pyasn1-alt-modules 0.4.5__py3-none-any.whl

pyasn1_alt_modules/rfc7292.py

@@ -0,0 +1,359 @@
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley with assistance from the asn1ate tool.
+# Modified by Russ Housley to include the opentypemap manager.
+#
+# Copyright (c) 2019-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# PKCS #12: Personal Information Exchange Syntax v1.1
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc7292.txt
+# https://www.rfc-editor.org/errata_search.php?rfc=7292
+
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import opentype
+from pyasn1.type import tag
+from pyasn1.type import univ
+
+from pyasn1_alt_modules import rfc2315
+from pyasn1_alt_modules import rfc5652
+from pyasn1_alt_modules import rfc5958
+from pyasn1_alt_modules import opentypemap
+
+algorithmIdentifierMap = opentypemap.get('algorithmIdentifierMap')
+
+cmsAttributesMap = opentypemap.get('cmsAttributesMap')
+
+pkcs12BagTypeMap = opentypemap.get('pkcs12BagTypeMap')
+
+pkcs12CertBagMap = opentypemap.get('pkcs12CertBagMap')
+
+pkcs12CRLBagMap = opentypemap.get('pkcs12CRLBagMap')
+
+pkcs12SecretBagMap = opentypemap.get('pkcs12SecretBagMap')
+
+
+def _OID(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+
+    return univ.ObjectIdentifier(output)
+
+
+# Imports from RFC 2315, RFC 5652, and RFC 5958
+
+DigestInfo = rfc2315.DigestInfo
+
+
+ContentInfo = rfc5652.ContentInfo
+
+PKCS12Attribute = rfc5652.Attribute
+
+
+EncryptedPrivateKeyInfo = rfc5958.EncryptedPrivateKeyInfo
+
+PrivateKeyInfo = rfc5958.PrivateKeyInfo
+
+
+# CMSSingleAttribute is the same as Attribute in RFC 5652 except the attrValues
+# SET must have one and only one member
+
+class AttributeType(univ.ObjectIdentifier):
+    pass
+
+
+class AttributeValue(univ.Any):
+    pass
+
+
+class AttributeValues(univ.SetOf):
+    pass
+
+AttributeValues.componentType = AttributeValue()
+
+
+class CMSSingleAttribute(univ.Sequence):
+    pass
+
+CMSSingleAttribute.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('attrType', AttributeType()),
+    namedtype.NamedType('attrValues',
+        AttributeValues().subtype(sizeSpec=constraint.ValueSizeConstraint(1, 1)),
+        openType=opentype.OpenType('attrType', cmsAttributesMap)
+    )
+)
+
+
+# Object identifier arcs
+
+rsadsi = _OID(1, 2, 840, 113549)
+
+pkcs = _OID(rsadsi, 1)
+
+pkcs_9 = _OID(pkcs, 9)
+
+certTypes = _OID(pkcs_9, 22)
+
+crlTypes = _OID(pkcs_9, 23)
+
+pkcs_12 = _OID(pkcs, 12)
+
+
+# PBE Algorithm Identifiers and Parameters Structure
+
+pkcs_12PbeIds = _OID(pkcs_12, 1)
+
+pbeWithSHAAnd128BitRC4 = _OID(pkcs_12PbeIds, 1)
+
+pbeWithSHAAnd40BitRC4 = _OID(pkcs_12PbeIds, 2)
+
+pbeWithSHAAnd3_KeyTripleDES_CBC = _OID(pkcs_12PbeIds, 3)
+
+pbeWithSHAAnd2_KeyTripleDES_CBC = _OID(pkcs_12PbeIds, 4)
+
+pbeWithSHAAnd128BitRC2_CBC = _OID(pkcs_12PbeIds, 5)
+
+pbeWithSHAAnd40BitRC2_CBC = _OID(pkcs_12PbeIds, 6)
+
+
+class Pkcs_12PbeParams(univ.Sequence):
+    pass
+
+Pkcs_12PbeParams.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('salt', univ.OctetString()),
+    namedtype.NamedType('iterations', univ.Integer())
+)
+
+
+# Bag types
+
+bagtypes = _OID(pkcs_12, 10, 1)
+
+class BAG_TYPE(univ.Sequence):
+    pass
+
+BAG_TYPE.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('id', univ.ObjectIdentifier()),
+    namedtype.NamedType('unnamed1', univ.Any(),
+        openType=opentype.OpenType('attrType', pkcs12BagTypeMap)
+    )
+)
+
+
+id_keyBag = _OID(bagtypes, 1)
+
+class KeyBag(PrivateKeyInfo):
+    pass
+
+
+id_pkcs8ShroudedKeyBag = _OID(bagtypes, 2)
+
+class PKCS8ShroudedKeyBag(EncryptedPrivateKeyInfo):
+    pass
+
+
+id_certBag = _OID(bagtypes, 3)
+
+class CertBag(univ.Sequence):
+    pass
+
+CertBag.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('certId', univ.ObjectIdentifier()),
+    namedtype.NamedType('certValue',
+        univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)),
+        openType=opentype.OpenType('certId', pkcs12CertBagMap)
+    )
+)
+
+
+x509Certificate = CertBag()
+x509Certificate['certId'] = _OID(certTypes, 1)
+x509Certificate['certValue'] = univ.OctetString()
+# DER-encoded X.509 certificate stored in OCTET STRING
+
+
+sdsiCertificate = CertBag()
+sdsiCertificate['certId'] = _OID(certTypes, 2)
+sdsiCertificate['certValue'] = char.IA5String()
+# Base64-encoded SDSI certificate stored in IA5String
+
+
+id_CRLBag = _OID(bagtypes, 4)
+
+class CRLBag(univ.Sequence):
+    pass
+
+CRLBag.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('crlId', univ.ObjectIdentifier()),
+    namedtype.NamedType('crlValue',
+        univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)),
+                openType=opentype.OpenType('crlId', pkcs12CRLBagMap)
+    )
+)
+
+
+x509CRL = CRLBag()
+x509CRL['crlId'] = _OID(crlTypes, 1)
+x509CRL['crlValue'] = univ.OctetString()
+# DER-encoded X.509 CRL stored in OCTET STRING
+
+
+id_secretBag = _OID(bagtypes, 5)
+
+class SecretBag(univ.Sequence):
+    pass
+
+SecretBag.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('secretTypeId', univ.ObjectIdentifier()),
+    namedtype.NamedType('secretValue',
+        univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)),
+        openType=opentype.OpenType('secretTypeId', pkcs12SecretBagMap)
+    )
+)
+
+
+id_safeContentsBag = _OID(bagtypes, 6)
+
+class SafeBag(univ.Sequence):
+    pass
+
+SafeBag.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('bagId', univ.ObjectIdentifier()),
+    namedtype.NamedType('bagValue',
+        univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)),
+        openType=opentype.OpenType('bagId', pkcs12BagTypeMap)
+    ),
+    namedtype.OptionalNamedType('bagAttributes',
+        univ.SetOf(componentType=PKCS12Attribute())
+    )
+)
+
+
+class SafeContents(univ.SequenceOf):
+    pass
+
+SafeContents.componentType = SafeBag()
+
+
+# The PFX PDU
+
+class AuthenticatedSafe(univ.SequenceOf):
+    pass
+
+AuthenticatedSafe.componentType = ContentInfo()
+# Data if unencrypted
+# EncryptedData if password-encrypted
+# EnvelopedData if public key-encrypted
+
+
+class MacData(univ.Sequence):
+    pass
+
+MacData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('mac', DigestInfo()),
+    namedtype.NamedType('macSalt', univ.OctetString()),
+    namedtype.DefaultedNamedType('iterations', univ.Integer().subtype(value=1))
+    # Note: The default is for historical reasons and its use is deprecated
+)
+
+
+class PFX(univ.Sequence):
+    pass
+
+PFX.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version',
+        univ.Integer(namedValues=namedval.NamedValues(('v3', 3)))
+    ),
+    namedtype.NamedType('authSafe', ContentInfo()),
+    namedtype.OptionalNamedType('macData', MacData())
+)
+
+
+# Local key identifier (also defined as certificateAttribute in rfc2985.py)
+
+pkcs_9_at_localKeyId = _OID(pkcs_9, 21)
+
+localKeyId = CMSSingleAttribute()
+localKeyId['attrType'] = pkcs_9_at_localKeyId
+localKeyId['attrValues'][0] = univ.OctetString()
+
+
+# Friendly name (also defined as certificateAttribute in rfc2985.py)
+
+pkcs_9_ub_pkcs9String = univ.Integer(255)
+
+pkcs_9_ub_friendlyName = univ.Integer(pkcs_9_ub_pkcs9String)
+
+pkcs_9_at_friendlyName = _OID(pkcs_9, 20)
+
+class FriendlyName(char.BMPString):
+    pass
+
+FriendlyName.subtypeSpec = constraint.ValueSizeConstraint(1, pkcs_9_ub_friendlyName)
+
+
+friendlyName = CMSSingleAttribute()
+friendlyName['attrType'] = pkcs_9_at_friendlyName
+friendlyName['attrValues'][0] = FriendlyName()
+
+
+# Update the PKCS#12 maps
+
+_pkcs12BagTypeMap = {
+    id_keyBag: KeyBag(),
+    id_pkcs8ShroudedKeyBag: PKCS8ShroudedKeyBag(),
+    id_certBag: CertBag(),
+    id_CRLBag: CRLBag(),
+    id_secretBag: SecretBag(),
+    id_safeContentsBag: SafeBag(),
+}
+
+pkcs12BagTypeMap.update(_pkcs12BagTypeMap)
+
+
+_pkcs12CertBagMap = {
+    _OID(certTypes, 1): univ.OctetString(),
+    _OID(certTypes, 2): char.IA5String(),
+}
+
+pkcs12CertBagMap.update(_pkcs12CertBagMap)
+
+
+_pkcs12CRLBagMap = {
+    _OID(crlTypes, 1): univ.OctetString(),
+}
+
+pkcs12CRLBagMap.update(_pkcs12CRLBagMap)
+
+
+# Update the Algorithm Identifier map
+
+_algorithmIdentifierMapUpdate = {
+    pbeWithSHAAnd128BitRC4: Pkcs_12PbeParams(),
+    pbeWithSHAAnd40BitRC4: Pkcs_12PbeParams(),
+    pbeWithSHAAnd3_KeyTripleDES_CBC: Pkcs_12PbeParams(),
+    pbeWithSHAAnd2_KeyTripleDES_CBC: Pkcs_12PbeParams(),
+    pbeWithSHAAnd128BitRC2_CBC: Pkcs_12PbeParams(),
+    pbeWithSHAAnd40BitRC2_CBC: Pkcs_12PbeParams(),
+}
+
+algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)
+
+
+# Update the CMS Attribute map
+
+_cmsAttributesMapUpdate = {
+    pkcs_9_at_friendlyName: FriendlyName(),
+    pkcs_9_at_localKeyId: univ.OctetString(),
+}
+
+cmsAttributesMap.update(_cmsAttributesMapUpdate)

pyasn1_alt_modules/rfc7296.py

@@ -0,0 +1,32 @@
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2019-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# IKEv2 Certificate Bundle
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc7296.txt
+
+from pyasn1.type import namedtype
+from pyasn1.type import tag
+from pyasn1.type import univ
+
+from pyasn1_alt_modules import rfc5280
+
+
+class CertificateOrCRL(univ.Choice):
+    pass
+
+CertificateOrCRL.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('cert', rfc5280.Certificate().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('crl', rfc5280.CertificateList().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class CertificateBundle(univ.SequenceOf):
+    pass
+
+CertificateBundle.componentType = CertificateOrCRL()

pyasn1_alt_modules/rfc7508.py

@@ -0,0 +1,92 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+# Modified by Russ Housley to include the opentypemap manager.
+#
+# Copyright (c) 2019-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# Securing Header Fields with S/MIME
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc7508.txt
+# https://www.rfc-editor.org/errata/eid5875
+#
+
+import string
+
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import univ
+
+from pyasn1_alt_modules import opentypemap
+
+cmsAttributesMap = opentypemap.get('cmsAttributesMap')
+
+MAX = float('inf')
+
+
+class Algorithm(univ.Enumerated):
+    namedValues = namedval.NamedValues(
+        ('canonAlgorithmSimple', 0),
+        ('canonAlgorithmRelaxed', 1)
+    )
+
+
+class HeaderFieldStatus(univ.Integer):
+    namedValues = namedval.NamedValues(
+        ('duplicated', 0),
+        ('deleted', 1),
+        ('modified', 2)
+    )
+
+
+class HeaderFieldName(char.VisibleString):
+    subtypeSpec = (
+        constraint.PermittedAlphabetConstraint(*string.printable) -
+        constraint.PermittedAlphabetConstraint(':')
+    )
+
+
+class HeaderFieldValue(char.UTF8String):
+    pass
+
+
+class HeaderField(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('field-Name', HeaderFieldName()),
+        namedtype.NamedType('field-Value', HeaderFieldValue()),
+        namedtype.DefaultedNamedType('field-Status',
+            HeaderFieldStatus().subtype(value='duplicated'))
+    )
+
+
+class HeaderFields(univ.SequenceOf):
+    componentType = HeaderField()
+    subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class SecureHeaderFields(univ.Set):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('canonAlgorithm', Algorithm()),
+        namedtype.NamedType('secHeaderFields', HeaderFields())
+    )
+
+
+id_aa = univ.ObjectIdentifier((1, 2, 840, 113549, 1, 9, 16, 2, ))
+
+id_aa_secureHeaderFieldsIdentifier = id_aa + (55, )
+
+
+
+# Update the CMS Attribute Attributes Map
+
+_cmsAttributesMapUpdate = {
+    id_aa_secureHeaderFieldsIdentifier: SecureHeaderFields(),
+}
+
+cmsAttributesMap.update(_cmsAttributesMapUpdate)
+

pyasn1_alt_modules/rfc7585.py

@@ -0,0 +1,53 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley with some assistance from asn1ate v.0.6.0.
+# Modified by Russ Housley to include the opentypemap manager.
+#
+# Copyright (c) 2019-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# Network Access Identifier (NAI) Realm Name for Certificates
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc7585.txt
+#
+
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import univ
+
+from pyasn1_alt_modules import rfc5280
+from pyasn1_alt_modules import opentypemap
+
+otherNamesMap = opentypemap.get('otherNamesMap')
+
+
+# NAI Realm Name for Certificates
+
+id_pkix = univ.ObjectIdentifier('1.3.6.1.5.5.7')
+
+id_on = id_pkix + (8, )
+
+id_on_naiRealm = id_on + (8, )
+
+
+ub_naiRealm_length = univ.Integer(255)
+
+
+class NAIRealm(char.UTF8String):
+    subtypeSpec = constraint.ValueSizeConstraint(1, ub_naiRealm_length)
+
+
+naiRealm = rfc5280.AnotherName()
+naiRealm['type-id'] = id_on_naiRealm
+naiRealm['value'] = NAIRealm()
+
+
+# Update the Other Names Map
+
+_otherNamesMapUpdate = {
+    id_on_naiRealm: NAIRealm(),
+}
+
+otherNamesMap.update(_otherNamesMapUpdate)

pyasn1_alt_modules/rfc7633.py

@@ -0,0 +1,40 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley with some assistance from asn1ate v.0.6.0.
+# Modified by Russ Housley to include the opentypemap manager.
+#
+# Copyright (c) 2019-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# Transport Layer Security (TLS) Feature Certificate Extension
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc7633.txt
+#
+
+from pyasn1.type import univ
+
+from pyasn1_alt_modules import opentypemap
+
+certificateExtensionsMap = opentypemap.get('certificateExtensionsMap')
+
+
+# TLS Features Extension
+
+id_pe = univ.ObjectIdentifier('1.3.6.1.5.5.7.1')
+
+id_pe_tlsfeature = id_pe + (24, )
+
+
+class Features(univ.SequenceOf):
+    componentType = univ.Integer()
+
+
+# Update the Certificate Extensions Map
+
+_certificateExtensionsMapUpdate = {
+    id_pe_tlsfeature: Features(),
+}
+
+certificateExtensionsMap.update(_certificateExtensionsMapUpdate)

pyasn1_alt_modules/rfc7693.py

@@ -0,0 +1,66 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley.
+# Modified by Russ Housley to include the opentypemap manager and
+#   update the S/MIME Capability Map.
+#
+# Copyright (c) 2019-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# The BLAKE2 Cryptographic Hash and MAC
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc7693.txt
+#
+
+from pyasn1.type import univ
+
+from pyasn1_alt_modules import opentypemap
+
+algorithmIdentifierMap = opentypemap.get('algorithmIdentifierMap')
+
+smimeCapabilityMap = opentypemap.get('smimeCapabilityMap')
+
+
+# BLAKE2 Object Identifiers
+
+hashAlgs = univ.ObjectIdentifier('1.3.6.1.4.1.1722.12.2')
+
+blake2b = hashAlgs + (1, )
+
+id_blake2b160 = blake2b + (5, )
+
+id_blake2b256 = blake2b + (8, )
+
+id_blake2b384 = blake2b + (12, )
+
+id_blake2b512 = blake2b + (16, )
+
+blake2s = hashAlgs + (2, )
+
+id_blake2s128 = blake2s + (4, )
+
+id_blake2s160 = blake2s + (5, )
+
+id_blake2s224 = blake2s + (7, )
+
+id_blake2s256 = blake2s + (8, )
+
+
+# Update the Algorithm Identifier Map and the S/MIME Capability Map
+
+_algorithmIdentifierMapUpdate = {
+    id_blake2b160: univ.Null(),
+    id_blake2b256: univ.Null(),
+    id_blake2b384: univ.Null(),
+    id_blake2b512: univ.Null(),
+    id_blake2s128: univ.Null(),
+    id_blake2s160: univ.Null(),
+    id_blake2s224: univ.Null(),
+    id_blake2s256: univ.Null(),
+}
+
+algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)
+
+smimeCapabilityMap.update(_algorithmIdentifierMapUpdate)

pyasn1_alt_modules/rfc7773.py

@@ -0,0 +1,54 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley with some assistance from asn1ate v.0.6.0.
+# Modified by Russ Housley to include the opentypemap manager.
+#
+# Copyright (c) 2019-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# Authentication Context Certificate Extension
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc7773.txt
+#
+
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import univ
+
+from pyasn1_alt_modules import opentypemap
+
+certificateExtensionsMap = opentypemap.get('certificateExtensionsMap')
+
+MAX = float('inf')
+
+
+# Authentication Context Extension
+
+e_legnamnden = univ.ObjectIdentifier('1.2.752.201')
+
+id_eleg_ce = e_legnamnden + (5, )
+
+id_ce_authContext = id_eleg_ce + (1, )
+
+
+class AuthenticationContext(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('contextType', char.UTF8String()),
+        namedtype.OptionalNamedType('contextInfo', char.UTF8String())
+    )
+
+class AuthenticationContexts(univ.SequenceOf):
+    componentType = AuthenticationContext()
+    subtypeSpec=constraint.ValueSizeConstraint(1, MAX)
+
+
+# Update the Certificate Extensions Map
+
+_certificateExtensionsMapUpdate = {
+    id_ce_authContext: AuthenticationContexts(),
+}
+
+certificateExtensionsMap.update(_certificateExtensionsMapUpdate)