• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# This file is being contributed to pyasn1-modules software.
2#
3# Created by Russ Housley with assistance from the asn1ate tool, with manual
4#   changes to AES_CCM_ICVlen.subtypeSpec and added comments
5#
6# Copyright (c) 2018-2019, Vigil Security, LLC
7# License: http://snmplabs.com/pyasn1/license.html
8#
9#  AES-CCM and AES-GCM Algorithms fo use with the Authenticated-Enveloped-Data
10#  protecting content type for the Cryptographic Message Syntax (CMS)
11#
12# ASN.1 source from:
13# https://www.rfc-editor.org/rfc/rfc5084.txt
14
15from pyasn1.type import constraint
16from pyasn1.type import namedtype
17from pyasn1.type import univ
18
19from pyasn1_modules import rfc5280
20
21
22def _OID(*components):
23    output = []
24    for x in tuple(components):
25        if isinstance(x, univ.ObjectIdentifier):
26            output.extend(list(x))
27        else:
28            output.append(int(x))
29
30    return univ.ObjectIdentifier(output)
31
32
33class AES_CCM_ICVlen(univ.Integer):
34    pass
35
36
37class AES_GCM_ICVlen(univ.Integer):
38    pass
39
40
41AES_CCM_ICVlen.subtypeSpec = constraint.SingleValueConstraint(4, 6, 8, 10, 12, 14, 16)
42
43AES_GCM_ICVlen.subtypeSpec = constraint.ValueRangeConstraint(12, 16)
44
45
46class CCMParameters(univ.Sequence):
47    pass
48
49
50CCMParameters.componentType = namedtype.NamedTypes(
51    namedtype.NamedType('aes-nonce', univ.OctetString().subtype(subtypeSpec=constraint.ValueSizeConstraint(7, 13))),
52    # The aes-nonce parameter contains 15-L octets, where L is the size of the length field. L=8 is RECOMMENDED.
53    # Within the scope of any content-authenticated-encryption key, the nonce value MUST be unique.
54    namedtype.DefaultedNamedType('aes-ICVlen', AES_CCM_ICVlen().subtype(value=12))
55)
56
57
58class GCMParameters(univ.Sequence):
59    pass
60
61
62GCMParameters.componentType = namedtype.NamedTypes(
63    namedtype.NamedType('aes-nonce', univ.OctetString()),
64    # The aes-nonce may have any number of bits between 8 and 2^64, but it MUST be a multiple of 8 bits.
65    # Within the scope of any content-authenticated-encryption key, the nonce value MUST be unique.
66    # A nonce value of 12 octets can be processed more efficiently, so that length is RECOMMENDED.
67    namedtype.DefaultedNamedType('aes-ICVlen', AES_GCM_ICVlen().subtype(value=12))
68)
69
70aes = _OID(2, 16, 840, 1, 101, 3, 4, 1)
71
72id_aes128_CCM = _OID(aes, 7)
73
74id_aes128_GCM = _OID(aes, 6)
75
76id_aes192_CCM = _OID(aes, 27)
77
78id_aes192_GCM = _OID(aes, 26)
79
80id_aes256_CCM = _OID(aes, 47)
81
82id_aes256_GCM = _OID(aes, 46)
83
84
85# Map of Algorithm Identifier OIDs to Parameters is added to the
86# ones in rfc5280.py
87
88_algorithmIdentifierMapUpdate = {
89    id_aes128_CCM: CCMParameters(),
90    id_aes128_GCM: GCMParameters(),
91    id_aes192_CCM: CCMParameters(),
92    id_aes192_GCM: GCMParameters(),
93    id_aes256_CCM: CCMParameters(),
94    id_aes256_GCM: GCMParameters(),
95}
96
97rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)
98