]> git.saurik.com Git - apple/security.git/blob - SecurityASN1/asn/pkcs1.asn1
Security-30.1.tar.gz
[apple/security.git] / SecurityASN1 / asn / pkcs1.asn1
1 PKCS-1 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)
2 modules(0) pkcs-1(1)}
3
4 -- $Revision: 1.1.1.1 $
5
6 -- This module has been checked for conformance with the ASN.1
7 -- standard by the OSS ASN.1 Tools
8
9 DEFINITIONS EXPLICIT TAGS ::=
10
11 BEGIN
12
13 -- EXPORTS ALL --
14 -- All types and values defined in this module is exported for use in other
15 -- ASN.1 modules.
16
17 -- IMPORTS None --
18
19 -- Basic object identifiers
20
21 -- The DER for this in hexadecimal is:
22 -- 06 08
23 -- 2A 86 48 86 F7 0D 01 01
24 --
25 pkcs-1 OBJECT IDENTIFIER ::= {
26 iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 }
27
28 --
29 -- When the following OIDs are used in an AlgorithmIdentifier
30 -- the parameters MUST be present and MUST be NULL.
31 --
32 rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 }
33 md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 }
34 md4WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 3 }
35 md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 }
36 sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 }
37 rsaOAEPEncryptionSET OBJECT IDENTIFIER ::= { pkcs-1 6 }
38
39 --
40 -- When id-RSAES-OAEP is used in an AlgorithmIdentifier
41 -- the parameters MUST be present and MUST be RSAES-OAEP-params.
42 --
43 id-RSAES-OAEP OBJECT IDENTIFIER ::= { pkcs-1 7 }
44
45 --
46 -- When id-mgf1 is used in an AlgorithmIdentifier
47 -- the parameters MUST be present and MUST be
48 -- a DigestAlgorithmIdentifier, specifically SHA1Identifier.
49 --
50 id-mgf1 OBJECT IDENTIFIER ::= { pkcs-1 8 }
51
52 --
53 -- When id-pSpecified is used in an AlgorithmIdentifier
54 -- the parameters MUST be an OCTET STRING.
55 --
56 id-pSpecified OBJECT IDENTIFIER ::= { pkcs-1 9 }
57
58 --
59 -- This OID really belongs in a module with the secsig OIDs.
60 --
61 id-sha1 OBJECT IDENTIFIER ::= {
62 iso(1) identified-organization(3) oiw(14) secsig(3)
63 algorithms(2) 26 }
64
65
66 -- Useful types
67
68 ALGORITHM-IDENTIFIER ::= TYPE-IDENTIFIER
69
70 -- Note: the parameter InfoObjectSet in the following definitions
71 -- allows a distinct information object set to be specified for
72 -- sets of algorithms such as:
73 -- DigestAlgorithms ALGORITHM-IDENTIFIER ::= {
74 -- { NULL IDENTIFIED BY id-sha1 },
75 -- { NULL IDENTIFIED BY id-md5 },
76 -- { NULL IDENTIFIED BY id-md2 }
77 -- }
78 --
79 AlgorithmIdentifier { ALGORITHM-IDENTIFIER:InfoObjectSet } ::=
80 SEQUENCE {
81 algorithm ALGORITHM-IDENTIFIER.&id({InfoObjectSet}),
82 parameters ALGORITHM-IDENTIFIER.&Type({InfoObjectSet}
83 {@algorithm}) OPTIONAL
84 }
85
86 -- Algorithms
87
88 --
89 -- Allowed OAEP digest algorithms.
90 --
91 OAEPDigestAlgorithms ALGORITHM-IDENTIFIER ::= {
92 { SHA1Parameters IDENTIFIED BY id-sha1 },
93 ... --Allows for future expansion
94 }
95
96 sha1Identifier AlgorithmIdentifier {{ OAEPDigestAlgorithms }} ::=
97 {algorithm id-sha1, parameters SHA1Parameters : NULL}
98
99 SHA1Parameters ::= NULL
100
101 --
102 -- Allowed Mask Generation Function algorithms.
103 -- If the identifier is id-mgf1, the parameters
104 -- are a single digest algorithm identifier.
105 --
106 PKCS1MGFAlgorithms ALGORITHM-IDENTIFIER ::= {
107 { MGF1Parameters IDENTIFIED BY id-mgf1 },
108 ...--Allows for future expansion
109 }
110
111 MGF1Parameters ::=
112 AlgorithmIdentifier { {OAEPDigestAlgorithms} }
113
114 --
115 -- Allowed algorithms for pSourceFunc.
116 --
117 PKCS1PSourceAlgorithms ALGORITHM-IDENTIFIER ::= {
118 { PEmptyString IDENTIFIED BY id-pSpecified },
119 ...--Allows for future expansion
120 }
121
122 PEmptyString ::= OCTET STRING (SIZE(0))
123
124 --
125 -- This identifier means that P is an empty string, so the digest
126 -- of the empty string appears in the RSA block before masking.
127 --
128 pSpecifiedEmptyIdentifier AlgorithmIdentifier {{ PKCS1PSourceAlgorithms }} ::=
129 { algorithm id-pSpecified, parameters PEmptyString : ''H }
130
131 --
132 -- Default AlgorithmIdentifier for id-RSAES-OAEP.maskGenFunc.
133 --
134 mgf1SHA1Identifier AlgorithmIdentifier {{ PKCS1MGFAlgorithms }} ::=
135 { algorithm id-mgf1,
136 parameters AlgorithmIdentifier{{OAEPDigestAlgorithms}} : sha1Identifier}
137
138 --
139 -- Type identifier definitions for the PKCS #1 OIDs.
140 --
141 PKCS1Algorithms ALGORITHM-IDENTIFIER ::= {
142 { NULL IDENTIFIED BY rsaEncryption } |
143 { NULL IDENTIFIED BY md2WithRSAEncryption } |
144 { NULL IDENTIFIED BY md4WithRSAEncryption } |
145 { NULL IDENTIFIED BY md5WithRSAEncryption } |
146 { NULL IDENTIFIED BY sha1WithRSAEncryption } |
147 { NULL IDENTIFIED BY rsaOAEPEncryptionSET } |
148 { RSAES-OAEP-params IDENTIFIED BY id-RSAES-OAEP } |
149 PKCS1PSourceAlgorithms,
150 ... -- Allows for future expansion
151 }
152
153 -- Main structures
154
155 RSAPublicKey ::= SEQUENCE {
156 modulus INTEGER, -- (Usually large) n = p*q
157 publicExponent INTEGER -- (Usually small) e
158 }
159
160 --
161 -- Representation of RSA private key with p and q
162 -- information for the CRT algorithm.
163 --
164 RSAPrivateKey ::= SEQUENCE {
165 version INTEGER { rsaPrivateKeyVer0(0) }(rsaPrivateKeyVer0),
166 modulus INTEGER, -- (Usually large) n
167 publicExponent INTEGER, -- (Usually small) e
168 privateExponent INTEGER, -- (Usually large) d
169 prime1 INTEGER, -- (Usually large) p
170 prime2 INTEGER, -- (Usually large) q
171 exponent1 INTEGER, -- (Usually large) d mod (p-1)
172 exponent2 INTEGER, -- (Usually large) d mod (q-1)
173 coefficient INTEGER -- (Usually large) (inverse of q) mod p
174 }
175
176 --
177 -- AlgorithmIdentifier.parameters for id-RSAES-OAEP.
178 -- Note that the tags in this Sequence are explicit.
179 --
180
181 RSAES-OAEP-params ::= SEQUENCE {
182 hashFunc [0] AlgorithmIdentifier { {OAEPDigestAlgorithms} }
183 DEFAULT sha1Identifier,
184 maskGenFunc [1] AlgorithmIdentifier { {PKCS1MGFAlgorithms} }
185 DEFAULT mgf1SHA1Identifier,
186 pSourceFunc [2] AlgorithmIdentifier { {PKCS1PSourceAlgorithms} }
187 DEFAULT pSpecifiedEmptyIdentifier
188 }
189
190 --
191 -- Identifier for default RSAES-OAEP algorithm identifier
192 -- The DER Encoding of this is in hexadecimal:
193 -- 30 0D
194 -- 06 09
195 -- 2A 86 48 86 F7 0D 01 01 07
196 -- 30 00
197 -- Notice that the DER encoding of default values is "empty".
198 --
199 rSAES-OAEP-Default-Identifier AlgorithmIdentifier{ {PKCS1Algorithms} } ::=
200 {algorithm id-RSAES-OAEP,
201 parameters RSAES-OAEP-params : {hashFunc sha1Identifier,
202 maskGenFunc mgf1SHA1Identifier,
203 pSourceFunc pSpecifiedEmptyIdentifier}}
204
205 END -- PKCS1Definitions