rfc2634.py 9.2 KB
#
# This file is part of pyasn1-modules software.
#
# Created by Russ Housley with assistance from asn1ate v.0.6.0.
# Modified by Russ Housley to add a map for use with opentypes.
#
# Copyright (c) 2019, Vigil Security, LLC
# License: http://snmplabs.com/pyasn1/license.html
#
# Enhanced Security Services for S/MIME
#
# ASN.1 source from:
# https://www.rfc-editor.org/rfc/rfc2634.txt
#

from pyasn1.type import char
from pyasn1.type import constraint
from pyasn1.type import namedval
from pyasn1.type import namedtype
from pyasn1.type import tag
from pyasn1.type import univ
from pyasn1.type import useful

from pyasn1_modules import rfc5652
from pyasn1_modules import rfc5280

MAX = float('inf')

ContentType = rfc5652.ContentType

IssuerAndSerialNumber = rfc5652.IssuerAndSerialNumber

SubjectKeyIdentifier = rfc5652.SubjectKeyIdentifier

PolicyInformation = rfc5280.PolicyInformation

GeneralNames = rfc5280.GeneralNames

CertificateSerialNumber = rfc5280.CertificateSerialNumber


# Signing Certificate Attribute
# Warning: It is better to use SigningCertificateV2 from RFC 5035

id_aa_signingCertificate = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.12')

class Hash(univ.OctetString):
    pass  # SHA-1 hash of entire certificate; RFC 5035 supports other hash algorithms


class IssuerSerial(univ.Sequence):
    pass

IssuerSerial.componentType = namedtype.NamedTypes(
    namedtype.NamedType('issuer', GeneralNames()),
    namedtype.NamedType('serialNumber', CertificateSerialNumber())
)


class ESSCertID(univ.Sequence):
    pass

ESSCertID.componentType = namedtype.NamedTypes(
    namedtype.NamedType('certHash', Hash()),
    namedtype.OptionalNamedType('issuerSerial', IssuerSerial())
)


class SigningCertificate(univ.Sequence):
    pass

SigningCertificate.componentType = namedtype.NamedTypes(
    namedtype.NamedType('certs', univ.SequenceOf(
        componentType=ESSCertID())),
    namedtype.OptionalNamedType('policies', univ.SequenceOf(
        componentType=PolicyInformation()))
)


# Mail List Expansion History Attribute

id_aa_mlExpandHistory = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.3')

ub_ml_expansion_history = univ.Integer(64)


class EntityIdentifier(univ.Choice):
    pass

EntityIdentifier.componentType = namedtype.NamedTypes(
    namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
    namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier())
)


class MLReceiptPolicy(univ.Choice):
    pass

MLReceiptPolicy.componentType = namedtype.NamedTypes(
    namedtype.NamedType('none', univ.Null().subtype(implicitTag=tag.Tag(
        tag.tagClassContext, tag.tagFormatSimple, 0))),
    namedtype.NamedType('insteadOf', univ.SequenceOf(
        componentType=GeneralNames()).subtype(
        sizeSpec=constraint.ValueSizeConstraint(1, MAX)).subtype(
        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
    namedtype.NamedType('inAdditionTo', univ.SequenceOf(
        componentType=GeneralNames()).subtype(
        sizeSpec=constraint.ValueSizeConstraint(1, MAX)).subtype(
        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
)


class MLData(univ.Sequence):
    pass

MLData.componentType = namedtype.NamedTypes(
    namedtype.NamedType('mailListIdentifier', EntityIdentifier()),
    namedtype.NamedType('expansionTime', useful.GeneralizedTime()),
    namedtype.OptionalNamedType('mlReceiptPolicy', MLReceiptPolicy())
)

class MLExpansionHistory(univ.SequenceOf):
    pass

MLExpansionHistory.componentType = MLData()
MLExpansionHistory.sizeSpec = constraint.ValueSizeConstraint(1, ub_ml_expansion_history)


# ESS Security Label Attribute

id_aa_securityLabel = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.2')

ub_privacy_mark_length = univ.Integer(128)

ub_security_categories = univ.Integer(64)

ub_integer_options = univ.Integer(256)


class ESSPrivacyMark(univ.Choice):
    pass

ESSPrivacyMark.componentType = namedtype.NamedTypes(
    namedtype.NamedType('pString', char.PrintableString().subtype(
        subtypeSpec=constraint.ValueSizeConstraint(1, ub_privacy_mark_length))),
    namedtype.NamedType('utf8String', char.UTF8String().subtype(
        subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
)


class SecurityClassification(univ.Integer):
    pass

SecurityClassification.subtypeSpec=constraint.ValueRangeConstraint(0, ub_integer_options)

SecurityClassification.namedValues = namedval.NamedValues(
    ('unmarked', 0),
    ('unclassified', 1),
    ('restricted', 2),
    ('confidential', 3),
    ('secret', 4),
    ('top-secret', 5)
)


class SecurityPolicyIdentifier(univ.ObjectIdentifier):
    pass


class SecurityCategory(univ.Sequence):
    pass

SecurityCategory.componentType = namedtype.NamedTypes(
    namedtype.NamedType('type', univ.ObjectIdentifier().subtype(
        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
    namedtype.NamedType('value', univ.Any().subtype(implicitTag=tag.Tag(
        tag.tagClassContext, tag.tagFormatSimple, 1)))
)


class SecurityCategories(univ.SetOf):
    pass

SecurityCategories.componentType = SecurityCategory()
SecurityCategories.sizeSpec = constraint.ValueSizeConstraint(1, ub_security_categories)


class ESSSecurityLabel(univ.Set):
    pass

ESSSecurityLabel.componentType = namedtype.NamedTypes(
    namedtype.NamedType('security-policy-identifier', SecurityPolicyIdentifier()),
    namedtype.OptionalNamedType('security-classification', SecurityClassification()),
    namedtype.OptionalNamedType('privacy-mark', ESSPrivacyMark()),
    namedtype.OptionalNamedType('security-categories', SecurityCategories())
)


# Equivalent Labels Attribute

id_aa_equivalentLabels = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.9')

class EquivalentLabels(univ.SequenceOf):
    pass

EquivalentLabels.componentType = ESSSecurityLabel()


# Content Identifier Attribute

id_aa_contentIdentifier = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.7')

class ContentIdentifier(univ.OctetString):
    pass


# Content Reference Attribute

id_aa_contentReference = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.10')

class ContentReference(univ.Sequence):
    pass

ContentReference.componentType = namedtype.NamedTypes(
    namedtype.NamedType('contentType', ContentType()),
    namedtype.NamedType('signedContentIdentifier', ContentIdentifier()),
    namedtype.NamedType('originatorSignatureValue', univ.OctetString())
)


# Message Signature Digest Attribute

id_aa_msgSigDigest = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.5')

class MsgSigDigest(univ.OctetString):
    pass


# Content Hints Attribute

id_aa_contentHint = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.4')

class ContentHints(univ.Sequence):
    pass

ContentHints.componentType = namedtype.NamedTypes(
    namedtype.OptionalNamedType('contentDescription', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
    namedtype.NamedType('contentType', ContentType())
)


# Receipt Request Attribute

class AllOrFirstTier(univ.Integer):
    pass

AllOrFirstTier.namedValues = namedval.NamedValues(
    ('allReceipts', 0),
    ('firstTierRecipients', 1)
)


class ReceiptsFrom(univ.Choice):
    pass

ReceiptsFrom.componentType = namedtype.NamedTypes(
    namedtype.NamedType('allOrFirstTier', AllOrFirstTier().subtype(
        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
    namedtype.NamedType('receiptList', univ.SequenceOf(
        componentType=GeneralNames()).subtype(implicitTag=tag.Tag(
        tag.tagClassContext, tag.tagFormatSimple, 1)))
)


id_aa_receiptRequest = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.1')

ub_receiptsTo = univ.Integer(16)

class ReceiptRequest(univ.Sequence):
    pass

ReceiptRequest.componentType = namedtype.NamedTypes(
    namedtype.NamedType('signedContentIdentifier', ContentIdentifier()),
    namedtype.NamedType('receiptsFrom', ReceiptsFrom()),
    namedtype.NamedType('receiptsTo', univ.SequenceOf(componentType=GeneralNames()).subtype(sizeSpec=constraint.ValueSizeConstraint(1, ub_receiptsTo)))
)

# Receipt Content Type

class ESSVersion(univ.Integer):
    pass

ESSVersion.namedValues = namedval.NamedValues(
    ('v1', 1)
)


id_ct_receipt = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.1')

class Receipt(univ.Sequence):
    pass

Receipt.componentType = namedtype.NamedTypes(
    namedtype.NamedType('version', ESSVersion()),
    namedtype.NamedType('contentType', ContentType()),
    namedtype.NamedType('signedContentIdentifier', ContentIdentifier()),
    namedtype.NamedType('originatorSignatureValue', univ.OctetString())
)


# Map of Attribute Type to the Attribute structure is added to the
# ones that are in rfc5652.py

_cmsAttributesMapUpdate = {
    id_aa_signingCertificate: SigningCertificate(),
    id_aa_mlExpandHistory: MLExpansionHistory(),
    id_aa_securityLabel: ESSSecurityLabel(),
    id_aa_equivalentLabels: EquivalentLabels(),
    id_aa_contentIdentifier: ContentIdentifier(),
    id_aa_contentReference: ContentReference(),
    id_aa_msgSigDigest: MsgSigDigest(),
    id_aa_contentHint: ContentHints(),
    id_aa_receiptRequest: ReceiptRequest(),
}

rfc5652.cmsAttributesMap.update(_cmsAttributesMapUpdate)


# Map of Content Type OIDs to Content Types is added to the
# ones that are in rfc5652.py

_cmsContentTypesMapUpdate = {
    id_ct_receipt: Receipt(),
}

rfc5652.cmsContentTypesMap.update(_cmsContentTypesMapUpdate)