CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place. Commercial Alternative to JupyterHub.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/lib/rex/proto/crypto_asn1/cms.rb
Views: 18091
1
module Rex::Proto::CryptoAsn1::Cms

2
  class Attribute < RASN1::Model

3
    sequence :attribute,

4
             content: [objectid(:attribute_type),

5
                       set_of(:attribute_values, RASN1::Types::Any)

6
    ]

7
  end

8


9
  class Certificate

10
    # Rather than specifying the entire structure of a certificate, we pass this off

11
    # to OpenSSL, effectively providing an interface between RASN and OpenSSL.

12


13
    attr_accessor :options

14


15
    def initialize(options={})

16
      self.options = options

17
    end

18


19
    def to_der

20
      self.options[:openssl_certificate]&.to_der || ''

21
    end

22


23
    # RASN1 Glue method - Say if DER can be built (not default value, not optional without value, has a value)

24
    # @return [Boolean]

25
    # @since 0.12

26
    def can_build?

27
      !to_der.empty?

28
    end

29


30
    # RASN1 Glue method

31
    def primitive?

32
      false

33
    end

34


35
    # RASN1 Glue method

36
    def value

37
      options[:openssl_certificate]

38
    end

39


40
    def parse!(str, ber: false)

41
      self.options[:openssl_certificate] = OpenSSL::X509::Certificate.new(str)

42
      to_der.length

43
    end

44
  end

45


46
  class AlgorithmIdentifier < RASN1::Model

47
    sequence :algorithm_identifier,

48
             content: [objectid(:algorithm),

49
                       any(:parameters, optional: true)

50
    ]

51
  end

52


53
  class KeyDerivationAlgorithmIdentifier < AlgorithmIdentifier

54
  end

55


56
  class KeyEncryptionAlgorithmIdentifier < AlgorithmIdentifier

57
  end

58


59
  class ContentEncryptionAlgorithmIdentifier < AlgorithmIdentifier

60
  end

61


62
  class OriginatorInfo < RASN1::Model

63
    sequence :originator_info,

64
             content: [set_of(:certs, Certificate, implicit: 0, optional: true),

65
                       # CRLs - not implemented

66
                       ]

67
  end

68


69
  class ContentType < RASN1::Types::ObjectId

70
  end

71


72
  class EncryptedContent < RASN1::Types::OctetString

73
  end

74


75
  class EncryptedContentInfo < RASN1::Model

76
    sequence :encrypted_content_info,

77
             content: [model(:content_type, ContentType),

78
                       model(:content_encryption_algorithm, ContentEncryptionAlgorithmIdentifier),

79
                       wrapper(model(:encrypted_content, EncryptedContent), implicit: 0, optional: true)

80
                       ]

81
  end

82


83
  class Name

84
    # Rather than specifying the entire structure of a name, we pass this off

85
    # to OpenSSL, effectively providing an interface between RASN and OpenSSL.

86
    attr_accessor :value

87


88
    def initialize(options={})

89
    end

90


91
    def parse!(str, ber: false)

92
      self.value = OpenSSL::X509::Name.new(str)

93
      to_der.length

94
    end

95


96
    def to_der

97
      self.value.to_der

98
    end

99
  end

100


101
  class IssuerAndSerialNumber < RASN1::Model

102
    sequence :signer_identifier,

103
             content: [model(:issuer, Name),

104
                       integer(:serial_number)

105
    ]

106
  end

107


108
  class CmsVersion < RASN1::Types::Integer

109
  end

110


111
  class SubjectKeyIdentifier < RASN1::Types::OctetString

112
  end

113


114
  class UserKeyingMaterial < RASN1::Types::OctetString

115
  end

116


117
  class RecipientIdentifier < RASN1::Model

118
    choice :recipient_identifier,

119
           content: [model(:issuer_and_serial_number, IssuerAndSerialNumber),

120
                     wrapper(model(:subject_key_identifier, SubjectKeyIdentifier), implicit: 0)]

121
  end

122


123
  class EncryptedKey < RASN1::Types::OctetString

124
  end

125


126
  class OtherKeyAttribute < RASN1::Model

127
    sequence :other_key_attribute,

128
             content: [objectid(:key_attr_id),

129
                       any(:key_attr, optional: true)

130
                      ]

131
  end

132


133
  class RecipientKeyIdentifier < RASN1::Model

134
    sequence :recipient_key_identifier,

135
             content: [model(:subject_key_identifier, SubjectKeyIdentifier),

136
                       generalized_time(:date, optional: true),

137
                       wrapper(model(:other, OtherKeyAttribute), optional: true)

138
                      ]

139


140
  end

141


142
  class KeyAgreeRecipientIdentifier < RASN1::Model

143
    choice :key_agree_recipient_identifier,

144
           content: [model(:issuer_and_serial_number, IssuerAndSerialNumber),

145
                     wrapper(model(:r_key_id, RecipientKeyIdentifier), implicit: 0)]

146
  end

147


148
  class RecipientEncryptedKey < RASN1::Model

149
    sequence :recipient_encrypted_key,

150
             content: [model(:rid, KeyAgreeRecipientIdentifier),

151
                       model(:encrypted_key, EncryptedKey)]

152
  end

153


154
  class KEKIdentifier < RASN1::Model

155
    sequence :kek_identifier,

156
             content: [octet_string(:key_identifier),

157
                       generalized_time(:date, optional: true),

158
                       wrapper(model(:other, OtherKeyAttribute), optional: true)]

159
  end

160


161
  class KeyTransRecipientInfo < RASN1::Model

162
    sequence :key_trans_recipient_info,

163
             content: [model(:cms_version, CmsVersion),

164
                       model(:rid, RecipientIdentifier),

165
                       model(:key_encryption_algorithm, KeyEncryptionAlgorithmIdentifier),

166
                       model(:encrypted_key, EncryptedKey)

167
                      ]

168
  end

169


170
  class OriginatorPublicKey < RASN1::Model

171
    sequence :originator_public_key,

172
             content: [model(:algorithm, AlgorithmIdentifier),

173
                       bit_string(:public_key)]

174
  end

175


176
  class OriginatorIdentifierOrKey < RASN1::Model

177
    choice :originator_identifier_or_key,

178
           content: [model(:issuer_and_serial_number, IssuerAndSerialNumber),

179
                     model(:subject_key_identifier, SubjectKeyIdentifier),

180
                     model(:originator_public_key, OriginatorPublicKey)

181
                    ]

182
  end

183


184
  class KeyAgreeRecipientInfo < RASN1::Model

185
    sequence :key_agree_recipient_info,

186
             content: [model(:cms_version, CmsVersion),

187
                       wrapper(model(:originator, OriginatorIdentifierOrKey), explicit: 0),

188
                       wrapper(model(:ukm, UserKeyingMaterial), explicit: 1, optional: true),

189
                       model(:key_encryption_algorithm, KeyEncryptionAlgorithmIdentifier),

190
                       sequence_of(:recipient_encrypted_keys, RecipientEncryptedKey)

191
                      ]

192
  end

193


194
  class KEKRecipientInfo < RASN1::Model

195
    sequence :kek_recipient_info,

196
             content: [model(:cms_version, CmsVersion),

197
                       model(:kekid, KEKIdentifier),

198
                       model(:key_encryption_algorithm, KeyEncryptionAlgorithmIdentifier),

199
                       model(:encrypted_key, EncryptedKey)

200
                      ]

201
  end

202


203
  class PasswordRecipientInfo < RASN1::Model

204
    sequence :password_recipient_info,

205
             content: [model(:cms_version, CmsVersion),

206
                       wrapper(model(:key_derivation_algorithm, KeyDerivationAlgorithmIdentifier), explicit: 0, optional: true),

207
                       model(:key_encryption_algorithm, KeyEncryptionAlgorithmIdentifier),

208
                       model(:encrypted_key, EncryptedKey)

209
                      ]

210
  end

211


212
  class OtherRecipientInfo < RASN1::Model

213
    sequence :other_recipient_info,

214
             content: [objectid(:ore_type),

215
                       any(:ory_value)

216
                      ]

217
  end

218


219
  class RecipientInfo < RASN1::Model

220
    choice :recipient_info,

221
           content: [model(:ktri, KeyTransRecipientInfo),

222
                     wrapper(model(:kari, KeyAgreeRecipientInfo), implicit: 1),

223
                     wrapper(model(:kekri, KEKRecipientInfo), implicit: 2),

224
                     wrapper(model(:pwri, PasswordRecipientInfo), implicit: 3),

225
                     wrapper(model(:ori, OtherRecipientInfo), implicit: 4)]

226
  end

227


228
  class EnvelopedData < RASN1::Model

229
    sequence :enveloped_data,

230
             explicit: 0, constructed: true,

231
             content: [model(:cms_version, CmsVersion),

232
                       wrapper(model(:originator_info, OriginatorInfo), implict: 0, optional: true),

233
                       set_of(:recipient_infos, RecipientInfo),

234
                       model(:encrypted_content_info, EncryptedContentInfo),

235
                       set_of(:unprotected_attrs, Attribute, implicit: 1, optional: true),

236
    ]

237
  end

238


239
  class SignerInfo < RASN1::Model

240
    sequence :signer_info,

241
             content: [integer(:version),

242
                       model(:sid, IssuerAndSerialNumber),

243
                       model(:digest_algorithm, AlgorithmIdentifier),

244
                       set_of(:signed_attrs, Attribute, implicit: 0, optional: true),

245
                       model(:signature_algorithm, AlgorithmIdentifier),

246
                       octet_string(:signature),

247
    ]

248
  end

249


250
  class EncapsulatedContentInfo < RASN1::Model

251
    sequence :encapsulated_content_info,

252
             content: [objectid(:econtent_type),

253
                       octet_string(:econtent, explicit: 0, constructed: true, optional: true)

254
    ]

255


256
    def econtent

257
      if self[:econtent_type].value == Rex::Proto::CryptoAsn1::OIDs::OID_DIFFIE_HELLMAN_KEYDATA.value

258
        Rex::Proto::Kerberos::Model::Pkinit::KdcDhKeyInfo.parse(self[:econtent].value)

259
      elsif self[:econtent_type].value == Rex::Proto::Kerberos::Model::OID::PkinitAuthData

260
        Rex::Proto::Kerberos::Model::Pkinit::AuthPack.parse(self[:econtent].value)

261
      end

262
    end

263
  end

264


265
  class SignedData < RASN1::Model

266
    sequence :signed_data,

267
             explicit: 0, constructed: true,

268
             content: [integer(:version),

269
                       set_of(:digest_algorithms, AlgorithmIdentifier),

270
                       model(:encap_content_info, EncapsulatedContentInfo),

271
                       set_of(:certificates, Certificate, implicit: 0, optional: true),

272
                       # CRLs - not implemented

273
                       set_of(:signer_infos, SignerInfo)

274
    ]

275
  end

276


277
  class ContentInfo < RASN1::Model

278
    sequence :content_info,

279
             content: [model(:content_type, ContentType),

280
                       any(:data)

281
    ]

282


283
    def enveloped_data

284
      if self[:content_type].value == Rex::Proto::CryptoAsn1::OIDs::OID_CMS_ENVELOPED_DATA.value

285
        EnvelopedData.parse(self[:data].value)

286
      end

287
    end

288


289
    def signed_data

290
      if self[:content_type].value == Rex::Proto::CryptoAsn1::OIDs::OID_CMS_SIGNED_DATA.value

291
        SignedData.parse(self[:data].value)

292
      end

293
    end

294
  end

295
end

296