# # This file is part of pyasn1-modules software. # # Created by Russ Housley with assistance from asn1ate v.0.6.0. # # Copyright (c) 2019, Vigil Security, LLC # License: http://snmplabs.com/pyasn1/license.html # # Use of the RSA-KEM Key Transport Algorithm in the CMS # # ASN.1 source from: # https://www.rfc-editor.org/rfc/rfc5990.txt # from pyasn1.type import constraint from pyasn1.type import namedtype from pyasn1.type import univ from pyasn1_modules import rfc5280 MAX = float('inf') def _OID(*components): output = [] for x in tuple(components): if isinstance(x, univ.ObjectIdentifier): output.extend(list(x)) else: output.append(int(x)) return univ.ObjectIdentifier(output) # Imports from RFC 5280 AlgorithmIdentifier = rfc5280.AlgorithmIdentifier # Useful types and definitions class NullParms(univ.Null): pass # Object identifier arcs is18033_2 = _OID(1, 0, 18033, 2) nistAlgorithm = _OID(2, 16, 840, 1, 101, 3, 4) pkcs_1 = _OID(1, 2, 840, 113549, 1, 1) x9_44 = _OID(1, 3, 133, 16, 840, 9, 44) x9_44_components = _OID(x9_44, 1) # Types for algorithm identifiers class Camellia_KeyWrappingScheme(AlgorithmIdentifier): pass class DataEncapsulationMechanism(AlgorithmIdentifier): pass class KDF2_HashFunction(AlgorithmIdentifier): pass class KDF3_HashFunction(AlgorithmIdentifier): pass class KeyDerivationFunction(AlgorithmIdentifier): pass class KeyEncapsulationMechanism(AlgorithmIdentifier): pass class X9_SymmetricKeyWrappingScheme(AlgorithmIdentifier): pass # RSA-KEM Key Transport Algorithm id_rsa_kem = _OID(1, 2, 840, 113549, 1, 9, 16, 3, 14) class GenericHybridParameters(univ.Sequence): pass GenericHybridParameters.componentType = namedtype.NamedTypes( namedtype.NamedType('kem', KeyEncapsulationMechanism()), namedtype.NamedType('dem', DataEncapsulationMechanism()) ) rsa_kem = AlgorithmIdentifier() rsa_kem['algorithm'] = id_rsa_kem rsa_kem['parameters'] = GenericHybridParameters() # KEM-RSA Key Encapsulation Mechanism id_kem_rsa = _OID(is18033_2, 2, 4) class KeyLength(univ.Integer): pass KeyLength.subtypeSpec = constraint.ValueRangeConstraint(1, MAX) class RsaKemParameters(univ.Sequence): pass RsaKemParameters.componentType = namedtype.NamedTypes( namedtype.NamedType('keyDerivationFunction', KeyDerivationFunction()), namedtype.NamedType('keyLength', KeyLength()) ) kem_rsa = AlgorithmIdentifier() kem_rsa['algorithm'] = id_kem_rsa kem_rsa['parameters'] = RsaKemParameters() # Key Derivation Functions id_kdf_kdf2 = _OID(x9_44_components, 1) id_kdf_kdf3 = _OID(x9_44_components, 2) kdf2 = AlgorithmIdentifier() kdf2['algorithm'] = id_kdf_kdf2 kdf2['parameters'] = KDF2_HashFunction() kdf3 = AlgorithmIdentifier() kdf3['algorithm'] = id_kdf_kdf3 kdf3['parameters'] = KDF3_HashFunction() # Hash Functions id_sha1 = _OID(1, 3, 14, 3, 2, 26) id_sha224 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 4) id_sha256 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 1) id_sha384 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 2) id_sha512 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 3) sha1 = AlgorithmIdentifier() sha1['algorithm'] = id_sha1 sha1['parameters'] = univ.Null("") sha224 = AlgorithmIdentifier() sha224['algorithm'] = id_sha224 sha224['parameters'] = univ.Null("") sha256 = AlgorithmIdentifier() sha256['algorithm'] = id_sha256 sha256['parameters'] = univ.Null("") sha384 = AlgorithmIdentifier() sha384['algorithm'] = id_sha384 sha384['parameters'] = univ.Null("") sha512 = AlgorithmIdentifier() sha512['algorithm'] = id_sha512 sha512['parameters'] = univ.Null("") # Symmetric Key-Wrapping Schemes id_aes128_Wrap = _OID(nistAlgorithm, 1, 5) id_aes192_Wrap = _OID(nistAlgorithm, 1, 25) id_aes256_Wrap = _OID(nistAlgorithm, 1, 45) id_alg_CMS3DESwrap = _OID(1, 2, 840, 113549, 1, 9, 16, 3, 6) id_camellia128_Wrap = _OID(1, 2, 392, 200011, 61, 1, 1, 3, 2) id_camellia192_Wrap = _OID(1, 2, 392, 200011, 61, 1, 1, 3, 3) id_camellia256_Wrap = _OID(1, 2, 392, 200011, 61, 1, 1, 3, 4) aes128_Wrap = AlgorithmIdentifier() aes128_Wrap['algorithm'] = id_aes128_Wrap # aes128_Wrap['parameters'] are absent aes192_Wrap = AlgorithmIdentifier() aes192_Wrap['algorithm'] = id_aes128_Wrap # aes192_Wrap['parameters'] are absent aes256_Wrap = AlgorithmIdentifier() aes256_Wrap['algorithm'] = id_sha256 # aes256_Wrap['parameters'] are absent tdes_Wrap = AlgorithmIdentifier() tdes_Wrap['algorithm'] = id_alg_CMS3DESwrap tdes_Wrap['parameters'] = univ.Null("") camellia128_Wrap = AlgorithmIdentifier() camellia128_Wrap['algorithm'] = id_camellia128_Wrap # camellia128_Wrap['parameters'] are absent camellia192_Wrap = AlgorithmIdentifier() camellia192_Wrap['algorithm'] = id_camellia192_Wrap # camellia192_Wrap['parameters'] are absent camellia256_Wrap = AlgorithmIdentifier() camellia256_Wrap['algorithm'] = id_camellia256_Wrap # camellia256_Wrap['parameters'] are absent # Update the Algorithm Identifier map in rfc5280.py. # Note that the ones that must not have parameters are not added to the map. _algorithmIdentifierMapUpdate = { id_rsa_kem: GenericHybridParameters(), id_kem_rsa: RsaKemParameters(), id_kdf_kdf2: KDF2_HashFunction(), id_kdf_kdf3: KDF3_HashFunction(), id_sha1: univ.Null(), id_sha224: univ.Null(), id_sha256: univ.Null(), id_sha384: univ.Null(), id_sha512: univ.Null(), id_alg_CMS3DESwrap: univ.Null(), } rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)