X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=pygost%2Fasn1schemas%2Fcms.py;h=d8b89e2ec4df93332b633585976ca4c0f33b670a;hb=b8b853ca49a9dca40f446880fa809af51c611fe0;hp=187850bbb03c7309f211e0bd5b153f60c4319d65;hpb=5013b980d53a9969649a59535b7566f73f11521e;p=pygost.git diff --git a/pygost/asn1schemas/cms.py b/pygost/asn1schemas/cms.py index 187850b..d8b89e2 100644 --- a/pygost/asn1schemas/cms.py +++ b/pygost/asn1schemas/cms.py @@ -1,11 +1,10 @@ # coding: utf-8 # PyGOST -- Pure Python GOST cryptographic functions library -# Copyright (C) 2015-2018 Sergey Matveev +# Copyright (C) 2015-2022 Sergey Matveev # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. +# the Free Software Foundation, version 3 of the License. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of @@ -29,7 +28,26 @@ from pyderasn import SetOf from pyderasn import tag_ctxc from pyderasn import tag_ctxp +from pygost.asn1schemas.oids import id_cms_mac_attr +from pygost.asn1schemas.oids import id_contentType +from pygost.asn1schemas.oids import id_digestedData +from pygost.asn1schemas.oids import id_encryptedData +from pygost.asn1schemas.oids import id_envelopedData +from pygost.asn1schemas.oids import id_Gost28147_89 +from pygost.asn1schemas.oids import id_gostr3412_2015_kuznyechik_ctracpkm +from pygost.asn1schemas.oids import id_gostr3412_2015_kuznyechik_ctracpkm_omac +from pygost.asn1schemas.oids import id_gostr3412_2015_kuznyechik_wrap_kexp15 +from pygost.asn1schemas.oids import id_gostr3412_2015_magma_ctracpkm +from pygost.asn1schemas.oids import id_gostr3412_2015_magma_ctracpkm_omac +from pygost.asn1schemas.oids import id_gostr3412_2015_magma_wrap_kexp15 +from pygost.asn1schemas.oids import id_messageDigest +from pygost.asn1schemas.oids import id_signedData +from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256 +from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512 from pygost.asn1schemas.x509 import AlgorithmIdentifier +from pygost.asn1schemas.x509 import Certificate +from pygost.asn1schemas.x509 import CertificateSerialNumber +from pygost.asn1schemas.x509 import Name from pygost.asn1schemas.x509 import SubjectPublicKeyInfo @@ -41,15 +59,99 @@ class ContentType(ObjectIdentifier): pass +class IssuerAndSerialNumber(Sequence): + schema = ( + ("issuer", Name()), + ("serialNumber", CertificateSerialNumber()), + ) + + +class KeyIdentifier(OctetString): + pass + + +class SubjectKeyIdentifier(KeyIdentifier): + pass + + class RecipientIdentifier(Choice): schema = ( - ("issuerAndSerialNumber", Any()), - # ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))), + ("issuerAndSerialNumber", IssuerAndSerialNumber()), + ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))), + ) + + +class Gost2814789Key(OctetString): + bounds = (32, 32) + + +class Gost2814789MAC(OctetString): + bounds = (4, 4) + + +class Gost2814789EncryptedKey(Sequence): + schema = ( + ("encryptedKey", Gost2814789Key()), + ("maskKey", Gost2814789Key(impl=tag_ctxp(0), optional=True)), + ("macKey", Gost2814789MAC()), + ) + + +class GostR34102001TransportParameters(Sequence): + schema = ( + ("encryptionParamSet", ObjectIdentifier()), + ("ephemeralPublicKey", SubjectPublicKeyInfo( + impl=tag_ctxc(0), + optional=True, + )), + ("ukm", OctetString()), + ) + + +class GostR3410KeyTransport(Sequence): + schema = ( + ("sessionEncryptedKey", Gost2814789EncryptedKey()), + ("transportParameters", GostR34102001TransportParameters( + impl=tag_ctxc(0), + optional=True, + )), + ) + + +class GostR3410KeyTransport2019(Sequence): + schema = ( + ("encryptedKey", OctetString()), + ("ephemeralPublicKey", SubjectPublicKeyInfo()), + ("ukm", OctetString()), + ) + + +class GostR341012KEGParameters(Sequence): + schema = ( + ("algorithm", ObjectIdentifier()), ) class KeyEncryptionAlgorithmIdentifier(AlgorithmIdentifier): - pass + schema = ( + ("algorithm", ObjectIdentifier(defines=( + (("parameters",), { + id_gostr3412_2015_magma_wrap_kexp15: GostR341012KEGParameters(), + id_gostr3412_2015_kuznyechik_wrap_kexp15: GostR341012KEGParameters(), + }), + (("..", "encryptedKey"), { + id_tc26_gost3410_2012_256: GostR3410KeyTransport(), + id_tc26_gost3410_2012_512: GostR3410KeyTransport(), + id_gostr3412_2015_magma_wrap_kexp15: GostR3410KeyTransport2019(), + id_gostr3412_2015_kuznyechik_wrap_kexp15: GostR3410KeyTransport2019(), + }), + (("..", "recipientEncryptedKeys", any, "encryptedKey"), { + id_tc26_gost3410_2012_256: Gost2814789EncryptedKey(), + id_tc26_gost3410_2012_512: Gost2814789EncryptedKey(), + }), + ))), + ("parameters", Any(optional=True)), + ) class EncryptedKey(OctetString): @@ -74,8 +176,8 @@ class OriginatorPublicKey(Sequence): class OriginatorIdentifierOrKey(Choice): schema = ( - # ("issuerAndSerialNumber", IssuerAndSerialNumber()), - # ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))), + ("issuerAndSerialNumber", IssuerAndSerialNumber()), + ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))), ("originatorKey", OriginatorPublicKey(impl=tag_ctxc(1))), ) @@ -86,7 +188,7 @@ class UserKeyingMaterial(OctetString): class KeyAgreeRecipientIdentifier(Choice): schema = ( - ("issuerAndSerialNumber", Any()), + ("issuerAndSerialNumber", IssuerAndSerialNumber()), # ("rKeyId", RecipientKeyIdentifier(impl=tag_ctxc(0))), ) @@ -127,8 +229,36 @@ class RecipientInfos(SetOf): bounds = (1, float("+inf")) +class Gost2814789IV(OctetString): + bounds = (8, 8) + + +class Gost2814789Parameters(Sequence): + schema = ( + ("iv", Gost2814789IV()), + ("encryptionParamSet", ObjectIdentifier()), + ) + + +class Gost341215EncryptionParameters(Sequence): + schema = ( + ("ukm", OctetString()), + ) + + class ContentEncryptionAlgorithmIdentifier(AlgorithmIdentifier): - pass + schema = ( + ("algorithm", ObjectIdentifier(defines=( + (("parameters",), { + id_Gost28147_89: Gost2814789Parameters(), + id_gostr3412_2015_magma_ctracpkm: Gost341215EncryptionParameters(), + id_gostr3412_2015_kuznyechik_ctracpkm: Gost341215EncryptionParameters(), + id_gostr3412_2015_magma_ctracpkm_omac: Gost341215EncryptionParameters(), + id_gostr3412_2015_kuznyechik_ctracpkm_omac: Gost341215EncryptionParameters(), + }), + ))), + ("parameters", Any(optional=True)), + ) class EncryptedContent(OctetString): @@ -143,68 +273,68 @@ class EncryptedContentInfo(Sequence): ) -class EnvelopedData(Sequence): - schema = ( - ("version", CMSVersion()), - # ("originatorInfo", OriginatorInfo(impl=tag_ctxc(0), optional=True)), - ("recipientInfos", RecipientInfos()), - ("encryptedContentInfo", EncryptedContentInfo()), - # ("unprotectedAttrs", UnprotectedAttributes(impl=tag_ctxc(1), optional=True)), - ) +class Digest(OctetString): + pass -class ContentInfo(Sequence): - schema = ( - ("contentType", ContentType()), - ("content", Any(expl=tag_ctxc(0))), - ) +class AttributeValue(Any): + pass -class Gost2814789IV(OctetString): - bounds = (8, 8) +class AttributeValues(SetOf): + schema = AttributeValue() -class Gost2814789Parameters(Sequence): - schema = ( - ("iv", Gost2814789IV()), - ("encryptionParamSet", ObjectIdentifier()), - ) +class EncryptedMac(OctetString): + pass -class Gost2814789Key(OctetString): - bounds = (32, 32) +class Attribute(Sequence): + schema = ( + ("attrType", ObjectIdentifier(defines=( + (("attrValues",), { + id_contentType: ObjectIdentifier(), + id_messageDigest: Digest(), + id_cms_mac_attr: EncryptedMac(), + },), + ))), + ("attrValues", AttributeValues()), + ) -class Gost2814789MAC(OctetString): - bounds = (4, 4) +class UnprotectedAttributes(SetOf): + schema = Attribute() + bounds = (1, float("+inf")) -class Gost2814789EncryptedKey(Sequence): +class CertificateChoices(Choice): schema = ( - ("encryptedKey", Gost2814789Key()), - ("maskKey", Gost2814789Key(impl=tag_ctxp(0), optional=True)), - ("macKey", Gost2814789MAC()), + ("certificate", Certificate()), + # ("extendedCertificate", OctetString(impl=tag_ctxp(0))), + # ("v1AttrCert", AttributeCertificateV1(impl=tag_ctxc(1))), # V1 is osbolete + # ("v2AttrCert", AttributeCertificateV2(impl=tag_ctxc(2))), + # ("other", OtherCertificateFormat(impl=tag_ctxc(3))), ) -class GostR34102001TransportParameters(Sequence): +class CertificateSet(SetOf): + schema = CertificateChoices() + + +class OriginatorInfo(Sequence): schema = ( - ("encryptionParamSet", ObjectIdentifier()), - ("ephemeralPublicKey", SubjectPublicKeyInfo( - impl=tag_ctxc(0), - optional=True, - )), - ("ukm", OctetString()), + ("certs", CertificateSet(impl=tag_ctxc(0), optional=True)), + # ("crls", RevocationInfoChoices(impl=tag_ctxc(1), optional=True)), ) -class GostR3410KeyTransport(Sequence): +class EnvelopedData(Sequence): schema = ( - ("sessionEncryptedKey", Gost2814789EncryptedKey()), - ("transportParameters", GostR34102001TransportParameters( - impl=tag_ctxc(0), - optional=True, - )), + ("version", CMSVersion()), + ("originatorInfo", OriginatorInfo(impl=tag_ctxc(0), optional=True)), + ("recipientInfos", RecipientInfos()), + ("encryptedContentInfo", EncryptedContentInfo()), + ("unprotectedAttrs", UnprotectedAttributes(impl=tag_ctxc(1), optional=True)), ) @@ -217,8 +347,8 @@ class EncapsulatedContentInfo(Sequence): class SignerIdentifier(Choice): schema = ( - ("issuerAndSerialNumber", Any()), - # ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))), + ("issuerAndSerialNumber", IssuerAndSerialNumber()), + ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))), ) @@ -238,12 +368,17 @@ class SignatureValue(OctetString): pass +class SignedAttributes(SetOf): + schema = Attribute() + bounds = (1, float("+inf")) + + class SignerInfo(Sequence): schema = ( ("version", CMSVersion()), ("sid", SignerIdentifier()), ("digestAlgorithm", DigestAlgorithmIdentifier()), - # ("signedAttrs", SignedAttributes(impl=tag_ctxc(0), optional=True)), + ("signedAttrs", SignedAttributes(impl=tag_ctxc(0), optional=True)), ("signatureAlgorithm", SignatureAlgorithmIdentifier()), ("signature", SignatureValue()), # ("unsignedAttrs", UnsignedAttributes(impl=tag_ctxc(1), optional=True)), @@ -259,16 +394,12 @@ class SignedData(Sequence): ("version", CMSVersion()), ("digestAlgorithms", DigestAlgorithmIdentifiers()), ("encapContentInfo", EncapsulatedContentInfo()), - # ("certificates", CertificateSet(impl=tag_ctxc(0), optional=True)), + ("certificates", CertificateSet(impl=tag_ctxc(0), optional=True)), # ("crls", RevocationInfoChoices(impl=tag_ctxc(1), optional=True)), ("signerInfos", SignerInfos()), ) -class Digest(OctetString): - pass - - class DigestedData(Sequence): schema = ( ("version", CMSVersion()), @@ -276,3 +407,25 @@ class DigestedData(Sequence): ("encapContentInfo", EncapsulatedContentInfo()), ("digest", Digest()), ) + + +class EncryptedData(Sequence): + schema = ( + ("version", CMSVersion()), + ("encryptedContentInfo", EncryptedContentInfo()), + ("unprotectedAttrs", UnprotectedAttributes(impl=tag_ctxc(1), optional=True)), + ) + + +class ContentInfo(Sequence): + schema = ( + ("contentType", ContentType(defines=( + (("content",), { + id_digestedData: DigestedData(), + id_encryptedData: EncryptedData(), + id_envelopedData: EnvelopedData(), + id_signedData: SignedData(), + }), + ))), + ("content", Any(expl=tag_ctxc(0))), + )