionRequest(),
+    pkcs_9_at_extendedCertificateAttributes: AttributeSet(),
+}
+
+rfc5280.certificateAttributesMap.update(certificateAttributesMapUpdate)
+
+
+# CMS Attribute Map
+
+cmsAttributesMapUpdate = {
+    # Attribute types for use in PKCS #7 data (a.k.a. CMS)
+    pkcs_9_at_contentType: ContentType(),
+    pkcs_9_at_messageDigest: MessageDigest(),
+    pkcs_9_at_signingTime: SigningTime(),
+    pkcs_9_at_randomNonce: RandomNonce(),
+    pkcs_9_at_sequenceNumber: SequenceNumber(),
+    pkcs_9_at_counterSignature: Countersignature(),
+    # Attributes for use in PKCS #12 "PFX" PDUs or PKCS #15 tokens
+    pkcs_9_at_friendlyName: FriendlyName(),
+    pkcs_9_at_localKeyId: univ.OctetString(),
+    pkcs_9_at_signingDescription: DirectoryString(),
+    pkcs_9_at_smimeCapabilities: SMIMECapabilities(),
+}
+
+rfc5652.cmsAttributesMap.update(cmsAttributesMapUpdate)
diff --git a/pyasn1_modules/rfc3770.py b/pyasn1_modules/rfc3770.py
new file mode 100644
index 0000000..a347fb3
--- /dev/null
+++ b/pyasn1_modules/rfc3770.py
@@ -0,0 +1,63 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Certificate Extensions and Attributes Supporting Authentication
+#   in PPP and Wireless LAN Networks
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc3770.txt
+#
+
+from pyasn1.type import constraint
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+
+
+MAX = float('inf')
+
+
+# Extended Key Usage Values
+
+id_kp_eapOverLAN = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.14')
+
+id_kp_eapOverPPP = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.13')
+
+
+# Wireless LAN SSID Extension
+
+id_pe_wlanSSID = univ.ObjectIdentifier('1.3.6.1.5.5.7.1.13')
+
+
+class SSID(univ.OctetString):
+    pass
+
+SSID.subtypeSpec = constraint.ValueSizeConstraint(1, 32)
+
+
+class SSIDList(univ.SequenceOf):
+    pass
+
+SSIDList.componentType = SSID()
+SSIDList.subtypeSpec=constraint.ValueSizeConstraint(1, MAX)
+
+
+# Wireless LAN SSID Attribute Certificate Attribute
+# Uses same syntax as the certificate extension: SSIDList
+
+id_aca_wlanSSID = univ.ObjectIdentifier('1.3.6.1.5.5.7.10.6')
+
+
+# Map of Certificate Extension OIDs to Extensions
+# To be added to the ones that are in rfc5280.py
+
+_certificateExtensionsMap = {
+    id_pe_wlanSSID: SSIDList(),
+}
+
+rfc5280.certificateExtensionsMap.update(_certificateExtensionsMap)
diff --git a/pyasn1_modules/rfc5914.py b/pyasn1_modules/rfc5914.py
new file mode 100644
index 0000000..d125ea2
--- /dev/null
+++ b/pyasn1_modules/rfc5914.py
@@ -0,0 +1,119 @@
+# This file is being contributed to pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Trust Anchor Format
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc5914.txt
+
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import tag
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+
+
+MAX = float('inf')
+
+Certificate = rfc5280.Certificate
+
+Name = rfc5280.Name
+
+Extensions = rfc5280.Extensions
+
+SubjectPublicKeyInfo = rfc5280.SubjectPublicKeyInfo
+
+TBSCertificate = rfc5280.TBSCertificate
+
+CertificatePolicies = rfc5280.CertificatePolicies
+
+KeyIdentifier = rfc5280.KeyIdentifier
+
+NameConstraints = rfc5280.NameConstraints
+
+
+class CertPolicyFlags(univ.BitString):
+    pass
+
+CertPolicyFlags.namedValues = namedval.NamedValues(
+    ('inhibitPolicyMapping', 0),
+    ('requireExplicitPolicy', 1),
+    ('inhibitAnyPolicy', 2)
+)
+
+
+class CertPathControls(univ.Sequence):
+    pass
+
+CertPathControls.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('taName', Name()),
+    namedtype.OptionalNamedType('certificate', Certificate().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('policySet', CertificatePolicies().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.OptionalNamedType('policyFlags', CertPolicyFlags().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.OptionalNamedType('nameConstr', NameConstraints().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+    namedtype.OptionalNamedType('pathLenConstraint', univ.Integer().subtype(
+        subtypeSpec=constraint.ValueRangeConstraint(0, MAX)).subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4)))
+)
+
+
+class TrustAnchorTitle(char.UTF8String):
+    pass
+
+TrustAnchorTitle.subtypeSpec = constraint.ValueSizeConstraint(1, 64)
+
+
+class TrustAnchorInfoVersion(univ.Integer):
+    pass
+
+TrustAnchorInfoVersion.namedValues = namedval.NamedValues(
+    ('v1', 1)
+)
+
+
+class TrustAnchorInfo(univ.Sequence):
+    pass
+
+TrustAnchorInfo.componentType = namedtype.NamedTypes(
+    namedtype.DefaultedNamedType('version', TrustAnchorInfoVersion().subtype(value='v1')),
+    namedtype.NamedType('pubKey', SubjectPublicKeyInfo()),
+    namedtype.NamedType('keyId', KeyIdentifier()),
+    namedtype.OptionalNamedType('taTitle', TrustAnchorTitle()),
+    namedtype.OptionalNamedType('certPath', CertPathControls()),
+    namedtype.OptionalNamedType('exts', Extensions().subtype(explicitTag=tag.Tag(
+        tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.OptionalNamedType('taTitleLangTag', char.UTF8String().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+)
+
+
+class TrustAnchorChoice(univ.Choice):
+    pass
+
+TrustAnchorChoice.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('certificate', Certificate()),
+    namedtype.NamedType('tbsCert', TBSCertificate().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('taInfo', TrustAnchorInfo().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
+)
+
+
+id_ct_trustAnchorList = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.34')
+
+class TrustAnchorList(univ.SequenceOf):
+    pass
+
+TrustAnchorList.componentType = TrustAnchorChoice()
+TrustAnchorList.subtypeSpec=constraint.ValueSizeConstraint(1, MAX)
diff --git a/pyasn1_modules/rfc6010.py b/pyasn1_modules/rfc6010.py
new file mode 100644
index 0000000..250e207
--- /dev/null
+++ b/pyasn1_modules/rfc6010.py
@@ -0,0 +1,88 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+# Modified by Russ Housley to add maps for use with opentypes.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Certificate Extension for CMS Content Constraints (CCC)
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc6010.txt
+#
+
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+
+MAX = float('inf')
+
+
+AttributeType = rfc5280.AttributeType
+
+AttributeValue = rfc5280.AttributeValue
+
+
+id_ct_anyContentType = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.0')
+
+
+class AttrConstraint(univ.Sequence):
+    pass
+
+AttrConstraint.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('attrType', AttributeType()),
+    namedtype.NamedType('attrValues', univ.SetOf(
+        componentType=AttributeValue()).subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
+)
+
+
+class AttrConstraintList(univ.SequenceOf):
+    pass
+
+AttrConstraintList.componentType = AttrConstraint()
+AttrConstraintList.subtypeSpec=constraint.ValueSizeConstraint(1, MAX)
+
+
+class ContentTypeGeneration(univ.Enumerated):
+    pass
+
+ContentTypeGeneration.namedValues = namedval.NamedValues(
+    ('canSource', 0),
+    ('cannotSource', 1)
+)
+
+
+class ContentTypeConstraint(univ.Sequence):
+    pass
+
+ContentTypeConstraint.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('contentType', univ.ObjectIdentifier()),
+    namedtype.DefaultedNamedType('canSource', ContentTypeGeneration().subtype(value='canSource')),
+    namedtype.OptionalNamedType('attrConstraints', AttrConstraintList())
+)
+
+
+# CMS Content Constraints (CCC) Extension and Object Identifier
+
+id_pe_cmsContentConstraints = univ.ObjectIdentifier('1.3.6.1.5.5.7.1.18')
+
+class CMSContentConstraints(univ.SequenceOf):
+    pass
+
+CMSContentConstraints.componentType = ContentTypeConstraint()
+CMSContentConstraints.subtypeSpec=constraint.ValueSizeConstraint(1, MAX)
+
+
+# Map of Certificate Extension OIDs to Extensions
+# To be added to the ones that are in rfc5280.py
+
+_certificateExtensionsMap = {
+    id_pe_cmsContentConstraints: CMSContentConstraints(),
+}
+
+rfc5280.certificateExtensionsMap.update(_certificateExtensionsMap)
diff --git a/pyasn1_modules/rfc6031.py b/pyasn1_modules/rfc6031.py
new file mode 100644
index 0000000..6e1bb22
--- /dev/null
+++ b/pyasn1_modules/rfc6031.py
@@ -0,0 +1,469 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# CMS Symmetric Key Package Content Type
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc6031.txt
+#
+
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import opentype
+from pyasn1.type import tag
+from pyasn1.type import univ
+from pyasn1.type import useful
+
+from pyasn1_modules import rfc5652
+from pyasn1_modules import rfc6019
+
+
+def _OID(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+    return univ.ObjectIdentifier(output)
+
+
+MAX = float('inf')
+
+id_pskc = univ.ObjectIdentifier('1.2.840.113549.1.9.16.12')
+
+
+# Symmetric Key Package Attributes
+
+id_pskc_manufacturer = _OID(id_pskc, 1)
+
+class at_pskc_manufacturer(char.UTF8String):
+    pass
+
+
+id_pskc_serialNo = _OID(id_pskc, 2)
+
+class at_pskc_serialNo(char.UTF8String):
+    pass
+
+
+id_pskc_model = _OID(id_pskc, 3)
+
+class at_pskc_model(char.UTF8String):
+    pass
+
+
+id_pskc_issueNo = _OID(id_pskc, 4)
+
+class at_pskc_issueNo(char.UTF8String):
+    pass
+
+
+id_pskc_deviceBinding = _OID(id_pskc, 5)
+
+class at_pskc_deviceBinding(char.UTF8String):
+    pass
+
+
+id_pskc_deviceStartDate = _OID(id_pskc, 6)
+
+class at_pskc_deviceStartDate(useful.GeneralizedTime):
+    pass
+
+
+id_pskc_deviceExpiryDate = _OID(id_pskc, 7)
+
+class at_pskc_deviceExpiryDate(useful.GeneralizedTime):
+    pass
+
+
+id_pskc_moduleId = _OID(id_pskc, 8)
+
+class at_pskc_moduleId(char.UTF8String):
+    pass
+
+
+id_pskc_deviceUserId = _OID(id_pskc, 26)
+
+class at_pskc_deviceUserId(char.UTF8String):
+    pass
+
+
+# Symmetric Key Attributes
+
+id_pskc_keyId = _OID(id_pskc, 9)
+
+class at_pskc_keyUserId(char.UTF8String):
+    pass
+
+
+id_pskc_algorithm = _OID(id_pskc, 10)
+
+class at_pskc_algorithm(char.UTF8String):
+    pass
+
+
+id_pskc_issuer = _OID(id_pskc, 11)
+
+class at_pskc_issuer(char.UTF8String):
+    pass
+
+
+id_pskc_keyProfileId = _OID(id_pskc, 12)
+
+class at_pskc_keyProfileId(char.UTF8String):
+    pass
+
+
+id_pskc_keyReference = _OID(id_pskc, 13)
+
+class at_pskc_keyReference(char.UTF8String):
+    pass
+
+
+id_pskc_friendlyName = _OID(id_pskc, 14)
+
+class FriendlyName(univ.Sequence):
+    pass
+
+FriendlyName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('friendlyName', char.UTF8String()),
+    namedtype.OptionalNamedType('friendlyNameLangTag', char.UTF8String())
+)
+
+class at_pskc_friendlyName(FriendlyName):
+    pass
+
+
+id_pskc_algorithmParameters = _OID(id_pskc, 15)
+
+class Encoding(char.UTF8String):
+    pass
+
+Encoding.namedValues = namedval.NamedValues(
+    ('dec',   "DECIMAL"),
+    ('hex',   "HEXADECIMAL"),
+    ('alpha', "ALPHANUMERIC"),
+    ('b64',   "BASE64"),
+    ('bin',   "BINARY")
+)
+
+Encoding.subtypeSpec = constraint.SingleValueConstraint(
+    "DECIMAL", "HEXADECIMAL", "ALPHANUMERIC", "BASE64", "BINARY" )
+
+class ChallengeFormat(univ.Sequence):
+    pass
+
+ChallengeFormat.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('encoding', Encoding()),
+    namedtype.DefaultedNamedType('checkDigit',
+        univ.Boolean().subtype(value=0)),
+    namedtype.NamedType('min', univ.Integer().subtype(
+        subtypeSpec=constraint.ValueRangeConstraint(0, MAX))),
+    namedtype.NamedType('max', univ.Integer().subtype(
+        subtypeSpec=constraint.ValueRangeConstraint(0, MAX)))
+)
+
+class ResponseFormat(univ.Sequence):
+    pass
+
+ResponseFormat.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('encoding', Encoding()),
+    namedtype.NamedType('length', univ.Integer().subtype(
+        subtypeSpec=constraint.ValueRangeConstraint(0, MAX))),
+    namedtype.DefaultedNamedType('checkDigit',
+        univ.Boolean().subtype(value=0))
+)
+
+class PSKCAlgorithmParameters(univ.Choice):
+    pass
+
+PSKCAlgorithmParameters.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('suite', char.UTF8String()),
+    namedtype.NamedType('challengeFormat', ChallengeFormat().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('responseFormat', ResponseFormat().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+)
+
+class at_pskc_algorithmParameters(PSKCAlgorithmParameters):
+    pass
+
+
+id_pskc_counter = _OID(id_pskc, 16)
+
+class at_pskc_counter(univ.Integer):
+    pass
+
+at_pskc_counter.subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
+
+
+id_pskc_time = _OID(id_pskc, 17)
+
+class at_pskc_time(rfc6019.BinaryTime):
+    pass
+
+
+id_pskc_timeInterval = _OID(id_pskc, 18)
+
+class at_pskc_timeInterval(univ.Integer):
+    pass
+
+at_pskc_timeInterval.subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
+
+
+id_pskc_timeDrift = _OID(id_pskc, 19)
+
+class at_pskc_timeDrift(univ.Integer):
+    pass
+
+at_pskc_timeDrift.subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
+
+
+id_pskc_valueMAC = _OID(id_pskc, 20)
+
+class ValueMac(univ.Sequence):
+    pass
+
+ValueMac.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('macAlgorithm', char.UTF8String()),
+    namedtype.NamedType('mac', char.UTF8String())
+)
+
+class at_pskc_valueMAC(ValueMac):
+    pass
+
+
+id_pskc_keyUserId = _OID(id_pskc, 27)
+
+class at_pskc_keyId(char.UTF8String):
+    pass
+
+
+id_pskc_keyStartDate = _OID(id_pskc, 21)
+
+class at_pskc_keyStartDate(useful.GeneralizedTime):
+    pass
+
+
+id_pskc_keyExpiryDate = _OID(id_pskc, 22)
+
+class at_pskc_keyExpiryDate(useful.GeneralizedTime):
+    pass
+
+
+id_pskc_numberOfTransactions = _OID(id_pskc, 23)
+
+class at_pskc_numberOfTransactions(univ.Integer):
+    pass
+    
+at_pskc_numberOfTransactions.subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
+
+
+id_pskc_keyUsages = _OID(id_pskc, 24)
+
+class PSKCKeyUsage(char.UTF8String):
+    pass
+
+PSKCKeyUsage.namedValues = namedval.NamedValues(
+    ('otp',       "OTP"),
+    ('cr',        "CR"),
+    ('encrypt',   "Encrypt"),
+    ('integrity', "Integrity"),
+    ('verify',    "Verify"),
+    ('unlock',    "Unlock"),
+    ('decrypt',   "Decrypt"),
+    ('keywrap',   "KeyWrap"),
+    ('unwrap',    "Unwrap"),
+    ('derive',    "Derive"),
+    ('generate',  "Generate")
+)
+
+PSKCKeyUsage.subtypeSpec = constraint.SingleValueConstraint(
+    "OTP", "CR", "Encrypt", "Integrity", "Verify", "Unlock",
+    "Decrypt", "KeyWrap", "Unwrap", "Derive", "Generate" )
+
+class PSKCKeyUsages(univ.SequenceOf):
+    pass
+
+PSKCKeyUsages.componentType = PSKCKeyUsage()
+
+class at_pskc_keyUsage(PSKCKeyUsages):
+    pass
+
+
+id_pskc_pinPolicy = _OID(id_pskc, 25)
+
+class PINUsageMode(char.UTF8String):
+    pass
+
+PINUsageMode.namedValues = namedval.NamedValues(
+    ("local",       "Local"),
+    ("prepend",     "Prepend"),
+    ("append",      "Append"),
+    ("algorithmic", "Algorithmic")
+)
+
+PINUsageMode.subtypeSpec = constraint.SingleValueConstraint(
+    "Local", "Prepend", "Append", "Algorithmic" )
+
+class PINPolicy(univ.Sequence):
+    pass
+
+PINPolicy.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('pinKeyId', char.UTF8String().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('pinUsageMode', PINUsageMode().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.OptionalNamedType('maxFailedAttempts', univ.Integer().subtype(
+        subtypeSpec=constraint.ValueRangeConstraint(0, MAX)).subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.OptionalNamedType('minLength', univ.Integer().subtype(
+        subtypeSpec=constraint.ValueRangeConstraint(0, MAX)).subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+    namedtype.OptionalNamedType('maxLength', univ.Integer().subtype(
+        subtypeSpec=constraint.ValueRangeConstraint(0, MAX)).subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
+    namedtype.OptionalNamedType('pinEncoding', Encoding().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5)))
+)
+
+class at_pskc_pinPolicy(PINPolicy):
+    pass
+
+
+# Map of Symmetric Key Package Attribute OIDs to Attributes
+
+sKeyPkgAttributesMap = {
+     id_pskc_manufacturer: at_pskc_manufacturer(),
+     id_pskc_serialNo: at_pskc_serialNo(),
+     id_pskc_model: at_pskc_model(),
+     id_pskc_issueNo: at_pskc_issueNo(),
+     id_pskc_deviceBinding: at_pskc_deviceBinding(),
+     id_pskc_deviceStartDate: at_pskc_deviceStartDate(),
+     id_pskc_deviceExpiryDate: at_pskc_deviceExpiryDate(),
+     id_pskc_moduleId: at_pskc_moduleId(),
+     id_pskc_deviceUserId: at_pskc_deviceUserId(),
+}
+
+
+# Map of Symmetric Key Attribute OIDs to Attributes
+
+sKeyAttributesMap = {
+     id_pskc_keyId: at_pskc_keyId(),
+     id_pskc_algorithm: at_pskc_algorithm(),
+     id_pskc_issuer: at_pskc_issuer(),
+     id_pskc_keyProfileId: at_pskc_keyProfileId(),
+     id_pskc_keyReference: at_pskc_keyReference(),
+     id_pskc_friendlyName: at_pskc_friendlyName(),
+     id_pskc_algorithmParameters: at_pskc_algorithmParameters(),
+     id_pskc_counter: at_pskc_counter(),
+     id_pskc_time: at_pskc_time(),
+     id_pskc_timeInterval: at_pskc_timeInterval(),
+     id_pskc_timeDrift: at_pskc_timeDrift(),
+     id_pskc_valueMAC: at_pskc_valueMAC(),
+     id_pskc_keyUserId: at_pskc_keyUserId(),
+     id_pskc_keyStartDate: at_pskc_keyStartDate(),
+     id_pskc_keyExpiryDate: at_pskc_keyExpiryDate(),
+     id_pskc_numberOfTransactions: at_pskc_numberOfTransactions(),
+     id_pskc_keyUsages: at_pskc_keyUsage(),
+     id_pskc_pinPolicy: at_pskc_pinPolicy(),
+}
+
+
+# This definition replaces Attribute() from rfc5652.py; it is the same except
+# that opentype is added with sKeyPkgAttributesMap and sKeyAttributesMap
+
+class AttributeType(univ.ObjectIdentifier):
+    pass
+
+
+class AttributeValue(univ.Any):
+    pass
+
+
+class SKeyAttribute(univ.Sequence):
+    pass
+
+SKeyAttribute.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('attrType', AttributeType()),
+    namedtype.NamedType('attrValues',
+        univ.SetOf(componentType=AttributeValue()),
+        openType=opentype.OpenType('attrType', sKeyAttributesMap)
+    )
+)
+
+
+class SKeyPkgAttribute(univ.Sequence):
+    pass
+
+SKeyPkgAttribute.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('attrType', AttributeType()),
+    namedtype.NamedType('attrValues',
+        univ.SetOf(componentType=AttributeValue()),
+        openType=opentype.OpenType('attrType', sKeyPkgAttributesMap)
+    )
+)
+
+
+# Symmetric Key Package Content Type
+
+id_ct_KP_sKeyPackage = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.25')
+
+
+class KeyPkgVersion(univ.Integer):
+    pass
+
+KeyPkgVersion.namedValues = namedval.NamedValues(
+    ('v1', 1)
+)
+
+
+class OneSymmetricKey(univ.Sequence):
+    pass
+
+OneSymmetricKey.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('sKeyAttrs',
+        univ.SequenceOf(componentType=SKeyAttribute()).subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+    namedtype.OptionalNamedType('sKey', univ.OctetString())
+)
+
+OneSymmetricKey.sizeSpec = univ.Sequence.sizeSpec + constraint.ValueSizeConstraint(1, 2)
+
+
+class SymmetricKeys(univ.SequenceOf):
+    pass
+
+SymmetricKeys.componentType = OneSymmetricKey()
+SymmetricKeys.subtypeSpec=constraint.ValueSizeConstraint(1, MAX)
+
+
+class SymmetricKeyPackage(univ.Sequence):
+    pass
+
+SymmetricKeyPackage.componentType = namedtype.NamedTypes(
+    namedtype.DefaultedNamedType('version', KeyPkgVersion().subtype(value='v1')),
+    namedtype.OptionalNamedType('sKeyPkgAttrs',
+        univ.SequenceOf(componentType=SKeyPkgAttribute()).subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('sKeys', SymmetricKeys())
+)
+
+
+# Map of Content Type OIDs to Content Types are
+# added to the ones that are in rfc5652.py
+
+_cmsContentTypesMapUpdate = {
+    id_ct_KP_sKeyPackage: SymmetricKeyPackage(),
+}
+
+rfc5652.cmsContentTypesMap.update(_cmsContentTypesMapUpdate)
diff --git a/pyasn1_modules/rfc6032.py b/pyasn1_modules/rfc6032.py
new file mode 100644
index 0000000..563639a
--- /dev/null
+++ b/pyasn1_modules/rfc6032.py
@@ -0,0 +1,68 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# CMS Encrypted Key Package Content Type
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc6032.txt
+#
+
+from pyasn1.type import namedtype
+from pyasn1.type import tag
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5652
+from pyasn1_modules import rfc5083
+
+
+# Content Decryption Key Identifier attribute
+
+id_aa_KP_contentDecryptKeyID = univ.ObjectIdentifier('2.16.840.1.101.2.1.5.66')
+
+class ContentDecryptKeyID(univ.OctetString):
+    pass
+
+aa_content_decrypt_key_identifier = rfc5652.Attribute()
+aa_content_decrypt_key_identifier['attrType'] = id_aa_KP_contentDecryptKeyID
+aa_content_decrypt_key_identifier['attrValues'][0] = ContentDecryptKeyID()
+
+
+# Encrypted Key Package Content Type
+
+id_ct_KP_encryptedKeyPkg = univ.ObjectIdentifier('2.16.840.1.101.2.1.2.78.2')
+
+class EncryptedKeyPackage(univ.Choice):
+    pass
+
+EncryptedKeyPackage.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('encrypted', rfc5652.EncryptedData()),
+    namedtype.NamedType('enveloped', rfc5652.EnvelopedData().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('authEnveloped', rfc5083.AuthEnvelopedData().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+# Map of Attribute Type OIDs to Attributes are
+# added to the ones that are in rfc5652.py
+
+_cmsAttributesMapUpdate = {
+    id_aa_KP_contentDecryptKeyID: ContentDecryptKeyID(),
+}
+
+rfc5652.cmsAttributesMap.update(_cmsAttributesMapUpdate)
+
+
+# Map of Content Type OIDs to Content Types are
+# added to the ones that are in rfc5652.py
+
+_cmsContentTypesMapUpdate = {
+    id_ct_KP_encryptedKeyPkg: EncryptedKeyPackage(),
+}
+
+rfc5652.cmsContentTypesMap.update(_cmsContentTypesMapUpdate)
diff --git a/pyasn1_modules/rfc7030.py b/pyasn1_modules/rfc7030.py
new file mode 100644
index 0000000..84b6dc5
--- /dev/null
+++ b/pyasn1_modules/rfc7030.py
@@ -0,0 +1,66 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Enrollment over Secure Transport (EST)
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc7030.txt
+#
+
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5652
+
+MAX = float('inf')
+
+
+# Imports from RFC 5652
+
+Attribute = rfc5652.Attribute
+
+
+# Asymmetric Decrypt Key Identifier Attribute
+
+id_aa_asymmDecryptKeyID = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.54')
+
+class AsymmetricDecryptKeyIdentifier(univ.OctetString):
+    pass
+
+
+aa_asymmDecryptKeyID = Attribute()
+aa_asymmDecryptKeyID['attrType'] = id_aa_asymmDecryptKeyID
+aa_asymmDecryptKeyID['attrValues'][0] = AsymmetricDecryptKeyIdentifier()
+
+
+# CSR Attributes
+
+class AttrOrOID(univ.Choice):
+    pass
+
+AttrOrOID.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('oid', univ.ObjectIdentifier()),
+    namedtype.NamedType('attribute', Attribute())
+)
+
+
+class CsrAttrs(univ.SequenceOf):
+    pass
+
+CsrAttrs.componentType = AttrOrOID()
+CsrAttrs.subtypeSpec=constraint.ValueSizeConstraint(0, MAX)
+
+   
+# Update CMS Attribute Map
+
+_cmsAttributesMapUpdate = {
+    id_aa_asymmDecryptKeyID: AsymmetricDecryptKeyIdentifier(),
+}
+
+rfc5652.cmsAttributesMap.update(_cmsAttributesMapUpdate)
diff --git a/pyasn1_modules/rfc7292.py b/pyasn1_modules/rfc7292.py
new file mode 100644
index 0000000..1c9f319
--- /dev/null
+++ b/pyasn1_modules/rfc7292.py
@@ -0,0 +1,357 @@
+# This file is being contributed to pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from the asn1ate tool.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# PKCS #12: Personal Information Exchange Syntax v1.1
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc7292.txt
+# https://www.rfc-editor.org/errata_search.php?rfc=7292
+
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import opentype
+from pyasn1.type import tag
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc2315
+from pyasn1_modules import rfc5652
+from pyasn1_modules import rfc5280
+from pyasn1_modules import rfc5958
+
+
+def _OID(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+
+    return univ.ObjectIdentifier(output)
+
+
+# Initialize the maps used in PKCS#12
+
+pkcs12BagTypeMap = { }
+
+pkcs12CertBagMap = { }
+
+pkcs12CRLBagMap = { }
+
+pkcs12SecretBagMap = { }
+
+
+# Imports from RFC 2315, RFC 5652, and RFC 5958
+
+DigestInfo = rfc2315.DigestInfo
+
+
+ContentInfo = rfc5652.ContentInfo
+
+PKCS12Attribute = rfc5652.Attribute
+
+
+EncryptedPrivateKeyInfo = rfc5958.EncryptedPrivateKeyInfo
+
+PrivateKeyInfo = rfc5958.PrivateKeyInfo
+
+
+# CMSSingleAttribute is the same as Attribute in RFC 5652 except the attrValues
+# SET must have one and only one member
+
+class AttributeType(univ.ObjectIdentifier):
+    pass
+
+
+class AttributeValue(univ.Any):
+    pass
+
+
+class AttributeValues(univ.SetOf):
+    pass
+
+AttributeValues.componentType = AttributeValue()
+
+
+class CMSSingleAttribute(univ.Sequence):
+    pass
+
+CMSSingleAttribute.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('attrType', AttributeType()),
+    namedtype.NamedType('attrValues',
+        AttributeValues().subtype(sizeSpec=constraint.ValueSizeConstraint(1, 1)),
+        openType=opentype.OpenType('attrType', rfc5652.cmsAttributesMap)
+    )
+)
+
+
+# Object identifier arcs
+
+rsadsi = _OID(1, 2, 840, 113549)
+
+pkcs = _OID(rsadsi, 1)
+
+pkcs_9 = _OID(pkcs, 9)
+
+certTypes = _OID(pkcs_9, 22)
+
+crlTypes = _OID(pkcs_9, 23)
+
+pkcs_12 = _OID(pkcs, 12)
+
+
+# PBE Algorithm Identifiers and Parameters Structure
+
+pkcs_12PbeIds = _OID(pkcs_12, 1)
+
+pbeWithSHAAnd128BitRC4 = _OID(pkcs_12PbeIds, 1)
+
+pbeWithSHAAnd40BitRC4 = _OID(pkcs_12PbeIds, 2)
+
+pbeWithSHAAnd3_KeyTripleDES_CBC = _OID(pkcs_12PbeIds, 3)
+
+pbeWithSHAAnd2_KeyTripleDES_CBC = _OID(pkcs_12PbeIds, 4)
+
+pbeWithSHAAnd128BitRC2_CBC = _OID(pkcs_12PbeIds, 5)
+
+pbeWithSHAAnd40BitRC2_CBC = _OID(pkcs_12PbeIds, 6)
+
+
+class Pkcs_12PbeParams(univ.Sequence):
+    pass
+
+Pkcs_12PbeParams.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('salt', univ.OctetString()),
+    namedtype.NamedType('iterations', univ.Integer())
+)
+
+
+# Bag types
+
+bagtypes = _OID(pkcs_12, 10, 1)
+
+class BAG_TYPE(univ.Sequence):
+    pass
+
+BAG_TYPE.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('id', univ.ObjectIdentifier()),
+    namedtype.NamedType('unnamed1', univ.Any(),
+        openType=opentype.OpenType('attrType', pkcs12BagTypeMap)
+    )
+)
+
+
+id_keyBag = _OID(bagtypes, 1)
+
+class KeyBag(PrivateKeyInfo):
+    pass
+
+
+id_pkcs8ShroudedKeyBag = _OID(bagtypes, 2)
+
+class PKCS8ShroudedKeyBag(EncryptedPrivateKeyInfo):
+    pass
+
+
+id_certBag = _OID(bagtypes, 3)
+
+class CertBag(univ.Sequence):
+    pass
+
+CertBag.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('certId', univ.ObjectIdentifier()),
+    namedtype.NamedType('certValue',
+        univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)),
+        openType=opentype.OpenType('certId', pkcs12CertBagMap)
+    )
+)
+
+
+x509Certificate = CertBag()
+x509Certificate['certId'] = _OID(certTypes, 1)
+x509Certificate['certValue'] = univ.OctetString()
+# DER-encoded X.509 certificate stored in OCTET STRING
+
+
+sdsiCertificate = CertBag()
+sdsiCertificate['certId'] = _OID(certTypes, 2)
+sdsiCertificate['certValue'] = char.IA5String()
+# Base64-encoded SDSI certificate stored in IA5String
+
+
+id_CRLBag = _OID(bagtypes, 4)
+
+class CRLBag(univ.Sequence):
+    pass
+
+CRLBag.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('crlId', univ.ObjectIdentifier()),
+    namedtype.NamedType('crlValue',
+        univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)),
+                openType=opentype.OpenType('crlId', pkcs12CRLBagMap)
+    )
+)
+
+
+x509CRL = CRLBag()
+x509CRL['crlId'] = _OID(crlTypes, 1)
+x509CRL['crlValue'] = univ.OctetString()
+# DER-encoded X.509 CRL stored in OCTET STRING
+
+
+id_secretBag = _OID(bagtypes, 5)
+
+class SecretBag(univ.Sequence):
+    pass
+
+SecretBag.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('secretTypeId', univ.ObjectIdentifier()),
+    namedtype.NamedType('secretValue',
+        univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)),
+        openType=opentype.OpenType('secretTypeId', pkcs12SecretBagMap)
+    )
+)
+
+
+id_safeContentsBag = _OID(bagtypes, 6)
+
+class SafeBag(univ.Sequence):
+    pass
+
+SafeBag.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('bagId', univ.ObjectIdentifier()),
+    namedtype.NamedType('bagValue',
+        univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)),
+        openType=opentype.OpenType('bagId', pkcs12BagTypeMap)
+    ),
+    namedtype.OptionalNamedType('bagAttributes',
+        univ.SetOf(componentType=PKCS12Attribute())
+    )
+)
+
+
+class SafeContents(univ.SequenceOf):
+    pass
+
+SafeContents.componentType = SafeBag()
+
+
+# The PFX PDU
+
+class AuthenticatedSafe(univ.SequenceOf):
+    pass
+
+AuthenticatedSafe.componentType = ContentInfo()
+# Data if unencrypted
+# EncryptedData if password-encrypted
+# EnvelopedData if public key-encrypted
+
+
+class MacData(univ.Sequence):
+    pass
+
+MacData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('mac', DigestInfo()),
+    namedtype.NamedType('macSalt', univ.OctetString()),
+    namedtype.DefaultedNamedType('iterations', univ.Integer().subtype(value=1))
+    # Note: The default is for historical reasons and its use is deprecated
+)
+
+
+class PFX(univ.Sequence):
+    pass
+
+PFX.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version',
+        univ.Integer(namedValues=namedval.NamedValues(('v3', 3)))
+    ),
+    namedtype.NamedType('authSafe', ContentInfo()),
+    namedtype.OptionalNamedType('macData', MacData())
+)
+
+
+# Local key identifier (also defined as certificateAttribute in rfc2985.py)
+
+pkcs_9_at_localKeyId = _OID(pkcs_9, 21)
+
+localKeyId = CMSSingleAttribute()
+localKeyId['attrType'] = pkcs_9_at_localKeyId
+localKeyId['attrValues'][0] = univ.OctetString()
+
+
+# Friendly name (also defined as certificateAttribute in rfc2985.py)
+
+pkcs_9_ub_pkcs9String = univ.Integer(255)
+
+pkcs_9_ub_friendlyName = univ.Integer(pkcs_9_ub_pkcs9String)
+
+pkcs_9_at_friendlyName = _OID(pkcs_9, 20)
+
+class FriendlyName(char.BMPString):
+    pass
+
+FriendlyName.subtypeSpec = constraint.ValueSizeConstraint(1, pkcs_9_ub_friendlyName)
+
+
+friendlyName = CMSSingleAttribute()
+friendlyName['attrType'] = pkcs_9_at_friendlyName
+friendlyName['attrValues'][0] = FriendlyName()
+
+
+# Update the PKCS#12 maps
+
+_pkcs12BagTypeMap = {
+    id_keyBag: KeyBag(),
+    id_pkcs8ShroudedKeyBag: PKCS8ShroudedKeyBag(),
+    id_certBag: CertBag(),
+    id_CRLBag: CRLBag(),
+    id_secretBag: SecretBag(),
+    id_safeContentsBag: SafeBag(),
+}
+
+pkcs12BagTypeMap.update(_pkcs12BagTypeMap)
+
+
+_pkcs12CertBagMap = {
+    _OID(certTypes, 1): univ.OctetString(),
+    _OID(certTypes, 2): char.IA5String(),
+}
+
+pkcs12CertBagMap.update(_pkcs12CertBagMap)
+
+
+_pkcs12CRLBagMap = {
+    _OID(crlTypes, 1): univ.OctetString(),
+}
+
+pkcs12CRLBagMap.update(_pkcs12CRLBagMap)
+
+
+# Update the Algorithm Identifier map
+
+_algorithmIdentifierMapUpdate = {
+    pbeWithSHAAnd128BitRC4: Pkcs_12PbeParams(),
+    pbeWithSHAAnd40BitRC4: Pkcs_12PbeParams(),
+    pbeWithSHAAnd3_KeyTripleDES_CBC: Pkcs_12PbeParams(),
+    pbeWithSHAAnd2_KeyTripleDES_CBC: Pkcs_12PbeParams(),
+    pbeWithSHAAnd128BitRC2_CBC: Pkcs_12PbeParams(),
+    pbeWithSHAAnd40BitRC2_CBC: Pkcs_12PbeParams(),
+}
+
+rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)
+
+
+# Update the CMS Attribute map
+
+_cmsAttributesMapUpdate = {
+    pkcs_9_at_friendlyName: FriendlyName(),
+    pkcs_9_at_localKeyId: univ.OctetString(),
+}
+
+rfc5652.cmsAttributesMap.update(_cmsAttributesMapUpdate)
diff --git a/pyasn1_modules/rfc8018.py b/pyasn1_modules/rfc8018.py
new file mode 100644
index 0000000..7a44eea
--- /dev/null
+++ b/pyasn1_modules/rfc8018.py
@@ -0,0 +1,260 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# PKCS #5: Password-Based Cryptography Specification, Version 2.1
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc8018.txt
+#
+
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc3565
+from pyasn1_modules import rfc5280
+
+MAX = float('inf')
+
+def _OID(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+
+    return univ.ObjectIdentifier(output)
+
+
+# Import from RFC 3565
+
+AES_IV = rfc3565.AES_IV
+
+
+# Import from RFC 5280
+
+AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
+
+
+# Basic object identifiers
+
+nistAlgorithms = _OID(2, 16, 840, 1, 101, 3, 4)
+
+aes = _OID(nistAlgorithms, 1)
+
+oiw = _OID(1, 3, 14)
+
+rsadsi = _OID(1, 2, 840, 113549)
+
+pkcs = _OID(rsadsi, 1)
+
+digestAlgorithm = _OID(rsadsi, 2)
+
+encryptionAlgorithm = _OID(rsadsi, 3)
+
+pkcs_5 = _OID(pkcs, 5)
+
+
+
+# HMAC object identifiers
+
+id_hmacWithSHA1 = _OID(digestAlgorithm, 7)
+
+id_hmacWithSHA224 = _OID(digestAlgorithm, 8)
+
+id_hmacWithSHA256 = _OID(digestAlgorithm, 9)
+
+id_hmacWithSHA384 = _OID(digestAlgorithm, 10)
+
+id_hmacWithSHA512 = _OID(digestAlgorithm, 11)
+
+id_hmacWithSHA512_224 = _OID(digestAlgorithm, 12)
+
+id_hmacWithSHA512_256 = _OID(digestAlgorithm, 13)
+
+
+# PBES1 object identifiers
+
+pbeWithMD2AndDES_CBC = _OID(pkcs_5, 1)
+
+pbeWithMD2AndRC2_CBC = _OID(pkcs_5, 4)
+
+pbeWithMD5AndDES_CBC = _OID(pkcs_5, 3)
+
+pbeWithMD5AndRC2_CBC = _OID(pkcs_5, 6)
+
+pbeWithSHA1AndDES_CBC = _OID(pkcs_5, 10)
+
+pbeWithSHA1AndRC2_CBC = _OID(pkcs_5, 11)
+
+
+# Supporting techniques object identifiers
+
+desCBC = _OID(oiw, 3, 2, 7)
+
+des_EDE3_CBC = _OID(encryptionAlgorithm, 7)
+
+rc2CBC = _OID(encryptionAlgorithm, 2)
+
+rc5_CBC_PAD = _OID(encryptionAlgorithm, 9)
+
+aes128_CBC_PAD = _OID(aes, 2)
+
+aes192_CBC_PAD = _OID(aes, 22)
+
+aes256_CBC_PAD = _OID(aes, 42)
+
+
+# PBES1
+
+class PBEParameter(univ.Sequence):
+    pass
+
+PBEParameter.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('salt', univ.OctetString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(8, 8))),
+    namedtype.NamedType('iterationCount', univ.Integer())
+)
+
+
+# PBES2
+
+id_PBES2 = _OID(pkcs_5, 13)
+
+
+class PBES2_params(univ.Sequence):
+    pass
+
+PBES2_params.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('keyDerivationFunc', AlgorithmIdentifier()),
+    namedtype.NamedType('encryptionScheme', AlgorithmIdentifier())
+)
+
+
+# PBMAC1
+
+id_PBMAC1 = _OID(pkcs_5, 14)
+
+
+class PBMAC1_params(univ.Sequence):
+    pass
+
+PBMAC1_params.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('keyDerivationFunc', AlgorithmIdentifier()),
+    namedtype.NamedType('messageAuthScheme', AlgorithmIdentifier())
+)
+
+
+# PBKDF2
+
+id_PBKDF2 = _OID(pkcs_5, 12)
+
+
+algid_hmacWithSHA1 = AlgorithmIdentifier()
+algid_hmacWithSHA1['algorithm'] = id_hmacWithSHA1
+algid_hmacWithSHA1['parameters'] = univ.Null("")
+
+
+class PBKDF2_params(univ.Sequence):
+    pass
+
+PBKDF2_params.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('salt', univ.Choice(componentType=namedtype.NamedTypes(
+        namedtype.NamedType('specified', univ.OctetString()),
+        namedtype.NamedType('otherSource', AlgorithmIdentifier())
+    ))),
+    namedtype.NamedType('iterationCount', univ.Integer().subtype(
+        subtypeSpec=constraint.ValueRangeConstraint(1, MAX))),
+    namedtype.OptionalNamedType('keyLength', univ.Integer().subtype(
+        subtypeSpec=constraint.ValueRangeConstraint(1, MAX))),
+    namedtype.DefaultedNamedType('prf', algid_hmacWithSHA1)
+)
+
+
+# RC2 CBC algorithm parameter
+
+class RC2_CBC_Parameter(univ.Sequence):
+    pass
+
+RC2_CBC_Parameter.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('rc2ParameterVersion', univ.Integer()),
+    namedtype.NamedType('iv', univ.OctetString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(8, 8)))
+)
+
+
+# RC5 CBC algorithm parameter
+
+class RC5_CBC_Parameters(univ.Sequence):
+    pass
+
+RC5_CBC_Parameters.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version',
+        univ.Integer(namedValues=namedval.NamedValues(('v1_0', 16))).subtype(
+            subtypeSpec=constraint.SingleValueConstraint(16))),
+    namedtype.NamedType('rounds',
+        univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(8, 127))),
+    namedtype.NamedType('blockSizeInBits',
+        univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(64, 128))),
+    namedtype.OptionalNamedType('iv', univ.OctetString())
+)
+
+
+# Initialization Vector for AES: OCTET STRING (SIZE(16))
+
+class AES_IV(univ.OctetString):
+    pass
+
+AES_IV.subtypeSpec = constraint.ValueSizeConstraint(16, 16)
+
+
+# Initialization Vector for DES: OCTET STRING (SIZE(8))
+
+class DES_IV(univ.OctetString):
+    pass
+
+DES_IV.subtypeSpec = constraint.ValueSizeConstraint(8, 8)
+
+
+# Update the Algorithm Identifier map
+
+_algorithmIdentifierMapUpdate = {
+    # PBKDF2-PRFs
+    id_hmacWithSHA1: univ.Null(),
+    id_hmacWithSHA224: univ.Null(),
+    id_hmacWithSHA256: univ.Null(),
+    id_hmacWithSHA384: univ.Null(),
+    id_hmacWithSHA512: univ.Null(),
+    id_hmacWithSHA512_224: univ.Null(),
+    id_hmacWithSHA512_256: univ.Null(),
+    # PBES1Algorithms
+    pbeWithMD2AndDES_CBC: PBEParameter(),
+    pbeWithMD2AndRC2_CBC: PBEParameter(),
+    pbeWithMD5AndDES_CBC: PBEParameter(),
+    pbeWithMD5AndRC2_CBC: PBEParameter(),
+    pbeWithSHA1AndDES_CBC: PBEParameter(),
+    pbeWithSHA1AndRC2_CBC: PBEParameter(),
+    # PBES2Algorithms
+    id_PBES2: PBES2_params(),
+    # PBES2-KDFs
+    id_PBKDF2: PBKDF2_params(),
+    # PBMAC1Algorithms
+    id_PBMAC1: PBMAC1_params(),
+    # SupportingAlgorithms
+    desCBC: DES_IV(),
+    des_EDE3_CBC: DES_IV(),
+    rc2CBC: RC2_CBC_Parameter(),
+    rc5_CBC_PAD: RC5_CBC_Parameters(),
+    aes128_CBC_PAD: AES_IV(),
+    aes192_CBC_PAD: AES_IV(),
+    aes256_CBC_PAD: AES_IV(),
+}
+
+rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)