262 lines
6.9 KiB
Python
262 lines
6.9 KiB
Python
|
# This file is being contributed to of pyasn1-modules software.
|
||
|
#
|
||
|
# Created by Russ Housley without assistance from the asn1ate tool.
|
||
|
# Modified by Russ Housley to add support for opentypes.
|
||
|
#
|
||
|
# Copyright (c) 2019, Vigil Security, LLC
|
||
|
# License: http://snmplabs.com/pyasn1/license.html
|
||
|
#
|
||
|
# CMS Key Package Receipt and Error Content Types
|
||
|
#
|
||
|
# ASN.1 source from:
|
||
|
# https://www.rfc-editor.org/rfc/rfc7191.txt
|
||
|
|
||
|
from pyasn1.type import constraint
|
||
|
from pyasn1.type import namedtype
|
||
|
from pyasn1.type import namedval
|
||
|
from pyasn1.type import opentype
|
||
|
from pyasn1.type import tag
|
||
|
from pyasn1.type import univ
|
||
|
|
||
|
from pyasn1_modules import rfc5280
|
||
|
from pyasn1_modules import rfc5652
|
||
|
|
||
|
MAX = float('inf')
|
||
|
|
||
|
DistinguishedName = rfc5280.DistinguishedName
|
||
|
|
||
|
|
||
|
# SingleAttribute is the same as Attribute in RFC 5652, except that the
|
||
|
# attrValues SET must have one and only one member
|
||
|
|
||
|
class AttributeValue(univ.Any):
|
||
|
pass
|
||
|
|
||
|
|
||
|
class AttributeValues(univ.SetOf):
|
||
|
pass
|
||
|
|
||
|
AttributeValues.componentType = AttributeValue()
|
||
|
AttributeValues.sizeSpec = univ.Set.sizeSpec + constraint.ValueSizeConstraint(1, 1)
|
||
|
|
||
|
|
||
|
class SingleAttribute(univ.Sequence):
|
||
|
pass
|
||
|
|
||
|
SingleAttribute.componentType = namedtype.NamedTypes(
|
||
|
namedtype.NamedType('attrType', univ.ObjectIdentifier()),
|
||
|
namedtype.NamedType('attrValues', AttributeValues(),
|
||
|
openType=opentype.OpenType('attrType', rfc5652.cmsAttributesMap)
|
||
|
)
|
||
|
)
|
||
|
|
||
|
|
||
|
# SIR Entity Name
|
||
|
|
||
|
class SIREntityNameType(univ.ObjectIdentifier):
|
||
|
pass
|
||
|
|
||
|
|
||
|
class SIREntityNameValue(univ.Any):
|
||
|
pass
|
||
|
|
||
|
|
||
|
class SIREntityName(univ.Sequence):
|
||
|
pass
|
||
|
|
||
|
SIREntityName.componentType = namedtype.NamedTypes(
|
||
|
namedtype.NamedType('sirenType', SIREntityNameType()),
|
||
|
namedtype.NamedType('sirenValue', univ.OctetString())
|
||
|
# CONTAINING the DER-encoded SIREntityNameValue
|
||
|
)
|
||
|
|
||
|
|
||
|
class SIREntityNames(univ.SequenceOf):
|
||
|
pass
|
||
|
|
||
|
SIREntityNames.componentType = SIREntityName()
|
||
|
SIREntityNames.sizeSpec=constraint.ValueSizeConstraint(1, MAX)
|
||
|
|
||
|
|
||
|
id_dn = univ.ObjectIdentifier('2.16.840.1.101.2.1.16.0')
|
||
|
|
||
|
|
||
|
class siren_dn(SIREntityName):
|
||
|
def __init__(self):
|
||
|
SIREntityName.__init__(self)
|
||
|
self['sirenType'] = id_dn
|
||
|
|
||
|
|
||
|
# Key Package Error CMS Content Type
|
||
|
|
||
|
class EnumeratedErrorCode(univ.Enumerated):
|
||
|
pass
|
||
|
|
||
|
# Error codes with values <= 33 are aligned with RFC 5934
|
||
|
EnumeratedErrorCode.namedValues = namedval.NamedValues(
|
||
|
('decodeFailure', 1),
|
||
|
('badContentInfo', 2),
|
||
|
('badSignedData', 3),
|
||
|
('badEncapContent', 4),
|
||
|
('badCertificate', 5),
|
||
|
('badSignerInfo', 6),
|
||
|
('badSignedAttrs', 7),
|
||
|
('badUnsignedAttrs', 8),
|
||
|
('missingContent', 9),
|
||
|
('noTrustAnchor', 10),
|
||
|
('notAuthorized', 11),
|
||
|
('badDigestAlgorithm', 12),
|
||
|
('badSignatureAlgorithm', 13),
|
||
|
('unsupportedKeySize', 14),
|
||
|
('unsupportedParameters', 15),
|
||
|
('signatureFailure', 16),
|
||
|
('insufficientMemory', 17),
|
||
|
('incorrectTarget', 23),
|
||
|
('missingSignature', 29),
|
||
|
('resourcesBusy', 30),
|
||
|
('versionNumberMismatch', 31),
|
||
|
('revokedCertificate', 33),
|
||
|
('ambiguousDecrypt', 60),
|
||
|
('noDecryptKey', 61),
|
||
|
('badEncryptedData', 62),
|
||
|
('badEnvelopedData', 63),
|
||
|
('badAuthenticatedData', 64),
|
||
|
('badAuthEnvelopedData', 65),
|
||
|
('badKeyAgreeRecipientInfo', 66),
|
||
|
('badKEKRecipientInfo', 67),
|
||
|
('badEncryptContent', 68),
|
||
|
('badEncryptAlgorithm', 69),
|
||
|
('missingCiphertext', 70),
|
||
|
('decryptFailure', 71),
|
||
|
('badMACAlgorithm', 72),
|
||
|
('badAuthAttrs', 73),
|
||
|
('badUnauthAttrs', 74),
|
||
|
('invalidMAC', 75),
|
||
|
('mismatchedDigestAlg', 76),
|
||
|
('missingCertificate', 77),
|
||
|
('tooManySigners', 78),
|
||
|
('missingSignedAttributes', 79),
|
||
|
('derEncodingNotUsed', 80),
|
||
|
('missingContentHints', 81),
|
||
|
('invalidAttributeLocation', 82),
|
||
|
('badMessageDigest', 83),
|
||
|
('badKeyPackage', 84),
|
||
|
('badAttributes', 85),
|
||
|
('attributeComparisonFailure', 86),
|
||
|
('unsupportedSymmetricKeyPackage', 87),
|
||
|
('unsupportedAsymmetricKeyPackage', 88),
|
||
|
('constraintViolation', 89),
|
||
|
('ambiguousDefaultValue', 90),
|
||
|
('noMatchingRecipientInfo', 91),
|
||
|
('unsupportedKeyWrapAlgorithm', 92),
|
||
|
('badKeyTransRecipientInfo', 93),
|
||
|
('other', 127)
|
||
|
)
|
||
|
|
||
|
|
||
|
class ErrorCodeChoice(univ.Choice):
|
||
|
pass
|
||
|
|
||
|
ErrorCodeChoice.componentType = namedtype.NamedTypes(
|
||
|
namedtype.NamedType('enum', EnumeratedErrorCode()),
|
||
|
namedtype.NamedType('oid', univ.ObjectIdentifier())
|
||
|
)
|
||
|
|
||
|
|
||
|
class KeyPkgID(univ.OctetString):
|
||
|
pass
|
||
|
|
||
|
|
||
|
class KeyPkgIdentifier(univ.Choice):
|
||
|
pass
|
||
|
|
||
|
KeyPkgIdentifier.componentType = namedtype.NamedTypes(
|
||
|
namedtype.NamedType('pkgID', KeyPkgID()),
|
||
|
namedtype.NamedType('attribute', SingleAttribute())
|
||
|
)
|
||
|
|
||
|
|
||
|
class KeyPkgVersion(univ.Integer):
|
||
|
pass
|
||
|
|
||
|
|
||
|
KeyPkgVersion.namedValues = namedval.NamedValues(
|
||
|
('v1', 1),
|
||
|
('v2', 2)
|
||
|
)
|
||
|
|
||
|
KeyPkgVersion.subtypeSpec = constraint.ValueRangeConstraint(1, 65535)
|
||
|
|
||
|
|
||
|
id_ct_KP_keyPackageError = univ.ObjectIdentifier('2.16.840.1.101.2.1.2.78.6')
|
||
|
|
||
|
class KeyPackageError(univ.Sequence):
|
||
|
pass
|
||
|
|
||
|
KeyPackageError.componentType = namedtype.NamedTypes(
|
||
|
namedtype.DefaultedNamedType('version', KeyPkgVersion().subtype(value='v2')),
|
||
|
namedtype.OptionalNamedType('errorOf', KeyPkgIdentifier().subtype(
|
||
|
implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
|
||
|
namedtype.NamedType('errorBy', SIREntityName()),
|
||
|
namedtype.NamedType('errorCode', ErrorCodeChoice())
|
||
|
)
|
||
|
|
||
|
|
||
|
# Key Package Receipt CMS Content Type
|
||
|
|
||
|
id_ct_KP_keyPackageReceipt = univ.ObjectIdentifier('2.16.840.1.101.2.1.2.78.3')
|
||
|
|
||
|
class KeyPackageReceipt(univ.Sequence):
|
||
|
pass
|
||
|
|
||
|
KeyPackageReceipt.componentType = namedtype.NamedTypes(
|
||
|
namedtype.DefaultedNamedType('version', KeyPkgVersion().subtype(value='v2')),
|
||
|
namedtype.NamedType('receiptOf', KeyPkgIdentifier()),
|
||
|
namedtype.NamedType('receivedBy', SIREntityName())
|
||
|
)
|
||
|
|
||
|
|
||
|
# Key Package Receipt Request Attribute
|
||
|
|
||
|
class KeyPkgReceiptReq(univ.Sequence):
|
||
|
pass
|
||
|
|
||
|
KeyPkgReceiptReq.componentType = namedtype.NamedTypes(
|
||
|
namedtype.DefaultedNamedType('encryptReceipt', univ.Boolean().subtype(value=0)),
|
||
|
namedtype.OptionalNamedType('receiptsFrom', SIREntityNames().subtype(
|
||
|
implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||
|
namedtype.NamedType('receiptsTo', SIREntityNames())
|
||
|
)
|
||
|
|
||
|
|
||
|
id_aa_KP_keyPkgIdAndReceiptReq = univ.ObjectIdentifier('2.16.840.1.101.2.1.5.65')
|
||
|
|
||
|
class KeyPkgIdentifierAndReceiptReq(univ.Sequence):
|
||
|
pass
|
||
|
|
||
|
KeyPkgIdentifierAndReceiptReq.componentType = namedtype.NamedTypes(
|
||
|
namedtype.NamedType('pkgID', KeyPkgID()),
|
||
|
namedtype.OptionalNamedType('receiptReq', KeyPkgReceiptReq())
|
||
|
)
|
||
|
|
||
|
|
||
|
# Map of Attribute Type OIDs to Attributes are added to
|
||
|
# the ones that are in rfc5652.py
|
||
|
|
||
|
_cmsAttributesMapUpdate = {
|
||
|
id_aa_KP_keyPkgIdAndReceiptReq: KeyPkgIdentifierAndReceiptReq(),
|
||
|
}
|
||
|
|
||
|
rfc5652.cmsAttributesMap.update(_cmsAttributesMapUpdate)
|
||
|
|
||
|
|
||
|
# Map of CMC Content Type OIDs to CMC Content Types are added to
|
||
|
# the ones that are in rfc5652.py
|
||
|
|
||
|
_cmsContentTypesMapUpdate = {
|
||
|
id_ct_KP_keyPackageError: KeyPackageError(),
|
||
|
id_ct_KP_keyPackageReceipt: KeyPackageReceipt(),
|
||
|
}
|
||
|
|
||
|
rfc5652.cmsContentTypesMap.update(_cmsContentTypesMapUpdate)
|