class DHBMParameter(univ.Sequence): """ DHBMParameter ::= SEQUENCE { owf AlgorithmIdentifier, -- AlgId for a One-Way Function (SHA-1 recommended) mac AlgorithmIdentifier -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], } -- or HMAC [RFC2104, RFC2202]) """ componentType = namedtype.NamedTypes( namedtype.NamedType('owf', rfc5280.AlgorithmIdentifier()), namedtype.NamedType('mac', rfc5280.AlgorithmIdentifier()) )
def testDerCodec(self): substrate = pem.readBase64fromText(self.env_data_pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) self.assertEqual(rfc5652.id_envelopedData, asn1Object['contentType']) ed, rest = der_decoder(asn1Object['content'], asn1Spec=rfc5652.EnvelopedData()) self.assertFalse(rest) self.assertTrue(ed.prettyPrint()) self.assertEqual(asn1Object['content'], der_encoder(ed)) kari_kea = ed['recipientInfos'][0]['kari']['keyEncryptionAlgorithm'] self.assertEqual(rfc2876.id_kEAKeyEncryptionAlgorithm, kari_kea['algorithm']) kwa, rest = der_decoder(kari_kea['parameters'], asn1Spec=rfc5280.AlgorithmIdentifier()) self.assertFalse(rest) self.assertTrue(kwa.prettyPrint()) self.assertEqual(kari_kea['parameters'], der_encoder(kwa)) self.assertEqual(rfc2876.id_fortezzaWrap80, kwa['algorithm']) cea = ed['encryptedContentInfo']['contentEncryptionAlgorithm'] self.assertEqual(rfc2876.id_fortezzaConfidentialityAlgorithm, cea['algorithm']) param, rest = der_decoder(cea['parameters'], rfc2876.Skipjack_Parm()) self.assertFalse(rest) self.assertTrue(param.prettyPrint()) self.assertEqual(cea['parameters'], der_encoder(param)) iv = univ.OctetString(hexValue='424f4755535f4956') self.assertEqual(iv, param['initialization-vector'])
class PBMParameter(univ.Sequence): """ PBMParameter ::= SEQUENCE { salt OCTET STRING, owf AlgorithmIdentifier, iterationCount INTEGER, mac AlgorithmIdentifier } """ componentType = namedtype.NamedTypes( namedtype.NamedType( 'salt', univ.OctetString().subtype(subtypeSpec=constraint.ValueSizeConstraint(0, 128)) ), namedtype.NamedType('owf', rfc5280.AlgorithmIdentifier()), namedtype.NamedType('iterationCount', univ.Integer()), namedtype.NamedType('mac', rfc5280.AlgorithmIdentifier()) )
class PKIHeader(univ.Sequence): """ PKIHeader ::= SEQUENCE { pvno INTEGER { cmp1999(1), cmp2000(2) }, sender GeneralName, recipient GeneralName, messageTime [0] GeneralizedTime OPTIONAL, protectionAlg [1] AlgorithmIdentifier OPTIONAL, senderKID [2] KeyIdentifier OPTIONAL, recipKID [3] KeyIdentifier OPTIONAL, transactionID [4] OCTET STRING OPTIONAL, senderNonce [5] OCTET STRING OPTIONAL, recipNonce [6] OCTET STRING OPTIONAL, freeText [7] PKIFreeText OPTIONAL, generalInfo [8] SEQUENCE SIZE (1..MAX) OF InfoTypeAndValue OPTIONAL } """ componentType = namedtype.NamedTypes( namedtype.NamedType( 'pvno', univ.Integer( namedValues=namedval.NamedValues(('cmp1999', 1), ('cmp2000', 2)) ) ), namedtype.NamedType('sender', rfc5280.GeneralName()), namedtype.NamedType('recipient', rfc5280.GeneralName()), namedtype.OptionalNamedType('messageTime', useful.GeneralizedTime().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType('protectionAlg', rfc5280.AlgorithmIdentifier().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), namedtype.OptionalNamedType('senderKID', rfc5280.KeyIdentifier().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), namedtype.OptionalNamedType('recipKID', rfc5280.KeyIdentifier().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), namedtype.OptionalNamedType('transactionID', univ.OctetString().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), namedtype.OptionalNamedType('senderNonce', univ.OctetString().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), namedtype.OptionalNamedType('recipNonce', univ.OctetString().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), namedtype.OptionalNamedType('freeText', PKIFreeText().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7))), namedtype.OptionalNamedType('generalInfo', univ.SequenceOf( componentType=InfoTypeAndValue().subtype( sizeSpec=constraint.ValueSizeConstraint(1, MAX) ) ).subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8)) ) )
class Challenge(univ.Sequence): """ Challenge ::= SEQUENCE { owf AlgorithmIdentifier OPTIONAL, witness OCTET STRING, challenge OCTET STRING } """ componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('owf', rfc5280.AlgorithmIdentifier()), namedtype.NamedType('witness', univ.OctetString()), namedtype.NamedType('challenge', univ.OctetString()) )
def testOpenTypes(self): openTypeMap = { rfc4357.id_GostR3410_2001: rfc4357.GostR3410_2001_PublicKeyParameters(), rfc4357.id_Gost28147_89: rfc4357.Gost28147_89_Parameters(), rfc4490.id_GostR3410_2001_CryptoPro_ESDH: rfc5280.AlgorithmIdentifier(), } substrate = pem.readBase64fromText(self.keyagree_pem_text) asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec, openTypes=openTypeMap, decodeOpenTypes=True) self.assertFalse(rest) self.assertTrue(asn1Object.prettyPrint()) self.assertEqual(substrate, der_encoder(asn1Object)) self.assertEqual(rfc5652.id_envelopedData, asn1Object['contentType']) ri = asn1Object['content']['recipientInfos'][0] alg1 = ri['kari']['originator']['originatorKey']['algorithm'] self.assertEqual(rfc4357.id_GostR3410_2001, alg1['algorithm']) param1 = alg1['parameters'] self.assertEqual(rfc4357.id_GostR3410_2001_CryptoPro_XchA_ParamSet, param1['publicKeyParamSet']) self.assertEqual(rfc4357.id_GostR3411_94_CryptoProParamSet, param1['digestParamSet']) self.assertEqual(8, len(ri['kari']['ukm'])) alg2 = ri['kari']['keyEncryptionAlgorithm'] self.assertEqual(rfc4490.id_GostR3410_2001_CryptoPro_ESDH, alg2['algorithm']) param2 = alg2['parameters'] self.assertEqual(rfc4490.id_Gost28147_89_None_KeyWrap, param2['algorithm']) kwa_p = param2['parameters'] self.assertEqual(rfc4357.id_Gost28147_89_CryptoPro_A_ParamSet, kwa_p['encryptionParamSet']) alg3 = asn1Object['content']['encryptedContentInfo'][ 'contentEncryptionAlgorithm'] self.assertEqual(rfc4357.id_Gost28147_89, alg3['algorithm']) param3 = alg3['parameters'] self.assertEqual(8, len(param3['iv'])) self.assertEqual(rfc4357.id_Gost28147_89_CryptoPro_A_ParamSet, param3['encryptionParamSet'])
class OOBCertHash(univ.Sequence): """ OOBCertHash ::= SEQUENCE { hashAlg [0] AlgorithmIdentifier OPTIONAL, certId [1] CertId OPTIONAL, hashVal BIT STRING } """ componentType = namedtype.NamedTypes( namedtype.OptionalNamedType( 'hashAlg', rfc5280.AlgorithmIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)) ), namedtype.OptionalNamedType( 'certId', rfc4211.CertId().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)) ), namedtype.NamedType('hashVal', univ.BitString()) )
class GCMParameters(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('nonce', univ.OctetString()), # The nonce may have any number of bits between 8 and 2^64, # but it MUST be a multiple of 8 bits. Within the scope of any # content-authenticated-encryption key, the nonce value MUST be # unique. A nonce value of 12 octets can be processed more # efficiently, so that length is RECOMMENDED. namedtype.DefaultedNamedType('length', MACLength().subtype(value=12))) # GMAC Algorithm Identifiers maca_aes128_GMAC = rfc5280.AlgorithmIdentifier() maca_aes128_GMAC['algorithm'] = id_aes128_GMAC # maca_aes128_GMAC['parameters'] are absent maca_aes192_GMAC = rfc5280.AlgorithmIdentifier() maca_aes192_GMAC['algorithm'] = id_aes192_GMAC # maca_aes192_GMAC['parameters'] are absent maca_aes256_GMAC = rfc5280.AlgorithmIdentifier() maca_aes256_GMAC['algorithm'] = id_aes256_GMAC # maca_aes256_GMAC['parameters'] are absent # Update the Algorithm Identifiers Map and the SMIMECapability Map _algorithmIdentifierMapUpdate = { id_aes128_GMAC: GCMParameters(),
'2.16.840.1.101.2.1.1.4') id_fortezzaWrap80 = univ.ObjectIdentifier('2.16.840.1.101.2.1.1.23') id_kEAKeyEncryptionAlgorithm = univ.ObjectIdentifier('2.16.840.1.101.2.1.1.24') id_keyExchangeAlgorithm = univ.ObjectIdentifier('2.16.840.1.101.2.1.1.22') class Skipjack_Parm(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('initialization-vector', univ.OctetString())) # Update the Algorithm Identifier map _algorithmIdentifierMapUpdate = { id_fortezzaConfidentialityAlgorithm: Skipjack_Parm(), id_kEAKeyEncryptionAlgorithm: rfc5280.AlgorithmIdentifier(), } algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate) # Update the S/MIME Capability map _smimeCapabilityMapUpdate = { id_kEAKeyEncryptionAlgorithm: rfc5280.AlgorithmIdentifier(), } smimeCapabilityMap.update(_smimeCapabilityMapUpdate)
# ASN.1 source from: # https://www.rfc-editor.org/rfc/rfc8692.txt # from pyasn1.type import univ from pyasn1_alt_modules import rfc4055 from pyasn1_alt_modules import rfc5280 from pyasn1_alt_modules import rfc5480 # SHAKE128 One-Way Hash Function id_shake128 = univ.ObjectIdentifier('2.16.840.1.101.3.4.2.11') mda_shake128 = rfc5280.AlgorithmIdentifier() mda_shake128['algorithm'] = id_shake128 # mda_shake128['parameters'] is absent # SHAKE256 One-Way Hash Function id_shake256 = univ.ObjectIdentifier('2.16.840.1.101.3.4.2.12') mda_shake256 = rfc5280.AlgorithmIdentifier() mda_shake256['algorithm'] = id_shake256 # mda_shake256['parameters'] is absent # RSA PSS with SHAKE128
# from pyasn1.type import constraint from pyasn1.type import univ from pyasn1_alt_modules import rfc5280 from pyasn1_alt_modules import opentypemap algorithmIdentifierMap = opentypemap.get('algorithmIdentifierMap') # MD5-XOR Experimental Message Digest Algorithm id_alg_MD5_XOR_EXPERIMENT = univ.ObjectIdentifier('1.2.840.113549.1.9.16.3.13') class MD5_XOR_EXPERIMENT(univ.OctetString): subtypeSpec = constraint.ValueSizeConstraint(64, 64) mda_xor_md5_EXPERIMENT = rfc5280.AlgorithmIdentifier() mda_xor_md5_EXPERIMENT['algorithm'] = id_alg_MD5_XOR_EXPERIMENT mda_xor_md5_EXPERIMENT['parameters'] = MD5_XOR_EXPERIMENT() # Update the Algorithm Identifier Map and the S/MIME Capability Map _algorithmIdentifierMapUpdate = { id_alg_MD5_XOR_EXPERIMENT: MD5_XOR_EXPERIMENT(), } algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)
id_RSAES_OAEP = _OID(1, 2, 840, 113549, 1, 1, 7) id_pSpecified = _OID(1, 2, 840, 113549, 1, 1, 9) id_RSASSA_PSS = _OID(1, 2, 840, 113549, 1, 1, 10) sha256WithRSAEncryption = _OID(1, 2, 840, 113549, 1, 1, 11) sha384WithRSAEncryption = _OID(1, 2, 840, 113549, 1, 1, 12) sha512WithRSAEncryption = _OID(1, 2, 840, 113549, 1, 1, 13) sha224WithRSAEncryption = _OID(1, 2, 840, 113549, 1, 1, 14) sha1Identifier = rfc5280.AlgorithmIdentifier() sha1Identifier['algorithm'] = id_sha1 sha1Identifier['parameters'] = univ.Null("") sha224Identifier = rfc5280.AlgorithmIdentifier() sha224Identifier['algorithm'] = id_sha224 sha224Identifier['parameters'] = univ.Null("") sha256Identifier = rfc5280.AlgorithmIdentifier() sha256Identifier['algorithm'] = id_sha256 sha256Identifier['parameters'] = univ.Null("") sha384Identifier = rfc5280.AlgorithmIdentifier() sha384Identifier['algorithm'] = id_sha384 sha384Identifier['parameters'] = univ.Null("")
def setUp(self): self.asn1Spec = rfc5280.AlgorithmIdentifier()
FirmwarePackageIdentifier.componentType = namedtype.NamedTypes( namedtype.NamedType('name', PreferredOrLegacyPackageIdentifier()), namedtype.OptionalNamedType('stale', PreferredOrLegacyStalePackageIdentifier())) # Firmware Package Message Digest Signed Attribute and Object Identifier id_aa_fwPkgMessageDigest = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.41') class FirmwarePackageMessageDigest(univ.Sequence): pass FirmwarePackageMessageDigest.componentType = namedtype.NamedTypes( namedtype.NamedType('algorithm', rfc5280.AlgorithmIdentifier()), namedtype.NamedType('msgDigest', univ.OctetString())) # Firmware Package Load Error Report Content Type and Object Identifier class FWErrorVersion(univ.Integer): pass FWErrorVersion.namedValues = namedval.NamedValues(('v1', 1)) id_ct_firmwareLoadError = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.18') class FirmwarePackageLoadError(univ.Sequence):
id_ct_compressedData = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.9') class CompressedData(univ.Sequence): pass CompressedData.componentType = namedtype.NamedTypes( namedtype.NamedType('version', rfc5652.CMSVersion()), # Always set to 0 namedtype.NamedType('compressionAlgorithm', CompressionAlgorithmIdentifier()), namedtype.NamedType('encapContentInfo', rfc5652.EncapsulatedContentInfo()) ) # Algorithm identifier for the zLib Compression Algorithm # This includes cpa_zlibCompress as defined in RFC 6268, # from https://www.rfc-editor.org/rfc/rfc6268.txt id_alg_zlibCompress = univ.ObjectIdentifier('1.2.840.113549.1.9.16.3.8') cpa_zlibCompress = rfc5280.AlgorithmIdentifier() cpa_zlibCompress['algorithm'] = id_alg_zlibCompress # cpa_zlibCompress['parameters'] are absent # Update the CMS Content Types Map _cmsContentTypesMapUpdate = { id_ct_compressedData: CompressedData(), } cmsContentTypesMap.update(_cmsContentTypesMapUpdate)
id_pkix = _buildOid(1, 3, 6, 1, 5, 5, 7) id_cmc = _buildOid(id_pkix, 7) id_cmc_batchResponses = _buildOid(id_cmc, 29) id_cmc_popLinkWitness = _buildOid(id_cmc, 23) class PopLinkWitnessV2(univ.Sequence): pass PopLinkWitnessV2.componentType = namedtype.NamedTypes( namedtype.NamedType('keyGenAlgorithm', rfc5280.AlgorithmIdentifier()), namedtype.NamedType('macAlgorithm', rfc5280.AlgorithmIdentifier()), namedtype.NamedType('witness', univ.OctetString()) ) id_cmc_popLinkWitnessV2 = _buildOid(id_cmc, 33) id_cmc_identityProofV2 = _buildOid(id_cmc, 34) id_cmc_revokeRequest = _buildOid(id_cmc, 17) id_cmc_recipientNonce = _buildOid(id_cmc, 7) class ControlsProcessed(univ.Sequence): pass
from pyasn1.type import univ from pyasn1_alt_modules import rfc5280 # Object Identifiers id_alg_hss_lms_hashsig = univ.ObjectIdentifier('1.2.840.113549.1.9.16.3.17') id_alg_mts_hashsig = id_alg_hss_lms_hashsig # Signature Algorithm Identifier sa_HSS_LMS_HashSig = rfc5280.AlgorithmIdentifier() sa_HSS_LMS_HashSig['algorithm'] = id_alg_hss_lms_hashsig # sa_HSS_LMS_HashSig['parameters'] is alway absent # Public Key class HSS_LMS_HashSig_PublicKey(univ.OctetString): pass pk_HSS_LMS_HashSig = rfc5280.SubjectPublicKeyInfo() pk_HSS_LMS_HashSig['algorithm'] = sa_HSS_LMS_HashSig # pk_HSS_LMS_HashSig['parameters'] CONTAINS a DER-encoded HSS_LMS_HashSig_PublicKey
# # ASN.1 source from: # https://www.rfc-editor.org/rfc/rfc8619.txt # from pyasn1.type import univ from pyasn1_alt_modules import rfc5280 # Object Identifiers id_alg_hkdf_with_sha256 = univ.ObjectIdentifier('1.2.840.113549.1.9.16.3.28') id_alg_hkdf_with_sha384 = univ.ObjectIdentifier('1.2.840.113549.1.9.16.3.29') id_alg_hkdf_with_sha512 = univ.ObjectIdentifier('1.2.840.113549.1.9.16.3.30') # Key Derivation Algorithm Identifiers kda_hkdf_with_sha256 = rfc5280.AlgorithmIdentifier() kda_hkdf_with_sha256['algorithm'] = id_alg_hkdf_with_sha256 # kda_hkdf_with_sha256['parameters'] are absent kda_hkdf_with_sha384 = rfc5280.AlgorithmIdentifier() kda_hkdf_with_sha384['algorithm'] = id_alg_hkdf_with_sha384 # kda_hkdf_with_sha384['parameters'] are absent kda_hkdf_with_sha512 = rfc5280.AlgorithmIdentifier() kda_hkdf_with_sha512['algorithm'] = id_alg_hkdf_with_sha512 # kda_hkdf_with_sha512['parameters'] are absent
from pyasn1.type import univ from pyasn1_alt_modules import rfc5280 from pyasn1_alt_modules import opentypemap algorithmIdentifierMap = opentypemap.get('algorithmIdentifierMap') class ShakeOutputLen(univ.Integer): pass id_Ed25519 = univ.ObjectIdentifier('1.3.101.112') sigAlg_Ed25519 = rfc5280.AlgorithmIdentifier() sigAlg_Ed25519['algorithm'] = id_Ed25519 # sigAlg_Ed25519['parameters'] is absent id_Ed448 = univ.ObjectIdentifier('1.3.101.113') sigAlg_Ed448 = rfc5280.AlgorithmIdentifier() sigAlg_Ed448['algorithm'] = id_Ed448 # sigAlg_Ed448['parameters'] is absent hashAlgs = univ.ObjectIdentifier('2.16.840.1.101.3.4.2') id_sha512 = hashAlgs + (3, ) hashAlg_SHA_512 = rfc5280.AlgorithmIdentifier() hashAlg_SHA_512['algorithm'] = id_sha512
class SIM(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('hashAlg', rfc5280.AlgorithmIdentifier()), namedtype.NamedType('authorityRandom', univ.OctetString()), namedtype.NamedType('pEPSI', univ.OctetString()))
AttributeCertificateInfoV1.componentType = namedtype.NamedTypes( namedtype.DefaultedNamedType('version', AttCertVersionV1().subtype(value="v1")), namedtype.NamedType( 'subject', univ.Choice(componentType=namedtype.NamedTypes( namedtype.NamedType( 'baseCertificateID', rfc3281.IssuerSerial().subtype(explicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType( 'subjectName', rfc5280.GeneralNames().subtype(explicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 1)))))), namedtype.NamedType('issuer', rfc5280.GeneralNames()), namedtype.NamedType('signature', rfc5280.AlgorithmIdentifier()), namedtype.NamedType('serialNumber', rfc5280.CertificateSerialNumber()), namedtype.NamedType('attCertValidityPeriod', rfc3281.AttCertValidityPeriod()), namedtype.NamedType('attributes', univ.SequenceOf(componentType=rfc5280.Attribute())), namedtype.OptionalNamedType('issuerUniqueID', rfc5280.UniqueIdentifier()), namedtype.OptionalNamedType('extensions', rfc5280.Extensions())) class AttributeCertificateV1(univ.Sequence): pass AttributeCertificateV1.componentType = namedtype.NamedTypes( namedtype.NamedType('acInfo', AttributeCertificateInfoV1()),
# ASN.1 source from: # https://www.rfc-editor.org/rfc/rfc8649.txt # from pyasn1.type import namedtype from pyasn1.type import univ from pyasn1_alt_modules import rfc5280 from pyasn1_alt_modules import opentypemap certificateExtensionsMap = opentypemap.get('certificateExtensionsMap') id_ce_hashOfRootKey = univ.ObjectIdentifier('1.3.6.1.4.1.51483.2.1') class HashedRootKey(univ.Sequence): pass HashedRootKey.componentType = namedtype.NamedTypes( namedtype.NamedType('hashAlg', rfc5280.AlgorithmIdentifier()), namedtype.NamedType('hashValue', univ.OctetString())) # Update the Certificate Extensions Map _certificateExtensionsMapUpdate = { id_ce_hashOfRootKey: HashedRootKey(), } certificateExtensionsMap.update(_certificateExtensionsMapUpdate)