2 # PyGOST -- Pure Python GOST cryptographic functions library
3 # Copyright (C) 2015-2020 Sergey Matveev <stargrave@stargrave.org>
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation, version 3 of the License.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 """CMS related structures (**NOT COMPLETE**)
19 from pyderasn import Any
20 from pyderasn import BitString
21 from pyderasn import Choice
22 from pyderasn import Integer
23 from pyderasn import ObjectIdentifier
24 from pyderasn import OctetString
25 from pyderasn import Sequence
26 from pyderasn import SequenceOf
27 from pyderasn import SetOf
28 from pyderasn import tag_ctxc
29 from pyderasn import tag_ctxp
31 from pygost.asn1schemas.oids import id_digestedData
32 from pygost.asn1schemas.oids import id_envelopedData
33 from pygost.asn1schemas.oids import id_Gost28147_89
34 from pygost.asn1schemas.oids import id_signedData
35 from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256
36 from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512
37 from pygost.asn1schemas.x509 import AlgorithmIdentifier
38 from pygost.asn1schemas.x509 import Certificate
39 from pygost.asn1schemas.x509 import SubjectPublicKeyInfo
42 class CMSVersion(Integer):
46 class ContentType(ObjectIdentifier):
50 class RecipientIdentifier(Choice):
52 ("issuerAndSerialNumber", Any()),
53 # ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))),
57 class Gost2814789Key(OctetString):
61 class Gost2814789MAC(OctetString):
65 class Gost2814789EncryptedKey(Sequence):
67 ("encryptedKey", Gost2814789Key()),
68 ("maskKey", Gost2814789Key(impl=tag_ctxp(0), optional=True)),
69 ("macKey", Gost2814789MAC()),
73 class GostR34102001TransportParameters(Sequence):
75 ("encryptionParamSet", ObjectIdentifier()),
76 ("ephemeralPublicKey", SubjectPublicKeyInfo(
80 ("ukm", OctetString()),
84 class GostR3410KeyTransport(Sequence):
86 ("sessionEncryptedKey", Gost2814789EncryptedKey()),
87 ("transportParameters", GostR34102001TransportParameters(
94 class KeyEncryptionAlgorithmIdentifier(AlgorithmIdentifier):
96 ("algorithm", ObjectIdentifier(defines=(
97 (("..", "encryptedKey"), {
98 id_tc26_gost3410_2012_256: GostR3410KeyTransport(),
99 id_tc26_gost3410_2012_512: GostR3410KeyTransport(),
101 (("..", "recipientEncryptedKeys", any, "encryptedKey"), {
102 id_tc26_gost3410_2012_256: Gost2814789EncryptedKey(),
103 id_tc26_gost3410_2012_512: Gost2814789EncryptedKey(),
106 ("parameters", Any(optional=True)),
110 class EncryptedKey(OctetString):
114 class KeyTransRecipientInfo(Sequence):
116 ("version", CMSVersion()),
117 ("rid", RecipientIdentifier()),
118 ("keyEncryptionAlgorithm", KeyEncryptionAlgorithmIdentifier()),
119 ("encryptedKey", EncryptedKey()),
123 class OriginatorPublicKey(Sequence):
125 ("algorithm", AlgorithmIdentifier()),
126 ("publicKey", BitString()),
130 class OriginatorIdentifierOrKey(Choice):
132 # ("issuerAndSerialNumber", IssuerAndSerialNumber()),
133 # ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))),
134 ("originatorKey", OriginatorPublicKey(impl=tag_ctxc(1))),
138 class UserKeyingMaterial(OctetString):
142 class KeyAgreeRecipientIdentifier(Choice):
144 ("issuerAndSerialNumber", Any()),
145 # ("rKeyId", RecipientKeyIdentifier(impl=tag_ctxc(0))),
149 class RecipientEncryptedKey(Sequence):
151 ("rid", KeyAgreeRecipientIdentifier()),
152 ("encryptedKey", EncryptedKey()),
156 class RecipientEncryptedKeys(SequenceOf):
157 schema = RecipientEncryptedKey()
160 class KeyAgreeRecipientInfo(Sequence):
162 ("version", CMSVersion(3)),
163 ("originator", OriginatorIdentifierOrKey(expl=tag_ctxc(0))),
164 ("ukm", UserKeyingMaterial(expl=tag_ctxc(1), optional=True)),
165 ("keyEncryptionAlgorithm", KeyEncryptionAlgorithmIdentifier()),
166 ("recipientEncryptedKeys", RecipientEncryptedKeys()),
170 class RecipientInfo(Choice):
172 ("ktri", KeyTransRecipientInfo()),
173 ("kari", KeyAgreeRecipientInfo(impl=tag_ctxc(1))),
174 # ("kekri", KEKRecipientInfo(impl=tag_ctxc(2))),
175 # ("pwri", PasswordRecipientInfo(impl=tag_ctxc(3))),
176 # ("ori", OtherRecipientInfo(impl=tag_ctxc(4))),
180 class RecipientInfos(SetOf):
181 schema = RecipientInfo()
182 bounds = (1, float("+inf"))
185 class Gost2814789IV(OctetString):
189 class Gost2814789Parameters(Sequence):
191 ("iv", Gost2814789IV()),
192 ("encryptionParamSet", ObjectIdentifier()),
196 class ContentEncryptionAlgorithmIdentifier(AlgorithmIdentifier):
198 ("algorithm", ObjectIdentifier(defines=(
199 (("parameters",), {id_Gost28147_89: Gost2814789Parameters()}),
201 ("parameters", Any(optional=True)),
205 class EncryptedContent(OctetString):
209 class EncryptedContentInfo(Sequence):
211 ("contentType", ContentType()),
212 ("contentEncryptionAlgorithm", ContentEncryptionAlgorithmIdentifier()),
213 ("encryptedContent", EncryptedContent(impl=tag_ctxp(0), optional=True)),
217 class EnvelopedData(Sequence):
219 ("version", CMSVersion()),
220 # ("originatorInfo", OriginatorInfo(impl=tag_ctxc(0), optional=True)),
221 ("recipientInfos", RecipientInfos()),
222 ("encryptedContentInfo", EncryptedContentInfo()),
223 # ("unprotectedAttrs", UnprotectedAttributes(impl=tag_ctxc(1), optional=True)),
227 class EncapsulatedContentInfo(Sequence):
229 ("eContentType", ContentType()),
230 ("eContent", OctetString(expl=tag_ctxc(0), optional=True)),
234 class SignerIdentifier(Choice):
236 ("issuerAndSerialNumber", Any()),
237 # ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))),
241 class DigestAlgorithmIdentifiers(SetOf):
242 schema = AlgorithmIdentifier()
245 class DigestAlgorithmIdentifier(AlgorithmIdentifier):
249 class SignatureAlgorithmIdentifier(AlgorithmIdentifier):
253 class SignatureValue(OctetString):
257 class SignerInfo(Sequence):
259 ("version", CMSVersion()),
260 ("sid", SignerIdentifier()),
261 ("digestAlgorithm", DigestAlgorithmIdentifier()),
262 # ("signedAttrs", SignedAttributes(impl=tag_ctxc(0), optional=True)),
263 ("signatureAlgorithm", SignatureAlgorithmIdentifier()),
264 ("signature", SignatureValue()),
265 # ("unsignedAttrs", UnsignedAttributes(impl=tag_ctxc(1), optional=True)),
269 class SignerInfos(SetOf):
270 schema = SignerInfo()
273 class CertificateChoices(Choice):
275 ('certificate', Certificate()),
276 # ('extendedCertificate', ExtendedCertificate(impl=tag_ctxp(0))),
277 # ('v1AttrCert', AttributeCertificateV1(impl=tag_ctxc(1))), # V1 is osbolete
278 # ('v2AttrCert', AttributeCertificateV2(impl=tag_ctxc(2))),
279 # ('other', OtherCertificateFormat(impl=tag_ctxc(3))),
283 class CertificateSet(SetOf):
284 schema = CertificateChoices()
287 class SignedData(Sequence):
289 ("version", CMSVersion()),
290 ("digestAlgorithms", DigestAlgorithmIdentifiers()),
291 ("encapContentInfo", EncapsulatedContentInfo()),
292 ("certificates", CertificateSet(impl=tag_ctxc(0), optional=True)),
293 # ("crls", RevocationInfoChoices(impl=tag_ctxc(1), optional=True)),
294 ("signerInfos", SignerInfos()),
298 class Digest(OctetString):
302 class DigestedData(Sequence):
304 ("version", CMSVersion()),
305 ("digestAlgorithm", DigestAlgorithmIdentifier()),
306 ("encapContentInfo", EncapsulatedContentInfo()),
307 ("digest", Digest()),
311 class ContentInfo(Sequence):
313 ("contentType", ContentType(defines=(
315 id_digestedData: DigestedData(),
316 id_envelopedData: EnvelopedData(),
317 id_signedData: SignedData(),
320 ("content", Any(expl=tag_ctxc(0))),