pygost/asn1schemas/pfx.py

   1 # coding: utf-8
   2 # PyGOST -- Pure Python GOST cryptographic functions library
   3 # Copyright (C) 2015-2021 Sergey Matveev <stargrave@stargrave.org>
   4 #
   5 # This program is free software: you can redistribute it and/or modify
   6 # it under the terms of the GNU General Public License as published by
   7 # the Free Software Foundation, version 3 of the License.
   8 #
   9 # This program is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU General Public License
  15 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  16 """PKCS #12 related structures (**NOT COMPLETE**)
  17 """
  18
  19 from pyderasn import Any
  20 from pyderasn import Choice
  21 from pyderasn import Integer
  22 from pyderasn import ObjectIdentifier
  23 from pyderasn import OctetString
  24 from pyderasn import Sequence
  25 from pyderasn import SequenceOf
  26 from pyderasn import SetOf
  27 from pyderasn import tag_ctxc
  28 from pyderasn import tag_ctxp
  29
  30 from pygost.asn1schemas.cms import CMSVersion
  31 from pygost.asn1schemas.cms import ContentType
  32 from pygost.asn1schemas.cms import Gost2814789Parameters
  33 from pygost.asn1schemas.cms import Gost341215EncryptionParameters
  34 from pygost.asn1schemas.oids import id_data
  35 from pygost.asn1schemas.oids import id_encryptedData
  36 from pygost.asn1schemas.oids import id_Gost28147_89
  37 from pygost.asn1schemas.oids import id_gostr3412_2015_kuznyechik_ctracpkm
  38 from pygost.asn1schemas.oids import id_gostr3412_2015_kuznyechik_ctracpkm_omac
  39 from pygost.asn1schemas.oids import id_gostr3412_2015_magma_ctracpkm
  40 from pygost.asn1schemas.oids import id_gostr3412_2015_magma_ctracpkm_omac
  41 from pygost.asn1schemas.oids import id_pbes2
  42 from pygost.asn1schemas.oids import id_pbkdf2
  43 from pygost.asn1schemas.oids import id_pkcs9_certTypes_x509Certificate
  44 from pygost.asn1schemas.prvkey import PrivateKeyInfo
  45 from pygost.asn1schemas.x509 import AlgorithmIdentifier
  46 from pygost.asn1schemas.x509 import Certificate
  47
  48
  49 class PBKDF2Salt(Choice):
  50     schema = (
  51         ("specified", OctetString()),
  52         # ("otherSource", PBKDF2SaltSources()),
  53     )
  54
  55
  56 id_hmacWithSHA1 = ObjectIdentifier("1.2.840.113549.2.7")
  57
  58
  59 class PBKDF2PRFs(AlgorithmIdentifier):
  60     schema = (
  61         ("algorithm", ObjectIdentifier(default=id_hmacWithSHA1)),
  62         ("parameters", Any(optional=True)),
  63     )
  64
  65
  66 class IterationCount(Integer):
  67     bounds = (1, float("+inf"))
  68
  69
  70 class KeyLength(Integer):
  71     bounds = (1, float("+inf"))
  72
  73
  74 class PBKDF2Params(Sequence):
  75     schema = (
  76         ("salt", PBKDF2Salt()),
  77         ("iterationCount", IterationCount(optional=True)),
  78         ("keyLength", KeyLength(optional=True)),
  79         ("prf", PBKDF2PRFs()),
  80     )
  81
  82
  83 class PBES2KDFs(AlgorithmIdentifier):
  84     schema = (
  85         ("algorithm", ObjectIdentifier(defines=(
  86             (("parameters",), {id_pbkdf2: PBKDF2Params()}),
  87         ))),
  88         ("parameters", Any(optional=True)),
  89     )
  90
  91
  92 class PBES2Encs(AlgorithmIdentifier):
  93     schema = (
  94         ("algorithm", ObjectIdentifier(defines=(
  95             (("parameters",), {
  96                 id_Gost28147_89: Gost2814789Parameters(),
  97                 id_gostr3412_2015_magma_ctracpkm: Gost341215EncryptionParameters(),
  98                 id_gostr3412_2015_magma_ctracpkm_omac: Gost341215EncryptionParameters(),
  99                 id_gostr3412_2015_kuznyechik_ctracpkm: Gost341215EncryptionParameters(),
 100                 id_gostr3412_2015_kuznyechik_ctracpkm_omac: Gost341215EncryptionParameters(),
 101             }),
 102         ))),
 103         ("parameters", Any(optional=True)),
 104     )
 105
 106
 107 class PBES2Params(Sequence):
 108     schema = (
 109         ("keyDerivationFunc", PBES2KDFs()),
 110         ("encryptionScheme", PBES2Encs()),
 111     )
 112
 113
 114 class EncryptionAlgorithmIdentifier(AlgorithmIdentifier):
 115     schema = (
 116         ("algorithm", ObjectIdentifier(defines=(
 117             (("parameters",), {id_pbes2: PBES2Params()}),
 118         ))),
 119         ("parameters", Any(optional=True)),
 120     )
 121
 122
 123 class ContentEncryptionAlgorithmIdentifier(EncryptionAlgorithmIdentifier):
 124     schema = (
 125         ("algorithm", ObjectIdentifier(defines=(
 126             (("parameters",), {id_pbes2: PBES2Params()}),
 127         ))),
 128         ("parameters", Any(optional=True)),
 129     )
 130
 131
 132 class EncryptedContent(OctetString):
 133     pass
 134
 135
 136 class EncryptedContentInfo(Sequence):
 137     schema = (
 138         ("contentType", ContentType()),
 139         ("contentEncryptionAlgorithm", ContentEncryptionAlgorithmIdentifier()),
 140         ("encryptedContent", EncryptedContent(impl=tag_ctxp(0), optional=True)),
 141     )
 142
 143
 144 class EncryptedData(Sequence):
 145     schema = (
 146         ("version", CMSVersion()),
 147         ("encryptedContentInfo", EncryptedContentInfo()),
 148         # ("unprotectedAttrs", UnprotectedAttributes(impl=tag_ctxc(1), optional=True)),
 149     )
 150
 151
 152 class PKCS12BagSet(Any):
 153     pass
 154
 155
 156 class AttrValue(SetOf):
 157     schema = Any()
 158
 159
 160 class PKCS12Attribute(Sequence):
 161     schema = (
 162         ("attrId", ObjectIdentifier()),
 163         ("attrValue", AttrValue()),
 164     )
 165
 166
 167 class PKCS12Attributes(SetOf):
 168     schema = PKCS12Attribute()
 169
 170
 171 class SafeBag(Sequence):
 172     schema = (
 173         ("bagId", ObjectIdentifier(defines=(
 174             (("bagValue",), {id_encryptedData: EncryptedData()}),
 175         ))),
 176         ("bagValue", PKCS12BagSet(expl=tag_ctxc(0))),
 177         ("bagAttributes", PKCS12Attributes(optional=True)),
 178     )
 179
 180
 181 class SafeContents(SequenceOf):
 182     schema = SafeBag()
 183
 184
 185 OctetStringSafeContents = SafeContents(expl=OctetString.tag_default)
 186
 187
 188 class AuthSafe(Sequence):
 189     schema = (
 190         ("contentType", ContentType(defines=(
 191             (("content",), {id_data: OctetStringSafeContents()}),
 192         ))),
 193         ("content", Any(expl=tag_ctxc(0))),
 194     )
 195
 196
 197 class DigestInfo(Sequence):
 198     schema = (
 199         ("digestAlgorithm", AlgorithmIdentifier()),
 200         ("digest", OctetString()),
 201     )
 202
 203
 204 class MacData(Sequence):
 205     schema = (
 206         ("mac", DigestInfo()),
 207         ("macSalt", OctetString()),
 208         ("iterations", Integer(default=1)),
 209     )
 210
 211
 212 class PFX(Sequence):
 213     schema = (
 214         ("version", Integer(default=1)),
 215         ("authSafe", AuthSafe()),
 216         ("macData", MacData(optional=True)),
 217     )
 218
 219
 220 class EncryptedPrivateKeyInfo(Sequence):
 221     schema = (
 222         ("encryptionAlgorithm", EncryptionAlgorithmIdentifier()),
 223         ("encryptedData", OctetString()),
 224     )
 225
 226
 227 class PKCS8ShroudedKeyBag(EncryptedPrivateKeyInfo):
 228     pass
 229
 230
 231 OctetStringX509Certificate = Certificate(expl=OctetString.tag_default)
 232
 233
 234 class CertTypes(Any):
 235     pass
 236
 237
 238 class CertBag(Sequence):
 239     schema = (
 240         ("certId", ObjectIdentifier(defines=(
 241             (("certValue",), {
 242                 id_pkcs9_certTypes_x509Certificate: OctetStringX509Certificate(),
 243             }),
 244         ))),
 245         ("certValue", CertTypes(expl=tag_ctxc(0))),
 246     )
 247
 248
 249 class KeyBag(PrivateKeyInfo):
 250     pass