Merge pull request #20 from russhousley/master

Add modules for RFC5083 and RFC5084

2 files changed, 134 insertions, 0 deletions

diff --git a/pyasn1_modules/rfc5083.py b/pyasn1_modules/rfc5083.py
new file mode 100644
index 0000000..5240aaa
--- /dev/null
+++ b/pyasn1_modules/rfc5083.py
@@ -0,0 +1,46 @@
+# This file is being contributed to of pyasn1-modules software.
+#
+# Created by Russ Housley without assistance from the asn1ate tool.
+# Copyright (c) 2018, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+#  Authenticated-Enveloped-Data for the Cryptographic Message Syntax (CMS)
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc5083.txt
+
+from pyasn1.type import namedtype, tag, univ
+from pyasn1_modules import rfc5652
+
+
+MAX = float('inf')
+
+
+def _buildOid(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+    return univ.ObjectIdentifier(output)
+
+
+id_ct_authEnvelopedData = _buildOid(1, 2, 840, 113549, 1, 9, 16, 1, 23)
+
+
+class AuthEnvelopedData(univ.Sequence):
+    pass
+
+AuthEnvelopedData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', rfc5652.CMSVersion()),
+    namedtype.OptionalNamedType('originatorInfo', rfc5652.OriginatorInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('recipientInfos', rfc5652.RecipientInfos()),
+    namedtype.NamedType('authEncryptedContentInfo', rfc5652.EncryptedContentInfo()),
+    namedtype.OptionalNamedType('authAttrs', rfc5652.AuthAttributes().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('mac', rfc5652.MessageAuthenticationCode()),
+    namedtype.OptionalNamedType('unauthAttrs', rfc5652.UnauthAttributes().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+)
diff --git a/pyasn1_modules/rfc5084.py b/pyasn1_modules/rfc5084.py
new file mode 100644
index 0000000..d541df7
--- /dev/null
+++ b/pyasn1_modules/rfc5084.py
@@ -0,0 +1,88 @@
+# This file is being contributed to of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from the asn1ate tool, with
+#   a few comments added afterwards
+# Copyright (c) 2018, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+#  AES-CCM and AES-GCM Algorithms fo use with the Authenticated-Enveloped-Data
+#  protecting content type for the Cryptographic Message Syntax (CMS)
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc5083.txt
+
+
+from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful
+
+
+def _OID(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+
+    return univ.ObjectIdentifier(output)
+
+
+class AES_CCM_ICVlen(univ.Integer):
+    pass
+
+
+class AES_GCM_ICVlen(univ.Integer):
+    pass
+
+
+class CCMParameters(univ.Sequence):
+    pass
+
+
+AES_CCM_ICVlen.subtypeSpec = constraint.ValueRangeConstraint(4, 16)
+
+
+AES_GCM_ICVlen.subtypeSpec = constraint.ValueRangeConstraint(12, 16)
+
+
+CCMParameters.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('aes-nonce', univ.OctetString().subtype(subtypeSpec=constraint.ValueSizeConstraint(7, 13))),
+    # The aes-nonce parameter contains 15-L octets, where L is the size of the length field. L=8 is RECOMMENDED.
+    # Within the scope of any content-authenticated-encryption key, the nonce value MUST be unique.
+    namedtype.DefaultedNamedType('aes-ICVlen', AES_CCM_ICVlen().subtype(value=12))
+    # The programmer must make sure that the AES_CCM_ICVlen is 4, 6, 8, 10, 12, 14, or 16.
+    # The contraint above will only limit it to 4..16, but will not prohibit the odd numbers.
+)
+
+
+class GCMParameters(univ.Sequence):
+    pass
+
+
+GCMParameters.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('aes-nonce', univ.OctetString()),
+    # The aes-nonce may have any number of bits between 8 and 2^64, but it must be a multiple of 8 bits.
+    # Within the scope of any content-authenticated-encryption key, the nonce value MUST be unique.
+    # A nonce value of 12 octets can be processed more efficiently, so that length is RECOMMENDED.
+    namedtype.DefaultedNamedType('aes-ICVlen', AES_GCM_ICVlen().subtype(value=12))
+)
+
+
+aes = _OID(2, 16, 840, 1, 101, 3, 4, 1)
+
+
+id_aes128_CCM = _OID(aes, 7)
+
+
+id_aes128_GCM = _OID(aes, 6)
+
+
+id_aes192_CCM = _OID(aes, 27)
+
+
+id_aes192_GCM = _OID(aes, 26)
+
+
+id_aes256_CCM = _OID(aes, 47)
+
+
+id_aes256_GCM = _OID(aes, 46)