# # This file is part of pyasn1-modules software. # # Created by Russ Housley with assistance from asn1ate v.0.6.0. # # Copyright (c) 2019, Vigil Security, LLC # License: http://snmplabs.com/pyasn1/license.html # # CMS Symmetric Key Package Content Type # # ASN.1 source from: # https://www.rfc-editor.org/rfc/rfc6031.txt # from pyasn1.type import char from pyasn1.type import constraint from pyasn1.type import namedtype from pyasn1.type import namedval from pyasn1.type import opentype from pyasn1.type import tag from pyasn1.type import univ from pyasn1.type import useful from pyasn1_modules import rfc5652 from pyasn1_modules import rfc6019 def _OID(*components): output = [] for x in tuple(components): if isinstance(x, univ.ObjectIdentifier): output.extend(list(x)) else: output.append(int(x)) return univ.ObjectIdentifier(output) MAX = float('inf') id_pskc = univ.ObjectIdentifier('1.2.840.113549.1.9.16.12') # Symmetric Key Package Attributes id_pskc_manufacturer = _OID(id_pskc, 1) class at_pskc_manufacturer(char.UTF8String): pass id_pskc_serialNo = _OID(id_pskc, 2) class at_pskc_serialNo(char.UTF8String): pass id_pskc_model = _OID(id_pskc, 3) class at_pskc_model(char.UTF8String): pass id_pskc_issueNo = _OID(id_pskc, 4) class at_pskc_issueNo(char.UTF8String): pass id_pskc_deviceBinding = _OID(id_pskc, 5) class at_pskc_deviceBinding(char.UTF8String): pass id_pskc_deviceStartDate = _OID(id_pskc, 6) class at_pskc_deviceStartDate(useful.GeneralizedTime): pass id_pskc_deviceExpiryDate = _OID(id_pskc, 7) class at_pskc_deviceExpiryDate(useful.GeneralizedTime): pass id_pskc_moduleId = _OID(id_pskc, 8) class at_pskc_moduleId(char.UTF8String): pass id_pskc_deviceUserId = _OID(id_pskc, 26) class at_pskc_deviceUserId(char.UTF8String): pass # Symmetric Key Attributes id_pskc_keyId = _OID(id_pskc, 9) class at_pskc_keyUserId(char.UTF8String): pass id_pskc_algorithm = _OID(id_pskc, 10) class at_pskc_algorithm(char.UTF8String): pass id_pskc_issuer = _OID(id_pskc, 11) class at_pskc_issuer(char.UTF8String): pass id_pskc_keyProfileId = _OID(id_pskc, 12) class at_pskc_keyProfileId(char.UTF8String): pass id_pskc_keyReference = _OID(id_pskc, 13) class at_pskc_keyReference(char.UTF8String): pass id_pskc_friendlyName = _OID(id_pskc, 14) class FriendlyName(univ.Sequence): pass FriendlyName.componentType = namedtype.NamedTypes( namedtype.NamedType('friendlyName', char.UTF8String()), namedtype.OptionalNamedType('friendlyNameLangTag', char.UTF8String()) ) class at_pskc_friendlyName(FriendlyName): pass id_pskc_algorithmParameters = _OID(id_pskc, 15) class Encoding(char.UTF8String): pass Encoding.namedValues = namedval.NamedValues( ('dec', "DECIMAL"), ('hex', "HEXADECIMAL"), ('alpha', "ALPHANUMERIC"), ('b64', "BASE64"), ('bin', "BINARY") ) Encoding.subtypeSpec = constraint.SingleValueConstraint( "DECIMAL", "HEXADECIMAL", "ALPHANUMERIC", "BASE64", "BINARY" ) class ChallengeFormat(univ.Sequence): pass ChallengeFormat.componentType = namedtype.NamedTypes( namedtype.NamedType('encoding', Encoding()), namedtype.DefaultedNamedType('checkDigit', univ.Boolean().subtype(value=0)), namedtype.NamedType('min', univ.Integer().subtype( subtypeSpec=constraint.ValueRangeConstraint(0, MAX))), namedtype.NamedType('max', univ.Integer().subtype( subtypeSpec=constraint.ValueRangeConstraint(0, MAX))) ) class ResponseFormat(univ.Sequence): pass ResponseFormat.componentType = namedtype.NamedTypes( namedtype.NamedType('encoding', Encoding()), namedtype.NamedType('length', univ.Integer().subtype( subtypeSpec=constraint.ValueRangeConstraint(0, MAX))), namedtype.DefaultedNamedType('checkDigit', univ.Boolean().subtype(value=0)) ) class PSKCAlgorithmParameters(univ.Choice): pass PSKCAlgorithmParameters.componentType = namedtype.NamedTypes( namedtype.NamedType('suite', char.UTF8String()), namedtype.NamedType('challengeFormat', ChallengeFormat().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), namedtype.NamedType('responseFormat', ResponseFormat().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) ) class at_pskc_algorithmParameters(PSKCAlgorithmParameters): pass id_pskc_counter = _OID(id_pskc, 16) class at_pskc_counter(univ.Integer): pass at_pskc_counter.subtypeSpec = constraint.ValueRangeConstraint(0, MAX) id_pskc_time = _OID(id_pskc, 17) class at_pskc_time(rfc6019.BinaryTime): pass id_pskc_timeInterval = _OID(id_pskc, 18) class at_pskc_timeInterval(univ.Integer): pass at_pskc_timeInterval.subtypeSpec = constraint.ValueRangeConstraint(0, MAX) id_pskc_timeDrift = _OID(id_pskc, 19) class at_pskc_timeDrift(univ.Integer): pass at_pskc_timeDrift.subtypeSpec = constraint.ValueRangeConstraint(0, MAX) id_pskc_valueMAC = _OID(id_pskc, 20) class ValueMac(univ.Sequence): pass ValueMac.componentType = namedtype.NamedTypes( namedtype.NamedType('macAlgorithm', char.UTF8String()), namedtype.NamedType('mac', char.UTF8String()) ) class at_pskc_valueMAC(ValueMac): pass id_pskc_keyUserId = _OID(id_pskc, 27) class at_pskc_keyId(char.UTF8String): pass id_pskc_keyStartDate = _OID(id_pskc, 21) class at_pskc_keyStartDate(useful.GeneralizedTime): pass id_pskc_keyExpiryDate = _OID(id_pskc, 22) class at_pskc_keyExpiryDate(useful.GeneralizedTime): pass id_pskc_numberOfTransactions = _OID(id_pskc, 23) class at_pskc_numberOfTransactions(univ.Integer): pass at_pskc_numberOfTransactions.subtypeSpec = constraint.ValueRangeConstraint(0, MAX) id_pskc_keyUsages = _OID(id_pskc, 24) class PSKCKeyUsage(char.UTF8String): pass PSKCKeyUsage.namedValues = namedval.NamedValues( ('otp', "OTP"), ('cr', "CR"), ('encrypt', "Encrypt"), ('integrity', "Integrity"), ('verify', "Verify"), ('unlock', "Unlock"), ('decrypt', "Decrypt"), ('keywrap', "KeyWrap"), ('unwrap', "Unwrap"), ('derive', "Derive"), ('generate', "Generate") ) PSKCKeyUsage.subtypeSpec = constraint.SingleValueConstraint( "OTP", "CR", "Encrypt", "Integrity", "Verify", "Unlock", "Decrypt", "KeyWrap", "Unwrap", "Derive", "Generate" ) class PSKCKeyUsages(univ.SequenceOf): pass PSKCKeyUsages.componentType = PSKCKeyUsage() class at_pskc_keyUsage(PSKCKeyUsages): pass id_pskc_pinPolicy = _OID(id_pskc, 25) class PINUsageMode(char.UTF8String): pass PINUsageMode.namedValues = namedval.NamedValues( ("local", "Local"), ("prepend", "Prepend"), ("append", "Append"), ("algorithmic", "Algorithmic") ) PINUsageMode.subtypeSpec = constraint.SingleValueConstraint( "Local", "Prepend", "Append", "Algorithmic" ) class PINPolicy(univ.Sequence): pass PINPolicy.componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('pinKeyId', char.UTF8String().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('pinUsageMode', PINUsageMode().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.OptionalNamedType('maxFailedAttempts', univ.Integer().subtype( subtypeSpec=constraint.ValueRangeConstraint(0, MAX)).subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), namedtype.OptionalNamedType('minLength', univ.Integer().subtype( subtypeSpec=constraint.ValueRangeConstraint(0, MAX)).subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), namedtype.OptionalNamedType('maxLength', univ.Integer().subtype( subtypeSpec=constraint.ValueRangeConstraint(0, MAX)).subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), namedtype.OptionalNamedType('pinEncoding', Encoding().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))) ) class at_pskc_pinPolicy(PINPolicy): pass # Map of Symmetric Key Package Attribute OIDs to Attributes sKeyPkgAttributesMap = { id_pskc_manufacturer: at_pskc_manufacturer(), id_pskc_serialNo: at_pskc_serialNo(), id_pskc_model: at_pskc_model(), id_pskc_issueNo: at_pskc_issueNo(), id_pskc_deviceBinding: at_pskc_deviceBinding(), id_pskc_deviceStartDate: at_pskc_deviceStartDate(), id_pskc_deviceExpiryDate: at_pskc_deviceExpiryDate(), id_pskc_moduleId: at_pskc_moduleId(), id_pskc_deviceUserId: at_pskc_deviceUserId(), } # Map of Symmetric Key Attribute OIDs to Attributes sKeyAttributesMap = { id_pskc_keyId: at_pskc_keyId(), id_pskc_algorithm: at_pskc_algorithm(), id_pskc_issuer: at_pskc_issuer(), id_pskc_keyProfileId: at_pskc_keyProfileId(), id_pskc_keyReference: at_pskc_keyReference(), id_pskc_friendlyName: at_pskc_friendlyName(), id_pskc_algorithmParameters: at_pskc_algorithmParameters(), id_pskc_counter: at_pskc_counter(), id_pskc_time: at_pskc_time(), id_pskc_timeInterval: at_pskc_timeInterval(), id_pskc_timeDrift: at_pskc_timeDrift(), id_pskc_valueMAC: at_pskc_valueMAC(), id_pskc_keyUserId: at_pskc_keyUserId(), id_pskc_keyStartDate: at_pskc_keyStartDate(), id_pskc_keyExpiryDate: at_pskc_keyExpiryDate(), id_pskc_numberOfTransactions: at_pskc_numberOfTransactions(), id_pskc_keyUsages: at_pskc_keyUsage(), id_pskc_pinPolicy: at_pskc_pinPolicy(), } # This definition replaces Attribute() from rfc5652.py; it is the same except # that opentype is added with sKeyPkgAttributesMap and sKeyAttributesMap class AttributeType(univ.ObjectIdentifier): pass class AttributeValue(univ.Any): pass class SKeyAttribute(univ.Sequence): pass SKeyAttribute.componentType = namedtype.NamedTypes( namedtype.NamedType('attrType', AttributeType()), namedtype.NamedType('attrValues', univ.SetOf(componentType=AttributeValue()), openType=opentype.OpenType('attrType', sKeyAttributesMap) ) ) class SKeyPkgAttribute(univ.Sequence): pass SKeyPkgAttribute.componentType = namedtype.NamedTypes( namedtype.NamedType('attrType', AttributeType()), namedtype.NamedType('attrValues', univ.SetOf(componentType=AttributeValue()), openType=opentype.OpenType('attrType', sKeyPkgAttributesMap) ) ) # Symmetric Key Package Content Type id_ct_KP_sKeyPackage = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.25') class KeyPkgVersion(univ.Integer): pass KeyPkgVersion.namedValues = namedval.NamedValues( ('v1', 1) ) class OneSymmetricKey(univ.Sequence): pass OneSymmetricKey.componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('sKeyAttrs', univ.SequenceOf(componentType=SKeyAttribute()).subtype( subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), namedtype.OptionalNamedType('sKey', univ.OctetString()) ) OneSymmetricKey.sizeSpec = univ.Sequence.sizeSpec + constraint.ValueSizeConstraint(1, 2) class SymmetricKeys(univ.SequenceOf): pass SymmetricKeys.componentType = OneSymmetricKey() SymmetricKeys.subtypeSpec=constraint.ValueSizeConstraint(1, MAX) class SymmetricKeyPackage(univ.Sequence): pass SymmetricKeyPackage.componentType = namedtype.NamedTypes( namedtype.DefaultedNamedType('version', KeyPkgVersion().subtype(value='v1')), namedtype.OptionalNamedType('sKeyPkgAttrs', univ.SequenceOf(componentType=SKeyPkgAttribute()).subtype( subtypeSpec=constraint.ValueSizeConstraint(1, MAX), implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('sKeys', SymmetricKeys()) ) # Map of Content Type OIDs to Content Types are # added to the ones that are in rfc5652.py _cmsContentTypesMapUpdate = { id_ct_KP_sKeyPackage: SymmetricKeyPackage(), } rfc5652.cmsContentTypesMap.update(_cmsContentTypesMapUpdate)