X-Git-Url: http://www.git.cypherpunks.ru/?p=pygost.git;a=blobdiff_plain;f=pygost%2Fasn1schemas%2Fcms.py;h=a39b10be978f2f2e1b8ad0d27a671ec6bf1a6c9a;hp=23099353217a6b683167212371fe534b12088b5b;hb=fd28fdc0abb235b8a6244b9cc3b3456dffae70f6;hpb=5e92533267cb41c42af1243592c530304d18bff5 diff --git a/pygost/asn1schemas/cms.py b/pygost/asn1schemas/cms.py index 2309935..a39b10b 100644 --- a/pygost/asn1schemas/cms.py +++ b/pygost/asn1schemas/cms.py @@ -28,14 +28,26 @@ from pyderasn import SetOf from pyderasn import tag_ctxc from pyderasn import tag_ctxp +from pygost.asn1schemas.oids import id_cms_mac_attr +from pygost.asn1schemas.oids import id_contentType from pygost.asn1schemas.oids import id_digestedData +from pygost.asn1schemas.oids import id_encryptedData from pygost.asn1schemas.oids import id_envelopedData from pygost.asn1schemas.oids import id_Gost28147_89 +from pygost.asn1schemas.oids import id_gostr3412_2015_kuznyechik_ctracpkm +from pygost.asn1schemas.oids import id_gostr3412_2015_kuznyechik_ctracpkm_omac +from pygost.asn1schemas.oids import id_gostr3412_2015_kuznyechik_wrap_kexp15 +from pygost.asn1schemas.oids import id_gostr3412_2015_magma_ctracpkm +from pygost.asn1schemas.oids import id_gostr3412_2015_magma_ctracpkm_omac +from pygost.asn1schemas.oids import id_gostr3412_2015_magma_wrap_kexp15 +from pygost.asn1schemas.oids import id_messageDigest from pygost.asn1schemas.oids import id_signedData from pygost.asn1schemas.oids import id_tc26_gost3410_2012_256 from pygost.asn1schemas.oids import id_tc26_gost3410_2012_512 from pygost.asn1schemas.x509 import AlgorithmIdentifier from pygost.asn1schemas.x509 import Certificate +from pygost.asn1schemas.x509 import CertificateSerialNumber +from pygost.asn1schemas.x509 import Name from pygost.asn1schemas.x509 import SubjectPublicKeyInfo @@ -91,12 +103,32 @@ class GostR3410KeyTransport(Sequence): ) +class GostR3410KeyTransport2019(Sequence): + schema = ( + ("encryptedKey", OctetString()), + ("ephemeralPublicKey", SubjectPublicKeyInfo()), + ("ukm", OctetString()), + ) + + +class GostR341012KEGParameters(Sequence): + schema = ( + ("algorithm", ObjectIdentifier()), + ) + + class KeyEncryptionAlgorithmIdentifier(AlgorithmIdentifier): schema = ( ("algorithm", ObjectIdentifier(defines=( + (("parameters",), { + id_gostr3412_2015_magma_wrap_kexp15: GostR341012KEGParameters(), + id_gostr3412_2015_kuznyechik_wrap_kexp15: GostR341012KEGParameters(), + }), (("..", "encryptedKey"), { id_tc26_gost3410_2012_256: GostR3410KeyTransport(), id_tc26_gost3410_2012_512: GostR3410KeyTransport(), + id_gostr3412_2015_magma_wrap_kexp15: GostR3410KeyTransport2019(), + id_gostr3412_2015_kuznyechik_wrap_kexp15: GostR3410KeyTransport2019(), }), (("..", "recipientEncryptedKeys", any, "encryptedKey"), { id_tc26_gost3410_2012_256: Gost2814789EncryptedKey(), @@ -127,10 +159,25 @@ class OriginatorPublicKey(Sequence): ) +class IssuerAndSerialNumber(Sequence): + schema = ( + ("issuer", Name()), + ("serialNumber", CertificateSerialNumber()), + ) + + +class KeyIdentifier(OctetString): + pass + + +class SubjectKeyIdentifier(KeyIdentifier): + pass + + class OriginatorIdentifierOrKey(Choice): schema = ( - # ("issuerAndSerialNumber", IssuerAndSerialNumber()), - # ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))), + ("issuerAndSerialNumber", IssuerAndSerialNumber()), + ("subjectKeyIdentifier", SubjectKeyIdentifier(impl=tag_ctxp(0))), ("originatorKey", OriginatorPublicKey(impl=tag_ctxc(1))), ) @@ -193,10 +240,22 @@ class Gost2814789Parameters(Sequence): ) +class Gost341215EncryptionParameters(Sequence): + schema = ( + ("ukm", OctetString()), + ) + + class ContentEncryptionAlgorithmIdentifier(AlgorithmIdentifier): schema = ( ("algorithm", ObjectIdentifier(defines=( - (("parameters",), {id_Gost28147_89: Gost2814789Parameters()}), + (("parameters",), { + id_Gost28147_89: Gost2814789Parameters(), + id_gostr3412_2015_magma_ctracpkm: Gost341215EncryptionParameters(), + id_gostr3412_2015_kuznyechik_ctracpkm: Gost341215EncryptionParameters(), + id_gostr3412_2015_magma_ctracpkm_omac: Gost341215EncryptionParameters(), + id_gostr3412_2015_kuznyechik_ctracpkm_omac: Gost341215EncryptionParameters(), + }), ))), ("parameters", Any(optional=True)), ) @@ -214,13 +273,47 @@ class EncryptedContentInfo(Sequence): ) +class Digest(OctetString): + pass + + +class AttributeValue(Any): + pass + + +class AttributeValues(SetOf): + schema = AttributeValue() + + +class EncryptedMac(OctetString): + pass + + +class Attribute(Sequence): + schema = ( + ("attrType", ObjectIdentifier(defines=( + (("attrValues",), { + id_contentType: ObjectIdentifier(), + id_messageDigest: Digest(), + id_cms_mac_attr: EncryptedMac(), + },), + ))), + ("attrValues", AttributeValues()), + ) + + +class UnprotectedAttributes(SetOf): + schema = Attribute() + bounds = (1, float("+inf")) + + class EnvelopedData(Sequence): schema = ( ("version", CMSVersion()), # ("originatorInfo", OriginatorInfo(impl=tag_ctxc(0), optional=True)), ("recipientInfos", RecipientInfos()), ("encryptedContentInfo", EncryptedContentInfo()), - # ("unprotectedAttrs", UnprotectedAttributes(impl=tag_ctxc(1), optional=True)), + ("unprotectedAttrs", UnprotectedAttributes(impl=tag_ctxc(1), optional=True)), ) @@ -254,12 +347,17 @@ class SignatureValue(OctetString): pass +class SignedAttributes(SetOf): + schema = Attribute() + bounds = (1, float("+inf")) + + class SignerInfo(Sequence): schema = ( ("version", CMSVersion()), ("sid", SignerIdentifier()), ("digestAlgorithm", DigestAlgorithmIdentifier()), - # ("signedAttrs", SignedAttributes(impl=tag_ctxc(0), optional=True)), + ("signedAttrs", SignedAttributes(impl=tag_ctxc(0), optional=True)), ("signatureAlgorithm", SignatureAlgorithmIdentifier()), ("signature", SignatureValue()), # ("unsignedAttrs", UnsignedAttributes(impl=tag_ctxc(1), optional=True)), @@ -272,11 +370,11 @@ class SignerInfos(SetOf): class CertificateChoices(Choice): schema = ( - ('certificate', Certificate()), - # ('extendedCertificate', ExtendedCertificate(impl=tag_ctxp(0))), - # ('v1AttrCert', AttributeCertificateV1(impl=tag_ctxc(1))), # V1 is osbolete - # ('v2AttrCert', AttributeCertificateV2(impl=tag_ctxc(2))), - # ('other', OtherCertificateFormat(impl=tag_ctxc(3))), + ("certificate", Certificate()), + # ("extendedCertificate", ExtendedCertificate(impl=tag_ctxp(0))), + # ("v1AttrCert", AttributeCertificateV1(impl=tag_ctxc(1))), # V1 is osbolete + # ("v2AttrCert", AttributeCertificateV2(impl=tag_ctxc(2))), + # ("other", OtherCertificateFormat(impl=tag_ctxc(3))), ) @@ -295,10 +393,6 @@ class SignedData(Sequence): ) -class Digest(OctetString): - pass - - class DigestedData(Sequence): schema = ( ("version", CMSVersion()), @@ -308,11 +402,20 @@ class DigestedData(Sequence): ) +class EncryptedData(Sequence): + schema = ( + ("version", CMSVersion()), + ("encryptedContentInfo", EncryptedContentInfo()), + ("unprotectedAttrs", UnprotectedAttributes(impl=tag_ctxc(1), optional=True)), + ) + + class ContentInfo(Sequence): schema = ( ("contentType", ContentType(defines=( (("content",), { id_digestedData: DigestedData(), + id_encryptedData: EncryptedData(), id_envelopedData: EnvelopedData(), id_signedData: SignedData(), }),