]> Cypherpunks.ru repositories - pygost.git/blob - pygost/asn1schemas/cms.py
projects / pygost.git / blob


001173ba07b1a203ee5c9db1b2c9c3b4f304ed46
[pygost.git] / pygost / asn1schemas / cms.py
1 # coding: utf-8
2 # PyGOST -- Pure Python GOST cryptographic functions library
3 # Copyright (C) 2015-2024 Sergey Matveev <stargrave@stargrave.org>
4 #
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation, version 3 of the License.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU General Public License
15 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
16 """CMS related structures (**NOT COMPLETE**)
17 """
18
19 from pyderasn import Any
20 from pyderasn import BitString
21 from pyderasn import Choice
22 from pyderasn import Integer
23 from pyderasn import ObjectIdentifier
24 from pyderasn import OctetString
25 from pyderasn import Sequence
26 from pyderasn import SequenceOf
27 from pyderasn import SetOf
28 from pyderasn import tag_ctxc
29 from pyderasn import tag_ctxp
30
31 from pygost.asn1schemas.oids import id_cms_mac_attr
32 from pygost.asn1schemas.oids import id_contentType
33 from pygost.asn1schemas.oids import id_digestedData
34 from pygost.asn1schemas.oids import id_encryptedData
35 from pygost.asn1schemas.oids import id_envelopedData
36 from pygost.asn1schemas.oids import id_Gost28147_89
37 from pygost.asn1schemas.oids import id_gostr3412_2015_kuznyechik_ctracpkm
38 from pygost.asn1schemas.oids import id_gostr3412_2015_kuznyechik_ctracpkm_omac
39 from pygost.asn1schemas.oids import id_gostr3412_2015_kuznyechik_wrap_kexp15
40 from pygost.asn1schemas.oids import id_gostr3412_2015_magma_ctracpkm
41 from pygost.asn1schemas.oids import id_gostr3412_2015_magma_ctracpkm_omac
42 from pygost.asn1schemas.oids import id_gostr3412_2015_magma_wrap_kexp15
43 from pygost.asn1schemas.oids import id_messageDigest
44 from pygost.asn1schemas.oids import id_signedData
45 from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256
46 from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512
47 from pygost.asn1schemas.x509 import AlgorithmIdentifier
48 from pygost.asn1schemas.x509 import Certificate
49 from pygost.asn1schemas.x509 import CertificateSerialNumber
50 from pygost.asn1schemas.x509 import Name
51 from pygost.asn1schemas.x509 import SubjectPublicKeyInfo
52
53
54 class CMSVersion(Integer):
55     pass
56
57
58 class ContentType(ObjectIdentifier):
59     pass
60
61
62 class IssuerAndSerialNumber(Sequence):
63     schema = (
64         ("issuer", Name()),
65         ("serialNumber", CertificateSerialNumber()),
66     )
67
68
69 class KeyIdentifier(OctetString):
70     pass
71
72
73 class SubjectKeyIdentifier(KeyIdentifier):
74     pass
75
76
77 class RecipientIdentifier(Choice):
78     schema = (
79         ("issuerAndSerialNumber", IssuerAndSerialNumber()),
80         ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))),
81     )
82
83
84 class Gost2814789Key(OctetString):
85     bounds = (32, 32)
86
87
88 class Gost2814789MAC(OctetString):
89     bounds = (4, 4)
90
91
92 class Gost2814789EncryptedKey(Sequence):
93     schema = (
94         ("encryptedKey", Gost2814789Key()),
95         ("maskKey", Gost2814789Key(impl=tag_ctxp(0), optional=True)),
96         ("macKey", Gost2814789MAC()),
97     )
98
99
100 class GostR34102001TransportParameters(Sequence):
101     schema = (
102         ("encryptionParamSet", ObjectIdentifier()),
103         ("ephemeralPublicKey", SubjectPublicKeyInfo(
104             impl=tag_ctxc(0),
105             optional=True,
106         )),
107         ("ukm", OctetString()),
108     )
109
110
111 class GostR3410KeyTransport(Sequence):
112     schema = (
113         ("sessionEncryptedKey", Gost2814789EncryptedKey()),
114         ("transportParameters", GostR34102001TransportParameters(
115             impl=tag_ctxc(0),
116             optional=True,
117         )),
118     )
119
120
121 class GostR3410KeyTransport2019(Sequence):
122     schema = (
123         ("encryptedKey", OctetString()),
124         ("ephemeralPublicKey", SubjectPublicKeyInfo()),
125         ("ukm", OctetString()),
126     )
127
128
129 class GostR341012KEGParameters(Sequence):
130     schema = (
131         ("algorithm", ObjectIdentifier()),
132     )
133
134
135 class KeyEncryptionAlgorithmIdentifier(AlgorithmIdentifier):
136     schema = (
137         ("algorithm", ObjectIdentifier(defines=(
138             (("parameters",), {
139                 id_gostr3412_2015_magma_wrap_kexp15: GostR341012KEGParameters(),
140                 id_gostr3412_2015_kuznyechik_wrap_kexp15: GostR341012KEGParameters(),
141             }),
142             (("..", "encryptedKey"), {
143                 id_tc26_gost3410_2012_256: GostR3410KeyTransport(),
144                 id_tc26_gost3410_2012_512: GostR3410KeyTransport(),
145                 id_gostr3412_2015_magma_wrap_kexp15: GostR3410KeyTransport2019(),
146                 id_gostr3412_2015_kuznyechik_wrap_kexp15: GostR3410KeyTransport2019(),
147             }),
148             (("..", "recipientEncryptedKeys", any, "encryptedKey"), {
149                 id_tc26_gost3410_2012_256: Gost2814789EncryptedKey(),
150                 id_tc26_gost3410_2012_512: Gost2814789EncryptedKey(),
151             }),
152         ))),
153         ("parameters", Any(optional=True)),
154     )
155
156
157 class EncryptedKey(OctetString):
158     pass
159
160
161 class KeyTransRecipientInfo(Sequence):
162     schema = (
163         ("version", CMSVersion()),
164         ("rid", RecipientIdentifier()),
165         ("keyEncryptionAlgorithm", KeyEncryptionAlgorithmIdentifier()),
166         ("encryptedKey", EncryptedKey()),
167     )
168
169
170 class OriginatorPublicKey(Sequence):
171     schema = (
172         ("algorithm", AlgorithmIdentifier()),
173         ("publicKey", BitString()),
174     )
175
176
177 class OriginatorIdentifierOrKey(Choice):
178     schema = (
179         ("issuerAndSerialNumber", IssuerAndSerialNumber()),
180         ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))),
181         ("originatorKey", OriginatorPublicKey(impl=tag_ctxc(1))),
182     )
183
184
185 class UserKeyingMaterial(OctetString):
186     pass
187
188
189 class KeyAgreeRecipientIdentifier(Choice):
190     schema = (
191         ("issuerAndSerialNumber", IssuerAndSerialNumber()),
192         # ("rKeyId", RecipientKeyIdentifier(impl=tag_ctxc(0))),
193     )
194
195
196 class RecipientEncryptedKey(Sequence):
197     schema = (
198         ("rid", KeyAgreeRecipientIdentifier()),
199         ("encryptedKey", EncryptedKey()),
200     )
201
202
203 class RecipientEncryptedKeys(SequenceOf):
204     schema = RecipientEncryptedKey()
205
206
207 class KeyAgreeRecipientInfo(Sequence):
208     schema = (
209         ("version", CMSVersion(3)),
210         ("originator", OriginatorIdentifierOrKey(expl=tag_ctxc(0))),
211         ("ukm", UserKeyingMaterial(expl=tag_ctxc(1), optional=True)),
212         ("keyEncryptionAlgorithm", KeyEncryptionAlgorithmIdentifier()),
213         ("recipientEncryptedKeys", RecipientEncryptedKeys()),
214     )
215
216
217 class RecipientInfo(Choice):
218     schema = (
219         ("ktri", KeyTransRecipientInfo()),
220         ("kari", KeyAgreeRecipientInfo(impl=tag_ctxc(1))),
221         # ("kekri", KEKRecipientInfo(impl=tag_ctxc(2))),
222         # ("pwri", PasswordRecipientInfo(impl=tag_ctxc(3))),
223         # ("ori", OtherRecipientInfo(impl=tag_ctxc(4))),
224     )
225
226
227 class RecipientInfos(SetOf):
228     schema = RecipientInfo()
229     bounds = (1, float("+inf"))
230
231
232 class Gost2814789IV(OctetString):
233     bounds = (8, 8)
234
235
236 class Gost2814789Parameters(Sequence):
237     schema = (
238         ("iv", Gost2814789IV()),
239         ("encryptionParamSet", ObjectIdentifier()),
240     )
241
242
243 class Gost341215EncryptionParameters(Sequence):
244     schema = (
245         ("ukm", OctetString()),
246     )
247
248
249 class ContentEncryptionAlgorithmIdentifier(AlgorithmIdentifier):
250     schema = (
251         ("algorithm", ObjectIdentifier(defines=(
252             (("parameters",), {
253                 id_Gost28147_89: Gost2814789Parameters(),
254                 id_gostr3412_2015_magma_ctracpkm: Gost341215EncryptionParameters(),
255                 id_gostr3412_2015_kuznyechik_ctracpkm: Gost341215EncryptionParameters(),
256                 id_gostr3412_2015_magma_ctracpkm_omac: Gost341215EncryptionParameters(),
257                 id_gostr3412_2015_kuznyechik_ctracpkm_omac: Gost341215EncryptionParameters(),
258             }),
259         ))),
260         ("parameters", Any(optional=True)),
261     )
262
263
264 class EncryptedContent(OctetString):
265     pass
266
267
268 class EncryptedContentInfo(Sequence):
269     schema = (
270         ("contentType", ContentType()),
271         ("contentEncryptionAlgorithm", ContentEncryptionAlgorithmIdentifier()),
272         ("encryptedContent", EncryptedContent(impl=tag_ctxp(0), optional=True)),
273     )
274
275
276 class Digest(OctetString):
277     pass
278
279
280 class AttributeValue(Any):
281     pass
282
283
284 class AttributeValues(SetOf):
285     schema = AttributeValue()
286
287
288 class EncryptedMac(OctetString):
289     pass
290
291
292 class Attribute(Sequence):
293     schema = (
294         ("attrType", ObjectIdentifier(defines=(
295             (("attrValues",), {
296                 id_contentType: ObjectIdentifier(),
297                 id_messageDigest: Digest(),
298                 id_cms_mac_attr: EncryptedMac(),
299             },),
300         ))),
301         ("attrValues", AttributeValues()),
302     )
303
304
305 class UnprotectedAttributes(SetOf):
306     schema = Attribute()
307     bounds = (1, float("+inf"))
308
309
310 class CertificateChoices(Choice):
311     schema = (
312         ("certificate", Certificate()),
313         # ("extendedCertificate", OctetString(impl=tag_ctxp(0))),
314         # ("v1AttrCert", AttributeCertificateV1(impl=tag_ctxc(1))),  # V1 is osbolete
315         # ("v2AttrCert", AttributeCertificateV2(impl=tag_ctxc(2))),
316         # ("other", OtherCertificateFormat(impl=tag_ctxc(3))),
317     )
318
319
320 class CertificateSet(SetOf):
321     schema = CertificateChoices()
322
323
324 class OriginatorInfo(Sequence):
325     schema = (
326         ("certs", CertificateSet(impl=tag_ctxc(0), optional=True)),
327         # ("crls", RevocationInfoChoices(impl=tag_ctxc(1), optional=True)),
328     )
329
330
331 class EnvelopedData(Sequence):
332     schema = (
333         ("version", CMSVersion()),
334         ("originatorInfo", OriginatorInfo(impl=tag_ctxc(0), optional=True)),
335         ("recipientInfos", RecipientInfos()),
336         ("encryptedContentInfo", EncryptedContentInfo()),
337         ("unprotectedAttrs", UnprotectedAttributes(impl=tag_ctxc(1), optional=True)),
338     )
339
340
341 class EncapsulatedContentInfo(Sequence):
342     schema = (
343         ("eContentType", ContentType()),
344         ("eContent", OctetString(expl=tag_ctxc(0), optional=True)),
345     )
346
347
348 class SignerIdentifier(Choice):
349     schema = (
350         ("issuerAndSerialNumber", IssuerAndSerialNumber()),
351         ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))),
352     )
353
354
355 class DigestAlgorithmIdentifiers(SetOf):
356     schema = AlgorithmIdentifier()
357
358
359 class DigestAlgorithmIdentifier(AlgorithmIdentifier):
360     pass
361
362
363 class SignatureAlgorithmIdentifier(AlgorithmIdentifier):
364     pass
365
366
367 class SignatureValue(OctetString):
368     pass
369
370
371 class SignedAttributes(SetOf):
372     schema = Attribute()
373     bounds = (1, float("+inf"))
374
375
376 class SignerInfo(Sequence):
377     schema = (
378         ("version", CMSVersion()),
379         ("sid", SignerIdentifier()),
380         ("digestAlgorithm", DigestAlgorithmIdentifier()),
381         ("signedAttrs", SignedAttributes(impl=tag_ctxc(0), optional=True)),
382         ("signatureAlgorithm", SignatureAlgorithmIdentifier()),
383         ("signature", SignatureValue()),
384         # ("unsignedAttrs", UnsignedAttributes(impl=tag_ctxc(1), optional=True)),
385     )
386
387
388 class SignerInfos(SetOf):
389     schema = SignerInfo()
390
391
392 class SignedData(Sequence):
393     schema = (
394         ("version", CMSVersion()),
395         ("digestAlgorithms", DigestAlgorithmIdentifiers()),
396         ("encapContentInfo", EncapsulatedContentInfo()),
397         ("certificates", CertificateSet(impl=tag_ctxc(0), optional=True)),
398         # ("crls", RevocationInfoChoices(impl=tag_ctxc(1), optional=True)),
399         ("signerInfos", SignerInfos()),
400     )
401
402
403 class DigestedData(Sequence):
404     schema = (
405         ("version", CMSVersion()),
406         ("digestAlgorithm", DigestAlgorithmIdentifier()),
407         ("encapContentInfo", EncapsulatedContentInfo()),
408         ("digest", Digest()),
409     )
410
411
412 class EncryptedData(Sequence):
413     schema = (
414         ("version", CMSVersion()),
415         ("encryptedContentInfo", EncryptedContentInfo()),
416         ("unprotectedAttrs", UnprotectedAttributes(impl=tag_ctxc(1), optional=True)),
417     )
418
419
420 class ContentInfo(Sequence):
421     schema = (
422         ("contentType", ContentType(defines=(
423             (("content",), {
424                 id_digestedData: DigestedData(),
425                 id_encryptedData: EncryptedData(),
426                 id_envelopedData: EnvelopedData(),
427                 id_signedData: SignedData(),
428             }),
429         ))),
430         ("content", Any(expl=tag_ctxc(0))),
431     )
Pure Python GOST cryptographic functions library