1# 2# This file is part of pyasn1-modules software. 3# 4# Created by Russ Housley with a very small amount of assistance from 5# asn1ate v.0.6.0. 6# Modified by Russ Housley to add maps for opentypes. 7# 8# Copyright (c) 2019, Vigil Security, LLC 9# License: http://snmplabs.com/pyasn1/license.html 10# 11# Additional Algorithms and Identifiers for RSA Cryptography 12# for use in Certificates and CRLs 13# 14# ASN.1 source from: 15# https://www.rfc-editor.org/rfc/rfc4055.txt 16# 17from pyasn1.type import namedtype 18from pyasn1.type import tag 19from pyasn1.type import univ 20 21from pyasn1_modules import rfc5280 22 23 24def _OID(*components): 25 output = [] 26 for x in tuple(components): 27 if isinstance(x, univ.ObjectIdentifier): 28 output.extend(list(x)) 29 else: 30 output.append(int(x)) 31 return univ.ObjectIdentifier(output) 32 33 34id_sha1 = _OID(1, 3, 14, 3, 2, 26) 35 36id_sha256 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 1) 37 38id_sha384 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 2) 39 40id_sha512 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 3) 41 42id_sha224 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 4) 43 44rsaEncryption = _OID(1, 2, 840, 113549, 1, 1, 1) 45 46id_mgf1 = _OID(1, 2, 840, 113549, 1, 1, 8) 47 48id_RSAES_OAEP = _OID(1, 2, 840, 113549, 1, 1, 7) 49 50id_pSpecified = _OID(1, 2, 840, 113549, 1, 1, 9) 51 52id_RSASSA_PSS = _OID(1, 2, 840, 113549, 1, 1, 10) 53 54sha256WithRSAEncryption = _OID(1, 2, 840, 113549, 1, 1, 11) 55 56sha384WithRSAEncryption = _OID(1, 2, 840, 113549, 1, 1, 12) 57 58sha512WithRSAEncryption = _OID(1, 2, 840, 113549, 1, 1, 13) 59 60sha224WithRSAEncryption = _OID(1, 2, 840, 113549, 1, 1, 14) 61 62sha1Identifier = rfc5280.AlgorithmIdentifier() 63sha1Identifier['algorithm'] = id_sha1 64sha1Identifier['parameters'] = univ.Null("") 65 66sha224Identifier = rfc5280.AlgorithmIdentifier() 67sha224Identifier['algorithm'] = id_sha224 68sha224Identifier['parameters'] = univ.Null("") 69 70sha256Identifier = rfc5280.AlgorithmIdentifier() 71sha256Identifier['algorithm'] = id_sha256 72sha256Identifier['parameters'] = univ.Null("") 73 74sha384Identifier = rfc5280.AlgorithmIdentifier() 75sha384Identifier['algorithm'] = id_sha384 76sha384Identifier['parameters'] = univ.Null("") 77 78sha512Identifier = rfc5280.AlgorithmIdentifier() 79sha512Identifier['algorithm'] = id_sha512 80sha512Identifier['parameters'] = univ.Null("") 81 82mgf1SHA1Identifier = rfc5280.AlgorithmIdentifier() 83mgf1SHA1Identifier['algorithm'] = id_mgf1 84mgf1SHA1Identifier['parameters'] = sha1Identifier 85 86mgf1SHA224Identifier = rfc5280.AlgorithmIdentifier() 87mgf1SHA224Identifier['algorithm'] = id_mgf1 88mgf1SHA224Identifier['parameters'] = sha224Identifier 89 90mgf1SHA256Identifier = rfc5280.AlgorithmIdentifier() 91mgf1SHA256Identifier['algorithm'] = id_mgf1 92mgf1SHA256Identifier['parameters'] = sha256Identifier 93 94mgf1SHA384Identifier = rfc5280.AlgorithmIdentifier() 95mgf1SHA384Identifier['algorithm'] = id_mgf1 96mgf1SHA384Identifier['parameters'] = sha384Identifier 97 98mgf1SHA512Identifier = rfc5280.AlgorithmIdentifier() 99mgf1SHA512Identifier['algorithm'] = id_mgf1 100mgf1SHA512Identifier['parameters'] = sha512Identifier 101 102pSpecifiedEmptyIdentifier = rfc5280.AlgorithmIdentifier() 103pSpecifiedEmptyIdentifier['algorithm'] = id_pSpecified 104pSpecifiedEmptyIdentifier['parameters'] = univ.OctetString(value='') 105 106 107class RSAPublicKey(univ.Sequence): 108 pass 109 110RSAPublicKey.componentType = namedtype.NamedTypes( 111 namedtype.NamedType('modulus', univ.Integer()), 112 namedtype.NamedType('publicExponent', univ.Integer()) 113) 114 115 116class HashAlgorithm(rfc5280.AlgorithmIdentifier): 117 pass 118 119 120class MaskGenAlgorithm(rfc5280.AlgorithmIdentifier): 121 pass 122 123 124class RSAES_OAEP_params(univ.Sequence): 125 pass 126 127RSAES_OAEP_params.componentType = namedtype.NamedTypes( 128 namedtype.OptionalNamedType('hashFunc', rfc5280.AlgorithmIdentifier().subtype( 129 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 130 namedtype.OptionalNamedType('maskGenFunc', rfc5280.AlgorithmIdentifier().subtype( 131 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), 132 namedtype.OptionalNamedType('pSourceFunc', rfc5280.AlgorithmIdentifier().subtype( 133 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))) 134) 135 136rSAES_OAEP_Default_Params = RSAES_OAEP_params() 137 138rSAES_OAEP_Default_Identifier = rfc5280.AlgorithmIdentifier() 139rSAES_OAEP_Default_Identifier['algorithm'] = id_RSAES_OAEP 140rSAES_OAEP_Default_Identifier['parameters'] = rSAES_OAEP_Default_Params 141 142rSAES_OAEP_SHA224_Params = RSAES_OAEP_params() 143rSAES_OAEP_SHA224_Params['hashFunc'] = sha224Identifier.subtype( 144 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True) 145rSAES_OAEP_SHA224_Params['maskGenFunc'] = mgf1SHA224Identifier.subtype( 146 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True) 147 148rSAES_OAEP_SHA224_Identifier = rfc5280.AlgorithmIdentifier() 149rSAES_OAEP_SHA224_Identifier['algorithm'] = id_RSAES_OAEP 150rSAES_OAEP_SHA224_Identifier['parameters'] = rSAES_OAEP_SHA224_Params 151 152rSAES_OAEP_SHA256_Params = RSAES_OAEP_params() 153rSAES_OAEP_SHA256_Params['hashFunc'] = sha256Identifier.subtype( 154 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True) 155rSAES_OAEP_SHA256_Params['maskGenFunc'] = mgf1SHA256Identifier.subtype( 156 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True) 157 158rSAES_OAEP_SHA256_Identifier = rfc5280.AlgorithmIdentifier() 159rSAES_OAEP_SHA256_Identifier['algorithm'] = id_RSAES_OAEP 160rSAES_OAEP_SHA256_Identifier['parameters'] = rSAES_OAEP_SHA256_Params 161 162rSAES_OAEP_SHA384_Params = RSAES_OAEP_params() 163rSAES_OAEP_SHA384_Params['hashFunc'] = sha384Identifier.subtype( 164 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True) 165rSAES_OAEP_SHA384_Params['maskGenFunc'] = mgf1SHA384Identifier.subtype( 166 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True) 167 168rSAES_OAEP_SHA384_Identifier = rfc5280.AlgorithmIdentifier() 169rSAES_OAEP_SHA384_Identifier['algorithm'] = id_RSAES_OAEP 170rSAES_OAEP_SHA384_Identifier['parameters'] = rSAES_OAEP_SHA384_Params 171 172rSAES_OAEP_SHA512_Params = RSAES_OAEP_params() 173rSAES_OAEP_SHA512_Params['hashFunc'] = sha512Identifier.subtype( 174 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True) 175rSAES_OAEP_SHA512_Params['maskGenFunc'] = mgf1SHA512Identifier.subtype( 176 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True) 177 178rSAES_OAEP_SHA512_Identifier = rfc5280.AlgorithmIdentifier() 179rSAES_OAEP_SHA512_Identifier['algorithm'] = id_RSAES_OAEP 180rSAES_OAEP_SHA512_Identifier['parameters'] = rSAES_OAEP_SHA512_Params 181 182 183class RSASSA_PSS_params(univ.Sequence): 184 pass 185 186RSASSA_PSS_params.componentType = namedtype.NamedTypes( 187 namedtype.OptionalNamedType('hashAlgorithm', rfc5280.AlgorithmIdentifier().subtype( 188 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 189 namedtype.OptionalNamedType('maskGenAlgorithm', rfc5280.AlgorithmIdentifier().subtype( 190 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), 191 namedtype.DefaultedNamedType('saltLength', univ.Integer(value=20).subtype( 192 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 193 namedtype.DefaultedNamedType('trailerField', univ.Integer(value=1).subtype( 194 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))) 195) 196 197rSASSA_PSS_Default_Params = RSASSA_PSS_params() 198 199rSASSA_PSS_Default_Identifier = rfc5280.AlgorithmIdentifier() 200rSASSA_PSS_Default_Identifier['algorithm'] = id_RSASSA_PSS 201rSASSA_PSS_Default_Identifier['parameters'] = rSASSA_PSS_Default_Params 202 203rSASSA_PSS_SHA224_Params = RSASSA_PSS_params() 204rSASSA_PSS_SHA224_Params['hashAlgorithm'] = sha224Identifier.subtype( 205 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True) 206rSASSA_PSS_SHA224_Params['maskGenAlgorithm'] = mgf1SHA224Identifier.subtype( 207 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True) 208 209rSASSA_PSS_SHA224_Identifier = rfc5280.AlgorithmIdentifier() 210rSASSA_PSS_SHA224_Identifier['algorithm'] = id_RSASSA_PSS 211rSASSA_PSS_SHA224_Identifier['parameters'] = rSASSA_PSS_SHA224_Params 212 213rSASSA_PSS_SHA256_Params = RSASSA_PSS_params() 214rSASSA_PSS_SHA256_Params['hashAlgorithm'] = sha256Identifier.subtype( 215 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True) 216rSASSA_PSS_SHA256_Params['maskGenAlgorithm'] = mgf1SHA256Identifier.subtype( 217 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True) 218 219rSASSA_PSS_SHA256_Identifier = rfc5280.AlgorithmIdentifier() 220rSASSA_PSS_SHA256_Identifier['algorithm'] = id_RSASSA_PSS 221rSASSA_PSS_SHA256_Identifier['parameters'] = rSASSA_PSS_SHA256_Params 222 223rSASSA_PSS_SHA384_Params = RSASSA_PSS_params() 224rSASSA_PSS_SHA384_Params['hashAlgorithm'] = sha384Identifier.subtype( 225 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True) 226rSASSA_PSS_SHA384_Params['maskGenAlgorithm'] = mgf1SHA384Identifier.subtype( 227 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True) 228 229rSASSA_PSS_SHA384_Identifier = rfc5280.AlgorithmIdentifier() 230rSASSA_PSS_SHA384_Identifier['algorithm'] = id_RSASSA_PSS 231rSASSA_PSS_SHA384_Identifier['parameters'] = rSASSA_PSS_SHA384_Params 232 233rSASSA_PSS_SHA512_Params = RSASSA_PSS_params() 234rSASSA_PSS_SHA512_Params['hashAlgorithm'] = sha512Identifier.subtype( 235 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True) 236rSASSA_PSS_SHA512_Params['maskGenAlgorithm'] = mgf1SHA512Identifier.subtype( 237 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True) 238 239rSASSA_PSS_SHA512_Identifier = rfc5280.AlgorithmIdentifier() 240rSASSA_PSS_SHA512_Identifier['algorithm'] = id_RSASSA_PSS 241rSASSA_PSS_SHA512_Identifier['parameters'] = rSASSA_PSS_SHA512_Params 242 243 244# Update the Algorithm Identifier map 245 246_algorithmIdentifierMapUpdate = { 247 id_sha1: univ.Null(), 248 id_sha224: univ.Null(), 249 id_sha256: univ.Null(), 250 id_sha384: univ.Null(), 251 id_sha512: univ.Null(), 252 id_mgf1: rfc5280.AlgorithmIdentifier(), 253 id_pSpecified: univ.OctetString(), 254 id_RSAES_OAEP: RSAES_OAEP_params(), 255 id_RSASSA_PSS: RSASSA_PSS_params(), 256} 257 258rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate) 259