Internet Draft                               Vladimir Popov, CRYPTO-PRO
                                              Igor Kurepkin, CRYPTO-PRO
Expires August 15, 2004                    Serguei Leontiev, CRYPTO-PRO
Intended Category: Informational                      February 15, 2004

      Additional cryptographic algorithms for use with GOST 28147-89,
    GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 algorithms.

                   <draft-popov-cryptopro-cpalgs-00.txt>

Status of this Memo

   This document is an Internet-Draft and is subject to all provisions
   of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or made obsolete by other documents at
   any time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/1id-abstracts.html

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html


Abstract

   This document describes cryprographic algorithms and parameters,
   supplementary to GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001
   and GOST R 34.11-94, for use in internet applications.

Table of Contents
   1      Introduction . . . . . . . . . . . . . . . . . . . . . .  2
   1.2    Terminology. . . . . . . . . . . . . . . . . . . . . . .  3
   2      Cipher algorithms. . . . . . . . . . . . . . . . . . . .  3
   2.1    GOST 28147-89 CBC mode . . . . . . . . . . . . . . . . .  3
   2.2    Key meshing algorithms . . . . . . . . . . . . . . . . .  3
   3      HMAC_GOSTR3411 . . . . . . . . . . . . . . . . . . . . .  4
   4      PRF_GOSTR3411. . . . . . . . . . . . . . . . . . . . . .  4
   5      Key establishment algorithms . . . . . . . . . . . . . .  4
   5.1    Creating exchange key using GOST R 34.10-94 keys . . . .  4



Popov,Kurepkin,Leontiev       Informational                     [Page 1]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


   5.2    Creating exchange key using GOST R 34.10-2001 keys . . .  4
   5.3    Generating export key from exchange key. . . . . . . . .  4
   5.4    Key export using export key. . . . . . . . . . . . . . .  4
   5.5    Key export using exchange key. . . . . . . . . . . . . .  4
   5.6    Key Diversification. . . . . . . . . . . . . . . . . . .  4
   5.7    VKO GOST R 34.10-94 and VKO GOST R 34.10-2001 algorithms  4
   5.7.1  'Simple export' mode . . . . . . . . . . . . . . . . . .  4
   5.7.2  'CryptoPro' mode . . . . . . . . . . . . . . . . . . . .  4
   6      Algorithm parameters . . . . . . . . . . . . . . . . . .  4
   6.1    Encryption algorithm parameters  . . . . . . . . . . . .  4
   6.2    Digest algorithm parameters. . . . . . . . . . . . . . .  4
   6.3    GOST R 34.10-94 public key algorithm parameters  . . . .  4
   6.4    GOST R 34.10-2001 public key algorithm parameters. . . .  4
   7      Security Considerations. . . . . . . . . . . . . . . . . 11
   8      Appendix ASN.1 Modules . . . . . . . . . . . . . . . . . 27
   9      References . . . . . . . . . . . . . . . . . . . . . . . 27
   10     Acknowledgments. . . . . . . . . . . . . . . . . . . . . 29
   Author's Address. . . . . . . . . . . . . . . . . . . . . . . . 29
   Full Copyright Statement. . . . . . . . . . . . . . . . . . . . 30

1  Introduction

   This document describes cryprographic algorithms, used in supplement
   to GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001 and GOST R
   34.11-94, proposed by CRYPTO-PRO Company for "Russian Cryptographic
   Software Compatibility Agreement" community.  GOST 28147-89, GOST R
   34.10-94, GOST R 34.10-2001 and GOST R 34.11-94 are defined in
   corresponding national standards - [GOST28147], [GOSTR341094],
   [GOSTR34102001] and [GOSTR341194]. Their brief technical description
   in english can be found in [Schneier95].

1.2   Terminology

   In this document, the key words MUST, MUST NOT, REQUIRED, SHOULD,
   SHOULD NOT, RECOMMENDED, and MAY are to be interpreted as described
   in [RFC 2119].

   The following functions and operators are also used in this document:


   encryptECB (K, D) - is D, encrypted with key K using GOST 28147-89 in
   "prostaya zamena" (ECB) mode

   decryptECB (K, D) - is D, decrypted with key K using GOST 28147-89 in
   ECB mode

   encryptCFB (I, K, D) - is D, encrypted with key K using GOST 28147-89
   in "gammirovanie s obratnoj svyaziyu" (64-bit CFB) mode, and I as



Popov,Kurepkin,Leontiev       Informational                     [Page 2]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


   initialization vector.

   encryptOFB (I, K, D) - is D, encrypted with key K using GOST 28147-89
   in "gammirovanie" (64-bit OFB) mode, and I as initialization vector.

   gostR3411 (D) - is the 256-bit result of GOST R 34.11-94 hash
   function, used with zero intitialization vector, and UZ parameter,
   defined by gostR3411CryptoProParamSetAI (see Appendix,
   GostR3411-94-ParamSetSyntax module).

   gost28147IMIT (I, K, D) - is the 32-bit result of GOST 28147-89 in
   "imitovstavka" (MAC) mode, used with D as plaintext, K as key and I
   as initialization vector.  Note, that standard specifies it's use in
   this mode only with zero initialization vector.


2  Cipher parameters

   [GOST28147] defines only the basic cryptographic operations, which
   can be used to encrypt or decrypt data. This document defines an
   additional cipher mode GOST 28147-89 CBC, and key meshing algorithm,
   which can be used to protect a symmetric key, when it is used to
   process large amounts of data.

   The cipher mode, key meshing algorithm, padding mode and S-box are
   specified by algorithm parameters.

2.1   GOST 28147-89 CBC mode

   Algorithm GOST 28147-89 CBC mode is a block cipher with block
   chaining, based on GOST 28147-89 in ECB mode.

   Before each plaintext block is encrypted, it is combined with the
   cipher text of the previous block by a bitwise exclusive OR
   operation.  This ensures that even if the plaintext contains many
   identical blocks, they will each encrypt to a different cipher text
   block.  The initialization vector is combined with the first
   plaintext block by a bitwise exclusive OR operation before the block
   is encrypted.

   Let x (0 < x < 8) be the number of bytes in the last (possibly,
   incomplete) block of data.  There are three padding modes:
    * Zero padding: 8-x remaining bytes are filled with zero
    * PKCS#5 padding: 8-x remaining bytes are filled with value of 8-x.
      If there's no incomplete block, one extra block filled with value
   8 is added.
    * Random padding: 8-x remaining bytes of the last block are set to
   random.



Popov,Kurepkin,Leontiev       Informational                     [Page 3]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


2.2   Key meshing algorithms

   When there is a need to limit the amount of data, enciphered with the
   same key, several key meshing algorithms can be used.

       id-Gost28147-89-None-KeyMeshing OBJECT IDENTIFIER ::=
           { id-CryptoPro-algorithms keyMeshing(14) none(0) }

   This is a zero key meshing algorithm - key is never changed.

       id-Gost28147-89-CryptoPro-KeyMeshing  OBJECT IDENTIFIER ::=
           { id-CryptoPro-algorithms keyMeshing(14) cryptoPro(1) }

   This algorithm transforms the key and initialization vector every 1KB
   of plaintext data, using the following rule:

   Let K[i] be the previous key, and S[i] be the previous initialization
   vector.

   K[i+1] = decryptECB (K[i], C); S[i+1] = encryptECB (K[i+1],S[i])

   Where C = {0x22720069L, 0x2304C964L, 0x96DB3A8DL, 0xC42AE946L,
              0x94ACFE18L, 0x1207ED00L, 0xC2DC86C0L, 0x2BA94CEFL};

3  HMAC_GOSTR3411

   HMAC_GOSTR3411 (K,text) function is based on hash function GOST R
   34.11-94, as defined in [HMAC], with the following parameter values:
   B = 32, L = 32.

4  PRF_GOSTR3411

   PRF_GOSTR3411 is a pseudorandom function, based on HMAC_GOSTR3411.
   It is calculated as P_hash, defined in section 5 of [TLS].
   PRF_GOSTR3411(K,D) = P_GOSTR3411 (K,D)

5  Key establishment algorithms

   Standards [GOSTR341094] and [GOSTR34102001] do not define any key
   establishment algorithms.

   Section 5.7 specifies algorithms VKO GOST R 34.10-94 and VKO GOST R
   34.10-2001, which can be used to export/import session key using a
   one-time exchange key (symmetric key, shared by sender and
   recipient), based on sender's private key and recipient public key,
   or vice versa.

   Sections 5.1 and 5.2 describe how to create an exchange key from



Popov,Kurepkin,Leontiev       Informational                     [Page 4]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


   sender's private key and recipient public key, or vice versa.

   Section 5.3 describes how to create an export key from an exchange
   key or symmetric key.

   Sections 5.4 and 5.5 describe, how a session key can be exported
   (encrypted) using export key, or using exchange key directly.

   Section 5.6 describes, how to create session keys, using secret key
   and diversification data.

5.1  Creating exchange key using GOST R 34.10-94 keys

   This algorithm creates an exchange key using sender's private key and
   recipient public key, or vice versa, using GOST R 34.10-94 public key
   algorithm and GOST R 34.11-94 hash function.

  Exchange key EK is a 256-bit hash of 1024-bit Diffie-Hellman key
  K(x,y);

   EK = gostR3411 (K(x,y))
   K(x,y) = a^(x*y) (mod p), where

   x - sender's private key, a^x - sender's public key
   y - recipient's private key, a^y - recipient's public key

   Keys x and y MUST comply with [GOSTR341094].

   This algorithm MUST NOT be used, when a^x = a (mod p) or a^y = a (mod
   p).

5.2  Creating exchange key using GOST R 34.10-2001 keys

   This algorithm creates an exchange key using sender's private key and
   recipient public key, or vice versa, using GOST R 34.10-2001 public
   key algorithm and GOST R 34.11-94 hash function.

   Exchange key EK is a 256-bit hash of K(x,y,a);

   EK(x,y,a) = gostR3411 (K(x,y,a))
   K(x,y,a) = ((a*x)(mod q)) . (y.P) (512 bit), where
   x - sender's private key (256 bit)
   x.P - sender's public key (512 bit)
   y - recipient's private key (256 bit)
   y.P - recipient's public key (512 bit)
   a - synchrovector (64 bit)
   P - base point on the elliptic curve (two 256-bit coordinates)
   a*x - x multiplied by a as integers



Popov,Kurepkin,Leontiev       Informational                     [Page 5]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


   x.P - a multiple point

   Keys x and y MUST comply with [GOSTR34102001].

   This algorithm MUST NOT be used, when x.P = P, y.P = P

5.3  Generating export key from exchange key

   Given a random 64-bit synchrovector A, and an exchange key K,
   produced by algorithms from sections 5.1 and 5.2 (or other shared
   symmetric key K), this algorithm creates an export key K(A), which
   can be used to export (encrypt) session key.

   KA = K[8].  K[0]..K[8] are calculated with following algorithm:

   K[0] = K;
   K[i+1]  = encryptCFB (S[i], K[i], K[i])
   S[i] = ((a[i,0]*k[i,0] + ... + a[i,7]*k[i,7]) mod 2^32)
        | ((~a[i,0]*k[i,0] + ... + ~a[i,7]*k[i,7]) mod 2^32);

   Here a[i,j] and k[i,j] are components of A and K[i] respectively:
   K[i] = k[i,0]|k[i,1]|...|k[i,7] (k[i,j] - 32-bit integer)
   A = a[0]|...|a[7] (a[i] - byte, a[i,0]..a[i,7] - it's bits)


5.4  Key export using export key

   This algorithm exports session key SK using key K and random 64-bit
   synchrovector A. Outputs of this algorithm are 32-bit SK_mac and
   256-bit SK_enc.

   First, export key KA is created using algorithm, specified in 5.3,
   from the key K and vector A.

   Then SK_mac is calculated: SK_mac = gost28147IMIT (A, KA, SK).

   Then SK is encrypted in ECB mode, using key KA:
    SK_enc = encryptECB (KA, SK);

5.5  Key export using exchange key

   This algorithm exports session key SK using exchange key K and random
   64-bit synchrovector A. Outputs of this algorithm are 32-bit SK_mac
   and 256-bit SK_enc.

   First, SK_mac is calculated: SK_mac = gost28147IMIT (A, K, SK).

   Then SK is encrypted in ECB mode, using K for key:



Popov,Kurepkin,Leontiev       Informational                     [Page 6]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


    SK_enc = encryptECB (K, SK);

5.6  Key Diversification

   This algorithm creates a session key SK, given secret key K and
   diversification data D of size 4..40 bytes.

   1) 40-byte blob B is created from D by cloning it enough to fill all
   40 bytes. For example, if D is 40-bytes long, B = D; If D is 4-bytes
   long, B = D|D|D|D|D|D|D|D|D|D.

   2) B is split into 8-byte SV and 32-byte SRCKEY (B = SV|SRCKEY).

   3) Algorithm from section 5.3 is used to create KA from key K and
   synchrovector SV, with two differences. Instead of S[i], vector
   (0,0,0,SV[i],ff,ff,ff,ff XOR SV[i]) is used, and during each
   encryption step, only 8 out of 32 GOST 28147-89 steps are done.

   4) SK is calculated:
    SK = encryptCFB (A, KA, SRCKEY).

5.7  VKO GOST R 34.10-94 and VKO GOST R 34.10-2001 algorithms.  VKO GOST
   R 34.10-94 and VKO GOST R 34.10-2001 are key establishment algorithms
   for GOST R 34.10-94 and GOST R 34.10-2001 keys accordingly.

   There are two modes they can be used in.

5.7.1 'Simple export' mode

   Identifier for this mode:

       id-Gost28147-89-None-KeyWrap OBJECT IDENTIFIER ::=
           { id-CryptoPro-algorithms keyWrap(13) none(0) }

   The first step is calculating an exchange key, using algorithms,
   defined in sections 5.1 or 5.2, depending on key type.

   Then, session key can be exported on this exchange key, using
   algorithm from section 5.5

5.7.2 'CryptoPro' mode

   Identifier for this mode:

       id-Gost28147-89-CryptoPro-KeyWrap OBJECT IDENTIFIER ::=
           { id-CryptoPro-algorithms keyWrap(13) cryptoPro(1) }

   The first step is calculating an exchange key, using algorithms,



Popov,Kurepkin,Leontiev       Informational                     [Page 7]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


   defined in sections 5.1 or 5.2, depending on key type.

   Then, session key is exported on the export key (computed from this
   exchange key) using algorithm from section 5.4;

6  Algorithm parameters

   Standards [GOST28147], [GOST341194], [GOSTR341094] and
   [GOSTR34102001] do not define specific values for algorithm
   parameters.

   This document introduces the use of OIDs to specify algorithm
   parameters.

   Identifiers and corresponding parameter values for all of the
   proposed parameter sets can be found in Appendix in the form of ASN.1
   modules [X.660].

6.1 Encryption algorithm parameters

   GOST 28147-89 can be used in several modes, additional CBC mode is
   defined in section 2.1 this document. It also has an S-Box parameter
   (see Algorithm Parameters part in [GOST28147] in Russian, description
   in English see in [Schneier95] ch. 14.1, p. 331).

   This table contains the list of proposed parameter sets for GOST
   28147-89:

    Gost28147-89-ParamSetAlgorithms ALGORITHM-IDENTIFIER ::= {
        { Gost28147-89-ParamSetParameters IDENTIFIED BY
               id-Gost28147-89-TestParamSet  } |
        { Gost28147-89-ParamSetParameters IDENTIFIED BY
               id-Gost28147-89-CryptoPro-A-ParamSet  } |
        { Gost28147-89-ParamSetParameters IDENTIFIED BY
               id-Gost28147-89-CryptoPro-B-ParamSet  } |
        { Gost28147-89-ParamSetParameters IDENTIFIED BY
               id-Gost28147-89-CryptoPro-C-ParamSet  } |
        { Gost28147-89-ParamSetParameters IDENTIFIED BY
               id-Gost28147-89-CryptoPro-D-ParamSet  } |
        { Gost28147-89-ParamSetParameters IDENTIFIED BY
               id-Gost28147-89-CryptoPro-Simple-A-ParamSet  } |
        { Gost28147-89-ParamSetParameters IDENTIFIED BY
               id-Gost28147-89-CryptoPro-Simple-B-ParamSet  } |
        { Gost28147-89-ParamSetParameters IDENTIFIED BY
               id-Gost28147-89-CryptoPro-Simple-C-ParamSet  } |
        { Gost28147-89-ParamSetParameters IDENTIFIED BY
               id-Gost28147-89-CryptoPro-Simple-D-ParamSet  }
    }



Popov,Kurepkin,Leontiev       Informational                     [Page 8]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


   Identifier values can be found in Appendix.

   Parameters for GOST 28147-89 are presented in the following form:

    Gost28147-89-ParamSetParameters ::= SEQUENCE {
      eUZ   Gost28147-89-UZ,
      mode  INTEGER {
              gost28147-89-OFB(0),
              gost28147-89-CFB(1),
              cryptoPro-CBC(2)
           },
      shiftBits   INTEGER { gost28147-89-block(64) },
      keyWrap  AlgorithmIdentifier {{
                 Gost28147-89-KeyWrapAlgorithms
              }},
      keyMeshing   AlgorithmIdentifier {{
                 Gost28147-89-KeyMixAlgorithms
               }}
    }
    Gost28147-89-UZ ::= OCTET STRING (SIZE (64))
    Gost28147-89-KeyMixAlgorithms  ALGORITHM-IDENTIFIER ::= {
        { NULL IDENTIFIED BY id-Gost28147-89-CryptoPro-KeyMix } |
        { NULL IDENTIFIED BY id-Gost28147-89-None-KeyMix }
    }
    Gost28147-89-KeyWrapAlgorithms  ALGORITHM-IDENTIFIER ::= {
        { NULL IDENTIFIED BY id-Gost28147-89-CryptoPro-KeyWrap } |
        { NULL IDENTIFIED BY id-Gost28147-89-None-KeyWrap }
    }

   where
      eUZ        - S-box value;
      mode       - cipher mode;
      shiftBits  - cipher parameter;
      keyWrap    - key export algorithm identifier;
      keyMeshing - key meshing algorithm identifier.

6.2 Digest algorithm parameters

   This table contains the list of proposed parameter sets for
   [GOST341194]:

    GostR3411-94-ParamSetAlgorithms ALGORITHM-IDENTIFIER ::= {
        { GostR3411-94-ParamSetParameters IDENTIFIED BY
          id-GostR3411-94-TestParamSet
        } |
        { GostR3411-94-ParamSetParameters IDENTIFIED BY
          id-GostR3411-94-CryptoProParamSet
        }



Popov,Kurepkin,Leontiev       Informational                     [Page 9]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


    }

   Identifier values can be found in Appendix.

   Parameters for [GOST341194] are presented in the following form:

    GostR3411-94-ParamSetParameters ::=
        SEQUENCE {
            hUZ Gost28147-89-UZ,    -- S-Box for digest
            h0  GostR3411-94-Digest -- start digest value
        }
    GostR3411-94-Digest ::= OCTET STRING (SIZE (32))

6.3 GOST R 34.10-94 public key algorithm parameters

   This table contains the list of proposed parameter sets for GOST R
   34.10-94:

    GostR3410-94-ParamSetAlgorithm ALGORITHM-IDENTIFIER ::= {
        { GostR3410-94-ParamSetParameters IDENTIFIED BY
               id-GostR3410-94-TestParamSet } |
        { GostR3410-94-ParamSetParameters IDENTIFIED BY
               id-GostR3410-94-CryptoPro-A-ParamSet  } |
        { GostR3410-94-ParamSetParameters IDENTIFIED BY
               id-GostR3410-94-CryptoPro-B-ParamSet  } |
        { GostR3410-94-ParamSetParameters IDENTIFIED BY
               id-GostR3410-94-CryptoPro-C-ParamSet  } |
        { GostR3410-94-ParamSetParameters IDENTIFIED BY
               id-GostR3410-94-CryptoPro-D-ParamSet  } |
        { GostR3410-94-ParamSetParameters IDENTIFIED BY
               id-GostR3410-94-CryptoPro-XchA-ParamSet  } |
        { GostR3410-94-ParamSetParameters IDENTIFIED BY
               id-GostR3410-94-CryptoPro-XchB-ParamSet  } |
        { GostR3410-94-ParamSetParameters IDENTIFIED BY
               id-GostR3410-94-CryptoPro-XchC-ParamSet  }
    }

   Identifier values can be found in Appendix.

   Parameters for GOST R 34.10-94 are presented in the following form:

    GostR3410-94-ParamSetParameters ::=
       SEQUENCE {
           p       INTEGER,
           q       INTEGER,
           a       INTEGER,
           validationAlgorithm   AlgorithmIdentifier {{
             GostR3410-94-ValidationAlgorithms



Popov,Kurepkin,Leontiev       Informational                    [Page 10]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


             }} OPTIONAL
       }

    GostR3410-94-ValidationParameters ::=
         SEQUENCE {
             t       INTEGER,
             x0      INTEGER,
             c       INTEGER,
             d       INTEGER OPTIONAL
         }

   Where
    p - modulus, prime number, 2^1023<p<2^1024;
    q - order of cyclic group, prime number, 2^254<q<2^256, q is a
   factor
    of p-1;
    a - generator, integer, 1<a<p-1, at that aq (mod p) = 1;
    validationAlgorithm - constant p, q and a calculating algorithm.

    t  - bit length of p;
    x0 - seed;
    c  - used for p and q generation;
    d  - used for a generation.

6.4 GOST R 34.10-2001 public key algorithm parameters

   This table contains the list of proposed parameter sets for GOST R
   34.10-2001:

    GostR3410-2001-ParamSetAlgorithm ALGORITHM-IDENTIFIER ::= {
        { GostR3410-2001-ParamSetParameters IDENTIFIED BY
               id-GostR3410-2001-TestParamSet } |
        { GostR3410-2001-ParamSetParameters IDENTIFIED BY
               id-GostR3410-2001-CryptoPro-A-ParamSet  } |
        { GostR3410-2001-ParamSetParameters IDENTIFIED BY
               id-GostR3410-2001-CryptoPro-B-ParamSet  } |
        { GostR3410-2001-ParamSetParameters IDENTIFIED BY
               id-GostR3410-2001-CryptoPro-C-ParamSet  } |
        { GostR3410-2001-ParamSetParameters IDENTIFIED BY
               id-GostR3410-2001-CryptoPro-XchA-ParamSet  } |
        { GostR3410-2001-ParamSetParameters IDENTIFIED BY
               id-GostR3410-2001-CryptoPro-XchB-ParamSet  }
    }

   Identifier values can be found in Appendix.

   Parameters for GOST R 34.10-2001 are presented in the following form:




Popov,Kurepkin,Leontiev       Informational                    [Page 11]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


    GostR3410-2001-ParamSetParameters ::=
       SEQUENCE {
           abj CHOICE {
               ab SEQUENCE {
                   a       INTEGER,
                   b       INTEGER,
               },
               j       INTEGER,
           },
           p       INTEGER ,
           q       INTEGER ,
           x       INTEGER ,
           y       INTEGER
       }

    a, b - coefficients a and b of the elliptic curve E;
    j    - invariant;
    p    - prime number - elliptic curve modulus;
    q    - prime number - order of cyclic group;
    x, y - base point p coordinates.

7  Security Considerations

   Parameter values for using cryptographic algorithms affect rigidity
   of information protection system. It is RECCOMENDED, that software
   applications verify signature values, subject public keys and
   algorithm parameters to conform to [GOSTR34102001], [GOSTR341094]
   standards prior to their use.

   The algorithm parameters proposed hereby and described in this
   document, have been analyzed by special certification laboratory of
   Scientific and Technical Centre "ATLAS" and by Centre of
   Certificational Investigations in appropriate levels of
   target_of_evaluation (TOE).

   In case of different parameters usage, it is RECCOMENDED that they
   are to be examined by authorized agency with an approved methods of
   cryptographic analysis.

8  Appendix ASN.1 Modules

8.1  Gost28147-89-EncryptionSyntax

Gost28147-89-EncryptionSyntax
    { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
      other(1) modules(1) gost28147-89-EncryptionSyntax(4) 1 }
DEFINITIONS EXPLICIT TAGS ::=
BEGIN



Popov,Kurepkin,Leontiev       Informational                    [Page 12]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


-- EXPORTS All --
-- The types and values defined in this module are exported for
-- use in the other ASN.1 modules contained within the Russian
-- Cryptography "GOST" & "GOST R" Specifications, and for the use
-- of other applications which will use them to access Russian
-- Cryptography services. Other applications may use them for
-- their own purposes, but this will not constrain extensions and
-- modifications needed to maintain or improve the Russian
-- Cryptography service.
    IMPORTS
        id-CryptoPro-algorithms, id-CryptoPro-encrypts,
        cryptographic-Gost-Useful-Definitions
        FROM Cryptographic-Gost-Useful-Definitions
            { iso(1) member-body(2) ru(643) rans(2)
              cryptopro(2) other(1) modules(1)
              cryptographic-Gost-Useful-Definitions(0) 1 }
        AlgorithmIdentifier, ALGORITHM-IDENTIFIER
        FROM Cryptographic-Gost-Useful-Definitions
             cryptographic-Gost-Useful-Definitions
    ;
  -- GOST 28147-89 OID
    id-Gost28147-89 OBJECT IDENTIFIER ::=
        { id-CryptoPro-algorithms gost28147-89(21) }
  -- GOST 28147-89 Cryptographic Parameter Sets OIDs
    id-Gost28147-89-TestParamSet OBJECT IDENTIFIER ::=
        { id-CryptoPro-encrypts test(0) }
    id-Gost28147-89-CryptoPro-A-ParamSet OBJECT IDENTIFIER ::=
        { id-CryptoPro-encrypts cryptopro-A(1) }
    id-Gost28147-89-CryptoPro-B-ParamSet OBJECT IDENTIFIER ::=
        { id-CryptoPro-encrypts cryptopro-B(2) }
    id-Gost28147-89-CryptoPro-C-ParamSet OBJECT IDENTIFIER ::=
        { id-CryptoPro-encrypts cryptopro-C(3) }
    id-Gost28147-89-CryptoPro-D-ParamSet OBJECT IDENTIFIER ::=
        { id-CryptoPro-encrypts cryptopro-D(4) }
    id-Gost28147-89-CryptoPro-Simple-A-ParamSet
        OBJECT IDENTIFIER ::=
           { id-CryptoPro-encrypts cryptopro-Simple-A(6) }
    id-Gost28147-89-CryptoPro-Simple-B-ParamSet
        OBJECT IDENTIFIER ::=
           { id-CryptoPro-encrypts cryptopro-Simple-B(7) }
    id-Gost28147-89-CryptoPro-Simple-C-ParamSet
        OBJECT IDENTIFIER ::=
           { id-CryptoPro-encrypts cryptopro-Simple-C(8) }
    id-Gost28147-89-CryptoPro-Simple-D-ParamSet
        OBJECT IDENTIFIER ::=
           { id-CryptoPro-encrypts cryptopro-Simple-D(9) }
  -- GOST 28147-89 Types
    Gost28147-89-Data ::= OCTET STRING (SIZE (0..4294967294))



Popov,Kurepkin,Leontiev       Informational                    [Page 13]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


    Gost28147-89-EncryptedData ::=
        OCTET STRING (SIZE (0..4294967294))
    Gost28147-89-UZ ::= OCTET STRING (SIZE (64))
    Gost28147-89-IV ::= OCTET STRING (SIZE (8))
    Gost28147-89-Key ::= OCTET STRING (SIZE (32))
    Gost28147-89-MAC ::= OCTET STRING (SIZE (1..4))
    Gost28147-89-EncryptedKey ::=
        SEQUENCE {
            encryptedKey         Gost28147-89-Key,
            macKey               Gost28147-89-MAC (SIZE (4))
        }
  -- GOST 28147-89 encryption algorithm parameters
    Gost28147-89-Parameters ::=
        SEQUENCE {
            encryptionParamSet
          OBJECT IDENTIFIER (
              id-Gost28147-89-TestParamSet | -- Only for tests use
              id-Gost28147-89-CryptoPro-A-ParamSet |
              id-Gost28147-89-CryptoPro-B-ParamSet |
              id-Gost28147-89-CryptoPro-C-ParamSet |
              id-Gost28147-89-CryptoPro-D-ParamSet |
              id-Gost28147-89-CryptoPro-Simple-A-ParamSet |
              id-Gost28147-89-CryptoPro-Simple-B-ParamSet |
              id-Gost28147-89-CryptoPro-Simple-C-ParamSet |
              id-Gost28147-89-CryptoPro-Simple-D-ParamSet
          ),
            iv                   Gost28147-89-IV
        }
    Gost28147-89-Algorithms ALGORITHM-IDENTIFIER ::= {
        { Gost28147-89-Parameters IDENTIFIED BY
               id-Gost28147-89 }
    }
END -- Gost28147-89-EncryptionSyntax

8.2  Gost28147-89-ParamSetSyntax

Gost28147-89-ParamSetSyntax
    { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
      other(1) modules(1) gost28147-89-ParamSetSyntax(6) 1 }
DEFINITIONS EXPLICIT TAGS ::=
BEGIN
-- EXPORTS All --
-- The types and values defined in this module are exported for
-- use in the other ASN.1 modules contained within the Russian
-- Cryptography "GOST" & "GOST R" Specifications, and for the use
-- of other applications which will use them to access Russian
-- Cryptography services. Other applications may use them for
-- their own purposes, but this will not constrain extensions and



Popov,Kurepkin,Leontiev       Informational                    [Page 14]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


-- modifications needed to maintain or improve the Russian
-- Cryptography service.
    IMPORTS
        id-CryptoPro-algorithms, id-CryptoPro-encrypts,
        gost28147-89-EncryptionSyntax,
        cryptographic-Gost-Useful-Definitions
        FROM Cryptographic-Gost-Useful-Definitions
            { iso(1) member-body(2) ru(643) rans(2)
              cryptopro(2) other(1) modules(1)
              cryptographic-Gost-Useful-Definitions(0) 1 }
        Gost28147-89-UZ,
        id-Gost28147-89-TestParamSet,
        id-Gost28147-89-CryptoPro-A-ParamSet,
        id-Gost28147-89-CryptoPro-B-ParamSet,
        id-Gost28147-89-CryptoPro-C-ParamSet,
        id-Gost28147-89-CryptoPro-D-ParamSet,
        id-Gost28147-89-CryptoPro-Simple-A-ParamSet,
        id-Gost28147-89-CryptoPro-Simple-B-ParamSet,
        id-Gost28147-89-CryptoPro-Simple-C-ParamSet,
        id-Gost28147-89-CryptoPro-Simple-D-ParamSet
        FROM Gost28147-89-EncryptionSyntax
             gost28147-89-EncryptionSyntax
        AlgorithmIdentifier, ALGORITHM-IDENTIFIER
        FROM Cryptographic-Gost-Useful-Definitions
             cryptographic-Gost-Useful-Definitions
    ;
  -- GOST 28147-89 Cryptographic Parameters Set:
  -- algorithm & parameters
  -- OID for Parameters Set imported from
  -- Gost28147-89-EncryptionSyntax
    Gost28147-89-ParamSetParameters ::=
            SEQUENCE {
            eUZ          Gost28147-89-UZ,
            mode         INTEGER {
                   gost28147-89-OFB(0),
                   gost28147-89-CFB(1),
                        cryptoPro-CBC(2)
               },
            shiftBits    INTEGER { gost28147-89-block(64) },
            keyWrap      AlgorithmIdentifier {{
                   Gost28147-89-KeyWrapAlgorithms
               }},
            keyMix       AlgorithmIdentifier {{
                   Gost28147-89-KeyMixAlgorithms
               }}
        }
    Gost28147-89-ParamSetAlgorithms ALGORITHM-IDENTIFIER ::= {
        { Gost28147-89-ParamSetParameters IDENTIFIED BY



Popov,Kurepkin,Leontiev       Informational                    [Page 15]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


               id-Gost28147-89-TestParamSet  } |
        { Gost28147-89-ParamSetParameters IDENTIFIED BY
               id-Gost28147-89-CryptoPro-A-ParamSet  } |
        { Gost28147-89-ParamSetParameters IDENTIFIED BY
               id-Gost28147-89-CryptoPro-B-ParamSet  } |
        { Gost28147-89-ParamSetParameters IDENTIFIED BY
               id-Gost28147-89-CryptoPro-C-ParamSet  } |
        { Gost28147-89-ParamSetParameters IDENTIFIED BY
               id-Gost28147-89-CryptoPro-D-ParamSet  } |
        { Gost28147-89-ParamSetParameters IDENTIFIED BY
               id-Gost28147-89-CryptoPro-Simple-A-ParamSet  } |
        { Gost28147-89-ParamSetParameters IDENTIFIED BY
               id-Gost28147-89-CryptoPro-Simple-B-ParamSet  } |
        { Gost28147-89-ParamSetParameters IDENTIFIED BY
               id-Gost28147-89-CryptoPro-Simple-C-ParamSet  } |
        { Gost28147-89-ParamSetParameters IDENTIFIED BY
               id-Gost28147-89-CryptoPro-Simple-D-ParamSet  }
    }
    id-Gost28147-89-CryptoPro-KeyWrap OBJECT IDENTIFIER ::=
        { id-CryptoPro-algorithms keyWrap(13) cryptoPro(1) }
    id-Gost28147-89-None-KeyWrap OBJECT IDENTIFIER ::=
        { id-CryptoPro-algorithms keyWrap(13) none(0) }
    Gost28147-89-KeyWrapAlgorithms  ALGORITHM-IDENTIFIER ::= {
        { NULL IDENTIFIED BY id-Gost28147-89-CryptoPro-KeyWrap } |
        { NULL IDENTIFIED BY id-Gost28147-89-None-KeyWrap }
    }
    id-Gost28147-89-CryptoPro-KeyMix  OBJECT IDENTIFIER ::=
        { id-CryptoPro-algorithms keyMix(14) cryptoPro(1) }
    id-Gost28147-89-None-KeyMix OBJECT IDENTIFIER ::=
        { id-CryptoPro-algorithms keyMix(14) none(0) }
    Gost28147-89-KeyMixAlgorithms  ALGORITHM-IDENTIFIER ::= {
        { NULL IDENTIFIED BY id-Gost28147-89-CryptoPro-KeyMix } |
        { NULL IDENTIFIED BY id-Gost28147-89-None-KeyMix }
    }
  -- GOST 28147-89 Cryptographic Parameters Set: values
    -- Test Parameters Set
    gost28147-89-TestParamSetAI
        AlgorithmIdentifier {{
            Gost28147-89-ParamSetAlgorithms
        }} ::=
        {
            algorithm
          id-Gost28147-89-TestParamSet,
            parameters
          Gost28147-89-ParamSetParameters:{
              eUZ   '4CDE389C2989EFB6FFEB56C55EC29B029875613B113F896
003970C798AA1D55DE210AD43375DB38EB42C77E7CD46CAFAD66A201F70F41EA4AB
03F22165B844D8'H,



Popov,Kurepkin,Leontiev       Informational                    [Page 16]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


                   mode  gost28147-89-OFB,
              shiftBits  64,
                   keyWrap
               { algorithm id-Gost28147-89-None-KeyWrap },
              keyMix
               { algorithm id-Gost28147-89-None-KeyMix }
          }
        }
    -- CryptoPro Parameters Sets
    gost28147-89-UZ-CryptoPro-A Gost28147-89-UZ ::=
      -- K1 K2 K3 K4 K5 K6 K7 K8
      -- 9  3  E  E  B  3  1  B
      -- 6  7  4  7  5  A  D  A
      -- 3  E  6  A  1  D  2  F
      -- 2  9  2  C  9  C  9  5
      -- 8  8  B  D  8  1  7  0
      -- B  A  3  1  D  2  A  C
      -- 1  F  D  3  F  0  6  E
      -- 7  0  8  9  0  B  0  8
      -- A  5  C  0  E  7  8  6
      -- 4  2  F  2  4  5  C  2
      -- E  6  5  B  2  9  4  3
      -- F  C  A  4  3  4  5  9
      -- C  B  0  F  C  8  F  1
      -- 0  4  7  8  7  F  3  7
      -- D  D  1  5  A  E  B  D
      -- 5  1  9  6  6  6  E  4
        '93EEB31B67475ADA3E6A1D2F292C9C9588BD8170BA31D2AC1FD3F06E70
890B08A5C0E78642F245C2E65B2943FCA43459CB0FC8F104787F37DD15AEBD51966
6E4'H
    gost28147-89-CryptoPro-A-ParamSetAI
        AlgorithmIdentifier {{
            Gost28147-89-ParamSetAlgorithms
        }} ::=
        {
            algorithm
          id-Gost28147-89-CryptoPro-A-ParamSet,
            parameters
          Gost28147-89-ParamSetParameters:{
              eUZ   gost28147-89-UZ-CryptoPro-A,
                   mode  gost28147-89-CFB,
                   shiftBits  64,
                   keyWrap
               { algorithm id-Gost28147-89-CryptoPro-KeyWrap },
              keyMix
               { algorithm id-Gost28147-89-CryptoPro-KeyMix }
          }
        }



Popov,Kurepkin,Leontiev       Informational                    [Page 17]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


    --
    gost28147-89-UZ-CryptoPro-B Gost28147-89-UZ ::=
      -- K1 K2 K3 K4 K5 K6 K7 K8
      -- 8  0  E  7  2  8  5  0
      -- 4  1  C  5  7  3  2  4
      -- B  2  0  0  C  2  A  B
      -- 1  A  A  D  F  6  B  E
      -- 3  4  9  B  9  4  9  8
      -- 5  D  2  6  5  D  1  3
      -- 0  5  D  1  A  E  C  7
      -- 9  C  B  2  B  B  3  1
      -- 2  9  7  3  1  C  7  A
      -- E  7  5  A  4  1  4  2
      -- A  3  8  C  0  7  D  9
      -- C  F  F  F  D  F  0  6
      -- D  B  3  4  6  A  6  F
      -- 6  8  6  E  8  0  F  D
      -- 7  6  1  9  E  9  8  5
      -- F  E  4  8  3  5  E  C
        '80E7285041C57324B200C2AB1AADF6BE349B94985D265D1305D1AEC79C
B2BB3129731C7AE75A4142A38C07D9CFFFDF06DB346A6F686E80FD7619E985FE483
5EC'H
    gost28147-89-CryptoPro-B-ParamSetAI
        AlgorithmIdentifier {{
            Gost28147-89-ParamSetAlgorithms
        }} ::=
        {
            algorithm
          id-Gost28147-89-CryptoPro-B-ParamSet,
            parameters
          Gost28147-89-ParamSetParameters:{
              eUZ   gost28147-89-UZ-CryptoPro-B,
                   mode  gost28147-89-CFB,
                   shiftBits  64,
                   keyWrap
               { algorithm id-Gost28147-89-CryptoPro-KeyWrap },
              keyMix
               { algorithm id-Gost28147-89-CryptoPro-KeyMix }
          }
        }
    --
    gost28147-89-UZ-CryptoPro-C Gost28147-89-UZ ::=
      -- K1 K2 K3 K4 K5 K6 K7 K8
      -- 1  0  8  3  8  C  A  7
      -- B  1  2  6  D  9  9  4
      -- C  7  5  0  B  B  6  0
      -- 2  D  0  1  0  1  8  5
      -- 9  B  4  5  4  8  D  A



Popov,Kurepkin,Leontiev       Informational                    [Page 18]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


      -- D  4  9  D  5  E  E  2
      -- 0  5  F  A  1  2  2  F
      -- F  2  A  8  2  4  0  E
      -- 4  8  3  B  9  7  F  C
      -- 5  E  7  2  3  3  3  6
      -- 8  F  C  9  C  6  5  1
      -- E  C  D  7  E  5  B  B
      -- A  9  6  E  6  A  4  D
      -- 7  A  E  F  F  0  1  9
      -- 6  6  1  C  A  F  C  3
      -- 3  3  B  4  7  D  7  8
        '10838CA7B126D994C750BB602D0101859B4548DAD49D5EE205FA122FF2
A8240E483B97FC5E7233368FC9C651ECD7E5BBA96E6A4D7AEFF019661CAFC333B47
D78'H
    gost28147-89-CryptoPro-C-ParamSetAI
        AlgorithmIdentifier {{
            Gost28147-89-ParamSetAlgorithms
        }} ::=
        {
            algorithm
          id-Gost28147-89-CryptoPro-C-ParamSet,
            parameters
          Gost28147-89-ParamSetParameters:{
              eUZ   gost28147-89-UZ-CryptoPro-C,
                   mode  gost28147-89-CFB,
                   shiftBits  64,
                   keyWrap
               { algorithm id-Gost28147-89-CryptoPro-KeyWrap },
              keyMix
               { algorithm id-Gost28147-89-CryptoPro-KeyMix }
          }
        }
    --
    gost28147-89-UZ-CryptoPro-D Gost28147-89-UZ ::=
      -- K1 K2 K3 K4 K5 K6 K7 K8
      -- F  B  1  1  0  8  3  1
      -- C  6  C  5  C  0  0  A
      -- 2  3  B  E  8  F  6  6
      -- A  4  0  C  9  3  F  8
      -- 6  C  F  A  D  2  1  F
      -- 4  F  E  7  2  5  E  B
      -- 5  E  6  0  A  E  9  0
      -- 0  2  5  D  B  B  2  4
      -- 7  7  A  6  7  1  D  C
      -- 9  D  D  2  3  A  8  3
      -- E  8  4  B  6  4  C  5
      -- D  0  8  4  5  7  4  9
      -- 1  5  9  9  4  C  B  7



Popov,Kurepkin,Leontiev       Informational                    [Page 19]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


      -- B  A  3  3  E  9  A  D
      -- 8  9  7  F  F  D  5  2
      -- 3  1  2  8  1  6  7  E'H
        'FB110831C6C5C00A23BE8F66A40C93F86CFAD21F4FE725EB5E60AE9002
5DBB2477A671DC9DD23A83E84B64C5D084574915994CB7BA33E9AD897FFD5231281
67E'H
    gost28147-89-CryptoPro-D-ParamSetAI
        AlgorithmIdentifier {{
            Gost28147-89-ParamSetAlgorithms
        }} ::=
        {
            algorithm
          id-Gost28147-89-CryptoPro-D-ParamSet,
            parameters
          Gost28147-89-ParamSetParameters:{
              eUZ   gost28147-89-UZ-CryptoPro-D,
                   mode  gost28147-89-CFB,
                   shiftBits  64,
                   keyWrap
               { algorithm id-Gost28147-89-CryptoPro-KeyWrap },
              keyMix
               { algorithm id-Gost28147-89-CryptoPro-KeyMix }
          }
        }
    --
    gost28147-89-CryptoPro-Simple-A-ParamSetAI
        AlgorithmIdentifier {{
            Gost28147-89-ParamSetAlgorithms
        }} ::=
        {
            algorithm
          id-Gost28147-89-CryptoPro-Simple-A-ParamSet,
            parameters
          Gost28147-89-ParamSetParameters:{
              eUZ   gost28147-89-UZ-CryptoPro-A,
                   mode  gost28147-89-CFB,
                   shiftBits  64,
                   keyWrap
               { algorithm id-Gost28147-89-None-KeyWrap },
              keyMix
               { algorithm id-Gost28147-89-CryptoPro-KeyMix }
          }
        }
    --
    gost28147-89-CryptoPro-Simple-B-ParamSetAI
        AlgorithmIdentifier {{
            Gost28147-89-ParamSetAlgorithms
        }} ::=



Popov,Kurepkin,Leontiev       Informational                    [Page 20]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


        {
            algorithm
          id-Gost28147-89-CryptoPro-Simple-B-ParamSet,
            parameters
          Gost28147-89-ParamSetParameters:{
              eUZ   gost28147-89-UZ-CryptoPro-B,
                   mode  gost28147-89-CFB,
                   shiftBits  64,
                   keyWrap
               { algorithm id-Gost28147-89-None-KeyWrap },
              keyMix
               { algorithm id-Gost28147-89-CryptoPro-KeyMix }
          }
        }
    --
    gost28147-89-CryptoPro-Simple-C-ParamSetAI
        AlgorithmIdentifier {{
            Gost28147-89-ParamSetAlgorithms
        }} ::=
        {
            algorithm
          id-Gost28147-89-CryptoPro-Simple-C-ParamSet,
            parameters
          Gost28147-89-ParamSetParameters:{
              eUZ   gost28147-89-UZ-CryptoPro-C,
                   mode  gost28147-89-CFB,
                   shiftBits  64,
                   keyWrap
               { algorithm id-Gost28147-89-None-KeyWrap },
              keyMix
               { algorithm id-Gost28147-89-CryptoPro-KeyMix }
          }
        }
    --
    gost28147-89-CryptoPro-Simple-D-ParamSetAI
        AlgorithmIdentifier {{
            Gost28147-89-ParamSetAlgorithms
        }} ::=
        {
            algorithm
          id-Gost28147-89-CryptoPro-Simple-D-ParamSet,
            parameters
          Gost28147-89-ParamSetParameters:{
              eUZ   gost28147-89-UZ-CryptoPro-D,
                   mode  gost28147-89-CFB,
                   shiftBits  64,
                   keyWrap
               { algorithm id-Gost28147-89-None-KeyWrap },



Popov,Kurepkin,Leontiev       Informational                    [Page 21]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


              keyMix
               { algorithm id-Gost28147-89-CryptoPro-KeyMix }
          }
        }
END -- Gost28147-89-ParamSetSyntax

8.3  GostR3411-94-DigestSyntax

GostR3411-94-DigestSyntax
    { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
      other(1) modules(1) gostR3411-94-DigestSyntax(1) 1 }
DEFINITIONS ::=
BEGIN
-- EXPORTS All --
-- The types and values defined in this module are exported for
-- use in the other ASN.1 modules contained within the Russian
-- Cryptography "GOST" & "GOST R" Specifications, and for the use
-- of other applications which will use them to access Russian
-- Cryptography services. Other applications may use them for
-- their own purposes, but this will not constrain extensions and
-- modifications needed to maintain or improve the Russian
-- Cryptography service.
    IMPORTS
        id-CryptoPro-algorithms, id-CryptoPro-hashes,
        gost28147-89-EncryptionSyntax,
        cryptographic-Gost-Useful-Definitions
        FROM Cryptographic-Gost-Useful-Definitions
            { iso(1) member-body(2) ru(643) rans(2)
              cryptopro(2) other(1) modules(1)
              cryptographic-Gost-Useful-Definitions(0) 1 }
        Gost28147-89-Data, Gost28147-89-UZ
        FROM Gost28147-89-EncryptionSyntax
             gost28147-89-EncryptionSyntax
        AlgorithmIdentifier, ALGORITHM-IDENTIFIER
        FROM Cryptographic-Gost-Useful-Definitions
             cryptographic-Gost-Useful-Definitions
    ;
  -- GOST R 34.11-94 OID
    id-GostR3411-94 OBJECT IDENTIFIER ::=
        { id-CryptoPro-algorithms gostR3411-94(9) }
  -- GOST R 34.11-94 Cryptographic Parameters Set OIDs
    id-GostR3411-94-TestParamSet OBJECT IDENTIFIER ::=
        { id-CryptoPro-hashes test(0) }
    id-GostR3411-94-CryptoProParamSet OBJECT IDENTIFIER ::=
        { id-CryptoPro-hashes cryptopro(1) }
  -- GOST R 34.11-94 Data Types
    GostR3411-94-Data ::= Gost28147-89-Data
    GostR3411-94-Digest ::= OCTET STRING (SIZE (32))



Popov,Kurepkin,Leontiev       Informational                    [Page 22]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


  -- GOST R 34.11-94 Digest Parameters & Algorithms
    GostR3411-94-DigestParameters ::=
        OBJECT IDENTIFIER (
          id-GostR3411-94-TestParamSet |     -- Only for tests use
          id-GostR3411-94-CryptoProParamSet
        )
    GostR3411-94-DigestAlgorithms ALGORITHM-IDENTIFIER ::= {
        { NULL IDENTIFIED BY id-GostR3411-94 } |
          -- Assume id-GostR3411-94-CryptoProParamSet
        { GostR3411-94-DigestParameters
          IDENTIFIED BY id-GostR3411-94 }
    }
END -- GostR3411-94-DigestSyntax

8.4  GostR3411-94-ParamSetSyntax

GostR3411-94-ParamSetSyntax
    { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
      other(1) modules(1) gostR3411-94-ParamSetSyntax(7) 1 }
DEFINITIONS ::=
BEGIN
-- EXPORTS All --
-- The types and values defined in this module are exported for
-- use in the other ASN.1 modules contained within the Russian
-- Cryptography "GOST" & "GOST R" Specifications, and for the use
-- of other applications which will use them to access Russian
-- Cryptography services. Other applications may use them for
-- their own purposes, but this will not constrain extensions and
-- modifications needed to maintain or improve the Russian
-- Cryptography service.
    IMPORTS
        id-CryptoPro-algorithms, id-CryptoPro-hashes,
        gost28147-89-EncryptionSyntax,
        gostR3411-94-DigestSyntax,
        cryptographic-Gost-Useful-Definitions
        FROM Cryptographic-Gost-Useful-Definitions
            { iso(1) member-body(2) ru(643) rans(2)
              cryptopro(2) other(1) modules(1)
              cryptographic-Gost-Useful-Definitions(0) 1 }
        Gost28147-89-UZ
        FROM Gost28147-89-EncryptionSyntax
             gost28147-89-EncryptionSyntax
        id-GostR3411-94-TestParamSet,
        id-GostR3411-94-CryptoProParamSet,
        GostR3411-94-Digest
        FROM GostR3411-94-DigestSyntax gostR3411-94-DigestSyntax
        AlgorithmIdentifier, ALGORITHM-IDENTIFIER
        FROM Cryptographic-Gost-Useful-Definitions



Popov,Kurepkin,Leontiev       Informational                    [Page 23]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


             cryptographic-Gost-Useful-Definitions
    ;
  -- GOST R 34.11-94 Cryptographic Parameters Set:
  -- algorithm & parameters
  -- OID for Parameters Set imported from GostR3411-94-DigestSyntax
    GostR3411-94-ParamSetParameters ::=
        SEQUENCE {
            hUZ Gost28147-89-UZ,    -- S-Box for digest
            h0  GostR3411-94-Digest -- start digest value
        }
    GostR3411-94-ParamSetAlgorithms ALGORITHM-IDENTIFIER ::= {
        { GostR3411-94-ParamSetParameters IDENTIFIED BY
          id-GostR3411-94-TestParamSet
        } |
        { GostR3411-94-ParamSetParameters IDENTIFIED BY
          id-GostR3411-94-CryptoProParamSet
        }
    }
    -- GOST R 34.11-94 Tests parameters set
    -- (GOST R 34.11-94 Annex A. Test vector)
    gostR3411TestParamSetAI AlgorithmIdentifier
     {{ GostR3411-94-ParamSetAlgorithms }} ::=
        {
            algorithm
          id-GostR3411-94-TestParamSet,
            parameters
          GostR3411-94-ParamSetParameters:{
              hUZ
                 -- pi1 pi2 pi3 pi4 pi5 pi6 pi7 pi8
                 -- 4   E   5   7   6   4   D   1
                 -- A   B   8   D   C   B   B   F
                 -- 9   4   1   A   7   A   4   D
                 -- 2   C   D   1   1   0   1   0
                 -- D   6   A   0   5   7   3   5
                 -- 8   D   3   8   F   2   F   7
                 -- 0   F   4   9   D   1   5   A
                 -- E   A   2   F   8   D   9   4
                 -- 6   2   E   E   4   3   0   9
                 -- B   3   F   4   A   6   A   2
                 -- 1   8   C   6   9   8   E   3
                 -- C   1   7   C   E   5   7   E
                 -- 7   0   6   B   0   9   6   6
                 -- F   7   0   2   3   C   8   B
                 -- 5   5   9   5   B   F   2   8
                 -- 3   9   B   3   2   E   C   C
                   '4E5764D1AB8DCBBF941A7A4D2CD11010D6A057358D38F2F7
0F49D15AEA2F8D9462EE4309B3F4A6A218C698E3C17CE57E706B0966F7023C8B559
5BF2839B32ECC'H,



Popov,Kurepkin,Leontiev       Informational                    [Page 24]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


              h0   '000000000000000000000000000000000000000000000000
0000000000000000'H
          }
        }
    -- CryptoPro parameters
    gostR3411CryptoProParamSetAI AlgorithmIdentifier
    {{ GostR3411-94-ParamSetAlgorithms }} ::=
        {
            algorithm
          id-GostR3411-94-CryptoProParamSet,
            parameters
          GostR3411-94-ParamSetParameters:{
              hUZ
                 -- pi1 pi2 pi3 pi4 pi5 pi6 pi7 pi8
                 -- A   5   7   4   7   7   D   1
                 -- 4   F   F   A   6   6   E   3
                 -- 5   4   C   7   4   2   4   A
                 -- 6   0   E   C   B   4   1   9
                 -- 8   2   9   0   9   D   7   5
                 -- 1   D   4   F   C   9   0   B
                 -- 3   B   1   2   2   F   5   4
                 -- 7   9   0   8   A   0   A   F
                 -- D   1   3   E   1   A   3   8
                 -- C   7   B   1   8   1   C   6
                 -- E   6   5   6   0   5   8   7
                 -- 0   3   2   5   E   B   F   E
                 -- 9   C   6   D   F   8   6   D
                 -- 2   E   A   B   D   E   2   0
                 -- B   A   8   9   3   C   9   2
                 -- F   8   D   3   5   3   B   C
                'A57477D14FFA66E354C7424A60ECB41982909D751D4FC90B3B122F5
47908A0AFD13E1A38C7B181C6E65605870325EBFE9C6DF86D2EABDE20BA893C92F8
D353BC'H,
              h0   '000000000000000000000000000000000000000000000000
0000000000000000'H
          }
        }
END -- GostR3411-94-ParamSetSyntax

8.5  GostR3410-94-PKISyntax

GostR3410-94-PKISyntax
    { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
      other(1) modules(1) gostR3410-94-PKISyntax(2) 1 }
DEFINITIONS ::=
BEGIN
-- EXPORTS All --
-- The types and values defined in this module are exported for



Popov,Kurepkin,Leontiev       Informational                    [Page 25]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


-- use in the other ASN.1 modules contained within the Russian
-- Cryptography "GOST" & "GOST R" Specifications, and for the use
-- of other applications which will use them to access Russian
-- Cryptography services. Other applications may use them for
-- their own purposes, but this will not constrain extensions and
-- modifications needed to maintain or improve the Russian
-- Cryptography service.
    IMPORTS
        id-CryptoPro-algorithms,
        id-CryptoPro-signs, id-CryptoPro-exchanges,
        gost28147-89-EncryptionSyntax,
        gostR3411-94-DigestSyntax,
        cryptographic-Gost-Useful-Definitions
        FROM Cryptographic-Gost-Useful-Definitions
            { iso(1) member-body(2) ru(643) rans(2)
              cryptopro(2) other(1) modules(1)
              cryptographic-Gost-Useful-Definitions(0) 1 }
        id-Gost28147-89-TestParamSet,
        id-Gost28147-89-CryptoPro-A-ParamSet,
        id-Gost28147-89-CryptoPro-B-ParamSet,
        id-Gost28147-89-CryptoPro-C-ParamSet,
        id-Gost28147-89-CryptoPro-D-ParamSet,
        id-Gost28147-89-CryptoPro-Simple-A-ParamSet,
        id-Gost28147-89-CryptoPro-Simple-B-ParamSet,
        id-Gost28147-89-CryptoPro-Simple-C-ParamSet,
        id-Gost28147-89-CryptoPro-Simple-D-ParamSet
        FROM Gost28147-89-EncryptionSyntax
             gost28147-89-EncryptionSyntax
        id-GostR3411-94-TestParamSet,
        id-GostR3411-94-CryptoProParamSet
        FROM GostR3411-94-DigestSyntax gostR3411-94-DigestSyntax
        AlgorithmIdentifier, ALGORITHM-IDENTIFIER
        FROM Cryptographic-Gost-Useful-Definitions
             cryptographic-Gost-Useful-Definitions
    ;
  -- GOST R 34.10-94 OIDs
    id-GostR3410-94 OBJECT IDENTIFIER ::=
        { id-CryptoPro-algorithms gostR3410-94(20) }
    id-GostR3411-94-with-GostR3410-94 OBJECT IDENTIFIER ::=
        { id-CryptoPro-algorithms
          gostR3411-94-with-gostR3410-94(4) }
  -- GOST R 34.10-94 Public Key Cryptographic Parameters Set OIDs
    id-GostR3410-94-TestParamSet OBJECT IDENTIFIER ::=
        { id-CryptoPro-signs test(0) }
    id-GostR3410-94-CryptoPro-A-ParamSet OBJECT IDENTIFIER ::=
        { id-CryptoPro-signs cryptopro-A(2) }
    id-GostR3410-94-CryptoPro-B-ParamSet OBJECT IDENTIFIER ::=
        { id-CryptoPro-signs cryptopro-B(3) }



Popov,Kurepkin,Leontiev       Informational                    [Page 26]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


    id-GostR3410-94-CryptoPro-C-ParamSet OBJECT IDENTIFIER ::=
        { id-CryptoPro-signs cryptopro-C(4) }
    id-GostR3410-94-CryptoPro-D-ParamSet OBJECT IDENTIFIER ::=
        { id-CryptoPro-signs cryptopro-D(5) }
    id-GostR3410-94-CryptoPro-XchA-ParamSet OBJECT IDENTIFIER ::=
        { id-CryptoPro-exchanges cryptopro-XchA(1) }
    id-GostR3410-94-CryptoPro-XchB-ParamSet OBJECT IDENTIFIER ::=
        { id-CryptoPro-exchanges cryptopro-XchB(2) }
    id-GostR3410-94-CryptoPro-XchC-ParamSet OBJECT IDENTIFIER ::=
        { id-CryptoPro-exchanges cryptopro-XchC(3) }
  -- GOST R 34.10-94 Data Types
    GostR3410-94-CertificateSignature ::=
        BIT STRING ( SIZE(256..512) )
    GostR3410-94-PublicKeyOctetString ::=
        OCTET STRING ( SIZE(
               64 | -- Only for tests use
               128
               ) )
    GostR3410-94-PublicKey ::=
        BIT STRING ( SIZE(16..1048) )
               -- Container for GostR3410-94-PublicKeyOctetString
    GostR3410-94-PublicKeyParameters ::=
            SEQUENCE {
            publicKeyParamSet
          OBJECT IDENTIFIER (
              id-GostR3410-94-TestParamSet | -- Only for tests use
              id-GostR3410-94-CryptoPro-A-ParamSet |
              id-GostR3410-94-CryptoPro-B-ParamSet |
              id-GostR3410-94-CryptoPro-C-ParamSet |
              id-GostR3410-94-CryptoPro-D-ParamSet |
              id-GostR3410-94-CryptoPro-XchA-ParamSet |
              id-GostR3410-94-CryptoPro-XchB-ParamSet |
              id-GostR3410-94-CryptoPro-XchC-ParamSet
          ),
            digestParamSet
          OBJECT IDENTIFIER (
              id-GostR3411-94-TestParamSet | -- Only for tests use
              id-GostR3411-94-CryptoProParamSet
          ),
            encryptionParamSet
          OBJECT IDENTIFIER (
              id-Gost28147-89-TestParamSet | -- Only for tests use
              id-Gost28147-89-CryptoPro-A-ParamSet |
              id-Gost28147-89-CryptoPro-B-ParamSet |
              id-Gost28147-89-CryptoPro-C-ParamSet |
              id-Gost28147-89-CryptoPro-D-ParamSet |
              id-Gost28147-89-CryptoPro-Simple-A-ParamSet |
              id-Gost28147-89-CryptoPro-Simple-B-ParamSet |



Popov,Kurepkin,Leontiev       Informational                    [Page 27]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


              id-Gost28147-89-CryptoPro-Simple-C-ParamSet |
              id-Gost28147-89-CryptoPro-Simple-D-ParamSet
          ) OPTIONAL
        }
    GostR3410-94-PublicKeyAlgorithms  ALGORITHM-IDENTIFIER ::= {
        { GostR3410-94-PublicKeyParameters IDENTIFIED BY
               id-GostR3410-94 }
    }
    GostR3410-94-CertificateSignatureAlgorithms
        ALGORITHM-IDENTIFIER ::= {
          { NULL IDENTIFIED BY
               id-GostR3411-94-with-GostR3410-94 } |
          { GostR3410-94-PublicKeyParameters IDENTIFIED BY
               id-GostR3411-94-with-GostR3410-94 }
        }
END -- GostR3410-94-PKISyntax

8.6  GostR3410-94-ParamSetSyntax

GostR3410-94-ParamSetSyntax
    { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
      other(1) modules(1) gostR3410-94-ParamSetSyntax(8) 1 }
DEFINITIONS ::=
BEGIN
-- EXPORTS All --
-- The types and values defined in this module are exported for
-- use in the other ASN.1 modules contained within the Russian
-- Cryptography "GOST" & "GOST R" Specifications, and for the use
-- of other applications which will use them to access Russian
-- Cryptography services. Other applications may use them for
-- their own purposes, but this will not constrain extensions and
-- modifications needed to maintain or improve the Russian
-- Cryptography service.
    IMPORTS
        id-CryptoPro-algorithms,
        id-CryptoPro-signs, id-CryptoPro-exchanges,
        gostR3410-94-PKISyntax,
        cryptographic-Gost-Useful-Definitions
        FROM Cryptographic-Gost-Useful-Definitions
            { iso(1) member-body(2) ru(643) rans(2)
              cryptopro(2) other(1) modules(1)
              cryptographic-Gost-Useful-Definitions(0) 1 }
        id-GostR3410-94,
        id-GostR3410-94-TestParamSet,
        id-GostR3410-94-CryptoPro-A-ParamSet,
        id-GostR3410-94-CryptoPro-B-ParamSet,
        id-GostR3410-94-CryptoPro-C-ParamSet,
        id-GostR3410-94-CryptoPro-D-ParamSet,



Popov,Kurepkin,Leontiev       Informational                    [Page 28]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


        id-GostR3410-94-CryptoPro-XchA-ParamSet,
        id-GostR3410-94-CryptoPro-XchB-ParamSet,
        id-GostR3410-94-CryptoPro-XchC-ParamSet
        FROM GostR3410-94-PKISyntax gostR3410-94-PKISyntax
        AlgorithmIdentifier, ALGORITHM-IDENTIFIER
        FROM Cryptographic-Gost-Useful-Definitions
             cryptographic-Gost-Useful-Definitions
    ;
  -- GOST R 34.10-94 Public Key Cryptographic Parameters Set:
  -- algorithm & parameters
  -- OID for Parameters Set imported from GostR3410-94-PKISyntax
    GostR3410-94-ParamSetParameters ::=
        SEQUENCE {
            t    INTEGER (512 | 1024),  -- 512 - only for tests use
            p    INTEGER (
               167597599124282463744675312477573076593492072757404917221
5445180465220503759193372100234287270862928461253982273310756356719
235351493321243304206125760513
               ..
               134078079299425970995740249982058461274793658205923933777
2356144372176403007354697680187429816690342769003185818648605085375
3882811946569946433649006084095
               |
               112355820928894744233081574424314045851123561183894160795
8938007235829223784381019579427983265047100132000711749196208485367
4360550901038905802964414967132773610493339054092829768888725077880
8824658176845053128605523844176464039300921195694088017023227094069
17786643639996702871154982269052209770601514008577
               ..
               179769313486231590772930519078902473361797697894230657273
4300811577326758055009631327084773224075360211201138798713933576587
8976881441662249284743063947412437776789342486548527630221960124609
4119453082952085005768838150682342462881473913110540827237163350510
684586298239947245938479716304835356329624224137215
               ),   -- 2^509 < p < 2^512 or 2^1020 < p < 2^1024
            q       INTEGER (
               289480223093290488558927462521719769633174961664101410098
64396001978282409985
               ..
               115792089237316195423570985008687907853269984665640564039
457584007913129639935
               ),   -- 2^254 < q < 2^256
            a       INTEGER (
               2
               ..
               179769313486231590772930519078902473361797697894230657273
4300811577326758055009631327084773224075360211201138798713933576587
8976881441662249284743063947412437776789342486548527630221960124609



Popov,Kurepkin,Leontiev       Informational                    [Page 29]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


4119453082952085005768838150682342462881473913110540827237163350510
684586298239947245938479716304835356329624224137214
               ),   -- 1 < a < p-1 < 2^1024-1
            validationAlgorithm
          AlgorithmIdentifier {{
                    GostR3410-94-ValidationAlgorithms
               }} OPTIONAL
        }
    GostR3410-94-ParamSetAlgorithm ALGORITHM-IDENTIFIER ::= {
        { GostR3410-94-ParamSetParameters IDENTIFIED BY
               id-GostR3410-94-TestParamSet } |
        { GostR3410-94-ParamSetParameters IDENTIFIED BY
               id-GostR3410-94-CryptoPro-A-ParamSet  } |
        { GostR3410-94-ParamSetParameters IDENTIFIED BY
               id-GostR3410-94-CryptoPro-B-ParamSet  } |
        { GostR3410-94-ParamSetParameters IDENTIFIED BY
               id-GostR3410-94-CryptoPro-C-ParamSet  } |
        { GostR3410-94-ParamSetParameters IDENTIFIED BY
               id-GostR3410-94-CryptoPro-D-ParamSet  } |
        { GostR3410-94-ParamSetParameters IDENTIFIED BY
               id-GostR3410-94-CryptoPro-XchA-ParamSet  } |
        { GostR3410-94-ParamSetParameters IDENTIFIED BY
               id-GostR3410-94-CryptoPro-XchB-ParamSet  } |
        { GostR3410-94-ParamSetParameters IDENTIFIED BY
               id-GostR3410-94-CryptoPro-XchC-ParamSet  }
    }
  -- GOST R 34.10-94 validation/constructor
    id-GostR3410-94-a         OBJECT IDENTIFIER ::=
        { id-GostR3410-94 a(1) }
    id-GostR3410-94-aBis OBJECT IDENTIFIER ::=
        { id-GostR3410-94 aBis(2) }
    id-GostR3410-94-b         OBJECT IDENTIFIER ::=
        { id-GostR3410-94 b(3) }
    id-GostR3410-94-bBis OBJECT IDENTIFIER ::=
        { id-GostR3410-94 bBis(4) }
    GostR3410-94-ValidationParameters ::=
        SEQUENCE {
            t    INTEGER (512 | 1024),  -- 512 - only for tests use
            x0   INTEGER (0 .. 65535),
            c    INTEGER (0 .. 65535),
            d    INTEGER (
               2
               ..
               179769313486231590772930519078902473361797697894230657273
4300811577326758055009631327084773224075360211201138798713933576587
8976881441662249284743063947412437776789342486548527630221960124609
4119453082952085005768838150682342462881473913110540827237163350510
684586298239947245938479716304835356329624224137214



Popov,Kurepkin,Leontiev       Informational                    [Page 30]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


               )    -- 1 < d < p-1 < 2^1024-1
               OPTIONAL
        }
    GostR3410-94-ValidationBisParameters ::=
        SEQUENCE {
            t    INTEGER (512 | 1024),  -- 512 - only for tests use
            x0   INTEGER (0 .. 4294967295),
            c    INTEGER (0 .. 4294967295),
            d    INTEGER (
               2
               ..
               179769313486231590772930519078902473361797697894230657273
4300811577326758055009631327084773224075360211201138798713933576587
8976881441662249284743063947412437776789342486548527630221960124609
4119453082952085005768838150682342462881473913110540827237163350510
684586298239947245938479716304835356329624224137214
               )    -- 1 < d < p-1 < 2^1024-1
               OPTIONAL
        }
    GostR3410-94-ValidationAlgorithms  ALGORITHM-IDENTIFIER ::= {
        { GostR3410-94-ValidationParameters IDENTIFIED BY
               id-GostR3410-94-a } |
        { GostR3410-94-ValidationBisParameters IDENTIFIED BY
               id-GostR3410-94-aBis } |
        { GostR3410-94-ValidationParameters IDENTIFIED BY
               id-GostR3410-94-b } |
        { GostR3410-94-ValidationBisParameters IDENTIFIED BY
               id-GostR3410-94-bBis }
    }
  -- GOST R 34.10-94 Keys Parameters sets
    -- GOST R 34.10-94 Tests parameters set
    -- (GOST R 34.10-94 Annex A. Test vector)
    gostR3410-94-TestParamSetAI
        AlgorithmIdentifier {{
            GostR3410-94-ParamSetAlgorithm
        }} ::=
        {
            algorithm
          id-GostR3410-94-TestParamSet,
            parameters
          GostR3410-94-ParamSetParameters:{
              t       512,
              p       1249155479661639739200729184536168101998078908
4728846304013646795466302633346425772369277064638881858428879662416
202925770315709968465491470753112581700067,
              q       6900839799123747821852952871175357885746435622
1556536838757636132646301588781,
              a       8305821956779628193852750508811757244889982632



Popov,Kurepkin,Leontiev       Informational                    [Page 31]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


8218435214910357131733714685287987538317442674072307045274610623217
32669034432746173786958142572929772413468,
              validationAlgorithm {
                   algorithm
                    id-GostR3410-94-a,
                   parameters
                    GostR3410-94-ValidationParameters: {
                        t       512,
                        x0      24265,
                        c       29505,
                        d       2
                       }
                  }
          }
        }
    -- CryptoPro parameters
    gostR3410-94-CryptoPro-A-ParamSetAI
        AlgorithmIdentifier {{
            GostR3410-94-ParamSetAlgorithm
        }} ::=
        {
            algorithm
          id-GostR3410-94-CryptoPro-A-ParamSet,
            parameters
          GostR3410-94-ParamSetParameters:{
              t       1024,
              p       1270212482889324174659070427771764435257876535
0891653581281750726570503126098509849742318833348340118092599999512
0988934130659205614996724254121049274349357074920312769561451689224
1105793112488126102296785346384016935200132889950003622606842227508
13532307004517341633685004541062586971416883686778842537820383,
              q       6836319614495570078444416561182725289510217088
8761442055095051287550314083023,
              a       1009979067550553047720818155359252248698410825
7205345787482351587557714799052927277724415285269929879648335669968
2842027972896052747173175480590485607134746852141928680912561502802
2221856475391909026561163678472701450190667942909301854462163997308
72221732889830323194097355403213400972588322876850946740663962,
              validationAlgorithm {
                   algorithm
                    id-GostR3410-94-bBis,
                   parameters
                    GostR3410-94-ValidationBisParameters: {
                        t       1024,
                        x0      1376285941,
                        c       3996757427
                       }
               }



Popov,Kurepkin,Leontiev       Informational                    [Page 32]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


          }
        }
    --
    gostR3410-94-CryptoPro-B-ParamSetAI
        AlgorithmIdentifier {{
            GostR3410-94-ParamSetAlgorithm
        }} ::=
        {
            algorithm
          id-GostR3410-94-CryptoPro-B-ParamSet,
            parameters
          GostR3410-94-ParamSetParameters:{
              t       1024,
              p       1394548711991158256014096551076907131070417070
5992803179775800145437576535772298409412436852228823983303911468164
8076688236921220737322672160740747771700911134550432053804647694904
6861201130878162407401848004770471573366629262494235712488239685422
21753660143391485680840520336859458494803187341288580489525163,
              q       7988514166341097689762711893575632374730795191
6507639758300472692338873533959,
              a       4294182614861580414387344773795550239267234596
8607143066798112994089471231420027060385216699563848719957657284814
8989097707594626134376694563648827303708389347910808359326479767786
0191534347440096103423131667257868692048219493287863336020338479709
2684342247621055760235016132614780652761028509445403338652341,
              validationAlgorithm {
                   algorithm
                    id-GostR3410-94-bBis,
                   parameters
                    GostR3410-94-ValidationBisParameters: {
                        t       1024,
                        x0      1536654555,
                        c       1855361757,
                        d
   14408629386140014567655490293928205654785780
2241461782996702017713059974755104394739915140611528479102443906273
5788342744854120601660303926203867703556828005895720381811489539897
6594425537561271800850306
                       }
                  }
          }
        }
    --
    gostR3410-94-CryptoPro-C-ParamSetAI
        AlgorithmIdentifier {{
            GostR3410-94-ParamSetAlgorithm
        }} ::=
        {



Popov,Kurepkin,Leontiev       Informational                    [Page 33]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


            algorithm
          id-GostR3410-94-CryptoPro-C-ParamSet,
            parameters
          GostR3410-94-ParamSetParameters:{
              t       1024,
              p       1106246792335119630405189524170170402485862954
8198313837741963962985843959489706089561702242106285255603278638246
7166554392976544029218447478930795186699928278807921929927011428546
5514338758063771104435342935540667126530349962770993207157743542287
62128367184370370914135017194504580505029177050363451780493801,
              q       1134688611998193505648682333788751980432679477
76488510997961231672532899549103,
              a       8165527179708810160178931914153003482262544051
3533581624682494676818766212834782128842865458440139551426222087723
4850237228680222750095022248278662017444940216977164820083536398202
2980248926204808986993355080643323135297253322088194568951085155178
1002210034593705882910730711865530059621499368407371287108323,
              validationAlgorithm {
                   algorithm
                    id-GostR3410-94-bBis,
                   parameters
                    GostR3410-94-ValidationBisParameters: {
                        t       1024,
                        x0      113275885,
                        c       3037364845,
                        d       9175906676429839327
                       }
                  }
          }
        }
    --
    gostR3410-94-CryptoPro-D-ParamSetAI
        AlgorithmIdentifier {{
            GostR3410-94-ParamSetAlgorithm
        }} ::=
        {
            algorithm
          id-GostR3410-94-CryptoPro-D-ParamSet,
            parameters
          GostR3410-94-ParamSetParameters:{
              t       1024,
              p       9054576496219299659042909587746253156113056083
9073897669714048125244222625125560544746208559960915707867135849550
2367419155841859906278010664658095100957847139898194138208715964648
9144930534079207370788905204827306230388377677101736648382398574828
7878912864712014604743266126978496936655180738644364978932149,
              q       1089884357963535069123745914989721926201904875
57619582334771735390599299211593,



Popov,Kurepkin,Leontiev       Informational                    [Page 34]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


              a       7569766110217073017821287578016106280855283803
1095711588295742814192085325890416600170178598582163414003714687551
4127944005628789352666307543926770145985821033659831191739244732511
2254647122523868033159027077276687153434760863504720252982827271461
6901250506168582383843663310897774635410130339267237432548337,
              validationAlgorithm {
                   algorithm
                    id-GostR3410-94-bBis,
                   parameters
                    GostR3410-94-ValidationBisParameters: {
                        t       1024,
                        x0      333089693,
                        c       2699681355,
                        d
   69158877639013014811917446652402788947864438
22142755842460366243252
                       }
                  }
          }
        }
    --
    gostR3410-94-CryptoPro-XchA-ParamSetAI
        AlgorithmIdentifier {{
            GostR3410-94-ParamSetAlgorithm
        }} ::=
        {
            algorithm
          id-GostR3410-94-CryptoPro-XchA-ParamSet,
            parameters
          GostR3410-94-ParamSetParameters:{
              t       1024,
              p       1420117415975634811963682860223180897432761383
9524373876287257344192745939351271897363116607846760036084894662356
7625795282774719212241929071046134208380636394084512691828894000571
5246254452957693493567527289568315417754417631393844571917550968471
07846595662547942312293338483924514339614727760681880609734239,
              q       9177152989655460594558814901838275021729685839
3520724172743325725474374979801,
              a       1335318132727206734338595199483190012179423759
6784748689948235959936964252873471246159040332773182141032801252925
3871914788598993103310567744136196364803064721377826656898686468463
2777101508094011826087702016153249904683329312949209127762411378780
30224355746606283971659376426832674269780880061631528163475887,
              validationAlgorithm {
                   algorithm
                    id-GostR3410-94-bBis,
                   parameters
                    GostR3410-94-ValidationBisParameters: {



Popov,Kurepkin,Leontiev       Informational                    [Page 35]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


                        t       1024,
                        x0      3495862036,
                        c       1177570399,
                        d
   35478896102409188951396470647720832819623918
6534141058228233456746622201867258017799725121699052644608624377641
60334831107459
                       }
                  }
          }
        }
    --
    gostR3410-94-CryptoPro-XchB-ParamSetAI
        AlgorithmIdentifier {{
            GostR3410-94-ParamSetAlgorithm
        }} ::=
        {
            algorithm
          id-GostR3410-94-CryptoPro-XchB-ParamSet,
            parameters
          GostR3410-94-ParamSetParameters:{
              t       1024,
              p       1028946126624994859676552074360530315217970499
9893048882484132448474923022758470167998871003604670704877377286176
1712276940986331539089568784129110109512690503345393869871295783467
2572648683417200196629860561193666752429682367397084815179752036423
59573653368957392061769855284593965042530895046088067160269433,
              q       9109671391802626916582318050603555673628769498
1825930883887968885281641595199,
              a       8890864727828423151699995801875757891031463338
6525791400519736593048131440685857067369829407947744496306656291505
5036082523994437900272386749145996230867832228661977543992816745254
8232986298598753575466286051738837854736167685769017780335804511440
7733371962538423532919394477873664752824509986617878992443177,
              validationAlgorithm {
                   algorithm
                    id-GostR3410-94-bBis,
                   parameters
                    GostR3410-94-ValidationBisParameters: {
                        t       1024,
                        x0      2046851076,
                        c       3541716983,
                        d
   57332667610989476056615969728891533566058787
317492748441827236576904274546146
                       }
                  }
          }



Popov,Kurepkin,Leontiev       Informational                    [Page 36]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


        }
    --
    gostR3410-94-CryptoPro-XchC-ParamSetAI
        AlgorithmIdentifier {{
            GostR3410-94-ParamSetAlgorithm
        }} ::=
        {
            algorithm
          id-GostR3410-94-CryptoPro-XchC-ParamSet,
            parameters
          GostR3410-94-ParamSetParameters:{
              t       1024,
              p       1246996366993477513607147265794064436203408861
3950559892172484557299870737698999651480662364723992859320868822848
7511654383509433276647222625940615560580450040947211826027729977563
5402371690630448079715771649447778447000597419032457722226253269698
37444652835352729304393746106576383349151001715930924115499549,
              q       6787876137336591234380295020065682527118129468
0501479431146754294748422492761,
              a       4430618464297584182473135030809859326863990650
1189417569952700748609973181426950235239623239110557450826919295792
8789387521018677047181623251027516953100431855964837602657827828194
2496055618936965865325513137194483136247773653468410118796740709840
8254969979375560722345106704721086025979309968763193072908334,
              validationAlgorithm {
                   algorithm
                    id-GostR3410-94-bBis,
                   parameters
                    GostR3410-94-ValidationBisParameters: {
                        t       1024,
                        x0      371898640,
                        c       2482514131,
                        d
   39341170171309491894611690922945474002657559
0650016887148241594213466186452691964676993
                       }
                  }
          }
        }
END -- GostR3410-94-ParamSetSyntax

8.7  GostR3410-2001-PKISyntax

GostR3410-2001-PKISyntax
    { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
      other(1) modules(1) gostR3410-2001-PKISyntax(9) 1 }
DEFINITIONS ::=
BEGIN



Popov,Kurepkin,Leontiev       Informational                    [Page 37]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


-- EXPORTS All --
-- The types and values defined in this module are exported for
-- use in the other ASN.1 modules contained within the Russian
-- Cryptography "GOST" & "GOST R" Specifications, and for the use
-- of other applications which will use them to access Russian
-- Cryptography services. Other applications may use them for
-- their own purposes, but this will not constrain extensions and
-- modifications needed to maintain or improve the Russian
-- Cryptography service.
    IMPORTS
        id-CryptoPro-algorithms,
        id-CryptoPro-ecc-signs, id-CryptoPro-ecc-exchanges,
        gost28147-89-EncryptionSyntax,
        gostR3411-94-DigestSyntax,
        cryptographic-Gost-Useful-Definitions
        FROM Cryptographic-Gost-Useful-Definitions
            { iso(1) member-body(2) ru(643) rans(2)
              cryptopro(2) other(1) modules(1)
              cryptographic-Gost-Useful-Definitions(0) 1 }
        id-Gost28147-89-TestParamSet,
        id-Gost28147-89-CryptoPro-A-ParamSet,
        id-Gost28147-89-CryptoPro-B-ParamSet,
        id-Gost28147-89-CryptoPro-C-ParamSet,
        id-Gost28147-89-CryptoPro-D-ParamSet,
        id-Gost28147-89-CryptoPro-Simple-A-ParamSet,
        id-Gost28147-89-CryptoPro-Simple-B-ParamSet,
        id-Gost28147-89-CryptoPro-Simple-C-ParamSet,
        id-Gost28147-89-CryptoPro-Simple-D-ParamSet
        FROM Gost28147-89-EncryptionSyntax
             gost28147-89-EncryptionSyntax
        id-GostR3411-94-TestParamSet,
        id-GostR3411-94-CryptoProParamSet
        FROM GostR3411-94-DigestSyntax gostR3411-94-DigestSyntax
        AlgorithmIdentifier, ALGORITHM-IDENTIFIER
        FROM Cryptographic-Gost-Useful-Definitions
             cryptographic-Gost-Useful-Definitions
    ;
  -- GOST R 34.10-2001 OIDs
    id-GostR3410-2001 OBJECT IDENTIFIER ::=
        { id-CryptoPro-algorithms gostR3410-2001(19) }
    id-GostR3411-94-with-GostR3410-2001 OBJECT IDENTIFIER ::=
        { id-CryptoPro-algorithms
          gostR3411-94-with-gostR3410-2001(3) }
  -- GOST R 34.10-2001 Public Key Cryptographic Parameters Set OIDs
    id-GostR3410-2001-TestParamSet OBJECT IDENTIFIER ::=
        { id-CryptoPro-ecc-signs test(0) }
    id-GostR3410-2001-CryptoPro-A-ParamSet OBJECT IDENTIFIER ::=
        { id-CryptoPro-ecc-signs cryptopro-A(1) }



Popov,Kurepkin,Leontiev       Informational                    [Page 38]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


    id-GostR3410-2001-CryptoPro-B-ParamSet OBJECT IDENTIFIER ::=
        { id-CryptoPro-ecc-signs cryptopro-B(2) }
    id-GostR3410-2001-CryptoPro-C-ParamSet OBJECT IDENTIFIER ::=
        { id-CryptoPro-ecc-signs cryptopro-C(3) }
    id-GostR3410-2001-CryptoPro-XchA-ParamSet
        OBJECT IDENTIFIER ::=
          { id-CryptoPro-ecc-exchanges cryptopro-XchA(0) }
    id-GostR3410-2001-CryptoPro-XchB-ParamSet
        OBJECT IDENTIFIER ::=
          { id-CryptoPro-ecc-exchanges cryptopro-XchB(1) }
  -- GOST R 34.10-2001 Data Types
    GostR3410-2001-CertificateSignature ::=
        BIT STRING ( SIZE(256..512) )
    GostR3410-2001-PublicKeyOctetString ::=
        OCTET STRING ( SIZE(64) )
    GostR3410-2001-PublicKey ::=
        BIT STRING ( SIZE(16..524) )
               -- Container for GostR3410-2001-PublicKeyOctetString
    GostR3410-2001-PublicKeyParameters ::=
            SEQUENCE {
            publicKeyParamSet
          OBJECT IDENTIFIER (
              id-GostR3410-2001-TestParamSet |    -- Only for tests use
              id-GostR3410-2001-CryptoPro-A-ParamSet |
              id-GostR3410-2001-CryptoPro-B-ParamSet |
              id-GostR3410-2001-CryptoPro-C-ParamSet |
              id-GostR3410-2001-CryptoPro-XchA-ParamSet |
              id-GostR3410-2001-CryptoPro-XchB-ParamSet
          ),
            digestParamSet
          OBJECT IDENTIFIER (
              id-GostR3411-94-TestParamSet | -- Only for tests use
              id-GostR3411-94-CryptoProParamSet
          ),
            encryptionParamSet
          OBJECT IDENTIFIER (
              id-Gost28147-89-TestParamSet | -- Only for tests use
              id-Gost28147-89-CryptoPro-A-ParamSet |
              id-Gost28147-89-CryptoPro-B-ParamSet |
              id-Gost28147-89-CryptoPro-C-ParamSet |
              id-Gost28147-89-CryptoPro-D-ParamSet |
              id-Gost28147-89-CryptoPro-Simple-A-ParamSet |
              id-Gost28147-89-CryptoPro-Simple-B-ParamSet |
              id-Gost28147-89-CryptoPro-Simple-C-ParamSet |
              id-Gost28147-89-CryptoPro-Simple-D-ParamSet
          ) OPTIONAL
        }
    GostR3410-2001-PublicKeyAlgorithms  ALGORITHM-IDENTIFIER ::= {



Popov,Kurepkin,Leontiev       Informational                    [Page 39]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


        { GostR3410-2001-PublicKeyParameters IDENTIFIED BY
               id-GostR3410-2001 }
    }
    GostR3410-2001-CertificateSignatureAlgorithms
        ALGORITHM-IDENTIFIER ::= {
          { NULL IDENTIFIED BY
               id-GostR3411-94-with-GostR3410-2001 } |
          { GostR3410-2001-PublicKeyParameters IDENTIFIED BY
               id-GostR3411-94-with-GostR3410-2001 }
      }
END -- GostR3410-2001-PKISyntax

8.8  GostR3410-2001-ParamSetSyntax

GostR3410-2001-ParamSetSyntax
    { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
      other(1) modules(1) gostR3410-2001-ParamSetSyntax(12) 1 }
DEFINITIONS ::=
BEGIN
-- EXPORTS All --
-- The types and values defined in this module are exported for
-- use in the other ASN.1 modules contained within the Russian
-- Cryptography "GOST" & "GOST R" Specifications, and for the use
-- of other applications which will use them to access Russian
-- Cryptography services. Other applications may use them for
-- their own purposes, but this will not constrain extensions and
-- modifications needed to maintain or improve the Russian
-- Cryptography service.
    IMPORTS
        id-CryptoPro-algorithms,
        id-CryptoPro-ecc-signs, id-CryptoPro-ecc-exchanges,
        gostR3410-2001-PKISyntax,
        cryptographic-Gost-Useful-Definitions
        FROM Cryptographic-Gost-Useful-Definitions
            { iso(1) member-body(2) ru(643) rans(2)
              cryptopro(2) other(1) modules(1)
              cryptographic-Gost-Useful-Definitions(0) 1 }
        id-GostR3410-2001,
        id-GostR3410-2001-TestParamSet,
        id-GostR3410-2001-CryptoPro-A-ParamSet,
        id-GostR3410-2001-CryptoPro-B-ParamSet,
        id-GostR3410-2001-CryptoPro-C-ParamSet,
        id-GostR3410-2001-CryptoPro-XchA-ParamSet,
        id-GostR3410-2001-CryptoPro-XchB-ParamSet
        FROM GostR3410-2001-PKISyntax gostR3410-2001-PKISyntax
        AlgorithmIdentifier, ALGORITHM-IDENTIFIER
        FROM Cryptographic-Gost-Useful-Definitions
             cryptographic-Gost-Useful-Definitions



Popov,Kurepkin,Leontiev       Informational                    [Page 40]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


    ;
    GostR3410-2001-ParamSetParameters ::=
        SEQUENCE {
            a       INTEGER (
               1
                  ..
               115792089237316195423570985008687907853269984665640564039
457584007913129639935
               ),   -- 0 < a < p < 2^256
            b       INTEGER (
               1
                  ..
               115792089237316195423570985008687907853269984665640564039
457584007913129639935
               ),   -- 0 < b < p < 2^256
            p       INTEGER (
               289480223093290488558927462521719769633174961664101410098
64396001978282409985
               ..
               115792089237316195423570985008687907853269984665640564039
457584007913129639935
               ),   -- 2^254 < p < 2^256
            q       INTEGER (
               289480223093290488558927462521719769633174961664101410098
64396001978282409985
               ..
               115792089237316195423570985008687907853269984665640564039
457584007913129639935
               ),   -- 2^254 < q < 2^256
            x       INTEGER (0
                  ..
               115792089237316195423570985008687907853269984665640564039
457584007913129639935
               ),   -- 0 < x < p < 2^256
            y       INTEGER (0
                  ..
               115792089237316195423570985008687907853269984665640564039
457584007913129639935
               )    -- 0 < y < p < 2^256
        }
  -- GOST R 34.10-2001 Public Key Cryptographic Parameters Set:
  -- algorithm & parameters
  -- OID for Parameters Set imported from GostR3410-2001-PKISyntax
    GostR3410-2001-ParamSetAlgorithm ALGORITHM-IDENTIFIER ::= {
        { GostR3410-2001-ParamSetParameters IDENTIFIED BY
               id-GostR3410-2001-TestParamSet } |
        { GostR3410-2001-ParamSetParameters IDENTIFIED BY
               id-GostR3410-2001-CryptoPro-A-ParamSet  } |



Popov,Kurepkin,Leontiev       Informational                    [Page 41]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


        { GostR3410-2001-ParamSetParameters IDENTIFIED BY
               id-GostR3410-2001-CryptoPro-B-ParamSet  } |
        { GostR3410-2001-ParamSetParameters IDENTIFIED BY
               id-GostR3410-2001-CryptoPro-C-ParamSet  } |
        { GostR3410-2001-ParamSetParameters IDENTIFIED BY
               id-GostR3410-2001-CryptoPro-XchA-ParamSet  } |
        { GostR3410-2001-ParamSetParameters IDENTIFIED BY
               id-GostR3410-2001-CryptoPro-XchB-ParamSet  }
    }
    gostR3410-2001-TestParamSet
        AlgorithmIdentifier {{
            GostR3410-2001-ParamSetAlgorithm
        }} ::=
        {
            algorithm
          id-GostR3410-2001-TestParamSet,
            parameters
          GostR3410-2001-ParamSetParameters:{
              a   7,
              b   43308876546767276905765904595650931995942111794451
039583252968842033849580414,
                        -- 5FBFF498AA938CE739B8E022FBAFEF40563F6E6A
3472FC2A514C0CE9DAE23B7E
              p   57896044618658097711785492504343953926634992332820
282019728792003956564821041,
                  -- 80000000000000000000000000000000000000000000000
00000000000000431
              q   57896044618658097711785492504343953927082934583725
450622380973592137631069619,
                        -- 8000000000000000000000000000000150FE8A18
92976154C59CFC193ACCF5B3
              x   2,
              y   40189740565903750333544942293705977563573938990554
5080690979365213431566280
                  -- 8E2A8A0E65147D4BD6316030E16D19C85C97F0A9CA26712
2B96ABBCEA7E8FC8
          }
        }
    gostR3410-2001-CryptoPro-A-ParamSet
        AlgorithmIdentifier {{
            GostR3410-2001-ParamSetAlgorithm
        }} ::=
        {
            algorithm
          id-GostR3410-2001-CryptoPro-A-ParamSet,
            parameters
          GostR3410-2001-ParamSetParameters:{
              a   11579208923731619542357098500868790785326998466564



Popov,Kurepkin,Leontiev       Informational                    [Page 42]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


0564039457584007913129639316,
               -- -3 == p - 3
              b   166,
                        -- a6
              p   11579208923731619542357098500868790785326998466564
0564039457584007913129639319,
                  -- fffffffffffffffffffffffffffffffffffffffffffffff
ffffffffffffffd97
              q   11579208923731619542357098500868790785307376290849
9243225378155805079068850323,
                        -- ffffffffffffffffffffffffffffffff6c611070
995ad10045841b09b761b893
              x   1,
              y   64033881142927202683649881450433473985931760268884
941288852745803908878638612
                  -- 8d91e471e0989cda27df505a453f2b7635294f2ddf23e3b
122acc99c9e9f1e14
          }
        }
    gostR3410-2001-CryptoPro-B-ParamSet
        AlgorithmIdentifier {{
            GostR3410-2001-ParamSetAlgorithm
        }} ::=
        {
            algorithm
          id-GostR3410-2001-CryptoPro-B-ParamSet,
            parameters
          GostR3410-2001-ParamSetParameters:{
              a   57896044618658097711785492504343953926634992332820
282019728792003956564823190,
               -- -3 == p - 3
              b   28091019353058090096996979000309560759124368558014
865957655842872397301267595,
                  -- 3e1af419a269a5f866a7d3c25c3df80ae979259373ff2b1
82f49d4ce7e1bbc8b
              p   57896044618658097711785492504343953926634992332820
282019728792003956564823193,
                  -- 80000000000000000000000000000000000000000000000
00000000000000c99
              q   57896044618658097711785492504343953927102133160255
826820068844496087732066703,
                        -- 800000000000000000000000000000015f700cff
f1a624e5e497161bcc8a198f
              x   1,
              y   28792665814854611296992347458380284135028636778229
113005756334730996303888124
                  -- 3fa8124359f96680b83d1c3eb2c070e5c545c9858d03ecf
b744bf8d717717efc



Popov,Kurepkin,Leontiev       Informational                    [Page 43]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


          }
        }
    gostR3410-2001-CryptoPro-C-ParamSet
        AlgorithmIdentifier {{
            GostR3410-2001-ParamSetAlgorithm
        }} ::=
        {
            algorithm
          id-GostR3410-2001-CryptoPro-C-ParamSet,
            parameters
          GostR3410-2001-ParamSetParameters:{
              a   70390085352083305199547718019018437841079516630045
180471284346843705633502616,
               -- -3 == p - 3
              b   32858,
                        -- 805a
              p   70390085352083305199547718019018437841079516630045
180471284346843705633502619,
                  -- 9b9f605f5a858107ab1ec85e6b41c8aacf846e86789051d
37998f7b9022d759b
              q   70390085352083305199547718019018437840920882647164
081035322601458352298396601,
                        -- 9b9f605f5a858107ab1ec85e6b41c8aa582ca351
1eddfb74f02f3a6598980bb9
              x   0,
              y   29818893917731240733471273240314769927240550812383
695689146495261604565990247
                  -- 41ece55743711a8c3cbf3783cd08c0ee4d4dc440d4641a8
f366e550dfdb3bb67
          }
        }
    gostR3410-2001-CryptoPro-ExA-ParamSet
        AlgorithmIdentifier {{
            GostR3410-2001-ParamSetAlgorithm
        }} ::=
        {
            algorithm
          id-GostR3410-2001-CryptoPro-XchA-ParamSet,
            parameters
          GostR3410-2001-ParamSetParameters:{
              a   11579208923731619542357098500868790785326998466564
0564039457584007913129639316,
               -- -3 == p - 3
              b   166,
                        -- a6
              p   11579208923731619542357098500868790785326998466564
0564039457584007913129639319,
                  -- fffffffffffffffffffffffffffffffffffffffffffffff



Popov,Kurepkin,Leontiev       Informational                    [Page 44]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


ffffffffffffffd97
              q   11579208923731619542357098500868790785307376290849
9243225378155805079068850323,
                        -- ffffffffffffffffffffffffffffffff6c611070
995ad10045841b09b761b893
              x   1,
              y   64033881142927202683649881450433473985931760268884
941288852745803908878638612
                  -- 8d91e471e0989cda27df505a453f2b7635294f2ddf23e3b
122acc99c9e9f1e14
          }
        }
    gostR3410-2001-CryptoPro-ExB-ParamSet
        AlgorithmIdentifier {{
            GostR3410-2001-ParamSetAlgorithm
        }} ::=
        {
            algorithm
          id-GostR3410-2001-CryptoPro-XchB-ParamSet,
            parameters
          GostR3410-2001-ParamSetParameters:{
              a   70390085352083305199547718019018437841079516630045
180471284346843705633502616,
               -- -3 == p - 3
              b   32858,
                  -- 805a
              p   70390085352083305199547718019018437841079516630045
180471284346843705633502619,
                  -- 9b9f605f5a858107ab1ec85e6b41c8aacf846e86789051d
37998f7b9022d759b
              q   70390085352083305199547718019018437840920882647164
081035322601458352298396601,
                        -- 9b9f605f5a858107ab1ec85e6b41c8aa582ca351
1eddfb74f02f3a6598980bb9
              x   0,
              y   29818893917731240733471273240314769927240550812383
695689146495261604565990247
                  -- 41ece55743711a8c3cbf3783cd08c0ee4d4dc440d4641a8
f366e550dfdb3bb67
          }
        }
END -- GostR3410-2001-ParamSetSyntax

9  References


   [GOST28147]     "Cryptographic Protection for Data Processing Sys-
                   tem", GOST 28147-89, Gosudarstvennyi Standard of



Popov,Kurepkin,Leontiev       Informational                    [Page 45]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


                   USSR, Government Committee of the USSR for Standards,
                   1989. (In Russian);


   [GOSTR341094]   "Information technology. Cryptographic Data Security.
                   Produce and check procedures of Electronic Digital
                   Signatures based on Asymmetric Cryptographic Algo-
                   rithm.", GOST R 34.10-94, Gosudarstvennyi Standard of
                   Russian Federation, Government Committee of the Rus-
                   sia for Standards, 1994. (In Russian);


   [GOSTR34102001] "Information technology. Cryptographic data security.
                   Signature and verification processes of [electronic]
                   digital signature.", GOST R 34.10-2001, Gosudarstven-
                   nyi Standard of Russian Federation, Government Com-
                   mittee of the Russia for Standards, 2001. (In Rus-
                   sian);


   [GOSTR341194]   "Information technology. Cryptographic Data Security.
                   Hashing function.", GOST R 34.11-94, Gosudarstvennyi
                   Standard of Russian Federation, Government Committee
                   of the Russia for Standards, 1994. (In Russian);


   [Schneier95]    B.   Schneier, Applied cryptography, second edition,
                   John Wiley & Sons, Inc., 1995;


   [X.660]         ITU-T Recommendation X.660 Information Technology -
                   ASN.1 encoding rules: Specification of Basic Encoding
                   Rules (BER), Canonical Encoding Rules (CER) and Dis-
                   tinguished Encoding Rules (DER), 1997.


   [RFC 2119]      Bradner, S., "Key Words for Use in RFCs to Indi-
                   cateRequirement Levels", BCP 14, RFC 2119, March
                   1997.


   [HMAC]          H. Krawczyk, M. Bellare, R. Canetti, "HMAC: Keyed-
                   Hashing for Message Authentication", RFC 2104  Febru-
                   ary 1997.


   [TLS]           The TLS Protocol Version 1.0.  T.  Dierks, C.  Allen.
                   January 1999, RFC 2246.



Popov,Kurepkin,Leontiev       Informational                    [Page 46]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


10 Acknowledgments

   This document was created in accordance with "Russian Cryptographic
   Software Compatibility Agreement", signed by FGUE STC "Atlas",
   CRYPTO-PRO, Factor-TC, MD PREI, Infotecs GmbH, SPRCIS (SPbRCZI),
   Cryptocom, R-Alpha.  The aim of this agreement is to achieve mutual
   compatibility of the products and solutions.

   The authors wish to thank:

      Microsoft Corporation Russia for provided information about
      company products and solutions, and also for technical consulting
      in PKI.

      RSA Security Russia and Demos Co Ltd for active collaboration and
      critical help in creation of this document.

      Russ Hously (Vigil Security, LLC, housley@vigilsec.com) and
      Vasilij Sakharov (DEMOS Co Ltd, svp@dol.ru) for initiative,
      creating this document.

   This document is based on a contribution of CRYPTO-PRO Company.  Any
   substantial use of the text from this document must acknowledge
   CRYPTO-PRO.  CRYPTO-PRO requests that all material mentioning or
   referencing this document identify this as "CRYPTO-PRO CPALGS".

Author's Addresses

   Vladimir Popov
   CRYPTO-PRO
   38, Obraztsova,
   Moscow, 127018, Russian Federation
   EMail: vpopov@cryptopro.ru

   Igor Kurepkin
   CRYPTO-PRO
   38, Obraztsova,
   Moscow, 127018, Russian Federation
   EMail: kure@cryptopro.ru

   Serguei Leontiev
   CRYPTO-PRO
   38, Obraztsova,
   Moscow, 127018, Russian Federation
   EMail: lse@cryptopro.ru

   Grigorij Chudov
   CRYPTO-PRO



Popov,Kurepkin,Leontiev       Informational                    [Page 47]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


   38, Obraztsova,
   Moscow, 127018, Russian Federation
   EMail: chudov@cryptopro.ru

   Alexandr Afanasiev
   Factor-TC
   office 711, 14, Presnenskij val,
   Moscow, 123557, Russian Federation
   EMail: aaaf@factor-ts.ru

   Nikolaj Nikishin
   Infotecs GmbH
   p/b 35, 80-5, Leningradskij prospekt,
   Moscow, 125315, Russian Federation
   EMail: nikishin@infotecs.ru

   Boleslav Izotov
   FGUE STC "Atlas"
   38, Obraztsova,
   Moscow, 127018, Russian Federation
   EMail: izotov@stcnet.ru

   Elena Minaeva
   MD PREI
   build 3, 6A, Vtoroj Troitskij per.,
   Moscow, Russian Federation
   EMail: evminaeva@mo.msk.ru

   Serguei Murugov
   R-Alpha
   4/1, Raspletina,
   Moscow, 123060, Russian Federation
   EMail: msm@office.ru

   Igori Ustinov
   Cryptocom
   office 239, 51, Leninskij prospekt,
   Moscow, 119991, Russian Federation
   EMail: igus@cryptocom.ru

   Anatolij Erkin
   SPRCIS (SPbRCZI)
   1, Obrucheva,
   St.Petersburg, 195220, Russian Federation
   EMail: erkin@nevsky.net


Full Copyright Statement



Popov,Kurepkin,Leontiev       Informational                    [Page 48]

Internet-Draft     Crypto-Pro cryptographic algorithms  15 February 2004


   Copyright (C) The Internet Society (2004).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


























Popov,Kurepkin,Leontiev       Informational                    [Page 49]