ftp.rsa.com

home *** CD-ROM | disk | FTP | other *** search

/ ftp.rsa.com / 2014.05.ftp.rsa.com.tar / ftp.rsa.com / pub / pkcs / pkcs-1 / pkcs-1v2-1d3.asn < prev next >

Wrap

Text File | 2014-05-02 | 9KB | 297 lines

PKCS-1 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) modules(0) pkcs-1(1) } -- $ Revision: 2.1 $ -- This module has been checked for conformance with the ASN.1 standard by the -- OSS ASN.1 Tools DEFINITIONS EXPLICIT TAGS ::= BEGIN -- EXPORTS ALL -- All types and values defined in this module are exported for use in other -- ASN.1 modules. IMPORTS id-sha256, id-sha384, id-sha512 FROM NIST-SHA2 { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) modules(0) sha2(1) }; -- ============================ -- Basic object identifiers -- ============================ -- The DER encoding of this in hexadecimal is: -- (0x)06 08 -- 2A 86 48 86 F7 0D 01 01 -- pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } -- -- When rsaEncryption is used in an AlgorithmIdentifier the parameters -- MUST be present and MUST be NULL. -- rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } -- -- When id-RSAES-OAEP is used in an AlgorithmIdentifier the parameters MUST -- be present and MUST be RSAES-OAEP-params. -- id-RSAES-OAEP OBJECT IDENTIFIER ::= { pkcs-1 7 } -- -- When id-pSpecified is used in an AlgorithmIdentifier the parameters MUST be -- an OCTET STRING. -- id-pSpecified OBJECT IDENTIFIER ::= { pkcs-1 9 } -- -- When id-RSASSA-PSS is used in an AlgorithmIdentifier the parameters MUST be -- present and MUST be RSASSA-PSS-params. -- id-RSASSA-PSS OBJECT IDENTIFIER ::= { pkcs-1 10 } -- -- When the following OIDs are used in an AlgorithmIdentifier the parameters -- MUST be present and MUST be NULL. -- md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 } md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 } sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 } sha256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 11 } sha384WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 12 } sha512WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 13 } -- -- This OID really belongs in a module with the secsig OIDs. -- id-sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } -- -- When id-mgf1 is used in an AlgorithmIdentifier the parameters MUST be present -- and MUST be a HashAlgorithm, for example sha1. -- id-mgf1 OBJECT IDENTIFIER ::= { pkcs-1 8 } -- ================ -- Useful types -- ================ ALGORITHM-IDENTIFIER ::= CLASS { &id OBJECT IDENTIFIER UNIQUE, &Type OPTIONAL } WITH SYNTAX { OID &id [PARAMETERS &Type] } -- Note: the parameter InfoObjectSet in the following definitions allows a -- distinct information object set to be specified for sets of algorithms such -- as: -- DigestAlgorithms ALGORITHM-IDENTIFIER ::= { -- { OID id-md2 PARAMETERS NULL }| -- { OID id-md5 PARAMETERS NULL }| -- { OID id-sha1 PARAMETERS NULL } -- } -- AlgorithmIdentifier { ALGORITHM-IDENTIFIER:InfoObjectSet } ::= SEQUENCE { algorithm ALGORITHM-IDENTIFIER.&id({InfoObjectSet}), parameters ALGORITHM-IDENTIFIER.&Type({InfoObjectSet}{@.algorithm}) OPTIONAL } -- ============== -- Algorithms -- ============== -- -- Allowed OAEP and PSS digest algorithms. -- OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= { { OID id-sha1 PARAMETERS NULL }| { OID id-sha256 PARAMETERS NULL }| { OID id-sha384 PARAMETERS NULL }| { OID id-sha512 PARAMETERS NULL }, ... -- Allows for future expansion -- } sha1 HashAlgorithm ::= { algorithm id-sha1, parameters SHA1Parameters : NULL } HashAlgorithm ::= AlgorithmIdentifier { {OAEP-PSSDigestAlgorithms} } SHA1Parameters ::= NULL -- -- Allowed mask generation function algorithms. -- If the identifier is id-mgf1, the parameters are a HashAlgorithm. -- PKCS1MGFAlgorithms ALGORITHM-IDENTIFIER ::= { { OID id-mgf1 PARAMETERS HashAlgorithm }, ... -- Allows for future expansion -- } -- -- Default AlgorithmIdentifier for id-RSAES-OAEP.maskGenAlgorithm and -- id-RSASSA-PSS.maskGenAlgorithm. -- mgf1SHA1 MaskGenAlgorithm ::= { algorithm id-mgf1, parameters HashAlgorithm : sha1 } MaskGenAlgorithm ::= AlgorithmIdentifier { {PKCS1MGFAlgorithms} } -- -- Allowed algorithms for pSourceAlgorithm. -- PKCS1PSourceAlgorithms ALGORITHM-IDENTIFIER ::= { { OID id-pSpecified PARAMETERS EncodingParameters }, ... -- Allows for future expansion -- } EncodingParameters ::= OCTET STRING(SIZE(0..MAX)) -- -- This identifier means that P is an empty string, so the digest of the empty -- string appears in the RSA block before masking. -- pSpecifiedEmpty PSourceAlgorithm ::= { algorithm id-pSpecified, parameters EncodingParameters : emptyString } PSourceAlgorithm ::= AlgorithmIdentifier { {PKCS1PSourceAlgorithms} } emptyString EncodingParameters ::= ''H -- -- Type identifier definitions for the PKCS #1 OIDs. -- PKCS1Algorithms ALGORITHM-IDENTIFIER ::= { { OID rsaEncryption PARAMETERS NULL } | { OID md2WithRSAEncryption PARAMETERS NULL } | { OID md5WithRSAEncryption PARAMETERS NULL } | { OID sha1WithRSAEncryption PARAMETERS NULL } | { OID sha256WithRSAEncryption PARAMETERS NULL } | { OID sha384WithRSAEncryption PARAMETERS NULL } | { OID sha512WithRSAEncryption PARAMETERS NULL } | { OID id-RSAES-OAEP PARAMETERS RSAES-OAEP-params } | PKCS1PSourceAlgorithms | { OID id-RSASSA-PSS PARAMETERS RSASSA-PSS-params } , ... -- Allows for future expansion -- } -- =================== -- Main structures -- =================== RSAPublicKey ::= SEQUENCE { modulus INTEGER, -- n publicExponent INTEGER -- e } -- -- Representation of RSA private key with information for the CRT algorithm. -- RSAPrivateKey ::= SEQUENCE { version Version, modulus INTEGER, -- n publicExponent INTEGER, -- e privateExponent INTEGER, -- d prime1 INTEGER, -- p prime2 INTEGER, -- q exponent1 INTEGER, -- d mod (p-1) exponent2 INTEGER, -- d mod (q-1) coefficient INTEGER, -- (inverse of q) mod p otherPrimeInfos OtherPrimeInfos OPTIONAL } Version ::= INTEGER { two-prime(0), multi(1) } (CONSTRAINED BY {-- version must be multi if otherPrimeInfos present --}) OtherPrimeInfos ::= SEQUENCE SIZE(1..MAX) OF OtherPrimeInfo OtherPrimeInfo ::= SEQUENCE { prime INTEGER, -- ri exponent INTEGER, -- di coefficient INTEGER -- ti } -- -- AlgorithmIdentifier.parameters for id-RSAES-OAEP. -- Note that the tags in this Sequence are explicit. -- RSAES-OAEP-params ::= SEQUENCE { hashAlgorithm [0] HashAlgorithm DEFAULT sha1, maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1, pSourceAlgorithm [2] PSourceAlgorithm DEFAULT pSpecifiedEmpty } -- -- Identifier for default RSAES-OAEP algorithm identifier. -- The DER Encoding of this is in hexadecimal: -- (0x)30 0D -- 06 09 -- 2A 86 48 86 F7 0D 01 01 07 -- 30 00 -- Notice that the DER encoding of default values is "empty". -- rSAES-OAEP-Default-Identifier RSAES-AlgorithmIdentifier ::= { algorithm id-RSAES-OAEP, parameters RSAES-OAEP-params : { hashAlgorithm sha1, maskGenAlgorithm mgf1SHA1, pSourceAlgorithm pSpecifiedEmpty } } RSAES-AlgorithmIdentifier ::= AlgorithmIdentifier{ {PKCS1Algorithms} } -- -- AlgorithmIdentifier.parameters for id-RSASSA-PSS. -- Note that the tags in this Sequence are explicit. -- RSASSA-PSS-params ::= SEQUENCE { hashAlgorithm [0] HashAlgorithm DEFAULT sha1, maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1, trailerField [2] TrailerField DEFAULT trailerFieldBC } TrailerField ::= INTEGER { trailerFieldBC(1) } -- -- Identifier for default RSASSA-PSS algorithm identifier -- The DER Encoding of this is in hexadecimal: -- (0x)30 0D -- 06 09 -- 2A 86 48 86 F7 0D 01 01 0A -- 30 00 -- Notice that the DER encoding of default values is "empty". -- rSASSA-PSS-Default-Identifier RSASSA-AlgorithmIdentifier ::= { algorithm id-RSASSA-PSS, parameters RSASSA-PSS-params : { hashAlgorithm sha1, maskGenAlgorithm mgf1SHA1, trailerField trailerFieldBC } } RSASSA-AlgorithmIdentifier ::= AlgorithmIdentifier{ {PKCS1Algorithms} } END -- PKCS1Definitions