-- PKCS #5 v2.1 ASN.1 Module
-- Revised October 27, 2012
-- This module has been checked for conformance with the
-- ASN.1 standard by the OSS ASN.1 Tools
PKCS-5 {
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-5(5) modules(16)
pkcs5v2-1(2)}
DEFINITIONS EXPLICIT TAGS ::=
BEGIN
-- ============================
-- Basic object identifiers
-- ============================
nistAlgorithms OBJECT IDENTIFIER ::=
{joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4}
oiw OBJECT IDENTIFIER ::= {iso(1) identified-organization(3) 14}
rsadsi OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) 113549}
pkcs OBJECT IDENTIFIER ::= {rsadsi 1}
pkcs-5 OBJECT IDENTIFIER ::= {pkcs 5}
-- ============================
-- Basic types and classes
-- ============================
AlgorithmIdentifier { ALGORITHM-IDENTIFIER:InfoObjectSet } ::= SEQUENCE {
algorithm ALGORITHM-IDENTIFIER.&id({InfoObjectSet}),
parameters ALGORITHM-IDENTIFIER.&Type({InfoObjectSet} {@algorithm}) OPTIONAL
}
ALGORITHM-IDENTIFIER ::= TYPE-IDENTIFIER
-- ============================
-- PBKDF2
-- ============================
PBKDF2Algorithms ALGORITHM-IDENTIFIER ::=
{ {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ...}
id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12}
algid-hmacWithSHA1 AlgorithmIdentifier {{PBKDF2-PRFs}} ::=
{algorithm id-hmacWithSHA1, parameters NULL : NULL}
PBKDF2-params ::= SEQUENCE {
salt CHOICE {
specified OCTET STRING,
otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
},
iterationCount INTEGER (1..MAX),
keyLength INTEGER (1..MAX) OPTIONAL,
prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
}
PBKDF2-SaltSources ALGORITHM-IDENTIFIER ::= { ... }
PBKDF2-PRFs ALGORITHM-IDENTIFIER ::= {
{NULL IDENTIFIED BY id-hmacWithSHA1} |
{NULL IDENTIFIED BY id-hmacWithSHA224} |
{NULL IDENTIFIED BY id-hmacWithSHA256} |
{NULL IDENTIFIED BY id-hmacWithSHA384} |
{NULL IDENTIFIED BY id-hmacWithSHA512} |
{NULL IDENTIFIED BY id-hmacWithSHA512-224} |
{NULL IDENTIFIED BY id-hmacWithSHA512-256},
...
}
-- ============================
-- PBES1
-- ============================
PBES1Algorithms ALGORITHM-IDENTIFIER ::= {
{PBEParameter IDENTIFIED BY pbeWithMD2AndDES-CBC} |
{PBEParameter IDENTIFIED BY pbeWithMD2AndRC2-CBC} |
{PBEParameter IDENTIFIED BY pbeWithMD5AndDES-CBC} |
{PBEParameter IDENTIFIED BY pbeWithMD5AndRC2-CBC} |
{PBEParameter IDENTIFIED BY pbeWithSHA1AndDES-CBC} |
{PBEParameter IDENTIFIED BY pbeWithSHA1AndRC2-CBC},
...
}
pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1}
pbeWithMD2AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 4}
pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3}
pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6}
pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10}
pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11}
PBEParameter ::= SEQUENCE {
salt OCTET STRING (SIZE(8)),
iterationCount INTEGER
}
-- ============================
-- PBES2
-- ============================
PBES2Algorithms ALGORITHM-IDENTIFIER ::= {
{PBES2-params IDENTIFIED BY id-PBES2},
...
}
id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
PBES2-params ::= SEQUENCE {
keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
encryptionScheme AlgorithmIdentifier {{PBES2-Encs}}
}
PBES2-KDFs ALGORITHM-IDENTIFIER ::= {
{PBKDF2-params IDENTIFIED BY id-PBKDF2},
...
}
PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... }
-- ============================
-- PBMAC1
-- ============================
PBMAC1Algorithms ALGORITHM-IDENTIFIER ::= {
{PBMAC1-params IDENTIFIED BY id-PBMAC1},
...
}
id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14}
PBMAC1-params ::= SEQUENCE {
keyDerivationFunc AlgorithmIdentifier {{PBMAC1-KDFs}},
messageAuthScheme AlgorithmIdentifier {{PBMAC1-MACs}}
}
PBMAC1-KDFs ALGORITHM-IDENTIFIER ::= {
{PBKDF2-params IDENTIFIED BY id-PBKDF2},
...
}
PBMAC1-MACs ALGORITHM-IDENTIFIER ::= { ... }
-- ============================
-- Supporting techniques
-- ============================
digestAlgorithm OBJECT IDENTIFIER ::= {rsadsi 2}
encryptionAlgorithm OBJECT IDENTIFIER ::= {rsadsi 3}
SupportingAlgorithms ALGORITHM-IDENTIFIER ::= {
{NULL IDENTIFIED BY id-hmacWithSHA1} |
{OCTET STRING (SIZE(8)) IDENTIFIED BY desCBC} |
{OCTET STRING (SIZE(8)) IDENTIFIED BY des-EDE3-CBC} |
{RC2-CBC-Parameter IDENTIFIED BY rc2CBC} |
{RC5-CBC-Parameters IDENTIFIED BY rc5-CBC-PAD} |
{OCTET STRING (SIZE(16)) IDENTIFIED BY aes128-CBC-PAD} |
{OCTET STRING (SIZE(16)) IDENTIFIED BY aes192-CBC-PAD} |
{OCTET STRING (SIZE(16)) IDENTIFIED BY aes256-CBC-PAD},
...
}
id-hmacWithSHA1 OBJECT IDENTIFIER ::= {digestAlgorithm 7}
id-hmacWithSHA224 OBJECT IDENTIFIER ::= {digestAlgorithm 8}
id-hmacWithSHA256 OBJECT IDENTIFIER ::= {digestAlgorithm 9}
id-hmacWithSHA384 OBJECT IDENTIFIER ::= {digestAlgorithm 10}
id-hmacWithSHA512 OBJECT IDENTIFIER ::= {digestAlgorithm 11}
id-hmacWithSHA512-224 OBJECT IDENTIFIER ::= {digestAlgorithm 12}
id-hmacWithSHA512-256 OBJECT IDENTIFIER ::= {digestAlgorithm 13}
-- from OIW
desCBC OBJECT IDENTIFIER ::= {oiw secsig(3) algorithms(2) 7}
des-EDE3-CBC OBJECT IDENTIFIER ::= {encryptionAlgorithm 7}
rc2CBC OBJECT IDENTIFIER ::= {encryptionAlgorithm 2}
RC2-CBC-Parameter ::= SEQUENCE {
rc2ParameterVersion INTEGER OPTIONAL,
iv OCTET STRING (SIZE(8))
}
rc5-CBC-PAD OBJECT IDENTIFIER ::= {encryptionAlgorithm 9}
RC5-CBC-Parameters ::= SEQUENCE {
version INTEGER {v1-0(16)} (v1-0),
rounds INTEGER (8..127),
blockSizeInBits INTEGER (64 | 128),
iv OCTET STRING OPTIONAL
}
aes OBJECT IDENTIFIER ::= { nistAlgorithms 1 }
aes128-CBC-PAD OBJECT IDENTIFIER ::= { aes 2 }
aes192-CBC-PAD OBJECT IDENTIFIER ::= { aes 22 }
aes256-CBC-PAD OBJECT IDENTIFIER ::= { aes 42 }
END