pygost/asn1schemas/cms.py

   1 # coding: utf-8
   2 # PyGOST -- Pure Python GOST cryptographic functions library
   3 # Copyright (C) 2015-2019 Sergey Matveev <stargrave@stargrave.org>
   4 #
   5 # This program is free software: you can redistribute it and/or modify
   6 # it under the terms of the GNU General Public License as published by
   7 # the Free Software Foundation, either version 3 of the License, or
   8 # (at your option) any later version.
   9 #
  10 # This program is distributed in the hope that it will be useful,
  11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13 # GNU General Public License for more details.
  14 #
  15 # You should have received a copy of the GNU General Public License
  16 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  17 """CMS related structures (**NOT COMPLETE**)
  18 """
  19
  20 from pyderasn import Any
  21 from pyderasn import BitString
  22 from pyderasn import Choice
  23 from pyderasn import Integer
  24 from pyderasn import ObjectIdentifier
  25 from pyderasn import OctetString
  26 from pyderasn import Sequence
  27 from pyderasn import SequenceOf
  28 from pyderasn import SetOf
  29 from pyderasn import tag_ctxc
  30 from pyderasn import tag_ctxp
  31
  32 from pygost.asn1schemas.oids import id_digestedData
  33 from pygost.asn1schemas.oids import id_envelopedData
  34 from pygost.asn1schemas.oids import id_Gost28147_89
  35 from pygost.asn1schemas.oids import id_signedData
  36 from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256
  37 from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512
  38 from pygost.asn1schemas.x509 import AlgorithmIdentifier
  39 from pygost.asn1schemas.x509 import Certificate
  40 from pygost.asn1schemas.x509 import SubjectPublicKeyInfo
  41
  42
  43 class CMSVersion(Integer):
  44     pass
  45
  46
  47 class ContentType(ObjectIdentifier):
  48     pass
  49
  50
  51 class RecipientIdentifier(Choice):
  52     schema = (
  53         ("issuerAndSerialNumber", Any()),
  54         # ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))),
  55     )
  56
  57
  58 class Gost2814789Key(OctetString):
  59     bounds = (32, 32)
  60
  61
  62 class Gost2814789MAC(OctetString):
  63     bounds = (4, 4)
  64
  65
  66 class Gost2814789EncryptedKey(Sequence):
  67     schema = (
  68         ("encryptedKey", Gost2814789Key()),
  69         ("maskKey", Gost2814789Key(impl=tag_ctxp(0), optional=True)),
  70         ("macKey", Gost2814789MAC()),
  71     )
  72
  73
  74 class GostR34102001TransportParameters(Sequence):
  75     schema = (
  76         ("encryptionParamSet", ObjectIdentifier()),
  77         ("ephemeralPublicKey", SubjectPublicKeyInfo(
  78             impl=tag_ctxc(0),
  79             optional=True,
  80         )),
  81         ("ukm", OctetString()),
  82     )
  83
  84
  85 class GostR3410KeyTransport(Sequence):
  86     schema = (
  87         ("sessionEncryptedKey", Gost2814789EncryptedKey()),
  88         ("transportParameters", GostR34102001TransportParameters(
  89             impl=tag_ctxc(0),
  90             optional=True,
  91         )),
  92     )
  93
  94
  95 class KeyEncryptionAlgorithmIdentifier(AlgorithmIdentifier):
  96     schema = (
  97         ("algorithm", ObjectIdentifier(defines=(
  98             (("..", "encryptedKey"), {
  99                 id_tc26_gost3410_2012_256: GostR3410KeyTransport(),
 100                 id_tc26_gost3410_2012_512: GostR3410KeyTransport(),
 101             }),
 102             (("..", "recipientEncryptedKeys", any, "encryptedKey"), {
 103                 id_tc26_gost3410_2012_256: Gost2814789EncryptedKey(),
 104                 id_tc26_gost3410_2012_512: Gost2814789EncryptedKey(),
 105             }),
 106         ))),
 107         ("parameters", Any(optional=True)),
 108     )
 109
 110
 111 class EncryptedKey(OctetString):
 112     pass
 113
 114
 115 class KeyTransRecipientInfo(Sequence):
 116     schema = (
 117         ("version", CMSVersion()),
 118         ("rid", RecipientIdentifier()),
 119         ("keyEncryptionAlgorithm", KeyEncryptionAlgorithmIdentifier()),
 120         ("encryptedKey", EncryptedKey()),
 121     )
 122
 123
 124 class OriginatorPublicKey(Sequence):
 125     schema = (
 126         ("algorithm", AlgorithmIdentifier()),
 127         ("publicKey", BitString()),
 128     )
 129
 130
 131 class OriginatorIdentifierOrKey(Choice):
 132     schema = (
 133         # ("issuerAndSerialNumber", IssuerAndSerialNumber()),
 134         # ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))),
 135         ("originatorKey", OriginatorPublicKey(impl=tag_ctxc(1))),
 136     )
 137
 138
 139 class UserKeyingMaterial(OctetString):
 140     pass
 141
 142
 143 class KeyAgreeRecipientIdentifier(Choice):
 144     schema = (
 145         ("issuerAndSerialNumber", Any()),
 146         # ("rKeyId", RecipientKeyIdentifier(impl=tag_ctxc(0))),
 147     )
 148
 149
 150 class RecipientEncryptedKey(Sequence):
 151     schema = (
 152         ("rid", KeyAgreeRecipientIdentifier()),
 153         ("encryptedKey", EncryptedKey()),
 154     )
 155
 156
 157 class RecipientEncryptedKeys(SequenceOf):
 158     schema = RecipientEncryptedKey()
 159
 160
 161 class KeyAgreeRecipientInfo(Sequence):
 162     schema = (
 163         ("version", CMSVersion(3)),
 164         ("originator", OriginatorIdentifierOrKey(expl=tag_ctxc(0))),
 165         ("ukm", UserKeyingMaterial(expl=tag_ctxc(1), optional=True)),
 166         ("keyEncryptionAlgorithm", KeyEncryptionAlgorithmIdentifier()),
 167         ("recipientEncryptedKeys", RecipientEncryptedKeys()),
 168     )
 169
 170
 171 class RecipientInfo(Choice):
 172     schema = (
 173         ("ktri", KeyTransRecipientInfo()),
 174         ("kari", KeyAgreeRecipientInfo(impl=tag_ctxc(1))),
 175         # ("kekri", KEKRecipientInfo(impl=tag_ctxc(2))),
 176         # ("pwri", PasswordRecipientInfo(impl=tag_ctxc(3))),
 177         # ("ori", OtherRecipientInfo(impl=tag_ctxc(4))),
 178     )
 179
 180
 181 class RecipientInfos(SetOf):
 182     schema = RecipientInfo()
 183     bounds = (1, float("+inf"))
 184
 185
 186 class Gost2814789IV(OctetString):
 187     bounds = (8, 8)
 188
 189
 190 class Gost2814789Parameters(Sequence):
 191     schema = (
 192         ("iv", Gost2814789IV()),
 193         ("encryptionParamSet", ObjectIdentifier()),
 194     )
 195
 196
 197 class ContentEncryptionAlgorithmIdentifier(AlgorithmIdentifier):
 198     schema = (
 199         ("algorithm", ObjectIdentifier(defines=(
 200             (("parameters",), {id_Gost28147_89: Gost2814789Parameters()}),
 201         ))),
 202         ("parameters", Any(optional=True)),
 203     )
 204
 205
 206 class EncryptedContent(OctetString):
 207     pass
 208
 209
 210 class EncryptedContentInfo(Sequence):
 211     schema = (
 212         ("contentType", ContentType()),
 213         ("contentEncryptionAlgorithm", ContentEncryptionAlgorithmIdentifier()),
 214         ("encryptedContent", EncryptedContent(impl=tag_ctxp(0), optional=True)),
 215     )
 216
 217
 218 class EnvelopedData(Sequence):
 219     schema = (
 220         ("version", CMSVersion()),
 221         # ("originatorInfo", OriginatorInfo(impl=tag_ctxc(0), optional=True)),
 222         ("recipientInfos", RecipientInfos()),
 223         ("encryptedContentInfo", EncryptedContentInfo()),
 224         # ("unprotectedAttrs", UnprotectedAttributes(impl=tag_ctxc(1), optional=True)),
 225     )
 226
 227
 228 class EncapsulatedContentInfo(Sequence):
 229     schema = (
 230         ("eContentType", ContentType()),
 231         ("eContent", OctetString(expl=tag_ctxc(0), optional=True)),
 232     )
 233
 234
 235 class SignerIdentifier(Choice):
 236     schema = (
 237         ("issuerAndSerialNumber", Any()),
 238         # ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))),
 239     )
 240
 241
 242 class DigestAlgorithmIdentifiers(SetOf):
 243     schema = AlgorithmIdentifier()
 244
 245
 246 class DigestAlgorithmIdentifier(AlgorithmIdentifier):
 247     pass
 248
 249
 250 class SignatureAlgorithmIdentifier(AlgorithmIdentifier):
 251     pass
 252
 253
 254 class SignatureValue(OctetString):
 255     pass
 256
 257
 258 class SignerInfo(Sequence):
 259     schema = (
 260         ("version", CMSVersion()),
 261         ("sid", SignerIdentifier()),
 262         ("digestAlgorithm", DigestAlgorithmIdentifier()),
 263         # ("signedAttrs", SignedAttributes(impl=tag_ctxc(0), optional=True)),
 264         ("signatureAlgorithm", SignatureAlgorithmIdentifier()),
 265         ("signature", SignatureValue()),
 266         # ("unsignedAttrs", UnsignedAttributes(impl=tag_ctxc(1), optional=True)),
 267     )
 268
 269
 270 class SignerInfos(SetOf):
 271     schema = SignerInfo()
 272
 273
 274 class CertificateChoices(Choice):
 275     schema = (
 276         ('certificate', Certificate()),
 277         # ('extendedCertificate', ExtendedCertificate(impl=tag_ctxp(0))),
 278         # ('v1AttrCert', AttributeCertificateV1(impl=tag_ctxc(1))),  # V1 is osbolete
 279         # ('v2AttrCert', AttributeCertificateV2(impl=tag_ctxc(2))),
 280         # ('other', OtherCertificateFormat(impl=tag_ctxc(3))),
 281     )
 282
 283
 284 class CertificateSet(SetOf):
 285     schema = CertificateChoices()
 286
 287
 288 class SignedData(Sequence):
 289     schema = (
 290         ("version", CMSVersion()),
 291         ("digestAlgorithms", DigestAlgorithmIdentifiers()),
 292         ("encapContentInfo", EncapsulatedContentInfo()),
 293         ("certificates", CertificateSet(impl=tag_ctxc(0), optional=True)),
 294         # ("crls", RevocationInfoChoices(impl=tag_ctxc(1), optional=True)),
 295         ("signerInfos", SignerInfos()),
 296     )
 297
 298
 299 class Digest(OctetString):
 300     pass
 301
 302
 303 class DigestedData(Sequence):
 304     schema = (
 305         ("version", CMSVersion()),
 306         ("digestAlgorithm", DigestAlgorithmIdentifier()),
 307         ("encapContentInfo", EncapsulatedContentInfo()),
 308         ("digest", Digest()),
 309     )
 310
 311
 312 class ContentInfo(Sequence):
 313     schema = (
 314         ("contentType", ContentType(defines=(
 315             (("content",), {
 316                 id_digestedData: DigestedData(),
 317                 id_envelopedData: EnvelopedData(),
 318                 id_signedData: SignedData(),
 319             }),
 320         ))),
 321         ("content", Any(expl=tag_ctxc(0))),
 322     )