# coding: utf-8
# PyGOST -- Pure Python GOST cryptographic functions library
-# Copyright (C) 2015-2018 Sergey Matveev <stargrave@stargrave.org>
+# Copyright (C) 2015-2021 Sergey Matveev <stargrave@stargrave.org>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
+# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
from pyderasn import tag_ctxc
from pyderasn import tag_ctxp
+from pygost.asn1schemas.oids import id_cms_mac_attr
+from pygost.asn1schemas.oids import id_contentType
from pygost.asn1schemas.oids import id_digestedData
+from pygost.asn1schemas.oids import id_encryptedData
from pygost.asn1schemas.oids import id_envelopedData
from pygost.asn1schemas.oids import id_Gost28147_89
+from pygost.asn1schemas.oids import id_gostr3412_2015_kuznyechik_ctracpkm
+from pygost.asn1schemas.oids import id_gostr3412_2015_kuznyechik_ctracpkm_omac
+from pygost.asn1schemas.oids import id_gostr3412_2015_kuznyechik_wrap_kexp15
+from pygost.asn1schemas.oids import id_gostr3412_2015_magma_ctracpkm
+from pygost.asn1schemas.oids import id_gostr3412_2015_magma_ctracpkm_omac
+from pygost.asn1schemas.oids import id_gostr3412_2015_magma_wrap_kexp15
+from pygost.asn1schemas.oids import id_messageDigest
from pygost.asn1schemas.oids import id_signedData
from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256
from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512
from pygost.asn1schemas.x509 import AlgorithmIdentifier
+from pygost.asn1schemas.x509 import Certificate
+from pygost.asn1schemas.x509 import CertificateSerialNumber
+from pygost.asn1schemas.x509 import Name
from pygost.asn1schemas.x509 import SubjectPublicKeyInfo
pass
+class IssuerAndSerialNumber(Sequence):
+ schema = (
+ ("issuer", Name()),
+ ("serialNumber", CertificateSerialNumber()),
+ )
+
+
+class KeyIdentifier(OctetString):
+ pass
+
+
+class SubjectKeyIdentifier(KeyIdentifier):
+ pass
+
+
class RecipientIdentifier(Choice):
schema = (
- ("issuerAndSerialNumber", Any()),
- # ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))),
+ ("issuerAndSerialNumber", IssuerAndSerialNumber()),
+ ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))),
)
)
+class GostR3410KeyTransport2019(Sequence):
+ schema = (
+ ("encryptedKey", OctetString()),
+ ("ephemeralPublicKey", SubjectPublicKeyInfo()),
+ ("ukm", OctetString()),
+ )
+
+
+class GostR341012KEGParameters(Sequence):
+ schema = (
+ ("algorithm", ObjectIdentifier()),
+ )
+
+
class KeyEncryptionAlgorithmIdentifier(AlgorithmIdentifier):
schema = (
("algorithm", ObjectIdentifier(defines=(
+ (("parameters",), {
+ id_gostr3412_2015_magma_wrap_kexp15: GostR341012KEGParameters(),
+ id_gostr3412_2015_kuznyechik_wrap_kexp15: GostR341012KEGParameters(),
+ }),
(("..", "encryptedKey"), {
id_tc26_gost3410_2012_256: GostR3410KeyTransport(),
id_tc26_gost3410_2012_512: GostR3410KeyTransport(),
+ id_gostr3412_2015_magma_wrap_kexp15: GostR3410KeyTransport2019(),
+ id_gostr3412_2015_kuznyechik_wrap_kexp15: GostR3410KeyTransport2019(),
}),
(("..", "recipientEncryptedKeys", any, "encryptedKey"), {
id_tc26_gost3410_2012_256: Gost2814789EncryptedKey(),
class OriginatorIdentifierOrKey(Choice):
schema = (
- # ("issuerAndSerialNumber", IssuerAndSerialNumber()),
- # ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))),
+ ("issuerAndSerialNumber", IssuerAndSerialNumber()),
+ ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))),
("originatorKey", OriginatorPublicKey(impl=tag_ctxc(1))),
)
class KeyAgreeRecipientIdentifier(Choice):
schema = (
- ("issuerAndSerialNumber", Any()),
+ ("issuerAndSerialNumber", IssuerAndSerialNumber()),
# ("rKeyId", RecipientKeyIdentifier(impl=tag_ctxc(0))),
)
)
+class Gost341215EncryptionParameters(Sequence):
+ schema = (
+ ("ukm", OctetString()),
+ )
+
+
class ContentEncryptionAlgorithmIdentifier(AlgorithmIdentifier):
schema = (
("algorithm", ObjectIdentifier(defines=(
- (("parameters",), {id_Gost28147_89: Gost2814789Parameters()}),
+ (("parameters",), {
+ id_Gost28147_89: Gost2814789Parameters(),
+ id_gostr3412_2015_magma_ctracpkm: Gost341215EncryptionParameters(),
+ id_gostr3412_2015_kuznyechik_ctracpkm: Gost341215EncryptionParameters(),
+ id_gostr3412_2015_magma_ctracpkm_omac: Gost341215EncryptionParameters(),
+ id_gostr3412_2015_kuznyechik_ctracpkm_omac: Gost341215EncryptionParameters(),
+ }),
))),
("parameters", Any(optional=True)),
)
)
+class Digest(OctetString):
+ pass
+
+
+class AttributeValue(Any):
+ pass
+
+
+class AttributeValues(SetOf):
+ schema = AttributeValue()
+
+
+class EncryptedMac(OctetString):
+ pass
+
+
+class Attribute(Sequence):
+ schema = (
+ ("attrType", ObjectIdentifier(defines=(
+ (("attrValues",), {
+ id_contentType: ObjectIdentifier(),
+ id_messageDigest: Digest(),
+ id_cms_mac_attr: EncryptedMac(),
+ },),
+ ))),
+ ("attrValues", AttributeValues()),
+ )
+
+
+class UnprotectedAttributes(SetOf):
+ schema = Attribute()
+ bounds = (1, float("+inf"))
+
+
+class CertificateChoices(Choice):
+ schema = (
+ ("certificate", Certificate()),
+ # ("extendedCertificate", OctetString(impl=tag_ctxp(0))),
+ # ("v1AttrCert", AttributeCertificateV1(impl=tag_ctxc(1))), # V1 is osbolete
+ # ("v2AttrCert", AttributeCertificateV2(impl=tag_ctxc(2))),
+ # ("other", OtherCertificateFormat(impl=tag_ctxc(3))),
+ )
+
+
+class CertificateSet(SetOf):
+ schema = CertificateChoices()
+
+
+class OriginatorInfo(Sequence):
+ schema = (
+ ("certs", CertificateSet(impl=tag_ctxc(0), optional=True)),
+ # ("crls", RevocationInfoChoices(impl=tag_ctxc(1), optional=True)),
+ )
+
+
class EnvelopedData(Sequence):
schema = (
("version", CMSVersion()),
- # ("originatorInfo", OriginatorInfo(impl=tag_ctxc(0), optional=True)),
+ ("originatorInfo", OriginatorInfo(impl=tag_ctxc(0), optional=True)),
("recipientInfos", RecipientInfos()),
("encryptedContentInfo", EncryptedContentInfo()),
- # ("unprotectedAttrs", UnprotectedAttributes(impl=tag_ctxc(1), optional=True)),
+ ("unprotectedAttrs", UnprotectedAttributes(impl=tag_ctxc(1), optional=True)),
)
class SignerIdentifier(Choice):
schema = (
- ("issuerAndSerialNumber", Any()),
- # ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))),
+ ("issuerAndSerialNumber", IssuerAndSerialNumber()),
+ ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))),
)
pass
+class SignedAttributes(SetOf):
+ schema = Attribute()
+ bounds = (1, float("+inf"))
+
+
class SignerInfo(Sequence):
schema = (
("version", CMSVersion()),
("sid", SignerIdentifier()),
("digestAlgorithm", DigestAlgorithmIdentifier()),
- # ("signedAttrs", SignedAttributes(impl=tag_ctxc(0), optional=True)),
+ ("signedAttrs", SignedAttributes(impl=tag_ctxc(0), optional=True)),
("signatureAlgorithm", SignatureAlgorithmIdentifier()),
("signature", SignatureValue()),
# ("unsignedAttrs", UnsignedAttributes(impl=tag_ctxc(1), optional=True)),
("version", CMSVersion()),
("digestAlgorithms", DigestAlgorithmIdentifiers()),
("encapContentInfo", EncapsulatedContentInfo()),
- # ("certificates", CertificateSet(impl=tag_ctxc(0), optional=True)),
+ ("certificates", CertificateSet(impl=tag_ctxc(0), optional=True)),
# ("crls", RevocationInfoChoices(impl=tag_ctxc(1), optional=True)),
("signerInfos", SignerInfos()),
)
-class Digest(OctetString):
- pass
-
-
class DigestedData(Sequence):
schema = (
("version", CMSVersion()),
)
+class EncryptedData(Sequence):
+ schema = (
+ ("version", CMSVersion()),
+ ("encryptedContentInfo", EncryptedContentInfo()),
+ ("unprotectedAttrs", UnprotectedAttributes(impl=tag_ctxc(1), optional=True)),
+ )
+
+
class ContentInfo(Sequence):
schema = (
("contentType", ContentType(defines=(
(("content",), {
id_digestedData: DigestedData(),
+ id_encryptedData: EncryptedData(),
id_envelopedData: EnvelopedData(),
id_signedData: SignedData(),
}),