diff options
author | Ilya Etingof <etingof@gmail.com> | 2018-12-31 00:08:03 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-12-31 00:08:03 +0100 |
commit | fc24965de8d9a50188231fe0915fbe94ca9ee00b (patch) | |
tree | 41fce5dfc9e76cf4e2233d4bc506756782480b97 /pyasn1_modules | |
parent | b9614196ebf028b3874549e3042080a9f97b8ca3 (diff) | |
parent | d8911eb80ea44e132a54cad501f80bd79809ec4e (diff) | |
download | pyasn1-modules-fc24965de8d9a50188231fe0915fbe94ca9ee00b.tar.gz |
Merge pull request #20 from russhousley/master
Add modules for RFC5083 and RFC5084
Diffstat (limited to 'pyasn1_modules')
-rw-r--r-- | pyasn1_modules/rfc5083.py | 46 | ||||
-rw-r--r-- | pyasn1_modules/rfc5084.py | 88 |
2 files changed, 134 insertions, 0 deletions
diff --git a/pyasn1_modules/rfc5083.py b/pyasn1_modules/rfc5083.py new file mode 100644 index 0000000..5240aaa --- /dev/null +++ b/pyasn1_modules/rfc5083.py @@ -0,0 +1,46 @@ +# This file is being contributed to of pyasn1-modules software. +# +# Created by Russ Housley without assistance from the asn1ate tool. +# Copyright (c) 2018, Vigil Security, LLC +# License: http://snmplabs.com/pyasn1/license.html +# +# Authenticated-Enveloped-Data for the Cryptographic Message Syntax (CMS) +# +# ASN.1 source from: +# https://www.rfc-editor.org/rfc/rfc5083.txt + +from pyasn1.type import namedtype, tag, univ +from pyasn1_modules import rfc5652 + + +MAX = float('inf') + + +def _buildOid(*components): + output = [] + for x in tuple(components): + if isinstance(x, univ.ObjectIdentifier): + output.extend(list(x)) + else: + output.append(int(x)) + return univ.ObjectIdentifier(output) + + +id_ct_authEnvelopedData = _buildOid(1, 2, 840, 113549, 1, 9, 16, 1, 23) + + +class AuthEnvelopedData(univ.Sequence): + pass + +AuthEnvelopedData.componentType = namedtype.NamedTypes( + namedtype.NamedType('version', rfc5652.CMSVersion()), + namedtype.OptionalNamedType('originatorInfo', rfc5652.OriginatorInfo().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), + namedtype.NamedType('recipientInfos', rfc5652.RecipientInfos()), + namedtype.NamedType('authEncryptedContentInfo', rfc5652.EncryptedContentInfo()), + namedtype.OptionalNamedType('authAttrs', rfc5652.AuthAttributes().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.NamedType('mac', rfc5652.MessageAuthenticationCode()), + namedtype.OptionalNamedType('unauthAttrs', rfc5652.UnauthAttributes().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) +) diff --git a/pyasn1_modules/rfc5084.py b/pyasn1_modules/rfc5084.py new file mode 100644 index 0000000..d541df7 --- /dev/null +++ b/pyasn1_modules/rfc5084.py @@ -0,0 +1,88 @@ +# This file is being contributed to of pyasn1-modules software. +# +# Created by Russ Housley with assistance from the asn1ate tool, with +# a few comments added afterwards +# Copyright (c) 2018, Vigil Security, LLC +# License: http://snmplabs.com/pyasn1/license.html +# +# AES-CCM and AES-GCM Algorithms fo use with the Authenticated-Enveloped-Data +# protecting content type for the Cryptographic Message Syntax (CMS) +# +# ASN.1 source from: +# https://www.rfc-editor.org/rfc/rfc5083.txt + + +from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful + + +def _OID(*components): + output = [] + for x in tuple(components): + if isinstance(x, univ.ObjectIdentifier): + output.extend(list(x)) + else: + output.append(int(x)) + + return univ.ObjectIdentifier(output) + + +class AES_CCM_ICVlen(univ.Integer): + pass + + +class AES_GCM_ICVlen(univ.Integer): + pass + + +class CCMParameters(univ.Sequence): + pass + + +AES_CCM_ICVlen.subtypeSpec = constraint.ValueRangeConstraint(4, 16) + + +AES_GCM_ICVlen.subtypeSpec = constraint.ValueRangeConstraint(12, 16) + + +CCMParameters.componentType = namedtype.NamedTypes( + namedtype.NamedType('aes-nonce', univ.OctetString().subtype(subtypeSpec=constraint.ValueSizeConstraint(7, 13))), + # The aes-nonce parameter contains 15-L octets, where L is the size of the length field. L=8 is RECOMMENDED. + # Within the scope of any content-authenticated-encryption key, the nonce value MUST be unique. + namedtype.DefaultedNamedType('aes-ICVlen', AES_CCM_ICVlen().subtype(value=12)) + # The programmer must make sure that the AES_CCM_ICVlen is 4, 6, 8, 10, 12, 14, or 16. + # The contraint above will only limit it to 4..16, but will not prohibit the odd numbers. +) + + +class GCMParameters(univ.Sequence): + pass + + +GCMParameters.componentType = namedtype.NamedTypes( + namedtype.NamedType('aes-nonce', univ.OctetString()), + # The aes-nonce may have any number of bits between 8 and 2^64, but it must be a multiple of 8 bits. + # Within the scope of any content-authenticated-encryption key, the nonce value MUST be unique. + # A nonce value of 12 octets can be processed more efficiently, so that length is RECOMMENDED. + namedtype.DefaultedNamedType('aes-ICVlen', AES_GCM_ICVlen().subtype(value=12)) +) + + +aes = _OID(2, 16, 840, 1, 101, 3, 4, 1) + + +id_aes128_CCM = _OID(aes, 7) + + +id_aes128_GCM = _OID(aes, 6) + + +id_aes192_CCM = _OID(aes, 27) + + +id_aes192_GCM = _OID(aes, 26) + + +id_aes256_CCM = _OID(aes, 47) + + +id_aes256_GCM = _OID(aes, 46) |