2 # PyGOST -- Pure Python GOST cryptographic functions library
3 # Copyright (C) 2015-2019 Sergey Matveev <stargrave@stargrave.org>
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation, either version 3 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
17 """CMS related structures (**NOT COMPLETE**)
20 from pyderasn import Any
21 from pyderasn import BitString
22 from pyderasn import Choice
23 from pyderasn import Integer
24 from pyderasn import ObjectIdentifier
25 from pyderasn import OctetString
26 from pyderasn import Sequence
27 from pyderasn import SequenceOf
28 from pyderasn import SetOf
29 from pyderasn import tag_ctxc
30 from pyderasn import tag_ctxp
32 from pygost.asn1schemas.oids import id_digestedData
33 from pygost.asn1schemas.oids import id_envelopedData
34 from pygost.asn1schemas.oids import id_Gost28147_89
35 from pygost.asn1schemas.oids import id_signedData
36 from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256
37 from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512
38 from pygost.asn1schemas.x509 import AlgorithmIdentifier
39 from pygost.asn1schemas.x509 import Certificate
40 from pygost.asn1schemas.x509 import SubjectPublicKeyInfo
43 class CMSVersion(Integer):
47 class ContentType(ObjectIdentifier):
51 class RecipientIdentifier(Choice):
53 ("issuerAndSerialNumber", Any()),
54 # ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))),
58 class Gost2814789Key(OctetString):
62 class Gost2814789MAC(OctetString):
66 class Gost2814789EncryptedKey(Sequence):
68 ("encryptedKey", Gost2814789Key()),
69 ("maskKey", Gost2814789Key(impl=tag_ctxp(0), optional=True)),
70 ("macKey", Gost2814789MAC()),
74 class GostR34102001TransportParameters(Sequence):
76 ("encryptionParamSet", ObjectIdentifier()),
77 ("ephemeralPublicKey", SubjectPublicKeyInfo(
81 ("ukm", OctetString()),
85 class GostR3410KeyTransport(Sequence):
87 ("sessionEncryptedKey", Gost2814789EncryptedKey()),
88 ("transportParameters", GostR34102001TransportParameters(
95 class KeyEncryptionAlgorithmIdentifier(AlgorithmIdentifier):
97 ("algorithm", ObjectIdentifier(defines=(
98 (("..", "encryptedKey"), {
99 id_tc26_gost3410_2012_256: GostR3410KeyTransport(),
100 id_tc26_gost3410_2012_512: GostR3410KeyTransport(),
102 (("..", "recipientEncryptedKeys", any, "encryptedKey"), {
103 id_tc26_gost3410_2012_256: Gost2814789EncryptedKey(),
104 id_tc26_gost3410_2012_512: Gost2814789EncryptedKey(),
107 ("parameters", Any(optional=True)),
111 class EncryptedKey(OctetString):
115 class KeyTransRecipientInfo(Sequence):
117 ("version", CMSVersion()),
118 ("rid", RecipientIdentifier()),
119 ("keyEncryptionAlgorithm", KeyEncryptionAlgorithmIdentifier()),
120 ("encryptedKey", EncryptedKey()),
124 class OriginatorPublicKey(Sequence):
126 ("algorithm", AlgorithmIdentifier()),
127 ("publicKey", BitString()),
131 class OriginatorIdentifierOrKey(Choice):
133 # ("issuerAndSerialNumber", IssuerAndSerialNumber()),
134 # ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))),
135 ("originatorKey", OriginatorPublicKey(impl=tag_ctxc(1))),
139 class UserKeyingMaterial(OctetString):
143 class KeyAgreeRecipientIdentifier(Choice):
145 ("issuerAndSerialNumber", Any()),
146 # ("rKeyId", RecipientKeyIdentifier(impl=tag_ctxc(0))),
150 class RecipientEncryptedKey(Sequence):
152 ("rid", KeyAgreeRecipientIdentifier()),
153 ("encryptedKey", EncryptedKey()),
157 class RecipientEncryptedKeys(SequenceOf):
158 schema = RecipientEncryptedKey()
161 class KeyAgreeRecipientInfo(Sequence):
163 ("version", CMSVersion(3)),
164 ("originator", OriginatorIdentifierOrKey(expl=tag_ctxc(0))),
165 ("ukm", UserKeyingMaterial(expl=tag_ctxc(1), optional=True)),
166 ("keyEncryptionAlgorithm", KeyEncryptionAlgorithmIdentifier()),
167 ("recipientEncryptedKeys", RecipientEncryptedKeys()),
171 class RecipientInfo(Choice):
173 ("ktri", KeyTransRecipientInfo()),
174 ("kari", KeyAgreeRecipientInfo(impl=tag_ctxc(1))),
175 # ("kekri", KEKRecipientInfo(impl=tag_ctxc(2))),
176 # ("pwri", PasswordRecipientInfo(impl=tag_ctxc(3))),
177 # ("ori", OtherRecipientInfo(impl=tag_ctxc(4))),
181 class RecipientInfos(SetOf):
182 schema = RecipientInfo()
183 bounds = (1, float("+inf"))
186 class Gost2814789IV(OctetString):
190 class Gost2814789Parameters(Sequence):
192 ("iv", Gost2814789IV()),
193 ("encryptionParamSet", ObjectIdentifier()),
197 class ContentEncryptionAlgorithmIdentifier(AlgorithmIdentifier):
199 ("algorithm", ObjectIdentifier(defines=(
200 (("parameters",), {id_Gost28147_89: Gost2814789Parameters()}),
202 ("parameters", Any(optional=True)),
206 class EncryptedContent(OctetString):
210 class EncryptedContentInfo(Sequence):
212 ("contentType", ContentType()),
213 ("contentEncryptionAlgorithm", ContentEncryptionAlgorithmIdentifier()),
214 ("encryptedContent", EncryptedContent(impl=tag_ctxp(0), optional=True)),
218 class EnvelopedData(Sequence):
220 ("version", CMSVersion()),
221 # ("originatorInfo", OriginatorInfo(impl=tag_ctxc(0), optional=True)),
222 ("recipientInfos", RecipientInfos()),
223 ("encryptedContentInfo", EncryptedContentInfo()),
224 # ("unprotectedAttrs", UnprotectedAttributes(impl=tag_ctxc(1), optional=True)),
228 class EncapsulatedContentInfo(Sequence):
230 ("eContentType", ContentType()),
231 ("eContent", OctetString(expl=tag_ctxc(0), optional=True)),
235 class SignerIdentifier(Choice):
237 ("issuerAndSerialNumber", Any()),
238 # ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))),
242 class DigestAlgorithmIdentifiers(SetOf):
243 schema = AlgorithmIdentifier()
246 class DigestAlgorithmIdentifier(AlgorithmIdentifier):
250 class SignatureAlgorithmIdentifier(AlgorithmIdentifier):
254 class SignatureValue(OctetString):
258 class SignerInfo(Sequence):
260 ("version", CMSVersion()),
261 ("sid", SignerIdentifier()),
262 ("digestAlgorithm", DigestAlgorithmIdentifier()),
263 # ("signedAttrs", SignedAttributes(impl=tag_ctxc(0), optional=True)),
264 ("signatureAlgorithm", SignatureAlgorithmIdentifier()),
265 ("signature", SignatureValue()),
266 # ("unsignedAttrs", UnsignedAttributes(impl=tag_ctxc(1), optional=True)),
270 class SignerInfos(SetOf):
271 schema = SignerInfo()
274 class CertificateChoices(Choice):
276 ('certificate', Certificate()),
277 # ('extendedCertificate', ExtendedCertificate(impl=tag_ctxp(0))),
278 # ('v1AttrCert', AttributeCertificateV1(impl=tag_ctxc(1))), # V1 is osbolete
279 # ('v2AttrCert', AttributeCertificateV2(impl=tag_ctxc(2))),
280 # ('other', OtherCertificateFormat(impl=tag_ctxc(3))),
284 class CertificateSet(SetOf):
285 schema = CertificateChoices()
288 class SignedData(Sequence):
290 ("version", CMSVersion()),
291 ("digestAlgorithms", DigestAlgorithmIdentifiers()),
292 ("encapContentInfo", EncapsulatedContentInfo()),
293 ("certificates", CertificateSet(impl=tag_ctxc(0), optional=True)),
294 # ("crls", RevocationInfoChoices(impl=tag_ctxc(1), optional=True)),
295 ("signerInfos", SignerInfos()),
299 class Digest(OctetString):
303 class DigestedData(Sequence):
305 ("version", CMSVersion()),
306 ("digestAlgorithm", DigestAlgorithmIdentifier()),
307 ("encapContentInfo", EncapsulatedContentInfo()),
308 ("digest", Digest()),
312 class ContentInfo(Sequence):
314 ("contentType", ContentType(defines=(
316 id_digestedData: DigestedData(),
317 id_envelopedData: EnvelopedData(),
318 id_signedData: SignedData(),
321 ("content", Any(expl=tag_ctxc(0))),