pygost/asn1schemas/cms.py

   1 # coding: utf-8
   2 # PyGOST -- Pure Python GOST cryptographic functions library
   3 # Copyright (C) 2015-2020 Sergey Matveev <stargrave@stargrave.org>
   4 #
   5 # This program is free software: you can redistribute it and/or modify
   6 # it under the terms of the GNU General Public License as published by
   7 # the Free Software Foundation, version 3 of the License.
   8 #
   9 # This program is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU General Public License
  15 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  16 """CMS related structures (**NOT COMPLETE**)
  17 """
  18
  19 from pyderasn import Any
  20 from pyderasn import BitString
  21 from pyderasn import Choice
  22 from pyderasn import Integer
  23 from pyderasn import ObjectIdentifier
  24 from pyderasn import OctetString
  25 from pyderasn import Sequence
  26 from pyderasn import SequenceOf
  27 from pyderasn import SetOf
  28 from pyderasn import tag_ctxc
  29 from pyderasn import tag_ctxp
  30
  31 from pygost.asn1schemas.oids import id_digestedData
  32 from pygost.asn1schemas.oids import id_envelopedData
  33 from pygost.asn1schemas.oids import id_Gost28147_89
  34 from pygost.asn1schemas.oids import id_signedData
  35 from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256
  36 from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512
  37 from pygost.asn1schemas.x509 import AlgorithmIdentifier
  38 from pygost.asn1schemas.x509 import Certificate
  39 from pygost.asn1schemas.x509 import SubjectPublicKeyInfo
  40
  41
  42 class CMSVersion(Integer):
  43     pass
  44
  45
  46 class ContentType(ObjectIdentifier):
  47     pass
  48
  49
  50 class RecipientIdentifier(Choice):
  51     schema = (
  52         ("issuerAndSerialNumber", Any()),
  53         # ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))),
  54     )
  55
  56
  57 class Gost2814789Key(OctetString):
  58     bounds = (32, 32)
  59
  60
  61 class Gost2814789MAC(OctetString):
  62     bounds = (4, 4)
  63
  64
  65 class Gost2814789EncryptedKey(Sequence):
  66     schema = (
  67         ("encryptedKey", Gost2814789Key()),
  68         ("maskKey", Gost2814789Key(impl=tag_ctxp(0), optional=True)),
  69         ("macKey", Gost2814789MAC()),
  70     )
  71
  72
  73 class GostR34102001TransportParameters(Sequence):
  74     schema = (
  75         ("encryptionParamSet", ObjectIdentifier()),
  76         ("ephemeralPublicKey", SubjectPublicKeyInfo(
  77             impl=tag_ctxc(0),
  78             optional=True,
  79         )),
  80         ("ukm", OctetString()),
  81     )
  82
  83
  84 class GostR3410KeyTransport(Sequence):
  85     schema = (
  86         ("sessionEncryptedKey", Gost2814789EncryptedKey()),
  87         ("transportParameters", GostR34102001TransportParameters(
  88             impl=tag_ctxc(0),
  89             optional=True,
  90         )),
  91     )
  92
  93
  94 class KeyEncryptionAlgorithmIdentifier(AlgorithmIdentifier):
  95     schema = (
  96         ("algorithm", ObjectIdentifier(defines=(
  97             (("..", "encryptedKey"), {
  98                 id_tc26_gost3410_2012_256: GostR3410KeyTransport(),
  99                 id_tc26_gost3410_2012_512: GostR3410KeyTransport(),
 100             }),
 101             (("..", "recipientEncryptedKeys", any, "encryptedKey"), {
 102                 id_tc26_gost3410_2012_256: Gost2814789EncryptedKey(),
 103                 id_tc26_gost3410_2012_512: Gost2814789EncryptedKey(),
 104             }),
 105         ))),
 106         ("parameters", Any(optional=True)),
 107     )
 108
 109
 110 class EncryptedKey(OctetString):
 111     pass
 112
 113
 114 class KeyTransRecipientInfo(Sequence):
 115     schema = (
 116         ("version", CMSVersion()),
 117         ("rid", RecipientIdentifier()),
 118         ("keyEncryptionAlgorithm", KeyEncryptionAlgorithmIdentifier()),
 119         ("encryptedKey", EncryptedKey()),
 120     )
 121
 122
 123 class OriginatorPublicKey(Sequence):
 124     schema = (
 125         ("algorithm", AlgorithmIdentifier()),
 126         ("publicKey", BitString()),
 127     )
 128
 129
 130 class OriginatorIdentifierOrKey(Choice):
 131     schema = (
 132         # ("issuerAndSerialNumber", IssuerAndSerialNumber()),
 133         # ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))),
 134         ("originatorKey", OriginatorPublicKey(impl=tag_ctxc(1))),
 135     )
 136
 137
 138 class UserKeyingMaterial(OctetString):
 139     pass
 140
 141
 142 class KeyAgreeRecipientIdentifier(Choice):
 143     schema = (
 144         ("issuerAndSerialNumber", Any()),
 145         # ("rKeyId", RecipientKeyIdentifier(impl=tag_ctxc(0))),
 146     )
 147
 148
 149 class RecipientEncryptedKey(Sequence):
 150     schema = (
 151         ("rid", KeyAgreeRecipientIdentifier()),
 152         ("encryptedKey", EncryptedKey()),
 153     )
 154
 155
 156 class RecipientEncryptedKeys(SequenceOf):
 157     schema = RecipientEncryptedKey()
 158
 159
 160 class KeyAgreeRecipientInfo(Sequence):
 161     schema = (
 162         ("version", CMSVersion(3)),
 163         ("originator", OriginatorIdentifierOrKey(expl=tag_ctxc(0))),
 164         ("ukm", UserKeyingMaterial(expl=tag_ctxc(1), optional=True)),
 165         ("keyEncryptionAlgorithm", KeyEncryptionAlgorithmIdentifier()),
 166         ("recipientEncryptedKeys", RecipientEncryptedKeys()),
 167     )
 168
 169
 170 class RecipientInfo(Choice):
 171     schema = (
 172         ("ktri", KeyTransRecipientInfo()),
 173         ("kari", KeyAgreeRecipientInfo(impl=tag_ctxc(1))),
 174         # ("kekri", KEKRecipientInfo(impl=tag_ctxc(2))),
 175         # ("pwri", PasswordRecipientInfo(impl=tag_ctxc(3))),
 176         # ("ori", OtherRecipientInfo(impl=tag_ctxc(4))),
 177     )
 178
 179
 180 class RecipientInfos(SetOf):
 181     schema = RecipientInfo()
 182     bounds = (1, float("+inf"))
 183
 184
 185 class Gost2814789IV(OctetString):
 186     bounds = (8, 8)
 187
 188
 189 class Gost2814789Parameters(Sequence):
 190     schema = (
 191         ("iv", Gost2814789IV()),
 192         ("encryptionParamSet", ObjectIdentifier()),
 193     )
 194
 195
 196 class ContentEncryptionAlgorithmIdentifier(AlgorithmIdentifier):
 197     schema = (
 198         ("algorithm", ObjectIdentifier(defines=(
 199             (("parameters",), {id_Gost28147_89: Gost2814789Parameters()}),
 200         ))),
 201         ("parameters", Any(optional=True)),
 202     )
 203
 204
 205 class EncryptedContent(OctetString):
 206     pass
 207
 208
 209 class EncryptedContentInfo(Sequence):
 210     schema = (
 211         ("contentType", ContentType()),
 212         ("contentEncryptionAlgorithm", ContentEncryptionAlgorithmIdentifier()),
 213         ("encryptedContent", EncryptedContent(impl=tag_ctxp(0), optional=True)),
 214     )
 215
 216
 217 class EnvelopedData(Sequence):
 218     schema = (
 219         ("version", CMSVersion()),
 220         # ("originatorInfo", OriginatorInfo(impl=tag_ctxc(0), optional=True)),
 221         ("recipientInfos", RecipientInfos()),
 222         ("encryptedContentInfo", EncryptedContentInfo()),
 223         # ("unprotectedAttrs", UnprotectedAttributes(impl=tag_ctxc(1), optional=True)),
 224     )
 225
 226
 227 class EncapsulatedContentInfo(Sequence):
 228     schema = (
 229         ("eContentType", ContentType()),
 230         ("eContent", OctetString(expl=tag_ctxc(0), optional=True)),
 231     )
 232
 233
 234 class SignerIdentifier(Choice):
 235     schema = (
 236         ("issuerAndSerialNumber", Any()),
 237         # ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))),
 238     )
 239
 240
 241 class DigestAlgorithmIdentifiers(SetOf):
 242     schema = AlgorithmIdentifier()
 243
 244
 245 class DigestAlgorithmIdentifier(AlgorithmIdentifier):
 246     pass
 247
 248
 249 class SignatureAlgorithmIdentifier(AlgorithmIdentifier):
 250     pass
 251
 252
 253 class SignatureValue(OctetString):
 254     pass
 255
 256
 257 class SignerInfo(Sequence):
 258     schema = (
 259         ("version", CMSVersion()),
 260         ("sid", SignerIdentifier()),
 261         ("digestAlgorithm", DigestAlgorithmIdentifier()),
 262         # ("signedAttrs", SignedAttributes(impl=tag_ctxc(0), optional=True)),
 263         ("signatureAlgorithm", SignatureAlgorithmIdentifier()),
 264         ("signature", SignatureValue()),
 265         # ("unsignedAttrs", UnsignedAttributes(impl=tag_ctxc(1), optional=True)),
 266     )
 267
 268
 269 class SignerInfos(SetOf):
 270     schema = SignerInfo()
 271
 272
 273 class CertificateChoices(Choice):
 274     schema = (
 275         ('certificate', Certificate()),
 276         # ('extendedCertificate', ExtendedCertificate(impl=tag_ctxp(0))),
 277         # ('v1AttrCert', AttributeCertificateV1(impl=tag_ctxc(1))),  # V1 is osbolete
 278         # ('v2AttrCert', AttributeCertificateV2(impl=tag_ctxc(2))),
 279         # ('other', OtherCertificateFormat(impl=tag_ctxc(3))),
 280     )
 281
 282
 283 class CertificateSet(SetOf):
 284     schema = CertificateChoices()
 285
 286
 287 class SignedData(Sequence):
 288     schema = (
 289         ("version", CMSVersion()),
 290         ("digestAlgorithms", DigestAlgorithmIdentifiers()),
 291         ("encapContentInfo", EncapsulatedContentInfo()),
 292         ("certificates", CertificateSet(impl=tag_ctxc(0), optional=True)),
 293         # ("crls", RevocationInfoChoices(impl=tag_ctxc(1), optional=True)),
 294         ("signerInfos", SignerInfos()),
 295     )
 296
 297
 298 class Digest(OctetString):
 299     pass
 300
 301
 302 class DigestedData(Sequence):
 303     schema = (
 304         ("version", CMSVersion()),
 305         ("digestAlgorithm", DigestAlgorithmIdentifier()),
 306         ("encapContentInfo", EncapsulatedContentInfo()),
 307         ("digest", Digest()),
 308     )
 309
 310
 311 class ContentInfo(Sequence):
 312     schema = (
 313         ("contentType", ContentType(defines=(
 314             (("content",), {
 315                 id_digestedData: DigestedData(),
 316                 id_envelopedData: EnvelopedData(),
 317                 id_signedData: SignedData(),
 318             }),
 319         ))),
 320         ("content", Any(expl=tag_ctxc(0))),
 321     )