Introduced PKCS #5, PKCS #7, PKCS #8, PKCS #12 (it compiles, so let's ship it...)

[quick-der] / rfc / rfc2898.asn1

   -- PKCS #5 v2.0 ASN.1 Module
   -- Revised March 25, 1999

   -- This module has been checked for conformance with the
   -- ASN.1 standard by the OSS ASN.1 Tools

   -- asn1ate: PKCS5v2-0 {iso(1) member-body(2) us(840) rsadsi(113549)
   -- asn1ate:     pkcs(1) pkcs-5(5) modules(16) pkcs5v2-0(1)}
   RFC2898

   DEFINITIONS ::= BEGIN

   -- Basic object identifiers

   rsadsi OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) 113549}
   pkcs OBJECT IDENTIFIER ::= {rsadsi 1}

   pkcs-5 OBJECT IDENTIFIER ::= {pkcs 5}

   -- Basic types and classes

   -- asn1ate: AlgorithmIdentifier { ALGORITHM-IDENTIFIER:InfoObjectSet } ::=
   AlgorithmIdentifier ::=
     SEQUENCE {
       -- asn1ate: algorithm ALGORITHM-IDENTIFIER.&id({InfoObjectSet}),
       -- asn1ate: parameters ALGORITHM-IDENTIFIER.&Type({InfoObjectSet}
       -- asn1ate: {@algorithm}) OPTIONAL
       algorithm OBJECT IDENTIFIER,
       parameters ANY DEFINED BY algorithm OPTIONAL
   }

   -- asn1ate: ALGORITHM-IDENTIFIER ::= TYPE-IDENTIFIER

   -- PBKDF2

   -- asn1ate: PBKDF2Algorithms ALGORITHM-IDENTIFIER ::=
   PBKDF2Algorithms ::=
       -- asn1ate: { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ...}
       ANY DEFINED BY id-PKKDF2

   id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12}

   -- asn1ate: algid-hmacWithSHA1 AlgorithmIdentifier {{PBKDF2-PRFs}} ::=
   -- asn1ate:     {algorithm id-hmacWithSHA1, parameters NULL : NULL}

   PBKDF2-params ::= SEQUENCE {
       salt CHOICE {
         specified OCTET STRING,
         -- asn1ate: otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
         otherSource AlgorithmIdentifier
       },
       iterationCount INTEGER (1..MAX),
       keyLength INTEGER (1..MAX) OPTIONAL,
       -- asn1ate: prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT
       prf AlgorithmIdentifier DEFAULT
       algid-hmacWithSHA1
   }

   -- asn1ate: PBKDF2-SaltSources ALGORITHM-IDENTIFIER ::= { ... }

   -- asn1ate: PBKDF2-PRFs ALGORITHM-IDENTIFIER ::=
   -- asn1ate:     { {NULL IDENTIFIED BY id-hmacWithSHA1}, ... }

   -- PBES1


   -- asn1ate: PBES1Algorithms ALGORITHM-IDENTIFIER ::= {
   -- asn1ate:     {PBEParameter IDENTIFIED BY pbeWithMD2AndDES-CBC}  |
   -- asn1ate:     {PBEParameter IDENTIFIED BY pbeWithMD2AndRC2-CBC}  |
   -- asn1ate:     {PBEParameter IDENTIFIED BY pbeWithMD5AndDES-CBC}  |
   -- asn1ate:     {PBEParameter IDENTIFIED BY pbeWithMD5AndRC2-CBC}  |
   -- asn1ate:     {PBEParameter IDENTIFIED BY pbeWithSHA1AndDES-CBC} |
   -- asn1ate:     {PBEParameter IDENTIFIED BY pbeWithSHA1AndRC2-CBC},
   -- asn1ate:     ...
   -- asn1ate: }

   pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1}
   pbeWithMD2AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 4}
   pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3}
   pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6}
   pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10}
   pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11}

   PBEParameter ::= SEQUENCE {
       salt OCTET STRING (SIZE(8)),
       iterationCount INTEGER
   }

   -- PBES2

   -- asn1ate: PBES2Algorithms ALGORITHM-IDENTIFIER ::=
   -- asn1ate:     { {PBES2-params IDENTIFIED BY id-PBES2}, ...}

   id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}

   PBES2-params ::= SEQUENCE {
       -- asn1ate: keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
       -- asn1ate: encryptionScheme AlgorithmIdentifier {{PBES2-Encs}}
       keyDerivationFunc AlgorithmIdentifier,
       encryptionScheme AlgorithmIdentifier
   }

   -- asn1ate: PBES2-KDFs ALGORITHM-IDENTIFIER ::=
   -- asn1ate:     { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ... }

   -- asn1ate: PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... }

   -- PBMAC1

   -- asn1ate: PBMAC1Algorithms ALGORITHM-IDENTIFIER ::=
   -- asn1ate:     { {PBMAC1-params IDENTIFIED BY id-PBMAC1}, ...}

   id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14}

   PBMAC1-params ::=  SEQUENCE {
       -- asn1ate: keyDerivationFunc AlgorithmIdentifier {{PBMAC1-KDFs}},
       -- asn1ate: messageAuthScheme AlgorithmIdentifier {{PBMAC1-MACs}}
       keyDerivationFunc AlgorithmIdentifier,
       messageAuthScheme AlgorithmIdentifier
   }

   -- asn1ate: PBMAC1-KDFs ALGORITHM-IDENTIFIER ::=
   -- asn1ate:     { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ... }

   -- asn1ate: PBMAC1-MACs ALGORITHM-IDENTIFIER ::= { ... }

   -- Supporting techniques

   digestAlgorithm OBJECT IDENTIFIER     ::= {rsadsi 2}
   encryptionAlgorithm OBJECT IDENTIFIER ::= {rsadsi 3}

   -- asn1ate: SupportingAlgorithms ALGORITHM-IDENTIFIER ::= {
   -- asn1ate:     {NULL IDENTIFIED BY id-hmacWithSHA1} |
   -- asn1ate:     {OCTET STRING (SIZE(8)) IDENTIFIED BY desCBC} |
   -- asn1ate:     {OCTET STRING (SIZE(8)) IDENTIFIED BY des-EDE3-CBC} |
   -- asn1ate:     {RC2-CBC-Parameter IDENTIFIED BY rc2CBC} |
   -- asn1ate:     {RC5-CBC-Parameters IDENTIFIED BY rc5-CBC-PAD},
   -- asn1ate:     ...
   -- asn1ate: }

   id-hmacWithSHA1 OBJECT IDENTIFIER ::= {digestAlgorithm 7}

   desCBC OBJECT IDENTIFIER ::=
       {iso(1) identified-organization(3) oiw(14) secsig(3)
        algorithms(2) 7} -- from OIW

   des-EDE3-CBC OBJECT IDENTIFIER ::= {encryptionAlgorithm 7}

   rc2CBC OBJECT IDENTIFIER ::= {encryptionAlgorithm 2}

   RC2-CBC-Parameter ::= SEQUENCE {
       rc2ParameterVersion INTEGER OPTIONAL,
       iv OCTET STRING (SIZE(8))
   }

   rc5-CBC-PAD OBJECT IDENTIFIER ::= {encryptionAlgorithm 9}

   RC5-CBC-Parameters ::= SEQUENCE {
       -- asn1ate: version INTEGER {v1-0(16)} (v1-0),
       version INTEGER,
       rounds INTEGER (8..127),
       -- asn1ate: blockSizeInBits INTEGER (64 | 128),
       blockSizeInBits INTEGER,
       iv OCTET STRING OPTIONAL
   }

   END