| < draft-popov-cryptopro-cpalgs-01.txt | draft-popov-cryptopro-cpalgs-02.txt > | |||
|---|---|---|---|---|
| Internet Draft Vladimir Popov, CRYPTO-PRO | Internet Draft Vladimir Popov, CRYPTO-PRO | |||
| Igor Kurepkin, CRYPTO-PRO | Igor Kurepkin, CRYPTO-PRO | |||
| Expires September 30, 2004 Serguei Leontiev, CRYPTO-PRO | Expires October 5, 2005 Serguei Leontiev, CRYPTO-PRO | |||
| Intended Category: Informational March 31, 2004 | Intended Category: Informational April 5, 2005 | |||
| Additional cryptographic algorithms for use with GOST 28147-89, | Additional cryptographic algorithms for use with GOST 28147-89, | |||
| GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 algorithms. | GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 algorithms. | |||
| <draft-popov-cryptopro-cpalgs-01.txt> | <draft-popov-cryptopro-cpalgs-02.txt> | |||
| Status of this Memo | Status of this Memo | |||
| This document is an Internet-Draft and is subject to all provisions | By submitting this Internet-Draft, I certify that any applicable | |||
| of Section 10 of RFC2026. | patent or other IPR claims of which I am aware have been disclosed, | |||
| and any of which I become aware will be disclosed, in accordance with | ||||
| Internet-Drafts are working documents of the Internet Engineering | RFC 3668. | |||
| Task Force (IETF), its areas, and its working groups. Note that | ||||
| other groups may also distribute working documents as Internet- | ||||
| Drafts. | ||||
| Internet-Drafts are draft documents valid for a maximum of six months | This document is an Internet Draft and is subject to all provisions | |||
| and may be updated, replaced, or made obsolete by other documents at | of Section 10 of RFC2026. Internet Drafts are working documents of | |||
| any time. It is inappropriate to use Internet-Drafts as reference | the Internet Engineering Task Force (IETF), its areas, and its | |||
| material or to cite them other than as "work in progress." | working groups. Note that other groups may also distribute working | |||
| documents as Internet Drafts. Internet Drafts are draft documents | ||||
| valid for a maximum of 6 months and may be updated, replaced, or | ||||
| obsoleted by other documents at any time. It is inappropriate to use | ||||
| Internet Drafts as reference material or to cite them other than as a | ||||
| "work in progress". | ||||
| The list of current Internet-Drafts can be accessed at | The list of current Internet Drafts can be accessed at | |||
| http://www.ietf.org/1id-abstracts.html | http://www.ietf.org/1id-abstracts.html | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html | http://www.ietf.org/shadow.html | |||
| Copyright (C) The Internet Society (2005). All Rights Reserved. | ||||
| Abstract | Abstract | |||
| This document describes cryprographic algorithms and parameters, | This document describes the cryptographic algorithms and parameters | |||
| supplementary to GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001 | supplementary to the original GOST specifications GOST 28147-89, GOST | |||
| and GOST R 34.11-94, for use in internet applications. | R 34.10-94, GOST R 34.10-2001 and GOST R 34.11-94 for use in internet | |||
| applications. | ||||
| Table of Contents | Table of Contents | |||
| 1 Introduction . . . . . . . . . . . . . . . . . . . . . . 2 | 1 Introduction . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 1.2 Terminology. . . . . . . . . . . . . . . . . . . . . . . 2 | 1.2 Terminology. . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2 Cipher modes and parameters. . . . . . . . . . . . . . . 3 | 2 Cipher modes and parameters. . . . . . . . . . . . . . . 3 | |||
| 2.1 GOST 28147-89 CBC mode . . . . . . . . . . . . . . . . . 3 | 2.1 GOST 28147-89 CBC mode . . . . . . . . . . . . . . . . . 3 | |||
| 2.2 GOST 28147-89 padding modes. . . . . . . . . . . . . . . 4 | 2.2 GOST 28147-89 padding modes. . . . . . . . . . . . . . . 4 | |||
| 2.3 Key Meshing Algorithms . . . . . . . . . . . . . . . . . 4 | 2.3 Key Meshing Algorithms . . . . . . . . . . . . . . . . . 4 | |||
| 2.3.1 Null Key Meshing . . . . . . . . . . . . . . . . . . . . 4 | 2.3.1 Null Key Meshing . . . . . . . . . . . . . . . . . . . . 4 | |||
| 2.3.2 CryptoPro Key Meshing. . . . . . . . . . . . . . . . . . 4 | 2.3.2 CryptoPro Key Meshing. . . . . . . . . . . . . . . . . . 4 | |||
| skipping to change at page 2, line 29 ¶ | skipping to change at page 2, line 34 ¶ | |||
| 8.4 GOST R 34.10-2001 public key algorithm parameters. . . . 12 | 8.4 GOST R 34.10-2001 public key algorithm parameters. . . . 12 | |||
| 9 Security Considerations. . . . . . . . . . . . . . . . . 13 | 9 Security Considerations. . . . . . . . . . . . . . . . . 13 | |||
| 10 Appendix ASN.1 Modules . . . . . . . . . . . . . . . . . 14 | 10 Appendix ASN.1 Modules . . . . . . . . . . . . . . . . . 14 | |||
| 11 References . . . . . . . . . . . . . . . . . . . . . . . 49 | 11 References . . . . . . . . . . . . . . . . . . . . . . . 49 | |||
| 12 Acknowledgments. . . . . . . . . . . . . . . . . . . . . 51 | 12 Acknowledgments. . . . . . . . . . . . . . . . . . . . . 51 | |||
| Author's Address. . . . . . . . . . . . . . . . . . . . . . . . 51 | Author's Address. . . . . . . . . . . . . . . . . . . . . . . . 51 | |||
| Full Copyright Statement. . . . . . . . . . . . . . . . . . . . 53 | Full Copyright Statement. . . . . . . . . . . . . . . . . . . . 53 | |||
| 1 Introduction | 1 Introduction | |||
| Russian cryptographic standards defining algorithms GOST 28147-89 | Russian cryptographic standards that define the algorithms GOST | |||
| [GOST28147], GOST R 34.10-94 [GOSTR341094], GOST R 34.10-2001 | 28147-89 [GOST28147], GOST R 34.10-94 [GOSTR341094], GOST R | |||
| [GOSTR34102001] and GOST R34.11-94 [GOSTR341194] (a brief english | 34.10-2001 [GOSTR34102001] and GOST R34.11-94 [GOSTR341194] provide | |||
| technical description of these algorithms can be found in | basic information about how the algorithms work, but need | |||
| [Schneier95]) provide basic information about how the algorithms | supplemental specifications to effectively use the algorithms (a | |||
| work, but need supplemental specifications to effectively use the | brief english technical description of these algorithms can be found | |||
| algorithms. | in [Schneier95]). | |||
| This document is a proposal put forward by CRYPT-PRO Company to | This document is a proposal put forward by the CRYPT-PRO Company to | |||
| provide the supplemental information and specifications needed by the | provide supplemental information and specifications needed by the | |||
| "Russian Cryptographic Software Compatibility Agreement" community. | "Russian Cryptographic Software Compatibility Agreement" community. | |||
| 1.2 Terminology | 1.2 Terminology | |||
| In this document, the key words MUST, MUST NOT, REQUIRED, SHOULD, | In this document, the key words MUST, MUST NOT, REQUIRED, SHOULD, | |||
| SHOULD NOT, RECOMMENDED, and MAY are to be interpreted as described | SHOULD NOT, RECOMMENDED, and MAY are to be interpreted as described | |||
| in [RFC 2119]. | in [RFC 2119]. | |||
| The following functions and operators are also used in this document: | The following functions and operators are also used in this document: | |||
| skipping to change at page 3, line 32 ¶ | skipping to change at page 3, line 38 ¶ | |||
| gost28147IMIT (IV, K, D) - is the 32-bit result of GOST 28147-89 in | gost28147IMIT (IV, K, D) - is the 32-bit result of GOST 28147-89 in | |||
| "imitovstavka" (MAC) mode, used with D as plaintext, K as key and IV | "imitovstavka" (MAC) mode, used with D as plaintext, K as key and IV | |||
| as initialization vector. Note, that standard specifies it's use in | as initialization vector. Note, that standard specifies it's use in | |||
| this mode only with zero initialization vector. | this mode only with zero initialization vector. | |||
| When keys and initialization vectors are converted to/from byte | When keys and initialization vectors are converted to/from byte | |||
| arrays, little-endian byte order is assumed. | arrays, little-endian byte order is assumed. | |||
| 2 Cipher modes and parameters | 2 Cipher modes and parameters | |||
| This document defines four cipher properties that allow an | ||||
| implementer to vary cipher operations. The four parameters are the | ||||
| cipher mode, the key meshing algorithm, the padding mode, and the S- | ||||
| box. | ||||
| [GOST28147] defines only three cipher modes for GOST 28147-89: ECB, | [GOST28147] defines only three cipher modes for GOST 28147-89: ECB, | |||
| CFB and counter mode. This document defines an additional cipher mode | CFB and counter mode. This document defines an additional cipher | |||
| CBC. | mode, CBC. | |||
| When GOST 28147-89 is used to process large amounts of data, a | When GOST 28147-89 is used to process large amounts of data, a | |||
| symmetric key should be protected by key meshing algorithm. This | symmetric key should be protected by key meshing algorithm. Key | |||
| document defines CryptoPro key meshing algorithm. | meshing transforms a symmetric key after some amount of data has been | |||
| processed. This document defines CryptoPro key meshing algorithm. | ||||
| The cipher mode, key meshing algorithm, padding mode and S-box are | The cipher mode, key meshing algorithm, padding mode, and S-box are | |||
| specified by algorithm parameters. | specified by algorithm parameters. | |||
| 2.1 GOST 28147-89 CBC mode | 2.1 GOST 28147-89 CBC mode | |||
| This section provides the supplemental information to GOST 28147-89 | This section provides the supplemental information to GOST 28147-89 | |||
| (a block to block primitive) needed to operate in CBC mode. | (a block to block primitive) needed to operate in CBC mode. | |||
| Before each plaintext block is encrypted, it is combined with the | Before each plaintext block is encrypted, it is combined with the | |||
| cipher text of the previous block by a bitwise XOR operation. This | cipher text of the previous block via a bitwise XOR operation. This | |||
| ensures that even if the plaintext contains many identical blocks, | ensures that even if the plaintext contains many identical blocks, | |||
| they will each encrypt to a different cipher text block. The | each block will encrypt to a different cipher text block. The | |||
| initialization vector is combined with the first plaintext block by a | initialization vector is combined with the first plaintext block by a | |||
| bitwise XOR operation before the block is encrypted. | bitwise XOR operation before the block is encrypted. | |||
| 2.2 GOST 28147-89 padding modes | 2.2 GOST 28147-89 padding modes | |||
| This section provides the supplemental information to GOST 28147-89, | This section provides the supplemental information to GOST 28147-89, | |||
| needed to operate on plaintext, which length is not divisible by GOST | needed to operate on plaintext where the length is not divisible by | |||
| 28147-89 block size (8 bytes). | GOST 28147-89 block size (8 bytes). | |||
| Let x (0 < x < 8) be the number of bytes in the last (possibly, | Let x (0 < x < 8) be the number of bytes in the last, possibly | |||
| incomplete) block of data. There are three padding modes: | incomplete, block of data. | |||
| There are three padding modes: | ||||
| * Zero padding: 8-x remaining bytes are filled with zero | * Zero padding: 8-x remaining bytes are filled with zero | |||
| * PKCS#5 padding: 8-x remaining bytes are filled with value of 8-x. | * PKCS#5 padding: 8-x remaining bytes are filled with value of 8-x. | |||
| If there's no incomplete block, one extra block filled with | If there's no incomplete block, one extra block filled with | |||
| value 8 is added. | value 8 is added. | |||
| * Random padding: 8-x remaining bytes of the last block are | * Random padding: 8-x remaining bytes of the last block are | |||
| set to random. | set to random. | |||
| 2.3 Key Meshing Algorithms | 2.3 Key Meshing Algorithms | |||
| When there is a need to limit the amount of data, enciphered with the | When there is a need to limit the amount of data enciphered with the | |||
| same key, several key meshing algorithms can be used. Key meshing | same key, several key meshing algorithms can be used. Key meshing | |||
| algorithms transform the key after processing a certain amount of | algorithms transform the key after processing a certain amount of | |||
| data. | data. | |||
| All encryption parameter sets, defined in this document, specify use | All encryption parameter sets defined in this document specify the | |||
| of CryptoPro key meshing algorithm, except for id- | use of CryptoPro key meshing algorithm, except for id- | |||
| Gost28147-89-TestParamSet, which specifies use of null key meshing | Gost28147-89-TestParamSet, which specifies use of null key meshing | |||
| algorithm. | algorithm. | |||
| 2.3.1 Null Key Meshing | 2.3.1 Null Key Meshing | |||
| A null key meshing algorithm never changes a key. It's OID is: | The null key meshing algorithm never changes a key. | |||
| The identifier for this algorithm is: | ||||
| id-Gost28147-89-None-KeyMeshing OBJECT IDENTIFIER ::= | id-Gost28147-89-None-KeyMeshing OBJECT IDENTIFIER ::= | |||
| { id-CryptoPro-algorithms keyMeshing(14) none(0) } | { id-CryptoPro-algorithms keyMeshing(14) none(0) } | |||
| This algorithm has NULL parameters. | There are no meaningful parameters to this algorithm. If present, | |||
| AlgorithmIdentifier.parameters MUST contain NULL. | ||||
| 2.3.2 CryptoPro Key Meshing | 2.3.2 CryptoPro Key Meshing | |||
| CryptoPro key meshing algorithm transforms the key and initialization | The CryptoPro key meshing algorithm transforms the key and | |||
| vector every 1KB of plaintext data. It's OID is: | initialization vector every 1KB of plaintext data. | |||
| The identifier for this algorithm is: | ||||
| id-Gost28147-89-CryptoPro-KeyMeshing OBJECT IDENTIFIER ::= | id-Gost28147-89-CryptoPro-KeyMeshing OBJECT IDENTIFIER ::= | |||
| { id-CryptoPro-algorithms keyMeshing(14) cryptoPro(1) } | { id-CryptoPro-algorithms keyMeshing(14) cryptoPro(1) } | |||
| This algorithm has NULL parameters. | There are no meaningful parameters to this algorithm. If present, | |||
| AlgorithmIdentifier.parameters MUST contain NULL. | ||||
| Encryption or decryption starts with key K[0] = K, IV0[0] = IV, i = | Encryption or decryption starts with key K[0] = K, IV0[0] = IV, i = | |||
| 0. Let IV[0] be the value of initialization vector after processing | 0. Let IV[0] be the value of the initialization vector after | |||
| 1K of data. Encryption or decryption of next 1K data block will start | processing the first 1K block of data. Encryption or decryption of | |||
| with K[1] and IV0[1], which are calculated using formula: | the next 1K data block will start with K[1] and IV0[1], which are | |||
| calculated using the formula: | ||||
| K[i+1] = decryptECB (K[i], C); | K[i+1] = decryptECB (K[i], C); | |||
| IV0[i+1] = encryptECB (K[i+1],IV[i]) | IV0[i+1] = encryptECB (K[i+1],IV[i]) | |||
| Where C = {0x69, 0x00, 0x72, 0x22, 0x64, 0xC9, 0x04, 0x23, | Where C = {0x69, 0x00, 0x72, 0x22, 0x64, 0xC9, 0x04, 0x23, | |||
| 0x8D, 0x3A, 0xDB, 0x96, 0x46, 0xE9, 0x2A, 0xC4, | 0x8D, 0x3A, 0xDB, 0x96, 0x46, 0xE9, 0x2A, 0xC4, | |||
| 0x18, 0xFE, 0xAC, 0x94, 0x00, 0xED, 0x07, 0x12, | 0x18, 0xFE, 0xAC, 0x94, 0x00, 0xED, 0x07, 0x12, | |||
| 0xC0, 0x86, 0xDC, 0xC2, 0xEF, 0x4C, 0xA9, 0x2B}; | 0xC0, 0x86, 0xDC, 0xC2, 0xEF, 0x4C, 0xA9, 0x2B}; | |||
| After processing every next 1K block, current initialization vector | After processing each 1K block of data: | |||
| is stored as IV[i+1], i is incremented and the same transformation | * the resulting initialization vector is stored as IV[i]. | |||
| applied. | * K[i+1] and IV0[i+1] are calculated | |||
| * i is incremented. | ||||
| * Next block is encrypted or decrypted using the new key and IV. | ||||
| The process is repeated until all the data has been processed. | ||||
| 3 HMAC_GOSTR3411 | 3 HMAC_GOSTR3411 | |||
| HMAC_GOSTR3411 (K,text) function is based on hash function GOST R | HMAC_GOSTR3411 (K,text) function is based on hash function GOST R | |||
| 34.11-94, as defined in [HMAC], with the following parameter values: | 34.11-94, as defined in [HMAC], with the following parameter values: | |||
| B = 32, L = 32. | B = 32, L = 32. | |||
| 4 PRF_GOSTR3411 | 4 PRF_GOSTR3411 | |||
| PRF_GOSTR3411 is a pseudorandom function, based on HMAC_GOSTR3411. | PRF_GOSTR3411 is a pseudorandom function, based on HMAC_GOSTR3411. | |||
| It is calculated as P_hash, defined in section 5 of [TLS]. | It is calculated as P_hash, defined in section 5 of [TLS]. | |||
| PRF_GOSTR3411(K,D) = P_GOSTR3411 (K,D) | PRF_GOSTR3411(secret,label,seed) = P_GOSTR3411 (secret,label|seed) | |||
| 5 Key Derivation Algorithms | 5 Key Derivation Algorithms | |||
| Standards [GOSTR341094] and [GOSTR34102001] do not define any key | Standards [GOSTR341094] and [GOSTR34102001] do not define any key | |||
| derivation algorithms. | derivation algorithms. | |||
| Section 5.1 specifies algorithm VKO GOST R 34.10-94, which generates | Section 5.1 specifies algorithm VKO GOST R 34.10-94, which generates | |||
| GOST KEK using two GOST R 34.10-94 keypairs. | GOST KEK using two GOST R 34.10-94 keypairs. | |||
| Section 5.2 specifies algorithm VKO GOST R 34.10-2001, which | Section 5.2 specifies algorithm VKO GOST R 34.10-2001, which | |||
| generates GOST KEK using two GOST R 34.10-2001 keypairs, and | generates GOST KEK using two GOST R 34.10-2001 keypairs and UKM. | |||
| synchrovector A. | ||||
| Keypairs MUST have identical parameters. | Keypairs MUST have identical parameters. | |||
| 5.1 VKO GOST R 34.10-94 | 5.1 VKO GOST R 34.10-94 | |||
| This algorithm creates a a key encryption key (KEK) using sender's | This algorithm creates a a key encryption key (KEK) using the | |||
| private key and recipient public key, or vice versa. | sender's private key and the recipient's public key (or vice versa). | |||
| Exchange key EK is a 256-bit hash of 1024-bit Diffie-Hellman key | Exchange key EK is a 256-bit hash of 1024-bit Diffie-Hellman key | |||
| K(x,y); | K(x,y); | |||
| 1. Let K(x,y) = a^(x*y) (mod p), where | 1. Let K(x,y) = a^(x*y) (mod p), where | |||
| x - sender's private key, a^x - sender's public key | x - sender's private key, a^x - sender's public key | |||
| y - recipient's private key, a^y - recipient's public key | y - recipient's private key, a^y - recipient's public key | |||
| a, p - parameters 2. Calculate a 256-bit hash of K(x,y): | a, p - parameters 2. Calculate a 256-bit hash of K(x,y): | |||
| KEK(x,y) = gostR3411 (K(x,y)) | KEK(x,y) = gostR3411 (K(x,y)) | |||
| Keypairs x and y MUST comply with [GOSTR341094]. | Keypairs x and y MUST comply with [GOSTR341094]. | |||
| This algorithm MUST NOT be used, when a^x = a (mod p) or a^y = a (mod | This algorithm MUST NOT be used when a^x = a (mod p) or a^y = a (mod | |||
| p). | p). | |||
| 5.2 VKO GOST R 34.10-2001 | 5.2 VKO GOST R 34.10-2001 | |||
| This algorithm creates a key encryption key (KEK) using synchrovector, | This algorithm creates a key encryption key (KEK) using 64 bit UKM, | |||
| sender's private key and recipient public key, or vice versa. | the sender's private key and the recipient's public key (or the | |||
| reverse of the latter pair). | ||||
| 1. Let K(x,y,IV) = ((IV*x)(mod q)) . (y.P) (512 bit), where | 1. Let K(x,y,UKM) = ((UKM*x)(mod q)) . (y.P) (512 bit), where | |||
| x - sender's private key (256 bit) | x - sender's private key (256 bit) | |||
| x.P - sender's public key (512 bit) | x.P - sender's public key (512 bit) | |||
| y - recipient's private key (256 bit) | y - recipient's private key (256 bit) | |||
| y.P - recipient's public key (512 bit) | y.P - recipient's public key (512 bit) | |||
| IV - synchrovector (64 bit) | UKM - User Keying Material (64 bit) | |||
| P - base point on the elliptic curve (two 256-bit coordinates) | P - base point on the elliptic curve (two 256-bit coordinates) | |||
| IV*x - x multiplied by IV as integers | UKM*x - x multiplied by UKM as integers | |||
| x.P - a multiple point | x.P - a multiple point | |||
| 2. Calculate a 256-bit hash of K(x,y,IV): | 2. Calculate a 256-bit hash of K(x,y,UKM): | |||
| KEK(x,y,IV) = gostR3411 (K(x,y,IV)) | KEK(x,y,UKM) = gostR3411 (K(x,y,UKM)) | |||
| Keypairs x and y MUST comply with [GOSTR34102001]. | Keypairs x and y MUST comply with [GOSTR34102001]. | |||
| This algorithm MUST NOT be used, when x.P = P, y.P = P | This algorithm MUST NOT be used when x.P = P, y.P = P | |||
| 6 Key Wrap algorithms | 6 Key Wrap algorithms | |||
| This document defines two key wrap algorithms: GOST 28147-89 Key Wrap | This document defines two key wrap algorithms: GOST 28147-89 Key Wrap | |||
| and CryptoPro Key Wrap. | and CryptoPro Key Wrap. These are used to encrypt a Content Encryption | |||
| Key (CEK) with a Key Encryption Key (KEK). | ||||
| 6.1 GOST 28147-89 Key Wrap | 6.1 GOST 28147-89 Key Wrap | |||
| This algorithm encrypts GOST 28147-89 CEK with a GOST 28147-89 KEK. | This algorithm encrypts GOST 28147-89 CEK with a GOST 28147-89 KEK. | |||
| Note: This algorithm MUST NOT be used with KEK produced by VKO GOST R | Note: This algorithm MUST NOT be used with a KEK produced by VKO GOST | |||
| 34.10-94, because such KEK is constant for every sender-recipient | R 34.10-94, because such a KEK is constant for every sender-recipient | |||
| pair. Encrypting many different content encryption keys on the same | pair. Encrypting many different content encryption keys on the same | |||
| constant KEK may reveal this KEK. | constant KEK may reveal that KEK. | |||
| Identifier for this algorithm: | The identifier for this algorithm is: | |||
| id-Gost28147-89-None-KeyWrap OBJECT IDENTIFIER ::= | id-Gost28147-89-None-KeyWrap OBJECT IDENTIFIER ::= | |||
| { id-CryptoPro-algorithms keyWrap(13) none(0) } | { id-CryptoPro-algorithms keyWrap(13) none(0) } | |||
| The GOST 28147-89 key wrap algorithm is: | The GOST 28147-89 key wrap algorithm is: | |||
| 1. For unique symmetric KEK, generate 8 octets at random, | 1. For a unique symmetric KEK, generate 8 octets at random, | |||
| call the result IV. | call the result UKM. | |||
| For KEK, produced by VKO GOST R 34.10-2001, use the same IV, | For a KEK, produced by VKO GOST R 34.10-2001, use the UKM | |||
| that was used for key derivation. | that was used for key derivation. | |||
| 2. Compute a 4-byte checksum value, gost28147IMIT (IV, KEK, CEK), | 2. Compute a 4-byte checksum value, gost28147IMIT (UKM, KEK, CEK). | |||
| call the result CEK_MAC. | Call the result CEK_MAC. | |||
| 3. Encrypt CEK in ECB mode using KEK. Use IV, generated in step 1. | 3. Encrypt the CEK in ECB mode using the KEK. | |||
| Call the ciphertext CEK_ENC. | Call the ciphertext CEK_ENC. | |||
| 4. Let RES = IV | CEK_ENC | CEK_MAC. | 4. Let RES = UKM | CEK_ENC | CEK_MAC. | |||
| 6.2 GOST 28147-89 Key Unwrap | 6.2 GOST 28147-89 Key Unwrap | |||
| This algorithm decrypts GOST 28147-89 CEK with a GOST 28147-89 KEK. | This algorithm decrypts GOST 28147-89 CEK with a GOST 28147-89 KEK. | |||
| The GOST 28147-89 key unwrap algorithm is: | The GOST 28147-89 key unwrap algorithm is: | |||
| 1. If the wrapped content-encryption key is not 44 octets, then | 1. If the wrapped content-encryption key is not 44 octets, then | |||
| error. | error. | |||
| 2. Decompose the the wrapped content-encryption key into IV, CEK_ENC | 2. Decompose the the wrapped content-encryption key into UKM, | |||
| and CEK_MAC. IV is the most significant (first) 8 octets, CEK_ENC | CEK_ENC | |||
| and CEK_MAC. UKM is the most significant (first) 8 octets. | ||||
| CEK_ENC | ||||
| is next 32 octets, and CEK_MAC is the least significant (last) 4 | is next 32 octets, and CEK_MAC is the least significant (last) 4 | |||
| octets. | octets. | |||
| 3. Decrypt CEK_ENC in ECB mode using KEK. Use IV, obrained in | 3. Decrypt CEK_ENC in ECB mode using the KEK. | |||
| step 1. Call the output CEK. | Call the output CEK. | |||
| 4. Compute a 4-byte checksum value, gost28147IMIT (IV, KEK, CEK), | 4. Compute a 4-byte checksum value, gost28147IMIT (UKM, KEK, CEK), | |||
| compare the result CEK_MAC. If not equal, then error. | compare the result with CEK_MAC. If not equal, then error. | |||
| 6.3 CryptoPro Key Wrap | 6.3 CryptoPro Key Wrap | |||
| This algorithm encrypts GOST 28147-89 CEK with a GOST 28147-89 KEK. | This algorithm encrypts GOST 28147-89 CEK with a GOST 28147-89 KEK. | |||
| It can be used with any KEK, e.g. produced by VKO GOST R 34.10-94 or | It can be used with any KEK (e.g. produced by VKO GOST R 34.10-94 or | |||
| VKO GOST R 34.10-2001, because unique initialization vector is used | VKO GOST R 34.10-2001) because unique UKM is used to diversify the | |||
| to diversify the KEK. | KEK. | |||
| Identifier for this algorithm: | Identifier for this algorithm: | |||
| id-Gost28147-89-CryptoPro-KeyWrap OBJECT IDENTIFIER ::= | id-Gost28147-89-CryptoPro-KeyWrap OBJECT IDENTIFIER ::= | |||
| { id-CryptoPro-algorithms keyWrap(13) cryptoPro(1) } | { id-CryptoPro-algorithms keyWrap(13) cryptoPro(1) } | |||
| The CryptoPro key wrap algorithm is: | The CryptoPro key wrap algorithm is: | |||
| 1. For unique symmetric KEK, or KEK produced by VKO GOST R 34.10-94, | 1. For a unique symmetric KEK or a KEK produced by VKO GOST R | |||
| generate 8 octets at random, call the result IV. | 34.10-94, | |||
| For KEK, produced by VKO GOST R 34.10-2001, use the same IV, | generate 8 octets at random. Call the result UKM. | |||
| For a KEK, produced by VKO GOST R 34.10-2001, use the UKM | ||||
| that was used for key derivation. | that was used for key derivation. | |||
| 2. Diversify KEK, using CryptoPro KEK Diversification Algorithm, | 2. Diversify KEK, using the CryptoPro KEK Diversification Algorithm, | |||
| described in section 7.2.1, call the result KEK(IV); | described in section 6.5. Call the result KEK(UKM). | |||
| 3. Compute a 4-byte checksum value, | 3. Compute a 4-byte checksum value, gost28147IMIT (UKM, KEK(UKM), | |||
| gost28147IMIT (IV, KEK(IV), CEK), call the result CEK_MAC. | CEK). | |||
| 4. Encrypt CEK in ECB mode using KEK(IV). Use IV, generated in | Call the result CEK_MAC. | |||
| step 1. | 4. Encrypt CEK in ECB mode using KEK(UKM). Call the ciphertext | |||
| Call the ciphertext CEK_ENC. | CEK_ENC. | |||
| 5. Let RES = IV | CEK_ENC | CEK_MAC. | 5. Let RES = UKM | CEK_ENC | CEK_MAC. | |||
| 6.4 CryptoPro Key Unrap | 6.4 CryptoPro Key Unrap | |||
| This algorithm encrypts GOST 28147-89 CEK with a GOST 28147-89 KEK. | This algorithm encrypts GOST 28147-89 CEK with a GOST 28147-89 KEK. | |||
| The CryptoPro key unwrap algorithm is: | The CryptoPro key unwrap algorithm is: | |||
| 1. If the wrapped content-encryption key is not 44 octets, then | 1. If the wrapped content-encryption key is not 44 octets, then | |||
| error. | error. | |||
| 2. Decompose the the wrapped content-encryption key into IV, CEK_ENC | 2. Decompose the the wrapped content-encryption key into UKM, | |||
| and CEK_MAC. IV is the most significant (first) 8 octets, CEK_ENC | CEK_ENC | |||
| and CEK_MAC. UKM is the most significant (first) 8 octets. | ||||
| CEK_ENC | ||||
| is next 32 octets, and CEK_MAC is the least significant (last) | is next 32 octets, and CEK_MAC is the least significant (last) | |||
| 4 octets. | 4 octets. | |||
| 3. Diversify KEK, using CryptoPro KEK Diversification Algorithm, | 3. Diversify KEK using the CryptoPro KEK Diversification Algorithm, | |||
| described in section 6.5, call the result KEK(IV); | described in section 6.5. Call the result KEK(UKM). | |||
| 4. Decrypt CEK_ENC in ECB mode using KEK(IV). Use IV, obrained in | 4. Decrypt CEK_ENC in ECB mode using KEK(UKM). | |||
| step 1. Call the output CEK. | Call the output CEK. | |||
| 5. Compute a 4-byte checksum value, | 5. Compute a 4-byte checksum value, gost28147IMIT (UKM, KEK(UKM), | |||
| gost28147IMIT (IV, KEK(IV), CEK), compare the result CEK_MAC. | CEK), | |||
| If not equal, then error. | compare the result with CEK_MAC. If not equal, then error. | |||
| 6.5 CryptoPro KEK Diversification Algorithm | 6.5 CryptoPro KEK Diversification Algorithm | |||
| Given a random 64-bit synchrovector IV, and a GOST 28147-89 key K, | Given a random 64-bit UKM, and a GOST 28147-89 key K, this algorithm | |||
| this algorithm creates a new GOST 28147-89 key K(IV). | creates a new GOST 28147-89 key K(UKM). | |||
| 1. Let K[0] = K; | 1. Let K[0] = K; | |||
| 2. IV is split into components a[i,j]: | 2. UKM is split into components a[i,j]: | |||
| IV = a[0]|...|a[7] (a[i] - byte, a[i,0]..a[i,7] - it's bits) | UKM = a[0]|..|a[7] (a[i] - byte, a[i,0]..a[i,7] - it's bits) | |||
| 3. Let i be 0. | 3. Let i be 0. | |||
| 4. K[1]..K[8] are calculated by repeating the | 4. K[1]..K[8] are calculated by repeating the | |||
| following algorithm eight times: | following algorithm eight times: | |||
| A) K[i] is split into components k[i,j]: | A) K[i] is split into components k[i,j]: | |||
| K[i] = k[i,0]|k[i,1]|...|k[i,7] (k[i,j] - 32-bit integer) | K[i] = k[i,0]|k[i,1]|..|k[i,7] (k[i,j] - 32-bit integer) | |||
| B) Vector S[i] is calculated: | B) Vector S[i] is calculated: | |||
| S[i] = ((a[i,0]*k[i,0] + ... + a[i,7]*k[i,7]) mod 2^32) | S[i] = ((a[i,0]*k[i,0] + ... + a[i,7]*k[i,7]) mod 2^32) | |||
| | ((~a[i,0]*k[i,0] + ... + ~a[i,7]*k[i,7]) mod 2^32); | | ((~a[i,0]*k[i,0] + ... + ~a[i,7]*k[i,7]) mod 2^32); | |||
| C) K[i+1] = encryptCFB (S[i], K[i], K[i]) | C) K[i+1] = encryptCFB (S[i], K[i], K[i]) | |||
| D) i = i + 1 | D) i = i + 1 | |||
| 5. Let K(IV) be K[8]. | 5. Let K(UKM) be K[8]. | |||
| 7 Secret Key Diversification | 7 Secret Key Diversification | |||
| This algorithm creates a GOST 28147-89 key Kd, given GOST R 34.10-94 | This algorithm creates a GOST 28147-89 key Kd, given GOST R 34.10-94 | |||
| or GOST R 34.10-2001 secret key K and diversification data D of size | or GOST R 34.10-2001 secret key K and diversification data D of size | |||
| 4..40 bytes. | 4..40 bytes. | |||
| 1) 40-byte blob B is created from D by cloning it enough times to | 1) 40-byte blob B is created from D by cloning it enough times to | |||
| fill all 40 bytes. For example, if D is 40-bytes long, B = D; If D is | fill all 40 bytes. For example, if D is 40-bytes long, B = D; If D is | |||
| 4-bytes long, B = D|D|D|D|D|D|D|D|D|D. | 4-bytes long, B = D|D|D|D|D|D|D|D|D|D. | |||
| 2) B is split into 8-byte SV and 32-byte SRCKEY (B = SV|SRCKEY). | 2) B is split into 8-byte UKM and 32-byte SRCKEY (B = UKM|SRCKEY). | |||
| 3) Algorithm from section 6.5 is used to create K(SV) from key K and | 3) The algorithm from section 6.5 is used to create K(UKM) from key K | |||
| synchrovector SV, with two differences. Instead of S[i], vector | and UKM with two differences: | |||
| (0,0,0,SV[i],ff,ff,ff,ff XOR SV[i]) is used, and during each | * Instead of S[i], vector (0,0,0,UKM[i],ff,ff,ff,ff XOR UKM[i]) is | |||
| encryption step, only 8 out of 32 GOST 28147-89 steps are done. | used. | |||
| * During each encryption step, only 8 out of 32 GOST 28147-89 steps | ||||
| are done. | ||||
| 4) Kd is calculated: | 4) Kd is calculated: | |||
| Kd = encryptCFB (IV, K(IV), SRCKEY). | Kd = encryptCFB (UKM, K(UKM), SRCKEY). | |||
| 8 Algorithm parameters | 8 Algorithm parameters | |||
| Standards [GOST28147], [GOST341194], [GOSTR341094] and | Standards [GOST28147], [GOST341194], [GOSTR341094] and | |||
| [GOSTR34102001] do not define specific values for algorithm | [GOSTR34102001] do not define specific values for algorithm | |||
| parameters. | parameters. | |||
| This document introduces the use of OIDs to specify algorithm | This document introduces the use of OIDs to specify algorithm | |||
| parameters. | parameters. | |||
| Identifiers and corresponding parameter values for all of the | Identifiers and corresponding parameter values for all of the | |||
| proposed parameter sets can be found in Appendix in the form of ASN.1 | proposed parameter sets can be found in the Appendix in the form of | |||
| modules [X.660]. | ASN.1 modules [X.660]. | |||
| 8.1 Encryption algorithm parameters | 8.1 Encryption algorithm parameters | |||
| GOST 28147-89 can be used in several modes, additional CBC mode is | GOST 28147-89 can be used in several modes, additional CBC mode is | |||
| defined in section 2.1 this document. It also has an S-Box parameter | defined in section 2.1 this document. It also has an S-Box parameter | |||
| (see Algorithm Parameters part in [GOST28147] in Russian, description | (see Algorithm Parameters part in [GOST28147] in Russian, description | |||
| in English see in [Schneier95] ch. 14.1, p. 331). | in English see in [Schneier95] ch. 14.1, p. 331). | |||
| This table contains the list of proposed parameter sets for GOST | This table contains the list of proposed parameter sets for GOST | |||
| 28147-89: | 28147-89: | |||
| skipping to change at page 10, line 30 ¶ | skipping to change at page 11, line 15 ¶ | |||
| { Gost28147-89-ParamSetParameters IDENTIFIED BY | { Gost28147-89-ParamSetParameters IDENTIFIED BY | |||
| id-Gost28147-89-CryptoPro-Simple-A-ParamSet } | | id-Gost28147-89-CryptoPro-Simple-A-ParamSet } | | |||
| { Gost28147-89-ParamSetParameters IDENTIFIED BY | { Gost28147-89-ParamSetParameters IDENTIFIED BY | |||
| id-Gost28147-89-CryptoPro-Simple-B-ParamSet } | | id-Gost28147-89-CryptoPro-Simple-B-ParamSet } | | |||
| { Gost28147-89-ParamSetParameters IDENTIFIED BY | { Gost28147-89-ParamSetParameters IDENTIFIED BY | |||
| id-Gost28147-89-CryptoPro-Simple-C-ParamSet } | | id-Gost28147-89-CryptoPro-Simple-C-ParamSet } | | |||
| { Gost28147-89-ParamSetParameters IDENTIFIED BY | { Gost28147-89-ParamSetParameters IDENTIFIED BY | |||
| id-Gost28147-89-CryptoPro-Simple-D-ParamSet } | id-Gost28147-89-CryptoPro-Simple-D-ParamSet } | |||
| } | } | |||
| Identifier values can be found in Appendix. | Identifier values are in the Appendix. | |||
| Parameters for GOST 28147-89 are presented in the following form: | Parameters for GOST 28147-89 are presented in the following form: | |||
| Gost28147-89-ParamSetParameters ::= SEQUENCE { | Gost28147-89-ParamSetParameters ::= SEQUENCE { | |||
| eUZ Gost28147-89-UZ, | eUZ Gost28147-89-UZ, | |||
| mode INTEGER { | mode INTEGER { | |||
| gost28147-89-CNT(0), | gost28147-89-CNT(0), | |||
| gost28147-89-CFB(1), | gost28147-89-CFB(1), | |||
| cryptoPro-CBC(2) | cryptoPro-CBC(2) | |||
| }, | }, | |||
| skipping to change at page 11, line 28 ¶ | skipping to change at page 12, line 14 ¶ | |||
| GostR3411-94-ParamSetAlgorithms ALGORITHM-IDENTIFIER ::= { | GostR3411-94-ParamSetAlgorithms ALGORITHM-IDENTIFIER ::= { | |||
| { GostR3411-94-ParamSetParameters IDENTIFIED BY | { GostR3411-94-ParamSetParameters IDENTIFIED BY | |||
| id-GostR3411-94-TestParamSet | id-GostR3411-94-TestParamSet | |||
| } | | } | | |||
| { GostR3411-94-ParamSetParameters IDENTIFIED BY | { GostR3411-94-ParamSetParameters IDENTIFIED BY | |||
| id-GostR3411-94-CryptoProParamSet | id-GostR3411-94-CryptoProParamSet | |||
| } | } | |||
| } | } | |||
| Identifier values can be found in Appendix. | Identifier values are in the Appendix. | |||
| Parameters for [GOST341194] are presented in the following form: | Parameters for [GOST341194] are presented in the following form: | |||
| GostR3411-94-ParamSetParameters ::= | GostR3411-94-ParamSetParameters ::= | |||
| SEQUENCE { | SEQUENCE { | |||
| hUZ Gost28147-89-UZ, -- S-Box for digest | hUZ Gost28147-89-UZ, -- S-Box for digest | |||
| h0 GostR3411-94-Digest -- start digest value | h0 GostR3411-94-Digest -- start digest value | |||
| } | } | |||
| GostR3411-94-Digest ::= OCTET STRING (SIZE (32)) | GostR3411-94-Digest ::= OCTET STRING (SIZE (32)) | |||
| skipping to change at page 12, line 15 ¶ | skipping to change at page 12, line 49 ¶ | |||
| { GostR3410-94-ParamSetParameters IDENTIFIED BY | { GostR3410-94-ParamSetParameters IDENTIFIED BY | |||
| id-GostR3410-94-CryptoPro-D-ParamSet } | | id-GostR3410-94-CryptoPro-D-ParamSet } | | |||
| { GostR3410-94-ParamSetParameters IDENTIFIED BY | { GostR3410-94-ParamSetParameters IDENTIFIED BY | |||
| id-GostR3410-94-CryptoPro-XchA-ParamSet } | | id-GostR3410-94-CryptoPro-XchA-ParamSet } | | |||
| { GostR3410-94-ParamSetParameters IDENTIFIED BY | { GostR3410-94-ParamSetParameters IDENTIFIED BY | |||
| id-GostR3410-94-CryptoPro-XchB-ParamSet } | | id-GostR3410-94-CryptoPro-XchB-ParamSet } | | |||
| { GostR3410-94-ParamSetParameters IDENTIFIED BY | { GostR3410-94-ParamSetParameters IDENTIFIED BY | |||
| id-GostR3410-94-CryptoPro-XchC-ParamSet } | id-GostR3410-94-CryptoPro-XchC-ParamSet } | |||
| } | } | |||
| Identifier values can be found in Appendix. | Identifier values are in the Appendix. | |||
| Parameters for GOST R 34.10-94 are presented in the following form: | Parameters for GOST R 34.10-94 are presented in the following form: | |||
| GostR3410-94-ParamSetParameters ::= | GostR3410-94-ParamSetParameters ::= | |||
| SEQUENCE { | SEQUENCE { | |||
| t INTEGER, | ||||
| p INTEGER, | p INTEGER, | |||
| q INTEGER, | q INTEGER, | |||
| a INTEGER, | a INTEGER, | |||
| validationAlgorithm AlgorithmIdentifier {{ | validationAlgorithm AlgorithmIdentifier {{ | |||
| GostR3410-94-ValidationAlgorithms | GostR3410-94-ValidationAlgorithms | |||
| }} OPTIONAL | }} OPTIONAL | |||
| } | } | |||
| GostR3410-94-ValidationParameters ::= | GostR3410-94-ValidationParameters ::= | |||
| SEQUENCE { | SEQUENCE { | |||
| t INTEGER, | ||||
| x0 INTEGER, | x0 INTEGER, | |||
| c INTEGER, | c INTEGER, | |||
| d INTEGER OPTIONAL | d INTEGER OPTIONAL | |||
| } | } | |||
| Where | Where | |||
| p - modulus, prime number, 2^1023<p<2^1024; | t - bit length of p (512 or 1024 bits); | |||
| p - modulus, prime number, 2^(t-1)<p<2^t; | ||||
| q - order of cyclic group, prime number, 2^254<q<2^256, q is a | q - order of cyclic group, prime number, 2^254<q<2^256, q is a | |||
| factor | factor | |||
| of p-1; | of p-1; | |||
| a - generator, integer, 1<a<p-1, at that aq (mod p) = 1; | a - generator, integer, 1<a<p-1, at that aq (mod p) = 1; | |||
| validationAlgorithm - constant p, q and a calculating algorithm. | validationAlgorithm - constant p, q and a calculating algorithm. | |||
| t - bit length of p; | ||||
| x0 - seed; | x0 - seed; | |||
| c - used for p and q generation; | c - used for p and q generation; | |||
| d - used for a generation. | d - used for a generation. | |||
| 8.4 GOST R 34.10-2001 public key algorithm parameters | 8.4 GOST R 34.10-2001 public key algorithm parameters | |||
| This table contains the list of proposed parameter sets for GOST R | This table contains the list of proposed parameter sets for GOST R | |||
| 34.10-2001: | 34.10-2001: | |||
| GostR3410-2001-ParamSetAlgorithm ALGORITHM-IDENTIFIER ::= { | GostR3410-2001-ParamSetAlgorithm ALGORITHM-IDENTIFIER ::= { | |||
| { GostR3410-2001-ParamSetParameters IDENTIFIED BY | { GostR3410-2001-ParamSetParameters IDENTIFIED BY | |||
| id-GostR3410-2001-TestParamSet } | | id-GostR3410-2001-TestParamSet } | | |||
| { GostR3410-2001-ParamSetParameters IDENTIFIED BY | { GostR3410-2001-ParamSetParameters IDENTIFIED BY | |||
| id-GostR3410-2001-CryptoPro-A-ParamSet } | | id-GostR3410-2001-CryptoPro-A-ParamSet } | | |||
| { GostR3410-2001-ParamSetParameters IDENTIFIED BY | { GostR3410-2001-ParamSetParameters IDENTIFIED BY | |||
| id-GostR3410-2001-CryptoPro-B-ParamSet } | | id-GostR3410-2001-CryptoPro-B-ParamSet } | | |||
| { GostR3410-2001-ParamSetParameters IDENTIFIED BY | { GostR3410-2001-ParamSetParameters IDENTIFIED BY | |||
| id-GostR3410-2001-CryptoPro-C-ParamSet } | | id-GostR3410-2001-CryptoPro-C-ParamSet } | | |||
| { GostR3410-2001-ParamSetParameters IDENTIFIED BY | { GostR3410-2001-ParamSetParameters IDENTIFIED BY | |||
| id-GostR3410-2001-CryptoPro-XchA-ParamSet } | | id-GostR3410-2001-CryptoPro-XchA-ParamSet } | | |||
| { GostR3410-2001-ParamSetParameters IDENTIFIED BY | { GostR3410-2001-ParamSetParameters IDENTIFIED BY | |||
| id-GostR3410-2001-CryptoPro-XchB-ParamSet } | id-GostR3410-2001-CryptoPro-XchB-ParamSet } | |||
| } | } | |||
| Identifier values can be found in Appendix. | Identifier values are in the Appendix. | |||
| Parameters for GOST R 34.10-2001 are presented in the following form: | Parameters for GOST R 34.10-2001 are presented in the following form: | |||
| GostR3410-2001-ParamSetParameters ::= | GostR3410-2001-ParamSetParameters ::= | |||
| SEQUENCE { | SEQUENCE { | |||
| abj CHOICE { | a INTEGER, | |||
| ab SEQUENCE { | b INTEGER, | |||
| a INTEGER, | p INTEGER, | |||
| b INTEGER, | q INTEGER, | |||
| }, | x INTEGER, | |||
| j INTEGER, | ||||
| }, | ||||
| p INTEGER , | ||||
| q INTEGER , | ||||
| x INTEGER , | ||||
| y INTEGER | y INTEGER | |||
| } | } | |||
| a, b - coefficients a and b of the elliptic curve E; | a, b - coefficients a and b of the elliptic curve E; | |||
| j - invariant; | ||||
| p - prime number - elliptic curve modulus; | p - prime number - elliptic curve modulus; | |||
| q - prime number - order of cyclic group; | q - prime number - order of cyclic group; | |||
| x, y - base point p coordinates. | x, y - base point p coordinates. | |||
| 9 Security Considerations | 9 Security Considerations | |||
| It is RECCOMENDED, that software applications verify signature | It is RECCOMENDED that software applications verify signature values, | |||
| values, subject public keys and algorithm parameters to conform to | subject public keys, and algorithm parameters to conform to | |||
| [GOSTR34102001], [GOSTR341094] standards prior to their use. | [GOSTR34102001], [GOSTR341094] standards prior to their use. | |||
| Cryptographic algorithm parameters affect rigidity of algorithms. | Cryptographic algorithm parameters affect rigidity of algorithms. | |||
| The algorithm parameters proposed hereby and described in this | The algorithm parameters proposed and described herein have been | |||
| document, have been analyzed by special certification laboratory of | analyzed by special certification laboratory of Scientific and | |||
| Scientific and Technical Center "ATLAS" and by Center of | Technical Center "ATLAS" and by Center of Certificational | |||
| Certificational Investigations in appropriate levels of | Investigations in appropriate levels of target_of_evaluation (TOE), | |||
| target_of_evaluation (TOE), according to [RFDSL], [RFLLIC] and | according to [RFDSL], [RFLLIC] and [CRYPTOLIC]. | |||
| [CRYPTOLIC]. | ||||
| Use of different parameter sets is NOT RECOMENDED. When different | Use of different parameter sets is NOT RECOMENDED. When different | |||
| parameters are used, it is RECCOMENDED to subject them to examination | parameters are used it is RECCOMENDED to subject them to examination | |||
| by an authorized agency with approved methods of cryptographic | by an authorized agency with approved methods of cryptographic | |||
| analysis. | analysis. | |||
| 10 Appendix ASN.1 Modules | 10 Appendix ASN.1 Modules | |||
| 10.1 Cryptographic-Gost-Useful-Definitions | 10.1 Cryptographic-Gost-Useful-Definitions | |||
| Cryptographic-Gost-Useful-Definitions | Cryptographic-Gost-Useful-Definitions | |||
| { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) | { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) | |||
| other(1) modules(1) cryptographic-Gost-Useful-Definitions(0) | other(1) modules(1) cryptographic-Gost-Useful-Definitions(0) | |||
| skipping to change at page 15, line 18 ¶ | skipping to change at page 15, line 45 ¶ | |||
| { id-CryptoPro-algorithms ecc-exchanges(36) } | { id-CryptoPro-algorithms ecc-exchanges(36) } | |||
| id-CryptoPro-private-keys OBJECT IDENTIFIER ::= | id-CryptoPro-private-keys OBJECT IDENTIFIER ::= | |||
| { id-CryptoPro-algorithms private-keys(37) } | { id-CryptoPro-algorithms private-keys(37) } | |||
| id-CryptoPro-policyIds OBJECT IDENTIFIER ::= | id-CryptoPro-policyIds OBJECT IDENTIFIER ::= | |||
| { id-CryptoPro policyIds(38) } | { id-CryptoPro policyIds(38) } | |||
| id-CryptoPro-policyQt OBJECT IDENTIFIER ::= | id-CryptoPro-policyQt OBJECT IDENTIFIER ::= | |||
| { id-CryptoPro policyQt(39) } | { id-CryptoPro policyQt(39) } | |||
| id-CryptoPro-pkixcmp-infos OBJECT IDENTIFIER ::= | id-CryptoPro-pkixcmp-infos OBJECT IDENTIFIER ::= | |||
| { id-CryptoPro-algorithms pkixcmp-infos(41) } | { id-CryptoPro-algorithms pkixcmp-infos(41) } | |||
| id-CryptoPro-audit-service-types OBJECT IDENTIFIER ::= | id-CryptoPro-audit-service-types OBJECT IDENTIFIER ::= | |||
| { id-CryptoPro-algorithms pkixcmp-infos(42) } | { id-CryptoPro-algorithms audit-service-types(42) } | |||
| id-CryptoPro-audit-record-types OBJECT IDENTIFIER ::= | id-CryptoPro-audit-record-types OBJECT IDENTIFIER ::= | |||
| { id-CryptoPro-algorithms pkixcmp-infos(43) } | { id-CryptoPro-algorithms audit-record-types(43) } | |||
| id-CryptoPro-attributes OBJECT IDENTIFIER ::= | id-CryptoPro-attributes OBJECT IDENTIFIER ::= | |||
| { id-CryptoPro-algorithms attributes(44) } | { id-CryptoPro-algorithms attributes(44) } | |||
| id-CryptoPro-name-service-types OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-algorithms name-service-types(45) } | ||||
| -- ASN.1 modules of Russian Cryptography "GOST" & "GOST R" | -- ASN.1 modules of Russian Cryptography "GOST" & "GOST R" | |||
| -- Specifications | -- Specifications | |||
| cryptographic-Gost-Useful-Definitions OBJECT IDENTIFIER ::= | cryptographic-Gost-Useful-Definitions OBJECT IDENTIFIER ::= | |||
| { id-CryptoPro-modules | { id-CryptoPro-modules | |||
| cryptographic-Gost-Useful-Definitions(0) 1 } | cryptographic-Gost-Useful-Definitions(0) 1 } | |||
| -- GOST R 34.11-94 | -- GOST R 34.11-94 | |||
| gostR3411-94-DigestSyntax OBJECT IDENTIFIER ::= | gostR3411-94-DigestSyntax OBJECT IDENTIFIER ::= | |||
| { id-CryptoPro-modules gostR3411-94-DigestSyntax(1) 1 } | { id-CryptoPro-modules gostR3411-94-DigestSyntax(1) 1 } | |||
| gostR3411-94-ParamSetSyntax OBJECT IDENTIFIER ::= | gostR3411-94-ParamSetSyntax OBJECT IDENTIFIER ::= | |||
| skipping to change at page 18, line 30 ¶ | skipping to change at page 19, line 11 ¶ | |||
| id-Gost28147-89-TestParamSet | -- Only for | id-Gost28147-89-TestParamSet | -- Only for | |||
| testing purposes | testing purposes | |||
| id-Gost28147-89-CryptoPro-A-ParamSet | | id-Gost28147-89-CryptoPro-A-ParamSet | | |||
| id-Gost28147-89-CryptoPro-B-ParamSet | | id-Gost28147-89-CryptoPro-B-ParamSet | | |||
| id-Gost28147-89-CryptoPro-C-ParamSet | | id-Gost28147-89-CryptoPro-C-ParamSet | | |||
| id-Gost28147-89-CryptoPro-D-ParamSet | | id-Gost28147-89-CryptoPro-D-ParamSet | | |||
| id-Gost28147-89-CryptoPro-Simple-A-ParamSet | | id-Gost28147-89-CryptoPro-Simple-A-ParamSet | | |||
| id-Gost28147-89-CryptoPro-Simple-B-ParamSet | | id-Gost28147-89-CryptoPro-Simple-B-ParamSet | | |||
| id-Gost28147-89-CryptoPro-Simple-C-ParamSet | | id-Gost28147-89-CryptoPro-Simple-C-ParamSet | | |||
| id-Gost28147-89-CryptoPro-Simple-D-ParamSet | id-Gost28147-89-CryptoPro-Simple-D-ParamSet | |||
| ) | ), | |||
| ... | ||||
| } | } | |||
| -- GOST 28147-89 encryption algorithm parameters | -- GOST 28147-89 encryption algorithm parameters | |||
| Gost28147-89-Parameters ::= | Gost28147-89-Parameters ::= | |||
| SEQUENCE { | SEQUENCE { | |||
| iv Gost28147-89-IV, | iv Gost28147-89-IV, | |||
| encryptionParamSet | encryptionParamSet | |||
| OBJECT IDENTIFIER ( | OBJECT IDENTIFIER ( | |||
| id-Gost28147-89-TestParamSet | -- Only for test | id-Gost28147-89-TestParamSet | -- Only for test | |||
| ing purposes | ing purposes | |||
| id-Gost28147-89-CryptoPro-A-ParamSet | | id-Gost28147-89-CryptoPro-A-ParamSet | | |||
| skipping to change at page 34, line 49 ¶ | skipping to change at page 35, line 31 ¶ | |||
| id-GostR3410-94-a OBJECT IDENTIFIER ::= | id-GostR3410-94-a OBJECT IDENTIFIER ::= | |||
| { id-GostR3410-94 a(1) } | { id-GostR3410-94 a(1) } | |||
| id-GostR3410-94-aBis OBJECT IDENTIFIER ::= | id-GostR3410-94-aBis OBJECT IDENTIFIER ::= | |||
| { id-GostR3410-94 aBis(2) } | { id-GostR3410-94 aBis(2) } | |||
| id-GostR3410-94-b OBJECT IDENTIFIER ::= | id-GostR3410-94-b OBJECT IDENTIFIER ::= | |||
| { id-GostR3410-94 b(3) } | { id-GostR3410-94 b(3) } | |||
| id-GostR3410-94-bBis OBJECT IDENTIFIER ::= | id-GostR3410-94-bBis OBJECT IDENTIFIER ::= | |||
| { id-GostR3410-94 bBis(4) } | { id-GostR3410-94 bBis(4) } | |||
| GostR3410-94-ValidationParameters ::= | GostR3410-94-ValidationParameters ::= | |||
| SEQUENCE { | SEQUENCE { | |||
| t INTEGER (512 | 1024), -- 512 - only for testing p | ||||
| urposes | ||||
| x0 INTEGER (0 .. 65535), | x0 INTEGER (0 .. 65535), | |||
| c INTEGER (0 .. 65535), | c INTEGER (0 .. 65535), | |||
| d INTEGER ( | d INTEGER ( | |||
| 2 | 2 | |||
| .. | .. | |||
| 1797693134862315907729305190789024733617976 | 1797693134862315907729305190789024733617976 | |||
| 9789423065727343008115773267580550096313270847732240753602112011387 | 9789423065727343008115773267580550096313270847732240753602112011387 | |||
| 9871393357658789768814416622492847430639474124377767893424865485276 | 9871393357658789768814416622492847430639474124377767893424865485276 | |||
| 3022196012460941194530829520850057688381506823424628814739131105408 | 3022196012460941194530829520850057688381506823424628814739131105408 | |||
| 27237163350510684586298239947245938479716304835356329624224137214 | 27237163350510684586298239947245938479716304835356329624224137214 | |||
| ) -- 1 < d < p-1 < 2^1024-1 | ) -- 1 < d < p-1 < 2^1024-1 | |||
| OPTIONAL | OPTIONAL | |||
| } | } | |||
| GostR3410-94-ValidationBisParameters ::= | GostR3410-94-ValidationBisParameters ::= | |||
| SEQUENCE { | SEQUENCE { | |||
| t INTEGER (512 | 1024), -- 512 - only for testing p | ||||
| urposes | ||||
| x0 INTEGER (0 .. 4294967295), | x0 INTEGER (0 .. 4294967295), | |||
| c INTEGER (0 .. 4294967295), | c INTEGER (0 .. 4294967295), | |||
| d INTEGER ( | d INTEGER ( | |||
| 2 | 2 | |||
| .. | .. | |||
| 1797693134862315907729305190789024733617976 | 1797693134862315907729305190789024733617976 | |||
| 9789423065727343008115773267580550096313270847732240753602112011387 | 9789423065727343008115773267580550096313270847732240753602112011387 | |||
| 9871393357658789768814416622492847430639474124377767893424865485276 | 9871393357658789768814416622492847430639474124377767893424865485276 | |||
| 3022196012460941194530829520850057688381506823424628814739131105408 | 3022196012460941194530829520850057688381506823424628814739131105408 | |||
| 27237163350510684586298239947245938479716304835356329624224137214 | 27237163350510684586298239947245938479716304835356329624224137214 | |||
| skipping to change at page 36, line 19 ¶ | skipping to change at page 36, line 45 ¶ | |||
| 64356221556536838757636132646301588781, | 64356221556536838757636132646301588781, | |||
| a 830582195677962819385275050881175724488 | a 830582195677962819385275050881175724488 | |||
| 9982632821843521491035713173371468528798753831744267407230704527461 | 9982632821843521491035713173371468528798753831744267407230704527461 | |||
| 062321732669034432746173786958142572929772413468, | 062321732669034432746173786958142572929772413468, | |||
| validationAlgorithm { | validationAlgorithm { | |||
| algorithm | algorithm | |||
| id-GostR3410-94-a, | id-GostR3410-94-a, | |||
| parameters | parameters | |||
| GostR3410-94-ValidationParameters: | GostR3410-94-ValidationParameters: | |||
| { | { | |||
| t 512, | ||||
| x0 24265, | x0 24265, | |||
| c 29505, | c 29505, | |||
| d 2 | d 2 | |||
| } | } | |||
| } | } | |||
| } | } | |||
| } | } | |||
| -- CryptoPro parameters | -- CryptoPro parameters | |||
| gostR3410-94-CryptoPro-A-ParamSetAI | gostR3410-94-CryptoPro-A-ParamSetAI | |||
| AlgorithmIdentifier ::= | AlgorithmIdentifier ::= | |||
| { | { | |||
| algorithm | algorithm | |||
| id-GostR3410-94-CryptoPro-A-ParamSet, | id-GostR3410-94-CryptoPro-A-ParamSet, | |||
| parameters | parameters | |||
| GostR3410-94-ParamSetParameters:{ | GostR3410-94-ParamSetParameters:{ | |||
| t 1024, | t 1024, | |||
| p 127021248288932417465907042777176443525 | p 127021248288932417465907042777176443525 | |||
| skipping to change at page 37, line 8 ¶ | skipping to change at page 37, line 34 ¶ | |||
| 5669968284202797289605274717317548059048560713474685214192868091256 | 5669968284202797289605274717317548059048560713474685214192868091256 | |||
| 1502802222185647539190902656116367847270145019066794290930185446216 | 1502802222185647539190902656116367847270145019066794290930185446216 | |||
| 3997308722217328898303231940973554032134009725883228768509467406639 | 3997308722217328898303231940973554032134009725883228768509467406639 | |||
| 62, | 62, | |||
| validationAlgorithm { | validationAlgorithm { | |||
| algorithm | algorithm | |||
| id-GostR3410-94-bBis, | id-GostR3410-94-bBis, | |||
| parameters | parameters | |||
| GostR3410-94-ValidationBisParameter | GostR3410-94-ValidationBisParameter | |||
| s: { | s: { | |||
| t 1024, | ||||
| x0 1376285941, | x0 1376285941, | |||
| c 3996757427 | c 3996757427 | |||
| } | } | |||
| } | } | |||
| } | } | |||
| } | } | |||
| -- | -- | |||
| gostR3410-94-CryptoPro-B-ParamSetAI | gostR3410-94-CryptoPro-B-ParamSetAI | |||
| AlgorithmIdentifier ::= | AlgorithmIdentifier ::= | |||
| { | { | |||
| skipping to change at page 37, line 44 ¶ | skipping to change at page 38, line 20 ¶ | |||
| 7284814898909770759462613437669456364882730370838934791080835932647 | 7284814898909770759462613437669456364882730370838934791080835932647 | |||
| 9767786019153434744009610342313166725786869204821949328786333602033 | 9767786019153434744009610342313166725786869204821949328786333602033 | |||
| 8479709268434224762105576023501613261478065276102850944540333865234 | 8479709268434224762105576023501613261478065276102850944540333865234 | |||
| 1, | 1, | |||
| validationAlgorithm { | validationAlgorithm { | |||
| algorithm | algorithm | |||
| id-GostR3410-94-bBis, | id-GostR3410-94-bBis, | |||
| parameters | parameters | |||
| GostR3410-94-ValidationBisParameter | GostR3410-94-ValidationBisParameter | |||
| s: { | s: { | |||
| t 1024, | ||||
| x0 1536654555, | x0 1536654555, | |||
| c 1855361757, | c 1855361757, | |||
| d 14408629386140014567655 | d 14408629386140014567655 | |||
| 4902939282056547857802241461782996702017713059974755104394739915140 | 4902939282056547857802241461782996702017713059974755104394739915140 | |||
| 6115284791024439062735788342744854120601660303926203867703556828005 | 6115284791024439062735788342744854120601660303926203867703556828005 | |||
| 8957203818114895398976594425537561271800850306 | 8957203818114895398976594425537561271800850306 | |||
| } | } | |||
| } | } | |||
| } | } | |||
| } | } | |||
| -- | -- | |||
| gostR3410-94-CryptoPro-C-ParamSetAI | gostR3410-94-CryptoPro-C-ParamSetAI | |||
| AlgorithmIdentifier ::= | AlgorithmIdentifier ::= | |||
| { | { | |||
| algorithm | algorithm | |||
| id-GostR3410-94-CryptoPro-C-ParamSet, | id-GostR3410-94-CryptoPro-C-ParamSet, | |||
| parameters | parameters | |||
| skipping to change at page 38, line 37 ¶ | skipping to change at page 39, line 11 ¶ | |||
| 2087723485023722868022275009502224827866201744494021697716482008353 | 2087723485023722868022275009502224827866201744494021697716482008353 | |||
| 6398202298024892620480898699335508064332313529725332208819456895108 | 6398202298024892620480898699335508064332313529725332208819456895108 | |||
| 5155178100221003459370588291073071186553005962149936840737128710832 | 5155178100221003459370588291073071186553005962149936840737128710832 | |||
| 3, | 3, | |||
| validationAlgorithm { | validationAlgorithm { | |||
| algorithm | algorithm | |||
| id-GostR3410-94-bBis, | id-GostR3410-94-bBis, | |||
| parameters | parameters | |||
| GostR3410-94-ValidationBisParameter | GostR3410-94-ValidationBisParameter | |||
| s: { | s: { | |||
| t 1024, | x0 1132758852, | |||
| x0 113275885, | ||||
| c 3037364845, | c 3037364845, | |||
| d 9175906676429839327 | d 9175906676429839327 | |||
| } | } | |||
| } | } | |||
| } | } | |||
| } | } | |||
| -- | -- | |||
| gostR3410-94-CryptoPro-D-ParamSetAI | gostR3410-94-CryptoPro-D-ParamSetAI | |||
| AlgorithmIdentifier ::= | AlgorithmIdentifier ::= | |||
| { | { | |||
| skipping to change at page 39, line 25 ¶ | skipping to change at page 39, line 47 ¶ | |||
| 4687551412794400562878935266630754392677014598582103365983119173924 | 4687551412794400562878935266630754392677014598582103365983119173924 | |||
| 4732511225464712252386803315902707727668715343476086350472025298282 | 4732511225464712252386803315902707727668715343476086350472025298282 | |||
| 7271461690125050616858238384366331089777463541013033926723743254833 | 7271461690125050616858238384366331089777463541013033926723743254833 | |||
| 7, | 7, | |||
| validationAlgorithm { | validationAlgorithm { | |||
| algorithm | algorithm | |||
| id-GostR3410-94-bBis, | id-GostR3410-94-bBis, | |||
| parameters | parameters | |||
| GostR3410-94-ValidationBisParameter | GostR3410-94-ValidationBisParameter | |||
| s: { | s: { | |||
| t 1024, | ||||
| x0 333089693, | x0 333089693, | |||
| c 2699681355, | c 2699681355, | |||
| d 69158877639013014811917 | d 69158877639013014811917 | |||
| 44665240278894786443822142755842460366243252 | 44665240278894786443822142755842460366243252 | |||
| } | } | |||
| } | } | |||
| } | } | |||
| } | } | |||
| -- | -- | |||
| gostR3410-94-CryptoPro-XchA-ParamSetAI | gostR3410-94-CryptoPro-XchA-ParamSetAI | |||
| AlgorithmIdentifier ::= | AlgorithmIdentifier ::= | |||
| { | { | |||
| algorithm | algorithm | |||
| id-GostR3410-94-CryptoPro-XchA-ParamSet, | id-GostR3410-94-CryptoPro-XchA-ParamSet, | |||
| parameters | parameters | |||
| skipping to change at page 40, line 4 ¶ | skipping to change at page 40, line 26 ¶ | |||
| t 1024, | t 1024, | |||
| p 142011741597563481196368286022318089743 | p 142011741597563481196368286022318089743 | |||
| 2761383952437387628725734419274593935127189736311660784676003608489 | 2761383952437387628725734419274593935127189736311660784676003608489 | |||
| 4662356762579528277471921224192907104613420838063639408451269182889 | 4662356762579528277471921224192907104613420838063639408451269182889 | |||
| 4000571524625445295769349356752728956831541775441763139384457191755 | 4000571524625445295769349356752728956831541775441763139384457191755 | |||
| 0968471078465956625479423122933384839245143396147277606818806097342 | 0968471078465956625479423122933384839245143396147277606818806097342 | |||
| 39, | 39, | |||
| q 917715298965546059455881490183827502172 | q 917715298965546059455881490183827502172 | |||
| 96858393520724172743325725474374979801, | 96858393520724172743325725474374979801, | |||
| a 133531813272720673433859519948319001217 | a 133531813272720673433859519948319001217 | |||
| 9423759678474868994823595993696425287347124615904033277318214103280 | 9423759678474868994823595993696425287347124615904033277318214103280 | |||
| 1252925387191478859899310331056774413619636480306472137782665689868 | 1252925387191478859899310331056774413619636480306472137782665689868 | |||
| 6468463277710150809401182608770201615324990468332931294920912776241 | 6468463277710150809401182608770201615324990468332931294920912776241 | |||
| 1378780302243557466062839716593764268326742697808800616315281634758 | 1378780302243557466062839716593764268326742697808800616315281634758 | |||
| 87, | 87, | |||
| validationAlgorithm { | validationAlgorithm { | |||
| algorithm | algorithm | |||
| id-GostR3410-94-bBis, | id-GostR3410-94-bBis, | |||
| parameters | parameters | |||
| GostR3410-94-ValidationBisParameter | GostR3410-94-ValidationBisParameter | |||
| s: { | s: { | |||
| t 1024, | ||||
| x0 3495862036, | x0 3495862036, | |||
| c 1177570399, | c 1177570399, | |||
| d 35478896102409188951396 | d 35478896102409188951396 | |||
| 4706477208328196239186534141058228233456746622201867258017799725121 | 4706477208328196239186534141058228233456746622201867258017799725121 | |||
| 69905264460862437764160334831107459 | 69905264460862437764160334831107459 | |||
| } | } | |||
| } | } | |||
| } | } | |||
| } | } | |||
| -- | -- | |||
| skipping to change at page 41, line 6 ¶ | skipping to change at page 41, line 26 ¶ | |||
| 6291505503608252399443790027238674914599623086783222866197754399281 | 6291505503608252399443790027238674914599623086783222866197754399281 | |||
| 6745254823298629859875357546628605173883785473616768576901778033580 | 6745254823298629859875357546628605173883785473616768576901778033580 | |||
| 4511440773337196253842353291939447787366475282450998661787899244317 | 4511440773337196253842353291939447787366475282450998661787899244317 | |||
| 7, | 7, | |||
| validationAlgorithm { | validationAlgorithm { | |||
| algorithm | algorithm | |||
| id-GostR3410-94-bBis, | id-GostR3410-94-bBis, | |||
| parameters | parameters | |||
| GostR3410-94-ValidationBisParameter | GostR3410-94-ValidationBisParameter | |||
| s: { | s: { | |||
| t 1024, | ||||
| x0 2046851076, | x0 2046851076, | |||
| c 3541716983, | c 3541716983, | |||
| d 57332667610989476056615 | d 57332667610989476056615 | |||
| 969728891533566058787317492748441827236576904274546146 | 969728891533566058787317492748441827236576904274546146 | |||
| } | } | |||
| } | } | |||
| } | } | |||
| } | } | |||
| -- | -- | |||
| gostR3410-94-CryptoPro-XchC-ParamSetAI | gostR3410-94-CryptoPro-XchC-ParamSetAI | |||
| skipping to change at page 41, line 33 ¶ | skipping to change at page 42, line 4 ¶ | |||
| t 1024, | t 1024, | |||
| p 124699636699347751360714726579406443620 | p 124699636699347751360714726579406443620 | |||
| 3408861395055989217248455729987073769899965148066236472399285932086 | 3408861395055989217248455729987073769899965148066236472399285932086 | |||
| 8822848751165438350943327664722262594061556058045004094721182602772 | 8822848751165438350943327664722262594061556058045004094721182602772 | |||
| 9977563540237169063044807971577164944777844700059741903245772222625 | 9977563540237169063044807971577164944777844700059741903245772222625 | |||
| 3269698374446528353527293043937461065763833491510017159309241154995 | 3269698374446528353527293043937461065763833491510017159309241154995 | |||
| 49, | 49, | |||
| q 678787613733659123438029502006568252711 | q 678787613733659123438029502006568252711 | |||
| 81294680501479431146754294748422492761, | 81294680501479431146754294748422492761, | |||
| a 443061846429758418247313503080985932686 | a 443061846429758418247313503080985932686 | |||
| 3990650118941756995270074860997318142695023523962323911055745082691 | 3990650118941756995270074860997318142695023523962323911055745082691 | |||
| 9295792878938752101867704718162325102751695310043185596483760265782 | 9295792878938752101867704718162325102751695310043185596483760265782 | |||
| 7828194249605561893696586532551313719448313624777365346841011879674 | 7828194249605561893696586532551313719448313624777365346841011879674 | |||
| 0709840825496997937556072234510670472108602597930996876319307290833 | 0709840825496997937556072234510670472108602597930996876319307290833 | |||
| 4, | 4, | |||
| validationAlgorithm { | validationAlgorithm { | |||
| algorithm | algorithm | |||
| id-GostR3410-94-bBis, | id-GostR3410-94-bBis, | |||
| parameters | parameters | |||
| GostR3410-94-ValidationBisParameter | GostR3410-94-ValidationBisParameter | |||
| s: { | s: { | |||
| t 1024, | ||||
| x0 371898640, | x0 371898640, | |||
| c 2482514131, | c 2482514131, | |||
| d 39341170171309491894611 | d 39341170171309491894611 | |||
| 6909229454740026575590650016887148241594213466186452691964676993 | 6909229454740026575590650016887148241594213466186452691964676993 | |||
| } | } | |||
| } | } | |||
| } | } | |||
| } | } | |||
| END -- GostR3410-94-ParamSetSyntax | END -- GostR3410-94-ParamSetSyntax | |||
| 10.8 GostR3410-2001-PKISyntax | 10.8 GostR3410-2001-PKISyntax | |||
| GostR3410-2001-PKISyntax | GostR3410-2001-PKISyntax | |||
| { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) | { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) | |||
| other(1) modules(1) gostR3410-2001-PKISyntax(9) 1 } | other(1) modules(1) gostR3410-2001-PKISyntax(9) 1 } | |||
| DEFINITIONS ::= | DEFINITIONS ::= | |||
| BEGIN | BEGIN | |||
| skipping to change at page 51, line 28 ¶ | skipping to change at page 51, line 41 ¶ | |||
| 12 Acknowledgments | 12 Acknowledgments | |||
| This document was created in accordance with "Russian Cryptographic | This document was created in accordance with "Russian Cryptographic | |||
| Software Compatibility Agreement", signed by FGUE STC "Atlas", | Software Compatibility Agreement", signed by FGUE STC "Atlas", | |||
| CRYPTO-PRO, Factor-TC, MD PREI, Infotecs GmbH, SPRCIS (SPbRCZI), | CRYPTO-PRO, Factor-TC, MD PREI, Infotecs GmbH, SPRCIS (SPbRCZI), | |||
| Cryptocom, R-Alpha. The aim of this agreement is to achieve mutual | Cryptocom, R-Alpha. The aim of this agreement is to achieve mutual | |||
| compatibility of the products and solutions. | compatibility of the products and solutions. | |||
| The authors wish to thank: | The authors wish to thank: | |||
| Microsoft Corporation Russia for provided information about | Microsoft Corporation Russia for providing information about | |||
| company products and solutions, and also for technical consulting | company products and solutions, and also for technical consulting | |||
| in PKI. | in PKI. | |||
| RSA Security Russia and Demos Co Ltd for active collaboration and | RSA Security Russia and Demos Co Ltd for active collaboration and | |||
| critical help in creation of this document. | critical help in creation of this document. | |||
| Russ Hously (Vigil Security, LLC, housley@vigilsec.com) and | Russ Hously (Vigil Security, LLC, housley@vigilsec.com) and | |||
| Vasilij Sakharov (DEMOS Co Ltd, svp@dol.ru) for initiative, | Vasilij Sakharov (DEMOS Co Ltd, svp@dol.ru) for initiative, | |||
| creating this document. | creating this document. | |||
| Derek Atkins (IHTFP Consulting, derek@ihtfp.com) and his wife, | ||||
| Heather Anne Harrison for making the document readable. | ||||
| This document is based on a contribution of CRYPTO-PRO Company. Any | This document is based on a contribution of CRYPTO-PRO Company. Any | |||
| substantial use of the text from this document must acknowledge | substantial use of the text from this document must acknowledge | |||
| CRYPTO-PRO. CRYPTO-PRO requests that all material mentioning or | CRYPTO-PRO. CRYPTO-PRO requests that all material mentioning or | |||
| referencing this document identify this as "CRYPTO-PRO CPALGS". | referencing this document identify this as "CRYPTO-PRO CPALGS". | |||
| Author's Addresses | Author's Addresses | |||
| Vladimir Popov | Vladimir Popov | |||
| CRYPTO-PRO | CRYPTO-PRO | |||
| 38, Obraztsova, | 38, Obraztsova, | |||
| skipping to change at page 52, line 29 ¶ | skipping to change at page 52, line 48 ¶ | |||
| Grigorij Chudov | Grigorij Chudov | |||
| CRYPTO-PRO | CRYPTO-PRO | |||
| 38, Obraztsova, | 38, Obraztsova, | |||
| Moscow, 127018, Russian Federation | Moscow, 127018, Russian Federation | |||
| EMail: chudov@cryptopro.ru | EMail: chudov@cryptopro.ru | |||
| Alexandr Afanasiev | Alexandr Afanasiev | |||
| Factor-TC | Factor-TC | |||
| office 711, 14, Presnenskij val, | office 711, 14, Presnenskij val, | |||
| Moscow, 123557, Russian Federation | Moscow, 123557, Russian Federation | |||
| EMail: aaaf@factor-ts.ru | EMail: afa@factor-ts.ru | |||
| Nikolaj Nikishin | Nikolaj Nikishin | |||
| Infotecs GmbH | Infotecs GmbH | |||
| p/b 35, 80-5, Leningradskij prospekt, | p/b 35, 80-5, Leningradskij prospekt, | |||
| Moscow, 125315, Russian Federation | Moscow, 125315, Russian Federation | |||
| EMail: nikishin@infotecs.ru | EMail: nikishin@infotecs.ru | |||
| Boleslav Izotov | Boleslav Izotov | |||
| FGUE STC "Atlas" | FGUE STC "Atlas" | |||
| 38, Obraztsova, | 38, Obraztsova, | |||
| skipping to change at page 53, line 21 ¶ | skipping to change at page 53, line 40 ¶ | |||
| EMail: igus@cryptocom.ru | EMail: igus@cryptocom.ru | |||
| Anatolij Erkin | Anatolij Erkin | |||
| SPRCIS (SPbRCZI) | SPRCIS (SPbRCZI) | |||
| 1, Obrucheva, | 1, Obrucheva, | |||
| St.Petersburg, 195220, Russian Federation | St.Petersburg, 195220, Russian Federation | |||
| EMail: erkin@nevsky.net | EMail: erkin@nevsky.net | |||
| Full Copyright Statement | Full Copyright Statement | |||
| Copyright (C) The Internet Society (2004). All Rights Reserved. | Copyright (C) The Internet Society (2005). This document is subject | |||
| to the rights, licenses and restrictions contained in BCP 78, and | ||||
| This document and translations of it may be copied and furnished to | except as set forth therein, the authors retain all their rights. | |||
| others, and derivative works that comment on or otherwise explain it | ||||
| or assist in its implementation may be prepared, copied, published | ||||
| and distributed, in whole or in part, without restriction of any | ||||
| kind, provided that the above copyright notice and this paragraph are | ||||
| included on all such copies and derivative works. However, this | ||||
| document itself may not be modified in any way, such as by removing | ||||
| the copyright notice or references to the Internet Society or other | ||||
| Internet organizations, except as needed for the purpose of | ||||
| developing Internet standards in which case the procedures for | ||||
| copyrights defined in the Internet Standards process must be | ||||
| followed, or as required to translate it into languages other than | ||||
| English. | ||||
| The limited permissions granted above are perpetual and will not be | ||||
| revoked by the Internet Society or its successors or assigns. | ||||
| This document and the information contained herein is provided on an | This document and the information contained herein are provided on an | |||
| "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING | "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | |||
| TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING | OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET | |||
| BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION | ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, | |||
| HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF | INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE | |||
| MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | |||
| WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | ||||
| End of changes. 98 change blocks. | ||||
| 188 lines changed or deleted | 194 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||