Algorithm identifier structures and parameters for cryptographic operations. This module provides ASN.1 structures for identifying and parameterizing various cryptographic algorithms including digest algorithms, signature algorithms, encryption algorithms, key derivation functions, and MAC algorithms.
Base structures for identifying cryptographic algorithms and their parameters.
class AlgorithmIdentifier(core.Sequence):
"""
Generic algorithm identifier structure.
Used throughout cryptographic standards to identify algorithms
and provide their parameters.
Structure:
algorithm: OBJECT IDENTIFIER - Algorithm OID
parameters: ANY OPTIONAL - Algorithm-specific parameters
"""
@property
def algorithm(self):
"""Get the algorithm OID as a string."""
@property
def parameters(self):
"""Get the algorithm parameters."""
class AnyAlgorithmIdentifier(core.Choice):
"""
Choice type for any algorithm identifier.
Can represent digest, signature, encryption, KDF, or MAC algorithms.
"""Algorithm identifiers for cryptographic hash functions.
class DigestAlgorithm(core.Choice):
"""
Digest algorithm identifier.
Supports common hash algorithms:
- MD2, MD4, MD5
- SHA-1, SHA-224, SHA-256, SHA-384, SHA-512
- SHA-512/224, SHA-512/256
- SHA3-224, SHA3-256, SHA3-384, SHA3-512
"""
@property
def algorithm(self):
"""Get the digest algorithm name."""
class DigestInfo(core.Sequence):
"""
Digest information structure combining algorithm and digest value.
Structure:
digestAlgorithm: DigestAlgorithm
digest: OCTET STRING - The computed digest
"""
@property
def digest_algorithm(self):
"""Get the digest algorithm identifier."""
@property
def digest(self):
"""Get the digest value as bytes."""Algorithm identifiers for digital signature algorithms.
class SignedDigestAlgorithm(core.Choice):
"""
Signed digest algorithm identifier.
Supports signature algorithms:
- RSA with various digest algorithms (PKCS#1 v1.5)
- RSA-PSS with parameters
- DSA with SHA variants
- ECDSA with SHA variants
- EdDSA (Ed25519, Ed448)
"""
@property
def algorithm(self):
"""Get the signature algorithm name."""
@property
def hash_algorithm(self):
"""Get the associated hash algorithm."""
class DSASignature(core.Sequence):
"""
DSA signature structure.
Structure:
r: INTEGER - First signature component
s: INTEGER - Second signature component
"""
@property
def r(self):
"""Get the r component of the signature."""
@property
def s(self):
"""Get the s component of the signature."""Algorithm identifiers for symmetric and asymmetric encryption.
class EncryptionAlgorithm(core.Choice):
"""
Encryption algorithm identifier.
Supports encryption algorithms:
- RSA encryption (PKCS#1 v1.5, OAEP)
- Symmetric algorithms (AES, DES, 3DES, RC2, RC4, RC5)
- Block cipher modes (CBC, ECB, OFB, CFB, GCM)
"""
@property
def algorithm(self):
"""Get the encryption algorithm name."""
@property
def key_size(self):
"""Get the key size in bits (if determinable)."""Algorithm identifiers for key derivation functions.
class KdfAlgorithm(core.Choice):
"""
Key derivation function algorithm identifier.
Supports KDF algorithms:
- PBKDF2 with various PRF functions
- PKCS#12 key derivation
- PKCS#5 PBES1/PBES2
"""
@property
def algorithm(self):
"""Get the KDF algorithm name."""
class Pbkdf2Params(core.Sequence):
"""
PBKDF2 algorithm parameters.
Structure:
salt: Salt value (OCTET STRING or AlgorithmIdentifier)
iterationCount: INTEGER - Number of iterations
keyLength: INTEGER OPTIONAL - Derived key length
prf: AlgorithmIdentifier OPTIONAL - Pseudorandom function
"""
@property
def salt(self):
"""Get the salt value."""
@property
def iteration_count(self):
"""Get the iteration count."""
@property
def key_length(self):
"""Get the derived key length."""
@property
def prf(self):
"""Get the pseudorandom function."""Algorithm identifiers for message authentication codes.
class HmacAlgorithm(core.Choice):
"""
HMAC algorithm identifier.
Supports HMAC with various hash functions:
- HMAC-MD5, HMAC-SHA1
- HMAC-SHA224, HMAC-SHA256, HMAC-SHA384, HMAC-SHA512
"""
@property
def algorithm(self):
"""Get the HMAC algorithm name."""
@property
def hash_algorithm(self):
"""Get the underlying hash algorithm."""
class Pkcs5MacAlgorithm(core.Choice):
"""
PKCS#5 MAC algorithm identifier.
Used in password-based encryption schemes.
"""
class Pkcs12MacAlgorithm(core.Choice):
"""
PKCS#12 MAC algorithm identifier.
Used in PKCS#12 key/certificate storage.
"""Specific parameter structures for various algorithms.
class RSASSAPSSParams(core.Sequence):
"""
RSA-PSS signature algorithm parameters.
Structure:
hashAlgorithm: Hash algorithm (default SHA-1)
maskGenAlgorithm: Mask generation function (default MGF1)
saltLength: Salt length (default 20)
trailerField: Trailer field (default 1)
"""
@property
def hash_algorithm(self):
"""Get the hash algorithm."""
@property
def mask_gen_algorithm(self):
"""Get the mask generation algorithm."""
@property
def salt_length(self):
"""Get the salt length."""
class RSAESOAEPParams(core.Sequence):
"""
RSA-OAEP encryption algorithm parameters.
Structure:
hashAlgorithm: Hash algorithm (default SHA-1)
maskGenAlgorithm: Mask generation function (default MGF1)
pSourceAlgorithm: Encoding parameters source (default empty)
"""
@property
def hash_algorithm(self):
"""Get the hash algorithm."""
@property
def mask_gen_algorithm(self):
"""Get the mask generation algorithm."""
@property
def p_source_algorithm(self):
"""Get the encoding parameters source."""
class Pbes1Params(core.Sequence):
"""
PBES1 (PKCS#5 v1.5) password-based encryption parameters.
Structure:
salt: OCTET STRING - 8-byte salt
iterationCount: INTEGER - Iteration count
"""
@property
def salt(self):
"""Get the salt value."""
@property
def iteration_count(self):
"""Get the iteration count."""
class Pbes2Params(core.Sequence):
"""
PBES2 (PKCS#5 v2.0) password-based encryption parameters.
Structure:
keyDerivationFunc: Key derivation function
encryptionScheme: Encryption algorithm
"""
@property
def key_derivation_func(self):
"""Get the key derivation function."""
@property
def encryption_scheme(self):
"""Get the encryption algorithm."""
class Pbmac1Params(core.Sequence):
"""
PBMAC1 password-based message authentication parameters.
Structure:
keyDerivationFunc: Key derivation function
messageAuthScheme: MAC algorithm
"""
@property
def key_derivation_func(self):
"""Get the key derivation function."""
@property
def message_auth_scheme(self):
"""Get the MAC algorithm."""from asn1crypto import algos
# Create a SHA-256 digest algorithm identifier
sha256_algo = algos.DigestAlgorithm('sha256')
print(sha256_algo.algorithm) # 'sha256'
# Create RSA with SHA-256 signature algorithm
rsa_sha256 = algos.SignedDigestAlgorithm('rsassa_pkcs1v15')
print(rsa_sha256.algorithm) # 'rsassa_pkcs1v15'
print(rsa_sha256.hash_algorithm) # 'sha256'
# Load algorithm from DER data
algo_der = b'\\x30\\x0b\\x06\\x09\\x60\\x86\\x48\\x01\\x65\\x03\\x04\\x02\\x01'
loaded_algo = algos.DigestAlgorithm.load(algo_der)
print(loaded_algo.algorithm) # 'sha256'from asn1crypto import algos
# Create RSA-PSS parameters
pss_params = algos.RSASSAPSSParams({
'hash_algorithm': algos.DigestAlgorithm('sha256'),
'mask_gen_algorithm': {
'algorithm': 'mgf1',
'parameters': algos.DigestAlgorithm('sha256')
},
'salt_length': 32,
'trailer_field': 1
})
print(pss_params.hash_algorithm.algorithm) # 'sha256'
print(pss_params.salt_length) # 32from asn1crypto import algos
import os
# Create PBKDF2 parameters
pbkdf2_params = algos.Pbkdf2Params({
'salt': os.urandom(16),
'iteration_count': 10000,
'key_length': 32,
'prf': algos.HmacAlgorithm('sha256')
})
print(pbkdf2_params.iteration_count) # 10000
print(pbkdf2_params.key_length) # 32
print(len(pbkdf2_params.salt)) # 16from asn1crypto import algos
# Create DSA signature structure
signature = algos.DSASignature({
'r': 0x123456789abcdef,
's': 0xfedcba987654321
})
print(hex(signature.r)) # '0x123456789abcdef'
print(hex(signature.s)) # '0xfedcba987654321'
# Serialize signature
sig_der = signature.dump()The module provides comprehensive support for cryptographic algorithms used in: