pyasn1-alt-modules 0.4.5__py3-none-any.whl

pyasn1_alt_modules/rfc6482.py

@@ -0,0 +1,77 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+# Modified by Russ Housley to include the opentypemap manager.
+#
+# Copyright (c) 2019-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# RPKI Route Origin Authorizations (ROAs)
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc6482.txt
+# https://www.rfc-editor.org/errata/eid5881
+#
+
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import tag
+from pyasn1.type import univ
+
+from pyasn1_alt_modules import rfc5652
+from pyasn1_alt_modules import opentypemap
+
+cmsContentTypesMap = opentypemap.get('cmsContentTypesMap')
+
+MAX = float('inf')
+
+
+id_ct_routeOriginAuthz = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.24')
+
+
+class ASID(univ.Integer):
+    pass
+
+
+class IPAddress(univ.BitString):
+    pass
+
+
+class ROAIPAddress(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('address', IPAddress()),
+        namedtype.OptionalNamedType('maxLength', univ.Integer())
+    )
+
+
+class ROAIPAddressFamily(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('addressFamily',
+            univ.OctetString().subtype(
+                subtypeSpec=constraint.ValueSizeConstraint(2, 3))),
+        namedtype.NamedType('addresses',
+            univ.SequenceOf(componentType=ROAIPAddress()).subtype(
+                subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
+    )
+
+
+class RouteOriginAttestation(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.DefaultedNamedType('version',
+            univ.Integer().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 0)).subtype(value=0)),
+        namedtype.NamedType('asID', ASID()),
+        namedtype.NamedType('ipAddrBlocks',
+            univ.SequenceOf(componentType=ROAIPAddressFamily()).subtype(
+                subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
+    )
+
+
+# Update the CMS Content Types Map
+
+_cmsContentTypesMapUpdate = {
+    id_ct_routeOriginAuthz: RouteOriginAttestation(),
+}
+
+cmsContentTypesMap.update(_cmsContentTypesMapUpdate)

pyasn1_alt_modules/rfc6484.py

@@ -0,0 +1,17 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2020-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# RPKI Certificate Policy Identifier
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc6484.txt
+#
+
+from pyasn1.type import univ
+
+id_cp_ipAddr_asNumber = univ.ObjectIdentifier('1.3.6.1.5.5.7.14.2')

pyasn1_alt_modules/rfc6486.py

@@ -0,0 +1,70 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+# Modified by Russ Housley to include the opentypemap manager.
+#
+# Copyright (c) 2019-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# RPKI Manifests
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc6486.txt
+#
+
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import tag
+from pyasn1.type import useful
+from pyasn1.type import univ
+
+from pyasn1_alt_modules import opentypemap
+
+cmsContentTypesMap = opentypemap.get('cmsContentTypesMap')
+
+MAX = float('inf')
+
+
+id_smime = univ.ObjectIdentifier('1.2.840.113549.1.9.16')
+
+id_ct = id_smime + (1, )
+
+id_ct_rpkiManifest = id_ct + (26, )
+
+
+class FileAndHash(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('file', char.IA5String()),
+        namedtype.NamedType('hash', univ.BitString())
+    )
+
+
+class Manifest(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.DefaultedNamedType('version',
+            univ.Integer().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 0)).subtype(value=0)),
+        namedtype.NamedType('manifestNumber',
+            univ.Integer().subtype(
+                subtypeSpec=constraint.ValueRangeConstraint(0, MAX))),
+        namedtype.NamedType('thisUpdate',
+            useful.GeneralizedTime()),
+        namedtype.NamedType('nextUpdate',
+            useful.GeneralizedTime()),
+        namedtype.NamedType('fileHashAlg',
+            univ.ObjectIdentifier()),
+        namedtype.NamedType('fileList',
+            univ.SequenceOf(componentType=FileAndHash()).subtype(
+                subtypeSpec=constraint.ValueSizeConstraint(0, MAX)))
+    )
+
+
+# Update the CMS Content Types Map
+
+_cmsContentTypesMapUpdate = {
+    id_ct_rpkiManifest: Manifest(),
+}
+
+cmsContentTypesMap.update(_cmsContentTypesMapUpdate)

pyasn1_alt_modules/rfc6487.py

@@ -0,0 +1,22 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2019-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# Profile for X.509 PKIX Resource Certificates
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc6487.txt
+#
+
+from pyasn1.type import univ
+
+id_pkix = univ.ObjectIdentifier('1.3.6.1.5.5.7')
+
+id_ad = id_pkix + (48, )
+
+id_ad_rpkiManifest = id_ad + (10, )
+id_ad_signedObject = id_ad + (11, )

pyasn1_alt_modules/rfc6492.py

@@ -0,0 +1,41 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley.
+# Modified by Russ Housley to include the opentypemap manager.
+#
+# Copyright (c) 2021-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# A Protocol for Provisioning Resource Certificates
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc6492.txt
+#
+
+from pyasn1.type import univ
+
+from pyasn1_alt_modules import opentypemap
+
+cmsContentTypesMap = opentypemap.get('cmsContentTypesMap')
+
+
+# Content Type for Provisioning Resource Certificates
+
+id_smime = univ.ObjectIdentifier('1.2.840.113549.1.9.16')
+
+id_ct = id_smime + (1,)
+
+id_ct_xml = id_ct + (28,)
+
+class RPKIXMLProtocolObject(univ.OctetString):
+    pass
+
+
+# Update the CMS Content Types Map
+
+_cmsContentTypesMapUpdate = {
+    id_ct_xml: RPKIXMLProtocolObject(),
+}
+
+cmsContentTypesMap.update(_cmsContentTypesMapUpdate)

pyasn1_alt_modules/rfc6493.py

@@ -0,0 +1,24 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2021-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# RPKI Ghostbusters Record
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc6493.txt
+#
+
+from pyasn1.type import univ
+
+
+# Content Type for Ghostbusters Records
+
+id_ct_rpkiGhostbusters =univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.35')
+
+
+# There is no need for an entry in the CMS Content Type Map because
+# the vCard is carried directly in the CMS eContent OCTET STRING.

pyasn1_alt_modules/rfc6494.py

@@ -0,0 +1,23 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2020-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# Certificate Profile and Certificate Management for
+# SEcure Neighbor Discovery (SEND)
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc6494.txt
+#
+
+from pyasn1.type import univ
+
+id_kp = univ.ObjectIdentifier('1.3.6.1.5.5.7.3')
+
+id_kp_sendOwner = id_kp + (25, )
+id_kp_sendProxiedOwner = id_kp + (26, )
+id_kp_sendProxiedRouter = id_kp + (24, )
+id_kp_sendRouter = id_kp + (23, )

pyasn1_alt_modules/rfc6664.py

@@ -0,0 +1,151 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley with some assistance from asn1ate v.0.6.0.
+# Modified by Russ Housley to include the opentypemap manager.
+#
+# Copyright (c) 2019-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# S/MIME Capabilities for Public Key Definitions
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc6664.txt
+#
+
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import tag
+from pyasn1.type import univ
+
+from pyasn1_alt_modules import rfc5280
+from pyasn1_alt_modules import rfc5751
+from pyasn1_alt_modules import rfc5480
+from pyasn1_alt_modules import rfc4055
+from pyasn1_alt_modules import rfc3279
+from pyasn1_alt_modules import opentypemap
+
+smimeCapabilityMap = opentypemap.get('smimeCapabilityMap')
+
+MAX = float('inf')
+
+
+# Imports from RFC 5280
+
+AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
+
+
+# Imports from RFC 3279
+
+dhpublicnumber = rfc3279.dhpublicnumber
+
+Dss_Parms = rfc3279.Dss_Parms
+
+id_dsa = rfc3279.id_dsa
+
+id_ecPublicKey = rfc3279.id_ecPublicKey
+
+rsaEncryption = rfc3279.rsaEncryption
+
+
+# Imports from RFC 4055
+
+id_mgf1 = rfc4055.id_mgf1
+
+id_RSAES_OAEP = rfc4055.id_RSAES_OAEP
+
+id_RSASSA_PSS = rfc4055.id_RSASSA_PSS
+
+
+# Imports from RFC 5480
+
+ECParameters = rfc5480.ECParameters
+
+id_ecDH = rfc5480.id_ecDH
+
+id_ecMQV = rfc5480.id_ecMQV
+
+
+# RSA
+
+class RSAKeySize(univ.Integer):
+    # suggested values are 1024, 2048, 3072, 4096, 7680, 8192, and 15360;
+    # however, the integer value is not limited to these suggestions
+    pass
+
+
+class RSAKeyCapabilities(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('minKeySize', RSAKeySize()),
+        namedtype.OptionalNamedType('maxKeySize', RSAKeySize())
+    )
+
+
+class RsaSsa_Pss_sig_caps(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('hashAlg', AlgorithmIdentifier()),
+        namedtype.OptionalNamedType('maskAlg', AlgorithmIdentifier()),
+        namedtype.DefaultedNamedType('trailerField', univ.Integer().subtype(value=1))
+    )
+
+
+# Diffie-Hellman and DSA
+
+class DSAKeySize(univ.Integer):
+    subtypeSpec = constraint.SingleValueConstraint(1024, 2048, 3072, 7680, 15360)
+
+
+class DSAKeyCapabilities(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('keySizes', univ.Sequence(componentType=namedtype.NamedTypes(
+            namedtype.NamedType('minKeySize',
+                DSAKeySize()),
+            namedtype.OptionalNamedType('maxKeySize',
+                DSAKeySize()),
+            namedtype.OptionalNamedType('maxSizeP',
+                univ.Integer().subtype(explicitTag=tag.Tag(
+                    tag.tagClassContext, tag.tagFormatSimple, 1))),
+            namedtype.OptionalNamedType('maxSizeQ',
+                univ.Integer().subtype(explicitTag=tag.Tag(
+                    tag.tagClassContext, tag.tagFormatSimple, 2))),
+            namedtype.OptionalNamedType('maxSizeG',
+                univ.Integer().subtype(explicitTag=tag.Tag(
+                    tag.tagClassContext, tag.tagFormatSimple, 3)))
+        )).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('keyParams',
+            Dss_Parms().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatConstructed, 1)))
+    )
+
+
+# Elliptic Curve
+
+class EC_SMimeCaps(univ.SequenceOf):
+    componentType = ECParameters()
+    subtypeSpec=constraint.ValueSizeConstraint(1, MAX)
+
+
+# Update the SMIMECapabilities Attribute Map
+#
+# The map can either include an entry for scap-sa-rsaSSA-PSS or 
+# scap-pk-rsaSSA-PSS, but not both.  One is associated with the
+# public key and the other is associated with the signature
+# algorithm; however, they use the same OID.  If you need the
+# other one in your application, copy the map into a local dict,
+# adjust as needed, and pass the local dict to the decoder with
+# openTypes=your_local_map.
+
+_smimeCapabilityMapUpdate = {
+    rsaEncryption: RSAKeyCapabilities(),
+    id_RSASSA_PSS: RSAKeyCapabilities(),
+    # id_RSASSA_PSS: RsaSsa_Pss_sig_caps(),
+    id_RSAES_OAEP: RSAKeyCapabilities(),
+    id_dsa: DSAKeyCapabilities(),
+    dhpublicnumber: DSAKeyCapabilities(),
+    id_ecPublicKey: EC_SMimeCaps(),
+    id_ecDH: EC_SMimeCaps(),
+    id_ecMQV: EC_SMimeCaps(),
+    id_mgf1: AlgorithmIdentifier(),
+}
+
+smimeCapabilityMap.update(_smimeCapabilityMapUpdate)

pyasn1_alt_modules/rfc6955.py

@@ -0,0 +1,112 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley.
+# Modified by Russ Housley to include the opentypemap manager.
+#
+# Copyright (c) 2019-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# Diffie-Hellman Proof-of-Possession Algorithms
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc6955.txt
+#
+
+from pyasn1.type import namedtype
+from pyasn1.type import univ
+
+from pyasn1_alt_modules import rfc3279
+from pyasn1_alt_modules import rfc5280
+from pyasn1_alt_modules import rfc5652
+from pyasn1_alt_modules import opentypemap
+
+algorithmIdentifierMap = opentypemap.get('algorithmIdentifierMap')
+
+
+# Imports from RFC 5652
+
+MessageDigest = rfc5652.MessageDigest
+
+IssuerAndSerialNumber = rfc5652.IssuerAndSerialNumber
+
+
+# Imports from RFC 5280
+
+id_pkix = rfc5280.id_pkix
+
+
+# Imports from RFC 3279
+
+Dss_Sig_Value = rfc3279.Dss_Sig_Value
+
+DomainParameters = rfc3279.DomainParameters
+
+
+# Static DH Proof-of-Possession
+
+class DhSigStatic(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('issuerAndSerial', IssuerAndSerialNumber()),
+        namedtype.NamedType('hashValue', MessageDigest())
+    )
+
+
+# Object Identifiers
+
+id_dh_sig_hmac_sha1 = id_pkix + (6, 3, )
+
+id_dhPop_static_sha1_hmac_sha1 = univ.ObjectIdentifier(id_dh_sig_hmac_sha1)
+
+
+id_alg_dh_pop = id_pkix + (6, 4, )
+
+id_alg_dhPop_sha1 = univ.ObjectIdentifier(id_alg_dh_pop)
+
+id_alg_dhPop_sha224 = id_pkix + (6, 5, )
+
+id_alg_dhPop_sha256 = id_pkix + (6, 6, )
+
+id_alg_dhPop_sha384 = id_pkix + (6, 7, )
+
+id_alg_dhPop_sha512 = id_pkix + (6, 8, )
+
+
+id_alg_dhPop_static_sha224_hmac_sha224 = id_pkix + (6, 15, )
+
+id_alg_dhPop_static_sha256_hmac_sha256 = id_pkix + (6, 16, )
+
+id_alg_dhPop_static_sha384_hmac_sha384 = id_pkix + (6, 17, )
+
+id_alg_dhPop_static_sha512_hmac_sha512 = id_pkix + (6, 18, )
+
+
+id_alg_ecdhPop_static_sha224_hmac_sha224 = id_pkix + (6, 25, )
+
+id_alg_ecdhPop_static_sha256_hmac_sha256 = id_pkix + (6, 26, )
+
+id_alg_ecdhPop_static_sha384_hmac_sha384 = id_pkix + (6, 27, )
+
+id_alg_ecdhPop_static_sha512_hmac_sha512 = id_pkix + (6, 28, )
+
+
+# Update the Algorithm Identifier Map
+
+_algorithmIdentifierMapUpdate = {
+    id_alg_dh_pop: DomainParameters(),
+    id_alg_dhPop_sha224: DomainParameters(),
+    id_alg_dhPop_sha256: DomainParameters(),
+    id_alg_dhPop_sha384: DomainParameters(),
+    id_alg_dhPop_sha512: DomainParameters(),
+    id_dh_sig_hmac_sha1: univ.Null(""),
+    id_alg_dhPop_static_sha224_hmac_sha224: univ.Null(""),
+    id_alg_dhPop_static_sha256_hmac_sha256: univ.Null(""),
+    id_alg_dhPop_static_sha384_hmac_sha384: univ.Null(""),
+    id_alg_dhPop_static_sha512_hmac_sha512: univ.Null(""),
+    id_alg_ecdhPop_static_sha224_hmac_sha224: univ.Null(""),
+    id_alg_ecdhPop_static_sha256_hmac_sha256: univ.Null(""),
+    id_alg_ecdhPop_static_sha384_hmac_sha384: univ.Null(""),
+    id_alg_ecdhPop_static_sha512_hmac_sha512: univ.Null(""),
+}
+
+algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)