# # This file is part of pyasn1-modules software. # # Created by Russ Housley with assistance from asn1ate v.0.6.0. # Modified by Russ Housley to add a map for use with opentypes. # # Copyright (c) 2019, Vigil Security, LLC # License: http://snmplabs.com/pyasn1/license.html # # Enhanced Security Services for S/MIME # # ASN.1 source from: # https://www.rfc-editor.org/rfc/rfc2634.txt # from pyasn1.type import char from pyasn1.type import constraint from pyasn1.type import namedval from pyasn1.type import namedtype from pyasn1.type import tag from pyasn1.type import univ from pyasn1.type import useful from pyasn1_modules import rfc5652 from pyasn1_modules import rfc5280 MAX = float('inf') ContentType = rfc5652.ContentType IssuerAndSerialNumber = rfc5652.IssuerAndSerialNumber SubjectKeyIdentifier = rfc5652.SubjectKeyIdentifier PolicyInformation = rfc5280.PolicyInformation GeneralNames = rfc5280.GeneralNames CertificateSerialNumber = rfc5280.CertificateSerialNumber # Signing Certificate Attribute # Warning: It is better to use SigningCertificateV2 from RFC 5035 id_aa_signingCertificate = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.12') class Hash(univ.OctetString): pass # SHA-1 hash of entire certificate; RFC 5035 supports other hash algorithms class IssuerSerial(univ.Sequence): pass IssuerSerial.componentType = namedtype.NamedTypes( namedtype.NamedType('issuer', GeneralNames()), namedtype.NamedType('serialNumber', CertificateSerialNumber()) ) class ESSCertID(univ.Sequence): pass ESSCertID.componentType = namedtype.NamedTypes( namedtype.NamedType('certHash', Hash()), namedtype.OptionalNamedType('issuerSerial', IssuerSerial()) ) class SigningCertificate(univ.Sequence): pass SigningCertificate.componentType = namedtype.NamedTypes( namedtype.NamedType('certs', univ.SequenceOf( componentType=ESSCertID())), namedtype.OptionalNamedType('policies', univ.SequenceOf( componentType=PolicyInformation())) ) # Mail List Expansion History Attribute id_aa_mlExpandHistory = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.3') ub_ml_expansion_history = univ.Integer(64) class EntityIdentifier(univ.Choice): pass EntityIdentifier.componentType = namedtype.NamedTypes( namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()), namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier()) ) class MLReceiptPolicy(univ.Choice): pass MLReceiptPolicy.componentType = namedtype.NamedTypes( namedtype.NamedType('none', univ.Null().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('insteadOf', univ.SequenceOf( componentType=GeneralNames()).subtype( sizeSpec=constraint.ValueSizeConstraint(1, MAX)).subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.NamedType('inAdditionTo', univ.SequenceOf( componentType=GeneralNames()).subtype( sizeSpec=constraint.ValueSizeConstraint(1, MAX)).subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) ) class MLData(univ.Sequence): pass MLData.componentType = namedtype.NamedTypes( namedtype.NamedType('mailListIdentifier', EntityIdentifier()), namedtype.NamedType('expansionTime', useful.GeneralizedTime()), namedtype.OptionalNamedType('mlReceiptPolicy', MLReceiptPolicy()) ) class MLExpansionHistory(univ.SequenceOf): pass MLExpansionHistory.componentType = MLData() MLExpansionHistory.sizeSpec = constraint.ValueSizeConstraint(1, ub_ml_expansion_history) # ESS Security Label Attribute id_aa_securityLabel = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.2') ub_privacy_mark_length = univ.Integer(128) ub_security_categories = univ.Integer(64) ub_integer_options = univ.Integer(256) class ESSPrivacyMark(univ.Choice): pass ESSPrivacyMark.componentType = namedtype.NamedTypes( namedtype.NamedType('pString', char.PrintableString().subtype( subtypeSpec=constraint.ValueSizeConstraint(1, ub_privacy_mark_length))), namedtype.NamedType('utf8String', char.UTF8String().subtype( subtypeSpec=constraint.ValueSizeConstraint(1, MAX))) ) class SecurityClassification(univ.Integer): pass SecurityClassification.subtypeSpec=constraint.ValueRangeConstraint(0, ub_integer_options) SecurityClassification.namedValues = namedval.NamedValues( ('unmarked', 0), ('unclassified', 1), ('restricted', 2), ('confidential', 3), ('secret', 4), ('top-secret', 5) ) class SecurityPolicyIdentifier(univ.ObjectIdentifier): pass class SecurityCategory(univ.Sequence): pass SecurityCategory.componentType = namedtype.NamedTypes( namedtype.NamedType('type', univ.ObjectIdentifier().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('value', univ.Any().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 1))) ) class SecurityCategories(univ.SetOf): pass SecurityCategories.componentType = SecurityCategory() SecurityCategories.sizeSpec = constraint.ValueSizeConstraint(1, ub_security_categories) class ESSSecurityLabel(univ.Set): pass ESSSecurityLabel.componentType = namedtype.NamedTypes( namedtype.NamedType('security-policy-identifier', SecurityPolicyIdentifier()), namedtype.OptionalNamedType('security-classification', SecurityClassification()), namedtype.OptionalNamedType('privacy-mark', ESSPrivacyMark()), namedtype.OptionalNamedType('security-categories', SecurityCategories()) ) # Equivalent Labels Attribute id_aa_equivalentLabels = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.9') class EquivalentLabels(univ.SequenceOf): pass EquivalentLabels.componentType = ESSSecurityLabel() # Content Identifier Attribute id_aa_contentIdentifier = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.7') class ContentIdentifier(univ.OctetString): pass # Content Reference Attribute id_aa_contentReference = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.10') class ContentReference(univ.Sequence): pass ContentReference.componentType = namedtype.NamedTypes( namedtype.NamedType('contentType', ContentType()), namedtype.NamedType('signedContentIdentifier', ContentIdentifier()), namedtype.NamedType('originatorSignatureValue', univ.OctetString()) ) # Message Signature Digest Attribute id_aa_msgSigDigest = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.5') class MsgSigDigest(univ.OctetString): pass # Content Hints Attribute id_aa_contentHint = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.4') class ContentHints(univ.Sequence): pass ContentHints.componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('contentDescription', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), namedtype.NamedType('contentType', ContentType()) ) # Receipt Request Attribute class AllOrFirstTier(univ.Integer): pass AllOrFirstTier.namedValues = namedval.NamedValues( ('allReceipts', 0), ('firstTierRecipients', 1) ) class ReceiptsFrom(univ.Choice): pass ReceiptsFrom.componentType = namedtype.NamedTypes( namedtype.NamedType('allOrFirstTier', AllOrFirstTier().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('receiptList', univ.SequenceOf( componentType=GeneralNames()).subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 1))) ) id_aa_receiptRequest = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.1') ub_receiptsTo = univ.Integer(16) class ReceiptRequest(univ.Sequence): pass ReceiptRequest.componentType = namedtype.NamedTypes( namedtype.NamedType('signedContentIdentifier', ContentIdentifier()), namedtype.NamedType('receiptsFrom', ReceiptsFrom()), namedtype.NamedType('receiptsTo', univ.SequenceOf(componentType=GeneralNames()).subtype(sizeSpec=constraint.ValueSizeConstraint(1, ub_receiptsTo))) ) # Receipt Content Type class ESSVersion(univ.Integer): pass ESSVersion.namedValues = namedval.NamedValues( ('v1', 1) ) id_ct_receipt = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.1') class Receipt(univ.Sequence): pass Receipt.componentType = namedtype.NamedTypes( namedtype.NamedType('version', ESSVersion()), namedtype.NamedType('contentType', ContentType()), namedtype.NamedType('signedContentIdentifier', ContentIdentifier()), namedtype.NamedType('originatorSignatureValue', univ.OctetString()) ) # Map of Attribute Type to the Attribute structure is added to the # ones that are in rfc5652.py _cmsAttributesMapUpdate = { id_aa_signingCertificate: SigningCertificate(), id_aa_mlExpandHistory: MLExpansionHistory(), id_aa_securityLabel: ESSSecurityLabel(), id_aa_equivalentLabels: EquivalentLabels(), id_aa_contentIdentifier: ContentIdentifier(), id_aa_contentReference: ContentReference(), id_aa_msgSigDigest: MsgSigDigest(), id_aa_contentHint: ContentHints(), id_aa_receiptRequest: ReceiptRequest(), } rfc5652.cmsAttributesMap.update(_cmsAttributesMapUpdate) # Map of Content Type OIDs to Content Types is added to the # ones that are in rfc5652.py _cmsContentTypesMapUpdate = { id_ct_receipt: Receipt(), } rfc5652.cmsContentTypesMap.update(_cmsContentTypesMapUpdate)