1# 2# This file is part of pyasn1-modules software. 3# 4# Created by Russ Housley with assistance from asn1ate v.0.6.0. 5# 6# Copyright (c) 2019, Vigil Security, LLC 7# License: http://snmplabs.com/pyasn1/license.html 8# 9# CMS Symmetric Key Package Content Type 10# 11# ASN.1 source from: 12# https://www.rfc-editor.org/rfc/rfc6031.txt 13# 14 15from pyasn1.type import char 16from pyasn1.type import constraint 17from pyasn1.type import namedtype 18from pyasn1.type import namedval 19from pyasn1.type import opentype 20from pyasn1.type import tag 21from pyasn1.type import univ 22from pyasn1.type import useful 23 24from pyasn1_modules import rfc5652 25from pyasn1_modules import rfc6019 26 27 28def _OID(*components): 29 output = [] 30 for x in tuple(components): 31 if isinstance(x, univ.ObjectIdentifier): 32 output.extend(list(x)) 33 else: 34 output.append(int(x)) 35 return univ.ObjectIdentifier(output) 36 37 38MAX = float('inf') 39 40id_pskc = univ.ObjectIdentifier('1.2.840.113549.1.9.16.12') 41 42 43# Symmetric Key Package Attributes 44 45id_pskc_manufacturer = _OID(id_pskc, 1) 46 47class at_pskc_manufacturer(char.UTF8String): 48 pass 49 50 51id_pskc_serialNo = _OID(id_pskc, 2) 52 53class at_pskc_serialNo(char.UTF8String): 54 pass 55 56 57id_pskc_model = _OID(id_pskc, 3) 58 59class at_pskc_model(char.UTF8String): 60 pass 61 62 63id_pskc_issueNo = _OID(id_pskc, 4) 64 65class at_pskc_issueNo(char.UTF8String): 66 pass 67 68 69id_pskc_deviceBinding = _OID(id_pskc, 5) 70 71class at_pskc_deviceBinding(char.UTF8String): 72 pass 73 74 75id_pskc_deviceStartDate = _OID(id_pskc, 6) 76 77class at_pskc_deviceStartDate(useful.GeneralizedTime): 78 pass 79 80 81id_pskc_deviceExpiryDate = _OID(id_pskc, 7) 82 83class at_pskc_deviceExpiryDate(useful.GeneralizedTime): 84 pass 85 86 87id_pskc_moduleId = _OID(id_pskc, 8) 88 89class at_pskc_moduleId(char.UTF8String): 90 pass 91 92 93id_pskc_deviceUserId = _OID(id_pskc, 26) 94 95class at_pskc_deviceUserId(char.UTF8String): 96 pass 97 98 99# Symmetric Key Attributes 100 101id_pskc_keyId = _OID(id_pskc, 9) 102 103class at_pskc_keyUserId(char.UTF8String): 104 pass 105 106 107id_pskc_algorithm = _OID(id_pskc, 10) 108 109class at_pskc_algorithm(char.UTF8String): 110 pass 111 112 113id_pskc_issuer = _OID(id_pskc, 11) 114 115class at_pskc_issuer(char.UTF8String): 116 pass 117 118 119id_pskc_keyProfileId = _OID(id_pskc, 12) 120 121class at_pskc_keyProfileId(char.UTF8String): 122 pass 123 124 125id_pskc_keyReference = _OID(id_pskc, 13) 126 127class at_pskc_keyReference(char.UTF8String): 128 pass 129 130 131id_pskc_friendlyName = _OID(id_pskc, 14) 132 133class FriendlyName(univ.Sequence): 134 pass 135 136FriendlyName.componentType = namedtype.NamedTypes( 137 namedtype.NamedType('friendlyName', char.UTF8String()), 138 namedtype.OptionalNamedType('friendlyNameLangTag', char.UTF8String()) 139) 140 141class at_pskc_friendlyName(FriendlyName): 142 pass 143 144 145id_pskc_algorithmParameters = _OID(id_pskc, 15) 146 147class Encoding(char.UTF8String): 148 pass 149 150Encoding.namedValues = namedval.NamedValues( 151 ('dec', "DECIMAL"), 152 ('hex', "HEXADECIMAL"), 153 ('alpha', "ALPHANUMERIC"), 154 ('b64', "BASE64"), 155 ('bin', "BINARY") 156) 157 158Encoding.subtypeSpec = constraint.SingleValueConstraint( 159 "DECIMAL", "HEXADECIMAL", "ALPHANUMERIC", "BASE64", "BINARY" ) 160 161class ChallengeFormat(univ.Sequence): 162 pass 163 164ChallengeFormat.componentType = namedtype.NamedTypes( 165 namedtype.NamedType('encoding', Encoding()), 166 namedtype.DefaultedNamedType('checkDigit', 167 univ.Boolean().subtype(value=0)), 168 namedtype.NamedType('min', univ.Integer().subtype( 169 subtypeSpec=constraint.ValueRangeConstraint(0, MAX))), 170 namedtype.NamedType('max', univ.Integer().subtype( 171 subtypeSpec=constraint.ValueRangeConstraint(0, MAX))) 172) 173 174class ResponseFormat(univ.Sequence): 175 pass 176 177ResponseFormat.componentType = namedtype.NamedTypes( 178 namedtype.NamedType('encoding', Encoding()), 179 namedtype.NamedType('length', univ.Integer().subtype( 180 subtypeSpec=constraint.ValueRangeConstraint(0, MAX))), 181 namedtype.DefaultedNamedType('checkDigit', 182 univ.Boolean().subtype(value=0)) 183) 184 185class PSKCAlgorithmParameters(univ.Choice): 186 pass 187 188PSKCAlgorithmParameters.componentType = namedtype.NamedTypes( 189 namedtype.NamedType('suite', char.UTF8String()), 190 namedtype.NamedType('challengeFormat', ChallengeFormat().subtype( 191 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 192 namedtype.NamedType('responseFormat', ResponseFormat().subtype( 193 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) 194) 195 196class at_pskc_algorithmParameters(PSKCAlgorithmParameters): 197 pass 198 199 200id_pskc_counter = _OID(id_pskc, 16) 201 202class at_pskc_counter(univ.Integer): 203 pass 204 205at_pskc_counter.subtypeSpec = constraint.ValueRangeConstraint(0, MAX) 206 207 208id_pskc_time = _OID(id_pskc, 17) 209 210class at_pskc_time(rfc6019.BinaryTime): 211 pass 212 213 214id_pskc_timeInterval = _OID(id_pskc, 18) 215 216class at_pskc_timeInterval(univ.Integer): 217 pass 218 219at_pskc_timeInterval.subtypeSpec = constraint.ValueRangeConstraint(0, MAX) 220 221 222id_pskc_timeDrift = _OID(id_pskc, 19) 223 224class at_pskc_timeDrift(univ.Integer): 225 pass 226 227at_pskc_timeDrift.subtypeSpec = constraint.ValueRangeConstraint(0, MAX) 228 229 230id_pskc_valueMAC = _OID(id_pskc, 20) 231 232class ValueMac(univ.Sequence): 233 pass 234 235ValueMac.componentType = namedtype.NamedTypes( 236 namedtype.NamedType('macAlgorithm', char.UTF8String()), 237 namedtype.NamedType('mac', char.UTF8String()) 238) 239 240class at_pskc_valueMAC(ValueMac): 241 pass 242 243 244id_pskc_keyUserId = _OID(id_pskc, 27) 245 246class at_pskc_keyId(char.UTF8String): 247 pass 248 249 250id_pskc_keyStartDate = _OID(id_pskc, 21) 251 252class at_pskc_keyStartDate(useful.GeneralizedTime): 253 pass 254 255 256id_pskc_keyExpiryDate = _OID(id_pskc, 22) 257 258class at_pskc_keyExpiryDate(useful.GeneralizedTime): 259 pass 260 261 262id_pskc_numberOfTransactions = _OID(id_pskc, 23) 263 264class at_pskc_numberOfTransactions(univ.Integer): 265 pass 266 267at_pskc_numberOfTransactions.subtypeSpec = constraint.ValueRangeConstraint(0, MAX) 268 269 270id_pskc_keyUsages = _OID(id_pskc, 24) 271 272class PSKCKeyUsage(char.UTF8String): 273 pass 274 275PSKCKeyUsage.namedValues = namedval.NamedValues( 276 ('otp', "OTP"), 277 ('cr', "CR"), 278 ('encrypt', "Encrypt"), 279 ('integrity', "Integrity"), 280 ('verify', "Verify"), 281 ('unlock', "Unlock"), 282 ('decrypt', "Decrypt"), 283 ('keywrap', "KeyWrap"), 284 ('unwrap', "Unwrap"), 285 ('derive', "Derive"), 286 ('generate', "Generate") 287) 288 289PSKCKeyUsage.subtypeSpec = constraint.SingleValueConstraint( 290 "OTP", "CR", "Encrypt", "Integrity", "Verify", "Unlock", 291 "Decrypt", "KeyWrap", "Unwrap", "Derive", "Generate" ) 292 293class PSKCKeyUsages(univ.SequenceOf): 294 pass 295 296PSKCKeyUsages.componentType = PSKCKeyUsage() 297 298class at_pskc_keyUsage(PSKCKeyUsages): 299 pass 300 301 302id_pskc_pinPolicy = _OID(id_pskc, 25) 303 304class PINUsageMode(char.UTF8String): 305 pass 306 307PINUsageMode.namedValues = namedval.NamedValues( 308 ("local", "Local"), 309 ("prepend", "Prepend"), 310 ("append", "Append"), 311 ("algorithmic", "Algorithmic") 312) 313 314PINUsageMode.subtypeSpec = constraint.SingleValueConstraint( 315 "Local", "Prepend", "Append", "Algorithmic" ) 316 317class PINPolicy(univ.Sequence): 318 pass 319 320PINPolicy.componentType = namedtype.NamedTypes( 321 namedtype.OptionalNamedType('pinKeyId', char.UTF8String().subtype( 322 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 323 namedtype.NamedType('pinUsageMode', PINUsageMode().subtype( 324 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 325 namedtype.OptionalNamedType('maxFailedAttempts', univ.Integer().subtype( 326 subtypeSpec=constraint.ValueRangeConstraint(0, MAX)).subtype( 327 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 328 namedtype.OptionalNamedType('minLength', univ.Integer().subtype( 329 subtypeSpec=constraint.ValueRangeConstraint(0, MAX)).subtype( 330 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), 331 namedtype.OptionalNamedType('maxLength', univ.Integer().subtype( 332 subtypeSpec=constraint.ValueRangeConstraint(0, MAX)).subtype( 333 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), 334 namedtype.OptionalNamedType('pinEncoding', Encoding().subtype( 335 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))) 336) 337 338class at_pskc_pinPolicy(PINPolicy): 339 pass 340 341 342# Map of Symmetric Key Package Attribute OIDs to Attributes 343 344sKeyPkgAttributesMap = { 345 id_pskc_manufacturer: at_pskc_manufacturer(), 346 id_pskc_serialNo: at_pskc_serialNo(), 347 id_pskc_model: at_pskc_model(), 348 id_pskc_issueNo: at_pskc_issueNo(), 349 id_pskc_deviceBinding: at_pskc_deviceBinding(), 350 id_pskc_deviceStartDate: at_pskc_deviceStartDate(), 351 id_pskc_deviceExpiryDate: at_pskc_deviceExpiryDate(), 352 id_pskc_moduleId: at_pskc_moduleId(), 353 id_pskc_deviceUserId: at_pskc_deviceUserId(), 354} 355 356 357# Map of Symmetric Key Attribute OIDs to Attributes 358 359sKeyAttributesMap = { 360 id_pskc_keyId: at_pskc_keyId(), 361 id_pskc_algorithm: at_pskc_algorithm(), 362 id_pskc_issuer: at_pskc_issuer(), 363 id_pskc_keyProfileId: at_pskc_keyProfileId(), 364 id_pskc_keyReference: at_pskc_keyReference(), 365 id_pskc_friendlyName: at_pskc_friendlyName(), 366 id_pskc_algorithmParameters: at_pskc_algorithmParameters(), 367 id_pskc_counter: at_pskc_counter(), 368 id_pskc_time: at_pskc_time(), 369 id_pskc_timeInterval: at_pskc_timeInterval(), 370 id_pskc_timeDrift: at_pskc_timeDrift(), 371 id_pskc_valueMAC: at_pskc_valueMAC(), 372 id_pskc_keyUserId: at_pskc_keyUserId(), 373 id_pskc_keyStartDate: at_pskc_keyStartDate(), 374 id_pskc_keyExpiryDate: at_pskc_keyExpiryDate(), 375 id_pskc_numberOfTransactions: at_pskc_numberOfTransactions(), 376 id_pskc_keyUsages: at_pskc_keyUsage(), 377 id_pskc_pinPolicy: at_pskc_pinPolicy(), 378} 379 380 381# This definition replaces Attribute() from rfc5652.py; it is the same except 382# that opentype is added with sKeyPkgAttributesMap and sKeyAttributesMap 383 384class AttributeType(univ.ObjectIdentifier): 385 pass 386 387 388class AttributeValue(univ.Any): 389 pass 390 391 392class SKeyAttribute(univ.Sequence): 393 pass 394 395SKeyAttribute.componentType = namedtype.NamedTypes( 396 namedtype.NamedType('attrType', AttributeType()), 397 namedtype.NamedType('attrValues', 398 univ.SetOf(componentType=AttributeValue()), 399 openType=opentype.OpenType('attrType', sKeyAttributesMap) 400 ) 401) 402 403 404class SKeyPkgAttribute(univ.Sequence): 405 pass 406 407SKeyPkgAttribute.componentType = namedtype.NamedTypes( 408 namedtype.NamedType('attrType', AttributeType()), 409 namedtype.NamedType('attrValues', 410 univ.SetOf(componentType=AttributeValue()), 411 openType=opentype.OpenType('attrType', sKeyPkgAttributesMap) 412 ) 413) 414 415 416# Symmetric Key Package Content Type 417 418id_ct_KP_sKeyPackage = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.25') 419 420 421class KeyPkgVersion(univ.Integer): 422 pass 423 424KeyPkgVersion.namedValues = namedval.NamedValues( 425 ('v1', 1) 426) 427 428 429class OneSymmetricKey(univ.Sequence): 430 pass 431 432OneSymmetricKey.componentType = namedtype.NamedTypes( 433 namedtype.OptionalNamedType('sKeyAttrs', 434 univ.SequenceOf(componentType=SKeyAttribute()).subtype( 435 subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), 436 namedtype.OptionalNamedType('sKey', univ.OctetString()) 437) 438 439OneSymmetricKey.sizeSpec = univ.Sequence.sizeSpec + constraint.ValueSizeConstraint(1, 2) 440 441 442class SymmetricKeys(univ.SequenceOf): 443 pass 444 445SymmetricKeys.componentType = OneSymmetricKey() 446SymmetricKeys.subtypeSpec=constraint.ValueSizeConstraint(1, MAX) 447 448 449class SymmetricKeyPackage(univ.Sequence): 450 pass 451 452SymmetricKeyPackage.componentType = namedtype.NamedTypes( 453 namedtype.DefaultedNamedType('version', KeyPkgVersion().subtype(value='v1')), 454 namedtype.OptionalNamedType('sKeyPkgAttrs', 455 univ.SequenceOf(componentType=SKeyPkgAttribute()).subtype( 456 subtypeSpec=constraint.ValueSizeConstraint(1, MAX), 457 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 458 namedtype.NamedType('sKeys', SymmetricKeys()) 459) 460 461 462# Map of Content Type OIDs to Content Types are 463# added to the ones that are in rfc5652.py 464 465_cmsContentTypesMapUpdate = { 466 id_ct_KP_sKeyPackage: SymmetricKeyPackage(), 467} 468 469rfc5652.cmsContentTypesMap.update(_cmsContentTypesMapUpdate) 470