pyasn1-alt-modules 0.4.1__py2.py3-none-any.whl → 0.4.3__py2.py3-none-any.whl

pyasn1_alt_modules/rfc9044.py

@@ -4,7 +4,7 @@
 # Created by Russ Housley.
 # Modified by Russ Housley to include the opentypemap manager.
 #
-# Copyright (c) 2021-2022, Vigil Security, LLC
+# Copyright (c) 2021-2024, Vigil Security, LLC
 # License: http://vigilsec.com/pyasn1-alt-modules-license.txt
 #
 # Algorithm Identifiers for AES-GMAC

pyasn1_alt_modules/rfc9092.py

@@ -3,7 +3,7 @@
 #
 # Created by Russ Housley.
 #
-# Copyright (c) 2021-2022, Vigil Security, LLC
+# Copyright (c) 2021-2024, Vigil Security, LLC
 # License: http://vigilsec.com/pyasn1-alt-modules-license.txt
 #
 # Digital Signatures on geofeed data

pyasn1_alt_modules/rfc9118.py

@@ -2,7 +2,7 @@
 #
 # Created by Russ Housley.
 #
-# Copyright (c) 2021-2022, Vigil Security, LLC
+# Copyright (c) 2021-2024, Vigil Security, LLC
 # License: http://vigilsec.com/pyasn1-alt-modules-license.txt
 #
 # Enhanced JWT Claim Constraints certificate extensions

pyasn1_alt_modules/rfc9174.py

@@ -3,7 +3,7 @@
 #
 # Created by Russ Housley.
 #
-# Copyright (c) 2021-2022, Vigil Security, LLC
+# Copyright (c) 2021-2024, Vigil Security, LLC
 # License: http://vigilsec.com/pyasn1-alt-modules-license.txt
 #
 # Delay-Tolerant Networking TCP Convergence Layer Version 4

pyasn1_alt_modules/rfc9189.py

@@ -3,7 +3,7 @@
 #
 # Created by Russ Housley.
 #
-# Copyright (c) 2022, Vigil Security, LLC
+# Copyright (c) 2022-2024, Vigil Security, LLC
 # License: http://vigilsec.com/pyasn1-alt-modules-license.txt
 #
 # GOST Cipher Suites for TLS 1.2

pyasn1_alt_modules/rfc9215.py

@@ -0,0 +1,228 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley.
+# Modified by Russ Housley to add synonyms with two digit years for
+#   some of the OIDs to align with the ASN.1 module in RFC 9215.
+#
+# Copyright (c) 2022-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# GOST R 34.10-2012 and GOST R 34.11-2012 Algorithms
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc9215.txt
+#
+
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import univ
+
+from pyasn1_alt_modules import opentypemap
+
+algorithmIdentifierMap = opentypemap.get('algorithmIdentifierMap')
+
+certificateAttributesMap = opentypemap.get('certificateAttributesMap')
+
+certificateExtensionsMap = opentypemap.get('certificateExtensionsMap')
+
+
+# MODULE: GostR3410-2012-PKISyntax { 1 2 643 7 1 0 2 }
+
+id_tc26 = univ.ObjectIdentifier((1, 2, 643, 7, 1))
+
+id_tc26_sign = id_tc26 + (1, 1)
+
+id_tc26_digest = id_tc26 + (1, 2)
+
+id_tc26_sign_constants = id_tc26 + (2, 1)
+
+id_tc26_gost_3410_2012_256_constants = id_tc26_sign_constants + (1,)
+
+id_tc26_gost_3410_2012_512_constants = id_tc26_sign_constants + (2,)
+
+id_tc26_gost3410_2012_256 = id_tc26_sign + (1,)
+
+id_tc26_gost3410_12_256 = id_tc26_gost3410_2012_256
+
+id_tc26_gost3410_2012_512 = id_tc26_sign + (2,)
+
+id_tc26_gost3410_12_512 = id_tc26_gost3410_2012_512
+
+id_tc26_gost3411_12_256 = id_tc26_digest + (2,)
+
+id_tc26_gost3411_12_512 = id_tc26_digest + (3,)
+
+id_tc26_signwithdigest = id_tc26 + (1, 3)
+
+id_tc26_signwithdigest_gost3410_2012_256 = id_tc26_signwithdigest + (2,)
+
+id_tc26_signwithdigest_gost3410_12_256 = id_tc26_signwithdigest_gost3410_2012_256
+
+id_tc26_signwithdigest_gost3410_2012_512 = id_tc26_signwithdigest + (3,)
+
+id_tc26_signwithdigest_gost3410_12_512 = id_tc26_signwithdigest_gost3410_2012_512
+
+id_tc26_gost_3410_2012_256_paramSetA = id_tc26_gost_3410_2012_256_constants + (1,)
+
+id_tc26_gost_3410_2012_256_paramSetB = id_tc26_gost_3410_2012_256_constants + (2,)
+
+id_tc26_gost_3410_2012_256_paramSetC = id_tc26_gost_3410_2012_256_constants + (3,)
+
+id_tc26_gost_3410_2012_256_paramSetD = id_tc26_gost_3410_2012_256_constants + (4,)
+
+id_tc26_gost_3410_2012_512_paramSetTest = id_tc26_gost_3410_2012_512_constants + (0,)
+
+id_tc26_gost_3410_2012_512_paramSetA = id_tc26_gost_3410_2012_512_constants + (1,)
+
+id_tc26_gost_3410_2012_512_paramSetB = id_tc26_gost_3410_2012_512_constants + (2,)
+
+id_tc26_gost_3410_2012_512_paramSetC = id_tc26_gost_3410_2012_512_constants + (3,)
+
+
+class GostR3410_2012_256_PublicKey(univ.OctetString):
+    subtypeSpec = constraint.ValueSizeConstraint(64, 64)
+
+
+class GostR3410_2012_512_PublicKey(univ.OctetString):
+    subtypeSpec = constraint.ValueSizeConstraint(128, 128)
+
+
+class GostR3410_2012_PublicKey(univ.OctetString):
+    subtypeSpec = constraint.ConstraintsUnion(
+        constraint.ValueSizeConstraint(64, 64),
+        constraint.ValueSizeConstraint(128, 128)
+    )
+
+
+class GostR3410_2012_PublicKeyParameters(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('publicKeyParamSet', univ.ObjectIdentifier()),
+        namedtype.OptionalNamedType('digestParamSet', univ.ObjectIdentifier())
+    )
+
+
+# MODULE: RuStrongCertsSyntax { 1 2 643 7 1 0 6 }
+
+id_ca = univ.ObjectIdentifier((1, 2, 643, 3))
+
+id_fss = univ.ObjectIdentifier((1, 2, 643, 100))
+
+id_fns = id_ca + (131,)
+
+
+class OGRN(char.NumericString):
+    subtypeSpec = constraint.ValueSizeConstraint(13, 13)
+
+id_OGRN = id_fss + (1,)
+
+
+class SNILS(char.NumericString):
+    subtypeSpec = constraint.ValueSizeConstraint(11, 11)
+
+id_SNILS = id_fss + (3,)
+
+
+class OGRNIP(char.NumericString):
+    subtypeSpec = constraint.ValueSizeConstraint(15, 15)
+
+id_OGRNIP = id_fss + (5,)
+
+
+id_class = id_fss + (113,)
+
+id_class_kc1 = id_class + (1,)
+
+id_class_kc2 = id_class + (2,)
+
+id_class_kc3 = id_class + (3,)
+
+id_class_kb1 = id_class + (4,)
+
+id_class_kb2 = id_class + (5,)
+
+id_class_ka = id_class + (6,)
+
+
+class INN(char.NumericString):
+    subtypeSpec = constraint.ValueSizeConstraint(12, 12)
+
+id_INN = id_fns + (1, 1)
+
+
+class INNLE(char.NumericString):
+    subtypeSpec = constraint.ValueSizeConstraint(10, 10)
+
+id_INNLE = id_fss + (4,)
+
+
+class SubjectSignTool(char.UTF8String):
+    subtypeSpec = constraint.ValueSizeConstraint(1, 200)
+
+id_SubjectSignTool = id_fss + (111,)
+
+
+class IssuerSignTool(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('signTool',
+            char.UTF8String().subtype(
+                subtypeSpec=constraint.ValueSizeConstraint(1, 200))),
+        namedtype.NamedType('cATool',
+            char.UTF8String().subtype(
+                subtypeSpec=constraint.ValueSizeConstraint(1, 200))),
+        namedtype.NamedType('signToolCert',
+            char.UTF8String().subtype(
+                subtypeSpec=constraint.ValueSizeConstraint(1, 100))),
+        namedtype.NamedType('cAToolCert',
+            char.UTF8String().subtype(
+                subtypeSpec=constraint.ValueSizeConstraint(1, 100)))
+    )
+
+id_IssuerSignTool = id_fss + (112,)
+
+
+class IdentificationKind(univ.Integer):
+    namedValues = namedval.NamedValues(
+        ('personal', 0),
+        ('remote_cert', 1),
+        ('remote_passport', 2),
+        ('remote_system', 3)
+    )
+
+id_IdentificationKind = id_fss + (114,)
+
+
+# Update the Algorithm Identifier Map
+
+_algorithmIdentifierMapUpdate = {
+    id_tc26_gost3410_2012_256: GostR3410_2012_PublicKeyParameters(),
+    id_tc26_gost3410_2012_512: GostR3410_2012_PublicKeyParameters(),
+}
+
+algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)
+
+
+# Update the Certificate Attribute Map
+
+_certificateAttributesMapUpdate = {
+    id_INN: INN(),
+    id_INNLE: INNLE(),
+    id_OGRN: OGRN(),
+    id_OGRNIP: OGRNIP(),
+    id_SNILS: SNILS(),
+    id_IdentificationKind: IdentificationKind()
+}
+
+certificateAttributesMap.update(_certificateAttributesMapUpdate)
+
+
+# Update the Certificate Extension Map
+
+_certificateExtensionsMap = {
+    id_SubjectSignTool: SubjectSignTool(),
+    id_IssuerSignTool: IssuerSignTool(),
+}
+
+certificateExtensionsMap.update(_certificateExtensionsMap)

pyasn1_alt_modules/rfc9286.py

@@ -0,0 +1,78 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley from rfc6486.py, adding the permitted alphabet
+#   constraint to the file name.  Note that RFC 9286 obsoletes RFC 6486.
+# Modified by Russ Housley to apply eid7118.
+#
+# Copyright (c) 2022-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# RPKI Manifests
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc9286.txt
+# https://www.rfc-editor.org/errata/eid7118
+#
+
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import tag
+from pyasn1.type import useful
+from pyasn1.type import univ
+
+from pyasn1_alt_modules import opentypemap
+
+cmsContentTypesMap = opentypemap.get('cmsContentTypesMap')
+
+MAX = float('inf')
+
+
+id_smime = univ.ObjectIdentifier('1.2.840.113549.1.9.16')
+
+id_ct = id_smime + (1, )
+
+id_ct_rpkiManifest = id_ct + (26, )
+
+
+class FileAndHash(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('file', char.IA5String().subtype(subtypeSpec=
+            constraint.PermittedAlphabetConstraint('a', 'b', 'c', 'd', 'e',
+                'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q',
+                'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C',
+                'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O',
+                'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '0',
+                '1', '2', '3', '4', '5', '6', '7', '8', '9', '-', '_', '.'))),
+        namedtype.NamedType('hash', univ.BitString())
+    )
+
+
+class Manifest(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.DefaultedNamedType('version',
+            univ.Integer().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 0)).subtype(value=0)),
+        namedtype.NamedType('manifestNumber',
+            univ.Integer().subtype(
+                subtypeSpec=constraint.ValueRangeConstraint(0, MAX))),
+        namedtype.NamedType('thisUpdate',
+            useful.GeneralizedTime()),
+        namedtype.NamedType('nextUpdate',
+            useful.GeneralizedTime()),
+        namedtype.NamedType('fileHashAlg',
+            univ.ObjectIdentifier()),
+        namedtype.NamedType('fileList',
+            univ.SequenceOf(componentType=FileAndHash()).subtype(
+                subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
+    )
+
+
+# Update the CMS Content Types Map
+
+_cmsContentTypesMapUpdate = {
+    id_ct_rpkiManifest: Manifest(),
+}
+
+cmsContentTypesMap.update(_cmsContentTypesMapUpdate)

pyasn1_alt_modules/rfc9289.py

@@ -0,0 +1,22 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2022-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# Extended Key Usage values for RPC over TLS
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc9289.txt
+#
+
+from pyasn1.type import univ
+
+
+id_kp = univ.ObjectIdentifier('1.3.6.1.5.5.7.3')
+
+id_kp_rpcTLSClient = id_kp + (33,)
+
+id_kp_rpcTLSServer = id_kp + (34,)

pyasn1_alt_modules/rfc9310.py

@@ -0,0 +1,46 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2022-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# Certificate Extension for 5G Network Function Types
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc9310.txt
+#
+
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import univ
+
+from pyasn1_alt_modules import opentypemap
+
+certificateExtensionsMap = opentypemap.get('certificateExtensionsMap')
+
+MAX = float('inf')
+
+
+# NFTypes Certificate Extension
+
+class NFType(char.IA5String):
+    subtypeSpec = constraint.ValueSizeConstraint(1, 32)
+
+
+class NFTypes(univ.SequenceOf):
+    componentType = NFType()
+    subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+id_pe_nftype = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 1, 34))
+
+
+# Add to the map of Certificate Extensions
+
+_certificateExtensionsMap = {
+    id_pe_nftype: NFTypes(),
+}
+
+certificateExtensionsMap.update(_certificateExtensionsMap)

pyasn1_alt_modules/rfc9323.py

@@ -0,0 +1,129 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2022-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# RPKI Signed Checklist (RSC)
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc9323.txt
+#
+
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import tag
+from pyasn1.type import univ
+
+from pyasn1_alt_modules import rfc5652
+from pyasn1_alt_modules import rfc3779
+from pyasn1_alt_modules import opentypemap
+
+cmsContentTypesMap = opentypemap.get('cmsContentTypesMap')
+
+MAX = float('inf')
+
+
+# Imports from RFC 3779
+
+ASIdOrRange = rfc3779.ASIdOrRange
+
+IPAddressOrRange = rfc3779.IPAddressOrRange
+
+
+# Imports from RFC 5652
+
+Digest = rfc5652.Digest
+
+DigestAlgorithmIdentifier = rfc5652.DigestAlgorithmIdentifier
+
+
+# The RPKI Signed Checklist Content Type
+
+id_ct_signedChecklist = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.48')
+
+
+class ConstrainedIPAddressFamily(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('addressFamily', univ.OctetString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(2, 2))),
+        namedtype.NamedType('ipAddressChoice', univ.SequenceOf(
+            componentType=IPAddressOrRange()).subtype(
+                subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
+    )
+
+
+class ConstrainedASIdentifiers(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('asnum', univ.SequenceOf(
+            componentType=ASIdOrRange()).subtype(
+                subtypeSpec=constraint.ValueSizeConstraint(1, MAX)).subtype(
+                    explicitTag=tag.Tag(tag.tagClassContext,
+                        tag.tagFormatSimple, 0)))
+    )
+
+
+class ConstrainedIPAddrBlocks(univ.SequenceOf):
+    componentType = ConstrainedIPAddressFamily()
+    subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class ResourceBlock(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('asID',
+            ConstrainedASIdentifiers().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('ipAddrBlocks',
+            ConstrainedIPAddrBlocks().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+    subtypeSpec = constraint.ConstraintsUnion(
+        constraint.WithComponentsConstraint(
+            ('asID', constraint.ComponentPresentConstraint())),
+        constraint.WithComponentsConstraint(
+            ('ipAddrBlocks', constraint.ComponentPresentConstraint()))
+    )
+
+
+class PortableFilename(char.IA5String):
+    subtypeSpec = constraint.PermittedAlphabetConstraint(
+        'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l',
+        'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x',
+        'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',
+        'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V',
+        'W', 'X', 'Y', 'Z', '0', '1', '2', '3', '4', '5', '6', '7',
+        '8', '9', '.', '-', '_'
+    )
+
+
+class FileNameAndHash(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('fileName', PortableFilename()),
+        namedtype.NamedType('hash', Digest())
+    )
+
+
+class RpkiSignedChecklist(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.DefaultedNamedType('version', univ.Integer().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext,
+                tag.tagFormatSimple, 0)).subtype(value=0)),
+        namedtype.NamedType('resources', ResourceBlock()),
+        namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
+        namedtype.NamedType('checkList', univ.SequenceOf(
+            componentType=FileNameAndHash()).subtype(
+                subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
+    )
+
+
+# Update the CMS Content Type Map
+
+_cmsContentTypesMapUpdate = {
+    id_ct_signedChecklist: RpkiSignedChecklist(),
+}
+
+cmsContentTypesMap.update(_cmsContentTypesMapUpdate)

pyasn1_alt_modules/rfc9336.py

@@ -0,0 +1,20 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2022-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# Extended Key Usage (EKU) for Document Signing in X.509 Certificates
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc9336.txt
+#
+
+from pyasn1.type import univ
+
+
+id_kp = univ.ObjectIdentifier('1.3.6.1.5.5.7.3')
+
+id_kp_documentSigning = id_kp + (36,)

pyasn1_alt_modules/rfc9337.py

@@ -0,0 +1,74 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2022-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# GOST Algorithms with PKCS#5
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc9337.txt
+#
+
+from pyasn1.type import namedtype
+from pyasn1.type import univ
+
+from pyasn1_alt_modules import opentypemap
+
+algorithmIdentifierMap = opentypemap.get('algorithmIdentifierMap')
+
+
+# Object Identifiers
+
+id_tc26 = univ.ObjectIdentifier((1, 2, 643, 7, 1))
+
+id_tc26_algorithms = id_tc26 + (1,)
+
+id_tc26_mac = id_tc26_algorithms + (4,)
+
+id_tc26_hmac_gost3411_12_512 = id_tc26_mac + (2,)
+
+id_tc26_cipher = id_tc26_algorithms + (5,)
+
+id_tc26_cipher_gostr3412_2015_magma = id_tc26_cipher + (1,)
+
+id_tc26_cipher_gostr3412_2015_magma_ctracpkm = \
+    id_tc26_cipher_gostr3412_2015_magma + (1,)
+
+id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac = \
+    id_tc26_cipher_gostr3412_2015_magma + (2,)
+
+id_tc26_cipher_gostr3412_2015_kuznyechik = id_tc26_cipher + (2,)
+
+id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm = \
+    id_tc26_cipher_gostr3412_2015_kuznyechik + (1,)
+
+id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac = \
+    id_tc26_cipher_gostr3412_2015_kuznyechik + (2,)
+
+
+# Parameters
+
+class Gost3412_15_Encryption_Parameters(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('ukm', univ.OctetString())
+    )
+
+
+# Update the algorithm identifiers map
+
+_algorithmIdentifierMapUpdate = {
+    id_tc26_hmac_gost3411_12_512: univ.Null(),
+    id_tc26_cipher_gostr3412_2015_magma_ctracpkm: \
+        Gost3412_15_Encryption_Parameters(),
+    id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac: \
+        Gost3412_15_Encryption_Parameters(),
+    id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm: \
+        Gost3412_15_Encryption_Parameters(),
+    id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac: \
+        Gost3412_15_Encryption_Parameters(),
+}
+
+algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)

pyasn1_alt_modules/rfc9345.py

@@ -0,0 +1,36 @@
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2023-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# Delegated Credentials for TLS and DTLS
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc9345.txt
+
+from pyasn1.type import univ
+from pyasn1_alt_modules import opentypemap
+
+certificateExtensionsMap = opentypemap.get('certificateExtensionsMap')
+
+
+# DelegatedCredentialExtn
+
+class DelegationUsage(univ.Null):
+    pass
+
+
+id_cloudflare = univ.ObjectIdentifier((1, 3, 6, 1, 4, 1, 44363,))
+
+id_pe_delegationUsage = id_cloudflare + (44,)
+
+
+# Update the Certificate Extension Map
+
+_certificateExtensionsMapUpdate = {
+    id_pe_delegationUsage: DelegationUsage(),
+}
+
+certificateExtensionsMap.update(_certificateExtensionsMapUpdate)