1# This file is being contributed to of pyasn1-modules software.
2#
3# Created by Russ Housley without assistance from the asn1ate tool.
4# Modified by Russ Housley to add support for opentypes.
5#
6# Copyright (c) 2019, Vigil Security, LLC
7# License: http://snmplabs.com/pyasn1/license.html
8#
9# CMS Key Package Receipt and Error Content Types
10#
11# ASN.1 source from:
12# https://www.rfc-editor.org/rfc/rfc7191.txt
13
14from pyasn1.type import constraint
15from pyasn1.type import namedtype
16from pyasn1.type import namedval
17from pyasn1.type import opentype
18from pyasn1.type import tag
19from pyasn1.type import univ
20
21from pyasn1_modules import rfc5280
22from pyasn1_modules import rfc5652
23
24MAX = float('inf')
25
26DistinguishedName = rfc5280.DistinguishedName
27
28
29# SingleAttribute is the same as Attribute in RFC 5652, except that the
30# attrValues SET must have one and only one member
31
32class AttributeValue(univ.Any):
33    pass
34
35
36class AttributeValues(univ.SetOf):
37    pass
38
39AttributeValues.componentType = AttributeValue()
40AttributeValues.sizeSpec = univ.Set.sizeSpec + constraint.ValueSizeConstraint(1, 1)
41
42
43class SingleAttribute(univ.Sequence):
44    pass
45
46SingleAttribute.componentType = namedtype.NamedTypes(
47    namedtype.NamedType('attrType', univ.ObjectIdentifier()),
48    namedtype.NamedType('attrValues', AttributeValues(),
49        openType=opentype.OpenType('attrType', rfc5652.cmsAttributesMap)
50    )
51)
52
53
54# SIR Entity Name
55
56class SIREntityNameType(univ.ObjectIdentifier):
57    pass
58
59
60class SIREntityNameValue(univ.Any):
61    pass
62
63
64class SIREntityName(univ.Sequence):
65    pass
66
67SIREntityName.componentType = namedtype.NamedTypes(
68    namedtype.NamedType('sirenType', SIREntityNameType()),
69    namedtype.NamedType('sirenValue', univ.OctetString())
70    # CONTAINING the DER-encoded SIREntityNameValue
71)
72
73
74class SIREntityNames(univ.SequenceOf):
75    pass
76
77SIREntityNames.componentType = SIREntityName()
78SIREntityNames.sizeSpec=constraint.ValueSizeConstraint(1, MAX)
79
80
81id_dn = univ.ObjectIdentifier('2.16.840.1.101.2.1.16.0')
82
83
84class siren_dn(SIREntityName):
85    def __init__(self):
86        SIREntityName.__init__(self)
87        self['sirenType'] = id_dn
88
89
90# Key Package Error CMS Content Type
91
92class EnumeratedErrorCode(univ.Enumerated):
93    pass
94
95# Error codes with values <= 33 are aligned with RFC 5934
96EnumeratedErrorCode.namedValues = namedval.NamedValues(
97    ('decodeFailure', 1),
98    ('badContentInfo', 2),
99    ('badSignedData', 3),
100    ('badEncapContent', 4),
101    ('badCertificate', 5),
102    ('badSignerInfo', 6),
103    ('badSignedAttrs', 7),
104    ('badUnsignedAttrs', 8),
105    ('missingContent', 9),
106    ('noTrustAnchor', 10),
107    ('notAuthorized', 11),
108    ('badDigestAlgorithm', 12),
109    ('badSignatureAlgorithm', 13),
110    ('unsupportedKeySize', 14),
111    ('unsupportedParameters', 15),
112    ('signatureFailure', 16),
113    ('insufficientMemory', 17),
114    ('incorrectTarget', 23),
115    ('missingSignature', 29),
116    ('resourcesBusy', 30),
117    ('versionNumberMismatch', 31),
118    ('revokedCertificate', 33),
119    ('ambiguousDecrypt', 60),
120    ('noDecryptKey', 61),
121    ('badEncryptedData', 62),
122    ('badEnvelopedData', 63),
123    ('badAuthenticatedData', 64),
124    ('badAuthEnvelopedData', 65),
125    ('badKeyAgreeRecipientInfo', 66),
126    ('badKEKRecipientInfo', 67),
127    ('badEncryptContent', 68),
128    ('badEncryptAlgorithm', 69),
129    ('missingCiphertext', 70),
130    ('decryptFailure', 71),
131    ('badMACAlgorithm', 72),
132    ('badAuthAttrs', 73),
133    ('badUnauthAttrs', 74),
134    ('invalidMAC', 75),
135    ('mismatchedDigestAlg', 76),
136    ('missingCertificate', 77),
137    ('tooManySigners', 78),
138    ('missingSignedAttributes', 79),
139    ('derEncodingNotUsed', 80),
140    ('missingContentHints', 81),
141    ('invalidAttributeLocation', 82),
142    ('badMessageDigest', 83),
143    ('badKeyPackage', 84),
144    ('badAttributes', 85),
145    ('attributeComparisonFailure', 86),
146    ('unsupportedSymmetricKeyPackage', 87),
147    ('unsupportedAsymmetricKeyPackage', 88),
148    ('constraintViolation', 89),
149    ('ambiguousDefaultValue', 90),
150    ('noMatchingRecipientInfo', 91),
151    ('unsupportedKeyWrapAlgorithm', 92),
152    ('badKeyTransRecipientInfo', 93),
153    ('other', 127)
154)
155
156
157class ErrorCodeChoice(univ.Choice):
158    pass
159
160ErrorCodeChoice.componentType = namedtype.NamedTypes(
161    namedtype.NamedType('enum', EnumeratedErrorCode()),
162    namedtype.NamedType('oid', univ.ObjectIdentifier())
163)
164
165
166class KeyPkgID(univ.OctetString):
167    pass
168
169
170class KeyPkgIdentifier(univ.Choice):
171    pass
172
173KeyPkgIdentifier.componentType = namedtype.NamedTypes(
174    namedtype.NamedType('pkgID', KeyPkgID()),
175    namedtype.NamedType('attribute', SingleAttribute())
176)
177
178
179class KeyPkgVersion(univ.Integer):
180    pass
181
182
183KeyPkgVersion.namedValues = namedval.NamedValues(
184    ('v1', 1),
185    ('v2', 2)
186)
187
188KeyPkgVersion.subtypeSpec = constraint.ValueRangeConstraint(1, 65535)
189
190
191id_ct_KP_keyPackageError = univ.ObjectIdentifier('2.16.840.1.101.2.1.2.78.6')
192
193class KeyPackageError(univ.Sequence):
194    pass
195
196KeyPackageError.componentType = namedtype.NamedTypes(
197    namedtype.DefaultedNamedType('version', KeyPkgVersion().subtype(value='v2')),
198    namedtype.OptionalNamedType('errorOf', KeyPkgIdentifier().subtype(
199        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
200    namedtype.NamedType('errorBy', SIREntityName()),
201    namedtype.NamedType('errorCode', ErrorCodeChoice())
202)
203
204
205# Key Package Receipt CMS Content Type
206
207id_ct_KP_keyPackageReceipt = univ.ObjectIdentifier('2.16.840.1.101.2.1.2.78.3')
208
209class KeyPackageReceipt(univ.Sequence):
210    pass
211
212KeyPackageReceipt.componentType = namedtype.NamedTypes(
213    namedtype.DefaultedNamedType('version', KeyPkgVersion().subtype(value='v2')),
214    namedtype.NamedType('receiptOf', KeyPkgIdentifier()),
215    namedtype.NamedType('receivedBy', SIREntityName())
216)
217
218
219# Key Package Receipt Request Attribute
220
221class KeyPkgReceiptReq(univ.Sequence):
222    pass
223
224KeyPkgReceiptReq.componentType = namedtype.NamedTypes(
225    namedtype.DefaultedNamedType('encryptReceipt', univ.Boolean().subtype(value=0)),
226    namedtype.OptionalNamedType('receiptsFrom', SIREntityNames().subtype(
227        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
228    namedtype.NamedType('receiptsTo', SIREntityNames())
229)
230
231
232id_aa_KP_keyPkgIdAndReceiptReq = univ.ObjectIdentifier('2.16.840.1.101.2.1.5.65')
233
234class KeyPkgIdentifierAndReceiptReq(univ.Sequence):
235    pass
236
237KeyPkgIdentifierAndReceiptReq.componentType = namedtype.NamedTypes(
238    namedtype.NamedType('pkgID', KeyPkgID()),
239    namedtype.OptionalNamedType('receiptReq', KeyPkgReceiptReq())
240)
241
242
243# Map of Attribute Type OIDs to Attributes are added to
244# the ones that are in rfc5652.py
245
246_cmsAttributesMapUpdate = {
247    id_aa_KP_keyPkgIdAndReceiptReq: KeyPkgIdentifierAndReceiptReq(),
248}
249
250rfc5652.cmsAttributesMap.update(_cmsAttributesMapUpdate)
251
252
253# Map of CMC Content Type OIDs to CMC Content Types are added to
254# the ones that are in rfc5652.py
255
256_cmsContentTypesMapUpdate = {
257    id_ct_KP_keyPackageError: KeyPackageError(),
258    id_ct_KP_keyPackageReceipt: KeyPackageReceipt(),
259}
260
261rfc5652.cmsContentTypesMap.update(_cmsContentTypesMapUpdate)
262