# coding: utf-8
# PyGOST -- Pure Python GOST cryptographic functions library
-# Copyright (C) 2015-2018 Sergey Matveev <stargrave@stargrave.org>
+# Copyright (C) 2015-2021 Sergey Matveev <stargrave@stargrave.org>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
+# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
from pygost.asn1schemas.cms import CMSVersion
from pygost.asn1schemas.cms import ContentType
+from pygost.asn1schemas.cms import Gost2814789Parameters
+from pygost.asn1schemas.cms import Gost341215EncryptionParameters
+from pygost.asn1schemas.oids import id_data
+from pygost.asn1schemas.oids import id_encryptedData
+from pygost.asn1schemas.oids import id_Gost28147_89
+from pygost.asn1schemas.oids import id_gostr3412_2015_kuznyechik_ctracpkm
+from pygost.asn1schemas.oids import id_gostr3412_2015_kuznyechik_ctracpkm_omac
+from pygost.asn1schemas.oids import id_gostr3412_2015_magma_ctracpkm
+from pygost.asn1schemas.oids import id_gostr3412_2015_magma_ctracpkm_omac
+from pygost.asn1schemas.oids import id_pbes2
+from pygost.asn1schemas.oids import id_pbkdf2
+from pygost.asn1schemas.oids import id_pkcs9_certTypes_x509Certificate
+from pygost.asn1schemas.prvkey import PrivateKeyInfo
from pygost.asn1schemas.x509 import AlgorithmIdentifier
+from pygost.asn1schemas.x509 import Certificate
-class EncryptionAlgorithmIdentifier(AlgorithmIdentifier):
+class PBKDF2Salt(Choice):
+ schema = (
+ ("specified", OctetString()),
+ # ("otherSource", PBKDF2SaltSources()),
+ )
+
+
+id_hmacWithSHA1 = ObjectIdentifier("1.2.840.113549.2.7")
+
+
+class PBKDF2PRFs(AlgorithmIdentifier):
schema = (
- ("algorithm", ObjectIdentifier()),
+ ("algorithm", ObjectIdentifier(default=id_hmacWithSHA1)),
("parameters", Any(optional=True)),
)
-class ContentEncryptionAlgorithmIdentifier(EncryptionAlgorithmIdentifier):
- pass
+class IterationCount(Integer):
+ bounds = (1, float("+inf"))
+
+
+class KeyLength(Integer):
+ bounds = (1, float("+inf"))
+
+
+class PBKDF2Params(Sequence):
+ schema = (
+ ("salt", PBKDF2Salt()),
+ ("iterationCount", IterationCount(optional=True)),
+ ("keyLength", KeyLength(optional=True)),
+ ("prf", PBKDF2PRFs()),
+ )
class PBES2KDFs(AlgorithmIdentifier):
schema = (
- ("algorithm", ObjectIdentifier()),
+ ("algorithm", ObjectIdentifier(defines=(
+ (("parameters",), {id_pbkdf2: PBKDF2Params()}),
+ ))),
("parameters", Any(optional=True)),
)
class PBES2Encs(AlgorithmIdentifier):
schema = (
- ("algorithm", ObjectIdentifier()),
+ ("algorithm", ObjectIdentifier(defines=(
+ (("parameters",), {
+ id_Gost28147_89: Gost2814789Parameters(),
+ id_gostr3412_2015_magma_ctracpkm: Gost341215EncryptionParameters(),
+ id_gostr3412_2015_magma_ctracpkm_omac: Gost341215EncryptionParameters(),
+ id_gostr3412_2015_kuznyechik_ctracpkm: Gost341215EncryptionParameters(),
+ id_gostr3412_2015_kuznyechik_ctracpkm_omac: Gost341215EncryptionParameters(),
+ }),
+ ))),
("parameters", Any(optional=True)),
)
)
+class EncryptionAlgorithmIdentifier(AlgorithmIdentifier):
+ schema = (
+ ("algorithm", ObjectIdentifier(defines=(
+ (("parameters",), {id_pbes2: PBES2Params()}),
+ ))),
+ ("parameters", Any(optional=True)),
+ )
+
+
+class ContentEncryptionAlgorithmIdentifier(EncryptionAlgorithmIdentifier):
+ schema = (
+ ("algorithm", ObjectIdentifier(defines=(
+ (("parameters",), {id_pbes2: PBES2Params()}),
+ ))),
+ ("parameters", Any(optional=True)),
+ )
+
+
class EncryptedContent(OctetString):
pass
class SafeBag(Sequence):
schema = (
- ("bagId", ObjectIdentifier()),
+ ("bagId", ObjectIdentifier(defines=(
+ (("bagValue",), {id_encryptedData: EncryptedData()}),
+ ))),
("bagValue", PKCS12BagSet(expl=tag_ctxc(0))),
("bagAttributes", PKCS12Attributes(optional=True)),
)
schema = SafeBag()
-class OctetStringSafeContents(Sequence):
- tag_default = OctetString.tag_default
- schema = (("safeContents", SafeContents()),)
+OctetStringSafeContents = SafeContents(expl=OctetString.tag_default)
class AuthSafe(Sequence):
schema = (
- ("contentType", ContentType()),
+ ("contentType", ContentType(defines=(
+ (("content",), {id_data: OctetStringSafeContents()}),
+ ))),
("content", Any(expl=tag_ctxc(0))),
)
pass
-class PBKDF2Salt(Choice):
- schema = (
- ("specified", OctetString()),
- # ("otherSource", PBKDF2SaltSources()),
- )
+OctetStringX509Certificate = Certificate(expl=OctetString.tag_default)
-id_hmacWithSHA1 = ObjectIdentifier("1.2.840.113549.2.7")
+class CertTypes(Any):
+ pass
-class PBKDF2PRFs(AlgorithmIdentifier):
+class CertBag(Sequence):
schema = (
- ("algorithm", ObjectIdentifier(default=id_hmacWithSHA1)),
- ("parameters", Any(optional=True)),
+ ("certId", ObjectIdentifier(defines=(
+ (("certValue",), {
+ id_pkcs9_certTypes_x509Certificate: OctetStringX509Certificate(),
+ }),
+ ))),
+ ("certValue", CertTypes(expl=tag_ctxc(0))),
)
-class IterationCount(Integer):
- bounds = (1, float("+inf"))
-
-
-class KeyLength(Integer):
- bounds = (1, float("+inf"))
-
-
-class PBKDF2Params(Sequence):
- schema = (
- ("salt", PBKDF2Salt()),
- ("iterationCount", IterationCount(optional=True)),
- ("keyLength", KeyLength(optional=True)),
- ("prf", PBKDF2PRFs()),
- )
+class KeyBag(PrivateKeyInfo):
+ pass