2 # PyGOST -- Pure Python GOST cryptographic functions library
3 # Copyright (C) 2015-2021 Sergey Matveev <stargrave@stargrave.org>
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation, version 3 of the License.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 """CMS related structures (**NOT COMPLETE**)
19 from pyderasn import Any
20 from pyderasn import BitString
21 from pyderasn import Choice
22 from pyderasn import Integer
23 from pyderasn import ObjectIdentifier
24 from pyderasn import OctetString
25 from pyderasn import Sequence
26 from pyderasn import SequenceOf
27 from pyderasn import SetOf
28 from pyderasn import tag_ctxc
29 from pyderasn import tag_ctxp
31 from pygost.asn1schemas.oids import id_cms_mac_attr
32 from pygost.asn1schemas.oids import id_contentType
33 from pygost.asn1schemas.oids import id_digestedData
34 from pygost.asn1schemas.oids import id_encryptedData
35 from pygost.asn1schemas.oids import id_envelopedData
36 from pygost.asn1schemas.oids import id_Gost28147_89
37 from pygost.asn1schemas.oids import id_gostr3412_2015_kuznyechik_ctracpkm
38 from pygost.asn1schemas.oids import id_gostr3412_2015_kuznyechik_ctracpkm_omac
39 from pygost.asn1schemas.oids import id_gostr3412_2015_kuznyechik_wrap_kexp15
40 from pygost.asn1schemas.oids import id_gostr3412_2015_magma_ctracpkm
41 from pygost.asn1schemas.oids import id_gostr3412_2015_magma_ctracpkm_omac
42 from pygost.asn1schemas.oids import id_gostr3412_2015_magma_wrap_kexp15
43 from pygost.asn1schemas.oids import id_messageDigest
44 from pygost.asn1schemas.oids import id_signedData
45 from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256
46 from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512
47 from pygost.asn1schemas.x509 import AlgorithmIdentifier
48 from pygost.asn1schemas.x509 import Certificate
49 from pygost.asn1schemas.x509 import CertificateSerialNumber
50 from pygost.asn1schemas.x509 import Name
51 from pygost.asn1schemas.x509 import SubjectPublicKeyInfo
54 class CMSVersion(Integer):
58 class ContentType(ObjectIdentifier):
62 class IssuerAndSerialNumber(Sequence):
65 ("serialNumber", CertificateSerialNumber()),
69 class KeyIdentifier(OctetString):
73 class SubjectKeyIdentifier(KeyIdentifier):
77 class RecipientIdentifier(Choice):
79 ("issuerAndSerialNumber", IssuerAndSerialNumber()),
80 ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))),
84 class Gost2814789Key(OctetString):
88 class Gost2814789MAC(OctetString):
92 class Gost2814789EncryptedKey(Sequence):
94 ("encryptedKey", Gost2814789Key()),
95 ("maskKey", Gost2814789Key(impl=tag_ctxp(0), optional=True)),
96 ("macKey", Gost2814789MAC()),
100 class GostR34102001TransportParameters(Sequence):
102 ("encryptionParamSet", ObjectIdentifier()),
103 ("ephemeralPublicKey", SubjectPublicKeyInfo(
107 ("ukm", OctetString()),
111 class GostR3410KeyTransport(Sequence):
113 ("sessionEncryptedKey", Gost2814789EncryptedKey()),
114 ("transportParameters", GostR34102001TransportParameters(
121 class GostR3410KeyTransport2019(Sequence):
123 ("encryptedKey", OctetString()),
124 ("ephemeralPublicKey", SubjectPublicKeyInfo()),
125 ("ukm", OctetString()),
129 class GostR341012KEGParameters(Sequence):
131 ("algorithm", ObjectIdentifier()),
135 class KeyEncryptionAlgorithmIdentifier(AlgorithmIdentifier):
137 ("algorithm", ObjectIdentifier(defines=(
139 id_gostr3412_2015_magma_wrap_kexp15: GostR341012KEGParameters(),
140 id_gostr3412_2015_kuznyechik_wrap_kexp15: GostR341012KEGParameters(),
142 (("..", "encryptedKey"), {
143 id_tc26_gost3410_2012_256: GostR3410KeyTransport(),
144 id_tc26_gost3410_2012_512: GostR3410KeyTransport(),
145 id_gostr3412_2015_magma_wrap_kexp15: GostR3410KeyTransport2019(),
146 id_gostr3412_2015_kuznyechik_wrap_kexp15: GostR3410KeyTransport2019(),
148 (("..", "recipientEncryptedKeys", any, "encryptedKey"), {
149 id_tc26_gost3410_2012_256: Gost2814789EncryptedKey(),
150 id_tc26_gost3410_2012_512: Gost2814789EncryptedKey(),
153 ("parameters", Any(optional=True)),
157 class EncryptedKey(OctetString):
161 class KeyTransRecipientInfo(Sequence):
163 ("version", CMSVersion()),
164 ("rid", RecipientIdentifier()),
165 ("keyEncryptionAlgorithm", KeyEncryptionAlgorithmIdentifier()),
166 ("encryptedKey", EncryptedKey()),
170 class OriginatorPublicKey(Sequence):
172 ("algorithm", AlgorithmIdentifier()),
173 ("publicKey", BitString()),
177 class OriginatorIdentifierOrKey(Choice):
179 ("issuerAndSerialNumber", IssuerAndSerialNumber()),
180 ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))),
181 ("originatorKey", OriginatorPublicKey(impl=tag_ctxc(1))),
185 class UserKeyingMaterial(OctetString):
189 class KeyAgreeRecipientIdentifier(Choice):
191 ("issuerAndSerialNumber", IssuerAndSerialNumber()),
192 # ("rKeyId", RecipientKeyIdentifier(impl=tag_ctxc(0))),
196 class RecipientEncryptedKey(Sequence):
198 ("rid", KeyAgreeRecipientIdentifier()),
199 ("encryptedKey", EncryptedKey()),
203 class RecipientEncryptedKeys(SequenceOf):
204 schema = RecipientEncryptedKey()
207 class KeyAgreeRecipientInfo(Sequence):
209 ("version", CMSVersion(3)),
210 ("originator", OriginatorIdentifierOrKey(expl=tag_ctxc(0))),
211 ("ukm", UserKeyingMaterial(expl=tag_ctxc(1), optional=True)),
212 ("keyEncryptionAlgorithm", KeyEncryptionAlgorithmIdentifier()),
213 ("recipientEncryptedKeys", RecipientEncryptedKeys()),
217 class RecipientInfo(Choice):
219 ("ktri", KeyTransRecipientInfo()),
220 ("kari", KeyAgreeRecipientInfo(impl=tag_ctxc(1))),
221 # ("kekri", KEKRecipientInfo(impl=tag_ctxc(2))),
222 # ("pwri", PasswordRecipientInfo(impl=tag_ctxc(3))),
223 # ("ori", OtherRecipientInfo(impl=tag_ctxc(4))),
227 class RecipientInfos(SetOf):
228 schema = RecipientInfo()
229 bounds = (1, float("+inf"))
232 class Gost2814789IV(OctetString):
236 class Gost2814789Parameters(Sequence):
238 ("iv", Gost2814789IV()),
239 ("encryptionParamSet", ObjectIdentifier()),
243 class Gost341215EncryptionParameters(Sequence):
245 ("ukm", OctetString()),
249 class ContentEncryptionAlgorithmIdentifier(AlgorithmIdentifier):
251 ("algorithm", ObjectIdentifier(defines=(
253 id_Gost28147_89: Gost2814789Parameters(),
254 id_gostr3412_2015_magma_ctracpkm: Gost341215EncryptionParameters(),
255 id_gostr3412_2015_kuznyechik_ctracpkm: Gost341215EncryptionParameters(),
256 id_gostr3412_2015_magma_ctracpkm_omac: Gost341215EncryptionParameters(),
257 id_gostr3412_2015_kuznyechik_ctracpkm_omac: Gost341215EncryptionParameters(),
260 ("parameters", Any(optional=True)),
264 class EncryptedContent(OctetString):
268 class EncryptedContentInfo(Sequence):
270 ("contentType", ContentType()),
271 ("contentEncryptionAlgorithm", ContentEncryptionAlgorithmIdentifier()),
272 ("encryptedContent", EncryptedContent(impl=tag_ctxp(0), optional=True)),
276 class Digest(OctetString):
280 class AttributeValue(Any):
284 class AttributeValues(SetOf):
285 schema = AttributeValue()
288 class EncryptedMac(OctetString):
292 class Attribute(Sequence):
294 ("attrType", ObjectIdentifier(defines=(
296 id_contentType: ObjectIdentifier(),
297 id_messageDigest: Digest(),
298 id_cms_mac_attr: EncryptedMac(),
301 ("attrValues", AttributeValues()),
305 class UnprotectedAttributes(SetOf):
307 bounds = (1, float("+inf"))
310 class EnvelopedData(Sequence):
312 ("version", CMSVersion()),
313 # ("originatorInfo", OriginatorInfo(impl=tag_ctxc(0), optional=True)),
314 ("recipientInfos", RecipientInfos()),
315 ("encryptedContentInfo", EncryptedContentInfo()),
316 ("unprotectedAttrs", UnprotectedAttributes(impl=tag_ctxc(1), optional=True)),
320 class EncapsulatedContentInfo(Sequence):
322 ("eContentType", ContentType()),
323 ("eContent", OctetString(expl=tag_ctxc(0), optional=True)),
327 class SignerIdentifier(Choice):
329 ("issuerAndSerialNumber", IssuerAndSerialNumber()),
330 ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))),
334 class DigestAlgorithmIdentifiers(SetOf):
335 schema = AlgorithmIdentifier()
338 class DigestAlgorithmIdentifier(AlgorithmIdentifier):
342 class SignatureAlgorithmIdentifier(AlgorithmIdentifier):
346 class SignatureValue(OctetString):
350 class SignedAttributes(SetOf):
352 bounds = (1, float("+inf"))
355 class SignerInfo(Sequence):
357 ("version", CMSVersion()),
358 ("sid", SignerIdentifier()),
359 ("digestAlgorithm", DigestAlgorithmIdentifier()),
360 ("signedAttrs", SignedAttributes(impl=tag_ctxc(0), optional=True)),
361 ("signatureAlgorithm", SignatureAlgorithmIdentifier()),
362 ("signature", SignatureValue()),
363 # ("unsignedAttrs", UnsignedAttributes(impl=tag_ctxc(1), optional=True)),
367 class SignerInfos(SetOf):
368 schema = SignerInfo()
371 class CertificateChoices(Choice):
373 ("certificate", Certificate()),
374 # ("extendedCertificate", ExtendedCertificate(impl=tag_ctxp(0))),
375 # ("v1AttrCert", AttributeCertificateV1(impl=tag_ctxc(1))), # V1 is osbolete
376 # ("v2AttrCert", AttributeCertificateV2(impl=tag_ctxc(2))),
377 # ("other", OtherCertificateFormat(impl=tag_ctxc(3))),
381 class CertificateSet(SetOf):
382 schema = CertificateChoices()
385 class SignedData(Sequence):
387 ("version", CMSVersion()),
388 ("digestAlgorithms", DigestAlgorithmIdentifiers()),
389 ("encapContentInfo", EncapsulatedContentInfo()),
390 ("certificates", CertificateSet(impl=tag_ctxc(0), optional=True)),
391 # ("crls", RevocationInfoChoices(impl=tag_ctxc(1), optional=True)),
392 ("signerInfos", SignerInfos()),
396 class DigestedData(Sequence):
398 ("version", CMSVersion()),
399 ("digestAlgorithm", DigestAlgorithmIdentifier()),
400 ("encapContentInfo", EncapsulatedContentInfo()),
401 ("digest", Digest()),
405 class EncryptedData(Sequence):
407 ("version", CMSVersion()),
408 ("encryptedContentInfo", EncryptedContentInfo()),
409 ("unprotectedAttrs", UnprotectedAttributes(impl=tag_ctxc(1), optional=True)),
413 class ContentInfo(Sequence):
415 ("contentType", ContentType(defines=(
417 id_digestedData: DigestedData(),
418 id_encryptedData: EncryptedData(),
419 id_envelopedData: EnvelopedData(),
420 id_signedData: SignedData(),
423 ("content", Any(expl=tag_ctxc(0))),