1-- PKCS #5 v2.1 ASN.1 Module 2-- Revised October 27, 2012 3 4-- This module has been checked for conformance with the 5-- ASN.1 standard by the OSS ASN.1 Tools 6 7PKCS-5 { 8 iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-5(5) modules(16) 9 pkcs5v2-1(2)} 10 11DEFINITIONS EXPLICIT TAGS ::= 12 13BEGIN 14 15-- ============================ 16-- Basic object identifiers 17-- ============================ 18 19nistAlgorithms OBJECT IDENTIFIER ::= 20 {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4} 21oiw OBJECT IDENTIFIER ::= {iso(1) identified-organization(3) 14} 22rsadsi OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) 113549} 23pkcs OBJECT IDENTIFIER ::= {rsadsi 1} 24pkcs-5 OBJECT IDENTIFIER ::= {pkcs 5} 25 26 27-- ============================ 28-- Basic types and classes 29-- ============================ 30 31AlgorithmIdentifier { ALGORITHM-IDENTIFIER:InfoObjectSet } ::= SEQUENCE { 32 algorithm ALGORITHM-IDENTIFIER.&id({InfoObjectSet}), 33 parameters ALGORITHM-IDENTIFIER.&Type({InfoObjectSet} {@algorithm}) OPTIONAL 34} 35 36ALGORITHM-IDENTIFIER ::= TYPE-IDENTIFIER 37 38 39-- ============================ 40-- PBKDF2 41-- ============================ 42 43PBKDF2Algorithms ALGORITHM-IDENTIFIER ::= 44 { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ...} 45 46id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} 47 48algid-hmacWithSHA1 AlgorithmIdentifier {{PBKDF2-PRFs}} ::= 49 {algorithm id-hmacWithSHA1, parameters NULL : NULL} 50 51PBKDF2-params ::= SEQUENCE { 52 salt CHOICE { 53 specified OCTET STRING, 54 otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}} 55 }, 56 iterationCount INTEGER (1..MAX), 57 keyLength INTEGER (1..MAX) OPTIONAL, 58 prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1 59} 60 61PBKDF2-SaltSources ALGORITHM-IDENTIFIER ::= { ... } 62 63PBKDF2-PRFs ALGORITHM-IDENTIFIER ::= { 64 {NULL IDENTIFIED BY id-hmacWithSHA1} | 65 {NULL IDENTIFIED BY id-hmacWithSHA224} | 66 {NULL IDENTIFIED BY id-hmacWithSHA256} | 67 {NULL IDENTIFIED BY id-hmacWithSHA384} | 68 {NULL IDENTIFIED BY id-hmacWithSHA512} | 69 {NULL IDENTIFIED BY id-hmacWithSHA512-224} | 70 {NULL IDENTIFIED BY id-hmacWithSHA512-256}, 71 ... 72} 73 74 75-- ============================ 76 -- PBES1 77-- ============================ 78 79PBES1Algorithms ALGORITHM-IDENTIFIER ::= { 80 {PBEParameter IDENTIFIED BY pbeWithMD2AndDES-CBC} | 81 {PBEParameter IDENTIFIED BY pbeWithMD2AndRC2-CBC} | 82 {PBEParameter IDENTIFIED BY pbeWithMD5AndDES-CBC} | 83 {PBEParameter IDENTIFIED BY pbeWithMD5AndRC2-CBC} | 84 {PBEParameter IDENTIFIED BY pbeWithSHA1AndDES-CBC} | 85 {PBEParameter IDENTIFIED BY pbeWithSHA1AndRC2-CBC}, 86 ... 87} 88 89pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1} 90pbeWithMD2AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 4} 91pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} 92pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} 93pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} 94pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} 95 96PBEParameter ::= SEQUENCE { 97 salt OCTET STRING (SIZE(8)), 98 iterationCount INTEGER 99} 100 101 102-- ============================ 103-- PBES2 104-- ============================ 105 106PBES2Algorithms ALGORITHM-IDENTIFIER ::= { 107 {PBES2-params IDENTIFIED BY id-PBES2}, 108 ... 109} 110 111id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} 112 113PBES2-params ::= SEQUENCE { 114 keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}}, 115 encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} 116} 117 118PBES2-KDFs ALGORITHM-IDENTIFIER ::= { 119 {PBKDF2-params IDENTIFIED BY id-PBKDF2}, 120 ... 121} 122 123PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... } 124 125 126-- ============================ 127-- PBMAC1 128-- ============================ 129 130PBMAC1Algorithms ALGORITHM-IDENTIFIER ::= { 131 {PBMAC1-params IDENTIFIED BY id-PBMAC1}, 132 ... 133} 134 135id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} 136 137PBMAC1-params ::= SEQUENCE { 138 keyDerivationFunc AlgorithmIdentifier {{PBMAC1-KDFs}}, 139 messageAuthScheme AlgorithmIdentifier {{PBMAC1-MACs}} 140} 141 142PBMAC1-KDFs ALGORITHM-IDENTIFIER ::= { 143 {PBKDF2-params IDENTIFIED BY id-PBKDF2}, 144 ... 145} 146 147PBMAC1-MACs ALGORITHM-IDENTIFIER ::= { ... } 148 149-- ============================ 150-- Supporting techniques 151-- ============================ 152 153digestAlgorithm OBJECT IDENTIFIER ::= {rsadsi 2} 154encryptionAlgorithm OBJECT IDENTIFIER ::= {rsadsi 3} 155 156SupportingAlgorithms ALGORITHM-IDENTIFIER ::= { 157 {NULL IDENTIFIED BY id-hmacWithSHA1} | 158 {OCTET STRING (SIZE(8)) IDENTIFIED BY desCBC} | 159 {OCTET STRING (SIZE(8)) IDENTIFIED BY des-EDE3-CBC} | 160 {RC2-CBC-Parameter IDENTIFIED BY rc2CBC} | 161 {RC5-CBC-Parameters IDENTIFIED BY rc5-CBC-PAD} | 162 {OCTET STRING (SIZE(16)) IDENTIFIED BY aes128-CBC-PAD} | 163 {OCTET STRING (SIZE(16)) IDENTIFIED BY aes192-CBC-PAD} | 164 {OCTET STRING (SIZE(16)) IDENTIFIED BY aes256-CBC-PAD}, 165 ... 166} 167 168id-hmacWithSHA1 OBJECT IDENTIFIER ::= {digestAlgorithm 7} 169id-hmacWithSHA224 OBJECT IDENTIFIER ::= {digestAlgorithm 8} 170id-hmacWithSHA256 OBJECT IDENTIFIER ::= {digestAlgorithm 9} 171id-hmacWithSHA384 OBJECT IDENTIFIER ::= {digestAlgorithm 10} 172id-hmacWithSHA512 OBJECT IDENTIFIER ::= {digestAlgorithm 11} 173id-hmacWithSHA512-224 OBJECT IDENTIFIER ::= {digestAlgorithm 12} 174id-hmacWithSHA512-256 OBJECT IDENTIFIER ::= {digestAlgorithm 13} 175 176-- from OIW 177desCBC OBJECT IDENTIFIER ::= {oiw secsig(3) algorithms(2) 7} 178 179des-EDE3-CBC OBJECT IDENTIFIER ::= {encryptionAlgorithm 7} 180 181rc2CBC OBJECT IDENTIFIER ::= {encryptionAlgorithm 2} 182 183RC2-CBC-Parameter ::= SEQUENCE { 184 rc2ParameterVersion INTEGER OPTIONAL, 185 iv OCTET STRING (SIZE(8)) 186} 187 188rc5-CBC-PAD OBJECT IDENTIFIER ::= {encryptionAlgorithm 9} 189 190RC5-CBC-Parameters ::= SEQUENCE { 191 version INTEGER {v1-0(16)} (v1-0), 192 rounds INTEGER (8..127), 193 blockSizeInBits INTEGER (64 | 128), 194 iv OCTET STRING OPTIONAL 195} 196 197aes OBJECT IDENTIFIER ::= { nistAlgorithms 1 } 198aes128-CBC-PAD OBJECT IDENTIFIER ::= { aes 2 } 199aes192-CBC-PAD OBJECT IDENTIFIER ::= { aes 22 } 200aes256-CBC-PAD OBJECT IDENTIFIER ::= { aes 42 } 201 202END