idnits 2.17.1 draft-leontiev-cryptopro-cpcms-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 748 has weird spacing: '... mode gost2...' == Line 788 has weird spacing: '... mode gost2...' == Line 828 has weird spacing: '... mode gost2...' == Line 869 has weird spacing: '... mode gost2...' == Line 909 has weird spacing: '... mode gost2...' == (4 more instances...) == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 15, 2003) is 7618 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Missing Reference: 'CMS' is mentioned on line 82, but not defined == Missing Reference: 'RFC 2119' is mentioned on line 106, but not defined == Missing Reference: 'GOSTR3411' is mentioned on line 123, but not defined == Missing Reference: 'GOST3411' is mentioned on line 130, but not defined == Missing Reference: 'HMAC' is mentioned on line 495, but not defined == Missing Reference: 'RFC 2633' is mentioned on line 510, but not defined ** Obsolete undefined reference: RFC 2633 (Obsoleted by RFC 3851) == Missing Reference: 'RFCC 2633' is mentioned on line 515, but not defined == Unused Reference: 'GOSTR341194' is defined on line 1306, but no explicit reference was found in the text == Unused Reference: 'RFC 3280' is defined on line 1316, but no explicit reference was found in the text == Unused Reference: 'RFC 3279' is defined on line 1321, but no explicit reference was found in the text == Unused Reference: 'RFC 2219' is defined on line 1326, but no explicit reference was found in the text == Unused Reference: 'TLS' is defined on line 1330, but no explicit reference was found in the text ** Obsolete normative reference: RFC 3280 (Obsoleted by RFC 5280) ** Obsolete normative reference: RFC 2246 (ref. 'TLS') (Obsoleted by RFC 4346) Summary: 7 errors (**), 0 flaws (~~), 20 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 S/MIME Working Group Serguei Leontiev, CRYPTO-PRO 3 INTERNET-DRAFT Vladimir Popov, CRYPTO-PRO 4 Expires December 15, 2003 June 15, 2003 5 Intended Category: Informational 7 Cryptographic Message Syntax (CMS) algorithms for 8 GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, GOST R 34.11-94. 10 12 Status of this Memo 14 This document is an Internet-Draft and is subject to all provisions 15 of Section 10 of RFC2026. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF), its areas, and its working groups. Note that 19 other groups may also distribute working documents as Internet- 20 Drafts. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or made obsolete by other documents at 24 any time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as "work in progress." 27 The list of current Internet-Drafts can be accessed at 28 http://www.ietf.org/1id-abstracts.html 30 The list of Internet-Draft Shadow Directories can be accessed at 31 http://www.ietf.org/shadow.html 33 Abstract 35 This document describes the conventions for using cryptographic 36 algorithms GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, GOST R 37 34.11-94, along with Cryptographic Message Syntax (CMS). The CMS is 38 used for digital signature, digest, authentication and encryption 39 arbitrary message contents. 41 Table of Contents 42 1 Introduction . . . . . . . . . . . . . . . . . . . . . . 2 43 1.2 Terminology. . . . . . . . . . . . . . . . . . . . . . . 3 44 2 Message Digest Algorithms. . . . . . . . . . . . . . . . 3 45 2.1 Message Digest Algorithm GOST R 34.11-94 . . . . . . . . 3 46 3 Signature Algorithms . . . . . . . . . . . . . . . . . . 4 47 3.1 Signature Algorithm GOST R 34.10-94. . . . . . . . . . . 4 48 3.2 Signature Algorithm GOST R 34.10-2001. . . . . . . . . . 4 49 4 Key Management Algorithms. . . . . . . . . . . . . . . . 5 50 4.1 Key Agreement Algorithms . . . . . . . . . . . . . . . . 5 51 4.1.1 Key Agreement Algorithm Based on GOST R 34.10-94 Public 52 Keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 53 4.1.1 Key Agreement Algorithm Based on GOST R 34.10-2001 Public 54 Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 55 4.2 Key Transport Algorithms. .. . . . . . . . . . . . . . . 7 56 4.2.1 Key Transport Algorithm Based on GOST R 34.10-94 Public 57 Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 58 4.2.2 Key Transport Algorithm Based on GOST R 34.10-2001 Public 59 Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 60 5 Content Encryption Algorithms. . . . . . . . . . . . . . 8 61 5.1 Key-Encryption Key Algorithm GOST 28147-89 . . . . . . . 9 62 6 MAC Algorithms . . . . . . . . . . . . . . . . . . . . . 11 63 6.1 HMAC with GOST R 34.11-94. . . . . . . . . . . . . . . . 11 64 7 Using with S/MIME. . . . . . . . . . . . . . . . . . . . 11 65 7.1 Parameter micalg . . . . . . . . . . . . . . . . . . . . 11 66 7.2 Atribute SMIMECapabilities . . . . . . . . . . . . . . . 11 67 8 Security Considerations. . . . . . . . . . . . . . . . . 11 68 9 Appendix ASN.1 Modules . . . . . . . . . . . . . . . . . 12 69 9.1 Gost28147-89-EncryptionSyntax. . . . . . . . . . . . . . 12 70 9.2 Gost28147-89-ParamSetSyntax. . . . . . . . . . . . . . . 14 71 9.3 GostR3410-94-EncryptionSyntax. . . . . . . . . . . . . . 21 72 9.4 GostR3410-94-SignatureSyntax . . . . . . . . . . . . . . 23 73 9.5 GostR3410-2001-EncryptionSyntax. . . . . . . . . . . . . 24 74 9.6 GostR3410-2001-SignatureSyntax . . . . . . . . . . . . . 26 75 10 References . . . . . . . . . . . . . . . . . . . . . . . 27 76 11 Acknowledgments. . . . . . . . . . . . . . . . . . . . . 29 77 Author's Address. . . . . . . . . . . . . . . . . . . . . . . . 29 78 Full Copyright Statement. . . . . . . . . . . . . . . . . . . . 30 80 1 Introduction 82 The Cryptographic Message Syntax (CMS) [CMS] is used for digital 83 signature, digest, authentication and encryption arbitrary message 84 contents. This companion specification describes the usage of 85 cryptographic algorithms GOST 28147-89, GOST R 34.10-94, GOST R 86 34.10-2001 and hash algorithm GOST R 34.11-94 in CMS, proposed by 87 CRYPTO-PRO Company for "Russian Cryptographic Software Compatibility 88 Agreement" community. This document does not describe those 89 cryptographic algorithms; they are defined in corresponding national 90 standards. 92 The CMS values are generated using ASN.1 [X.208-88], using BER- 93 encoding [X.209-88]. Algorithm identifiers (which include ASN.1 94 object identifiers) identify cryptographic algorithms, and some 95 algorithms require additional parameters. When needed, parameters 96 are specified with an ASN.1 structure. The algorithm identifier for 97 each algorithm is specified, and when needed, the parameter structure 98 is specified. The fields in the CMS employed by each algorithm are 99 identified. 101 1.2 Terminology 103 In this document, the key words MUST, MUST NOT, REQUIRED, SHOULD, 104 SHOULD NOT, RECOMMENDED, and MAY are to be interpreted as described 105 in [RFC 2119]. 107 2 Message Digest Algorithms 109 This section specifies the conventions for using digest algorithm 110 GOST R 34.11-94 employed by CMS. 112 Digest values are located in the DigestedData digest field and the 113 Message Digest authenticated attribute. In addition, digest values 114 are input to signature algorithms. 116 2.1 Message Digest Algorithm GOST R 34.11-94 118 Hash function GOST R 34.11-94 has been developed by "GUBS of Federal 119 Agency Government Communication and Information" and "All-Russian 120 Scientific and Research Institute of Standardization". The algorithm 121 GOST R 34.11-94 produces a 256-bit hash value of the arbitrary finite 122 bit length input. This document does not contain GOST R 34.11-94 full 123 specification, which could be found in [GOSTR3411] in Russian, 124 [Schneier95] ch. 18.11, p. 454. contain the brief technical 125 description in English. 127 The initial value (IV) and S-box are optional for algorithm 128 parameters (Algorithm Parameters part in [GOST28147] in Russian, 129 description in English see in [Schneier95] ch. 14.1, p. 331). The 130 Standard [GOST3411] does not define hash function algorithm 131 parameters, which ought to be set by object identifiers (OID) in 132 software code. 134 id-CryptoPro OBJECT IDENTIFIER ::= 135 { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) } 137 id-CryptoPro-algorithms OBJECT IDENTIFIER ::= 138 { id-CryptoPro } 140 The hash algorithm GOST R 34.11-94 has the following identifier: 142 id-GostR3411-94 OBJECT IDENTIFIER ::= 143 { id-CryptoPro-algorithms gostr3411(9) } 145 The following structure contains digest in little-endian 146 representation: 148 GostR3411-94-Digest ::= OCTET STRING (SIZE (32)) 150 3 Signature Algorithms 152 This section specifies the CMS procedures for GOST R 34.10-94 and 153 GOST R 34.10-2001 signature algorithms. 155 Signature algorithm identifiers are located in the SignerInfo 156 signatureAlgorithm field of SignedData. Also, signature algorithm 157 identifiers are located in the SignerInfo signatureAlgorithm field of 158 countersignature attributes. 160 Signature values are located in the SignerInfo signature field of 161 SignedData. Also, signature values are located in the SignerInfo 162 signature field of countersignature attributes. 164 3.1 Signature Algorithm GOST R 34.10-94 166 GOST R 34.10-94 has been developed by "GUBS of Federal Agency 167 Government Communication and Information" and "All-Russian Scientific 168 and Research Institute of Standardization". This signature algorithm 169 MUST be used conjointly with GOST R 34.11-94. This document does not 170 contain GOST R 34.10-94 standard description, which is fully 171 described in [GOSTR341094] in Russian, and brief description in 172 English could be found in [Schneier95] ch. 20.3, p. 495. 174 For a signature algorithm identifier, public key OID is used: 176 id-GostR3410-94 OBJECT IDENTIFIER ::= 177 { id-CryptoPro-algorithms gostR3410-94(20) } 179 Signature algorithm GOST R 34.10-94 generates digital signature in 180 the form of a binary 512-bit vector (256||256). 181 signatureValue contains its little endian representation. 183 GostR3410-94-Signature ::= OCTET STRING 185 3.2 Signature Algorithm GOST R 34.10-2001 187 GOST R 34.10-2001 has been developed by "GUBS of Federal Agency 188 Government Communication and Information" and "All-Russian Scientific 189 and Research Institute of Standardization". This signature algorithm 190 MUST be used conjointly with GOST R 34.11-94. This document does not 191 contain GOST R 34.10-2001 standard description, which is fully 192 described in [GOSTR34102001]. 194 For a signature algorithm identifier, public key OID is used: 196 id-GostR3410-2001 OBJECT IDENTIFIER ::= 197 { id-CryptoPro-algorithms gostR3410-2001(19) } 199 Signature algorithm GOST R 34.10-2001 generates digital signature in 200 the form of a binary 512-bit vector (256||256). 201 signatureValue contains its little endian representation. 203 GostR3410-2001-Signature ::= OCTET STRING 205 4 Key Management Algorithms 207 This chapter describes the key agreement and key transport 208 algorithms, always supposing that key enciphering usage is GOST 209 28147-89 algorithm only. 211 4.1 Key Agreement Algorithms 213 This part describes the key agreement algorithms based on both GOST R 214 34.10-94 and GOST R 34.10-2001 public keys. 216 Key agreement algorithm identifiers are located in the EnvelopedData 217 RecipientInfos KeyAgreeRecipientInfo keyEncryptionAlgorithm and 218 AuthenticatedData RecipientInfos KeyAgreeRecipientInfo 219 keyEncryptionAlgorithm fields. 221 Key wrap algorithm identifiers are located in the KeyWrapAlgorithm 222 parameters within the EnvelopedData RecipientInfos 223 KeyAgreeRecipientInfo keyEncryptionAlgorithm and AuthenticatedData 224 RecipientInfos KeyAgreeRecipientInfo keyEncryptionAlgorithm fields. 226 Wrapped content-encryption keys are located in the EnvelopedData 227 RecipientInfos KeyAgreeRecipientInfo RecipientEncryptedKeys 228 encryptedKey field. Wrapped message-authentication keys are located 229 in the AuthenticatedData RecipientInfos KeyAgreeRecipientInfo 230 RecipientEncryptedKeys encryptedKey field. 232 4.1.1 Key Agreement Algorithm Based on GOST R 34.10-94 Public Keys 234 The key agreement algorithm based on GOST R 34.10-94 public keys is 235 described in [CPALGS]. When using this algorithm, the EnvelopedData 236 RecipientInfos KeyAgreeRecipientInfo field is used as follows: 238 version MUST be 3. 240 originator MUST be the originatorKey alternative. The 241 originatorKey algorithm field MUST contain the object identifier 242 id-GostR3410-94 with necessary parameters (see [CPALGS]). The 243 originatorKey publicKey field MUST contain the sender's public 244 key. 246 keyEncryptionAlgorithm MUST be the id-GostR3410-94 algorithm 247 identifier. It's parameters encapsulate 248 GostR3410-94-TransportParameters, containing GOST 28147-89 249 algorithm parameters used for key encryption, and UKM. 250 ephemeralPublicKey MUST NOT be present. 252 GostR3410-94-TransportParameters ::= 253 SEQUENCE { 254 encryptionParamSet OBJECT IDENTIFIER, 255 ephemeralPublicKey SubjectPublicKeyInfo OPTIONAL, 256 ukm OCTET STRING 257 } 259 encryptedKey encapsulates Gost28147-89-EncryptedKey, which 260 contains encrypted session key and it's MAC. 262 Gost28147-89-EncryptedKey ::= SEQUENCE { 263 encryptedKey Gost28147-89-Key, 264 macKey Gost28147-89-MAC 265 } 267 4.1.2 Key Agreement Algorithm Based on GOST R 34.10-2001 Public Keys 269 The key agreement algorithm based on GOST R 34.10-2001 public keys is 270 described in [CPALGS]. When using this algorithm, the EnvelopedData 271 RecipientInfos KeyAgreeRecipientInfo field is used as follows: 273 Version MUST be 3. 275 originator MUST be the originatorKey alternative. The 276 originatorKey algorithm field MUST contain the object identifier 277 id-GostR3410-2001 with necessary parameters (see [CPALGS]). The 278 originatorKey publicKey field MUST contain the sender's public 279 key. 281 keyEncryptionAlgorithm MUST be the id-GostR3410-2001 algorithm 282 identifier. It's parameters encapsulate 283 GostR3410-2001-TransportParameters, containing GOST 28147-89 284 algorithm parameters used for key encryption, and UKM. 285 ephemeralPublicKey MUST NOT be present. 287 GostR3410-2001-TransportParameters ::= 288 SEQUENCE { 289 encryptionParamSet OBJECT IDENTIFIER, 290 ephemeralPublicKey SubjectPublicKeyInfo OPTIONAL, 291 ukm OCTET STRING 292 } 294 encryptedKey encapsulates Gost28147-89-EncryptedKey, which 295 contains encrypted session key and it's MAC. 297 Gost28147-89-EncryptedKey ::= SEQUENCE { 298 encryptedKey Gost28147-89-Key, 299 macKey Gost28147-89-MAC 300 } 302 4.2 Key Transport Algorithms 304 This part describes the key transport algorithms based on both GOST R 305 34.10-94 and GOST R 34.10-2001 public keys. 307 Key transport algorithm identifiers are located in the EnvelopedData 308 RecipientInfos KeyTransRecipientInfo keyEncryptionAlgorithm field. 310 Key transport encrypted content-encryption keys are located in the 311 EnvelopedData RecipientInfos KeyTransRecipientInfo encryptedKey 312 field. 314 4.2.1 Key Transport Algorithm Based on GOST R 34.10-94 Public Keys 316 The key transport algorithm based on GOST R 34.10-94 public keys is 317 described in [CPALGS]. When using this algorithm, the EnvelopedData 318 RecipientInfos KeyTransRecipientInfo field is used as follows: 320 version MUST be 0 or 3. 322 keyEncryptionAlgorithm MUST be identical to the recipient public 323 key algorithm identifier. 325 encryptedKey encapsulates 326 GostR3410-94-KeyTransportEncryptedKeyOctetString, which contains 327 encrypted session key, it's MAC, GOST 28147-89 algorithm 328 parameters used for key encryption, sender's ephemeral public key, 329 and UKM. 331 ephemeralPublicKey MUST be present, and its parameters, if 332 present, MUST be equal to the recipient public key parameters; 334 GostR3410-94-KeyTransportEncryptedKeyOctetString ::= SEQUENCE { 335 sessionEncryptedKey Gost28147-89-EncryptedKey, 336 transportParameters GostR3410-94-TransportParameters 337 } 339 GostR3410-94-TransportParameters ::= 340 SEQUENCE { 341 encryptionParamSet OBJECT IDENTIFIER, 342 ephemeralPublicKey SubjectPublicKeyInfo OPTIONAL, 343 ukm OCTET STRING 344 } 346 4.2.2 Key Transport Algorithm Based on GOST R 34.10-2001 Public Keys 348 The key transport algorithm based on GOST R 34.10-2001 public keys is 349 described in [CPALGS]. When using this algorithm, the EnvelopedData 350 RecipientInfos KeyTransRecipientInfo field is used as follows: 352 version MUST be 0 or 3. 354 keyEncryptionAlgorithm MUST be identical to the recipient public 355 key algorithm identifier. 357 encryptedKey encapsulates 358 GostR3410-2001-KeyTransportEncryptedKeyOctetString, which contains 359 encrypted session key, it's MAC, GOST 28147-89 algorithm 360 parameters used for key encryption, sender's ephemeral public key, 361 and UKM. 363 ephemeralPublicKey MUST be present, and it's parameters, if 364 present, MUST be equal to the recipient public key parameters; 366 GostR3410-2001-KeyTransportEncryptedKeyOctetString ::= SEQUENCE { 367 sessionEncryptedKey Gost28147-89-EncryptedKey, 368 transportParameters GostR3410-2001-TransportParameters 369 } 371 GostR3410-2001-TransportParameters ::= 372 SEQUENCE { 373 encryptionParamSet OBJECT IDENTIFIER, 374 ephemeralPublicKey SubjectPublicKeyInfo OPTIONAL, 375 ukm OCTET STRING 376 } 378 5 Content Encryption Algorithms 380 This section specifies the conventions employed by CMS 381 implementations that support content encryption using GOST 28147-89. 383 Content encryption algorithm identifiers are located in the 384 EnvelopedData EncryptedContentInfo contentEncryptionAlgorithm and the 385 EncryptedData EncryptedContentInfo contentEncryptionAlgorithm fields. 387 Content encryption algorithms are used to encipher the content 388 located in the EnvelopedData EncryptedContentInfo encryptedContent 389 field and the EncryptedData EncryptedContentInfo encryptedContent 390 field. 392 5.1 Content Encryption Algorithm GOST 28147-89 394 This section specifies the use of GOST 28147-89 algorithm for data 395 encipherment. 397 GOST 28147-89 is fully described in [GOST28147] (in Russian). 399 This document specifies the following OID for this algorithm: 401 id-Gost28147-89 OBJECT IDENTIFIER ::= 402 { id-CryptoPro-algorithms gost28147-89(21) } 404 Algorithm parameters MUST be present and have the following 405 structure: 407 Gost28147-89-Parameters ::= SEQUENCE { 408 encryptionParamSet OBJECT IDENTIFIER ( id- 409 Gost28147-89-TestParamSet | -- Only for tests use id- 410 Gost28147-89-CryptoPro-A-ParamSet | id- 411 Gost28147-89-CryptoPro-B-ParamSet | id- 412 Gost28147-89-CryptoPro-C-ParamSet | id- 413 Gost28147-89-CryptoPro-D-ParamSet | id- 414 Gost28147-89-CryptoPro-Simple-A-ParamSet | id- 415 Gost28147-89-CryptoPro-Simple-B-ParamSet | id- 416 Gost28147-89-CryptoPro-Simple-C-ParamSet | id- 417 Gost28147-89-CryptoPro-Simple-D-ParamSet ), iv 418 Gost28147-89-IV } 420 encryptionParamSet specify the set of corresponding 421 Gost28147-89-ParamSetParameters. 423 Gost28147-89-ParamSetParameters ::= SEQUENCE { 424 eUZ Gost28147-89-UZ, 425 mode INTEGER { 426 gost28147-89-OFB(0), 427 gost28147-89-CFB(1), 428 cryptoPro-CBC(2) 429 }, 430 shiftBits INTEGER { gost28147-89-block(64) }, 431 keyWrap AlgorithmIdentifier {{ 432 Gost28147-89-KeyWrapAlgorithms 433 }}, 434 keyMix AlgorithmIdentifier {{ 435 Gost28147-89-KeyMixAlgorithms 436 }} } 438 where 439 iv - initializsation vector; 440 eUZ - S-box; 441 mode - cipher mode; 442 shiftBits - cipher parameter; 443 keyWrap - key export algorithm identifier; 444 keyMix - key meshing algorithm. 446 The following values for encryptionParamSet are already defined: 448 id-Gost28147-89-TestParamSet OBJECT IDENTIFIER ::= { id- 449 CryptoPro-encrypts test(0) } 451 id-Gost28147-89-CryptoPro-A-ParamSet OBJECT IDENTIFIER ::= { 452 id-CryptoPro-encrypts cryptopro-A(1) } 454 id-Gost28147-89-CryptoPro-B-ParamSet OBJECT IDENTIFIER ::= { 455 id-CryptoPro-encrypts cryptopro-B(2) } 457 id-Gost28147-89-CryptoPro-C-ParamSet OBJECT IDENTIFIER ::= { 458 id-CryptoPro-encrypts cryptopro-C(3) } 460 id-Gost28147-89-CryptoPro-D-ParamSet OBJECT IDENTIFIER ::= { 461 id-CryptoPro-encrypts cryptopro-D(4) } 463 id-Gost28147-89-CryptoPro-Simple-A-ParamSet OBJECT 464 IDENTIFIER ::= { id-CryptoPro-encrypts cryptopro-Simple-A(6) 465 } 467 id-Gost28147-89-CryptoPro-Simple-B-ParamSet OBJECT 468 IDENTIFIER ::= { id-CryptoPro-encrypts cryptopro-Simple-B(7) 469 } 471 id-Gost28147-89-CryptoPro-Simple-C-ParamSet OBJECT 472 IDENTIFIER ::= { id-CryptoPro-encrypts cryptopro-Simple-C(8) 473 } 475 id-Gost28147-89-CryptoPro-Simple-D-ParamSet OBJECT 476 IDENTIFIER ::= { id-CryptoPro-encrypts cryptopro-Simple-D(9) 477 } 479 6 MAC Algorithms 481 This section specifies the conventions employed by CMS 482 implementations that support the message authentication code (MAC) 483 based on GOST R 34.11-94 HMAC. This MAC can also be used as a 484 pseudo-random function with 256 bits (32 bytes) internal state size, 485 which can be used to derive keys. 487 MAC algorithm identifiers are located in the AuthenticatedData 488 macAlgorithm field. 490 MAC values are located in the AuthenticatedData mac field 492 6.1 HMAC with GOST R 34.11-94 494 GOSTR3411_HMAC (K,text) function is based on hash function GOST R 495 34.11-94, as defined in [HMAC], with the following parameter values: 496 B = 32, L = 32. 498 OID for GOSTR3411_HMAC, defined by this document: 500 id-HMACGostR3411-94 OBJECT IDENTIFIER ::= 501 { id-CryptoPro-algorithms hmacgostr3411(10) } 503 This algorithm has the same parameters, as GOST R 34.11-94 digest 504 algorithm, and uses the same OIDs for their identification (see 505 [CPPK]). 507 7 Using with S/MIME 509 This section defines use of the algorithms defined in this document 510 together with S/MIME [RFC 2633]. 512 7.1 Parameter micalg 514 When using the algorithms defined in this document, micalg parameter 515 should be set to 'unknown', according to [RFCC 2633]. 517 7.2 Attribute SMIMECapabilities 519 S/MIME message, which uses the algorithms defined in this document, 520 should contain the list of algorithm identifiers for digest and 521 encryption algorithms, defined in this document, with their 522 parameters, in it's SMIMECapabilities attribute. 524 8 Security Considerations 526 Parameter values for using cryptographic algorithms affect rigidity 527 of information protection system. It is RECCOMENDED, that software 528 applications verify signature values, subject public keys and 529 algorithm parameters to conform to [GOSTR34102001], [GOSTR341094] 530 standards prior to their use. 532 The algorithm parameters proposed hereby and described in this 533 document, have been analyzed by special certification laboratory of 534 Scientific and Technical Center "ATLAS" and by Center of 535 Certificational Investigations in appropriate levels of 536 target_of_evaluation (TOE). 538 In case of different parameters usage, it is RECCOMENDED that they 539 are to be examined by authorized agency with approved methods of 540 cryptographic analysis. 542 9 Appendix ASN.1 Modules 544 9.1 Gost28147-89-EncryptionSyntax 546 -- Copyright(C) CRYPTO-PRO Company 547 Gost28147-89-EncryptionSyntax 548 { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) 549 other(1) modules(1) gost28147-89-EncryptionSyntax(4) 1 } 550 DEFINITIONS EXPLICIT TAGS ::= 551 BEGIN 552 -- EXPORTS All -- 553 -- The types and values defined in this module are exported for 554 -- use in the other ASN.1 modules contained within the Russian 555 -- Cryptography "GOST" & "GOST R" Specifications, and for the use 556 -- of other applications which will use them to access Russian 557 -- Cryptography services. Other applications may use them for 558 -- their own purposes, but this will not constrain extensions and 559 -- modifications needed to maintain or improve the Russian 560 -- Cryptography service. 561 IMPORTS 562 id-CryptoPro-algorithms, id-CryptoPro-encrypts, 563 cryptographic-Gost-Useful-Definitions 564 FROM Cryptographic-Gost-Useful-Definitions 565 { iso(1) member-body(2) ru(643) rans(2) 566 cryptopro(2) other(1) modules(1) 567 cryptographic-Gost-Useful-Definitions(0) 1 } 568 AlgorithmIdentifier, ALGORITHM-IDENTIFIER 569 FROM Cryptographic-Gost-Useful-Definitions 570 cryptographic-Gost-Useful-Definitions 571 ; 572 -- GOST 28147-89 OID 573 id-Gost28147-89 OBJECT IDENTIFIER ::= 574 { id-CryptoPro-algorithms gost28147-89(21) } 576 -- GOST 28147-89 Cryptographic Parameter Sets OIDs 577 id-Gost28147-89-TestParamSet OBJECT IDENTIFIER ::= 578 { id-CryptoPro-encrypts test(0) } 579 id-Gost28147-89-CryptoPro-A-ParamSet OBJECT IDENTIFIER ::= 580 { id-CryptoPro-encrypts cryptopro-A(1) } 581 id-Gost28147-89-CryptoPro-B-ParamSet OBJECT IDENTIFIER ::= 582 { id-CryptoPro-encrypts cryptopro-B(2) } 583 id-Gost28147-89-CryptoPro-C-ParamSet OBJECT IDENTIFIER ::= 584 { id-CryptoPro-encrypts cryptopro-C(3) } 585 id-Gost28147-89-CryptoPro-D-ParamSet OBJECT IDENTIFIER ::= 586 { id-CryptoPro-encrypts cryptopro-D(4) } 587 id-Gost28147-89-CryptoPro-Simple-A-ParamSet 588 OBJECT IDENTIFIER ::= 589 { id-CryptoPro-encrypts cryptopro-Simple-A(6) } 590 id-Gost28147-89-CryptoPro-Simple-B-ParamSet 591 OBJECT IDENTIFIER ::= 592 { id-CryptoPro-encrypts cryptopro-Simple-B(7) } 593 id-Gost28147-89-CryptoPro-Simple-C-ParamSet 594 OBJECT IDENTIFIER ::= 595 { id-CryptoPro-encrypts cryptopro-Simple-C(8) } 596 id-Gost28147-89-CryptoPro-Simple-D-ParamSet 597 OBJECT IDENTIFIER ::= 598 { id-CryptoPro-encrypts cryptopro-Simple-D(9) } 599 -- GOST 28147-89 Types 600 Gost28147-89-Data ::= OCTET STRING (SIZE (0..4294967294)) 601 Gost28147-89-EncryptedData ::= 602 OCTET STRING (SIZE (0..4294967294)) 603 Gost28147-89-UZ ::= OCTET STRING (SIZE (64)) 604 Gost28147-89-IV ::= OCTET STRING (SIZE (8)) 605 Gost28147-89-Key ::= OCTET STRING (SIZE (32)) 606 Gost28147-89-MAC ::= OCTET STRING (SIZE (1..4)) 607 Gost28147-89-EncryptedKey ::= 608 SEQUENCE { 609 encryptedKey Gost28147-89-Key, 610 macKey Gost28147-89-MAC (SIZE (4)) 611 } 612 -- GOST 28147-89 encryption algorithm parameters 613 Gost28147-89-Parameters ::= 614 SEQUENCE { 615 encryptionParamSet 616 OBJECT IDENTIFIER ( 617 id-Gost28147-89-TestParamSet | -- Only for tests use 618 id-Gost28147-89-CryptoPro-A-ParamSet | 619 id-Gost28147-89-CryptoPro-B-ParamSet | 620 id-Gost28147-89-CryptoPro-C-ParamSet | 621 id-Gost28147-89-CryptoPro-D-ParamSet | 622 id-Gost28147-89-CryptoPro-Simple-A-ParamSet | 623 id-Gost28147-89-CryptoPro-Simple-B-ParamSet | 624 id-Gost28147-89-CryptoPro-Simple-C-ParamSet | 625 id-Gost28147-89-CryptoPro-Simple-D-ParamSet 626 ), 627 iv Gost28147-89-IV 628 } 629 Gost28147-89-Algorithms ALGORITHM-IDENTIFIER ::= { 630 { Gost28147-89-Parameters IDENTIFIED BY 631 id-Gost28147-89 } 632 } 633 END -- Gost28147-89-EncryptionSyntax 635 9.2 Gost28147-89-ParamSetSyntax 637 -- Copyright(C) CRYPTO-PRO Company 638 Gost28147-89-ParamSetSyntax 639 { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) 640 other(1) modules(1) gost28147-89-ParamSetSyntax(6) 1 } 641 DEFINITIONS EXPLICIT TAGS ::= 642 BEGIN 643 -- EXPORTS All -- 644 -- The types and values defined in this module are exported for 645 -- use in the other ASN.1 modules contained within the Russian 646 -- Cryptography "GOST" & "GOST R" Specifications, and for the use 647 -- of other applications which will use them to access Russian 648 -- Cryptography services. Other applications may use them for 649 -- their own purposes, but this will not constrain extensions and 650 -- modifications needed to maintain or improve the Russian 651 -- Cryptography service. 652 IMPORTS 653 id-CryptoPro-algorithms, id-CryptoPro-encrypts, 654 gost28147-89-EncryptionSyntax, 655 cryptographic-Gost-Useful-Definitions 656 FROM Cryptographic-Gost-Useful-Definitions 657 { iso(1) member-body(2) ru(643) rans(2) 658 cryptopro(2) other(1) modules(1) 659 cryptographic-Gost-Useful-Definitions(0) 1 } 660 Gost28147-89-UZ, 661 id-Gost28147-89-TestParamSet, 662 id-Gost28147-89-CryptoPro-A-ParamSet, 663 id-Gost28147-89-CryptoPro-B-ParamSet, 664 id-Gost28147-89-CryptoPro-C-ParamSet, 665 id-Gost28147-89-CryptoPro-D-ParamSet, 666 id-Gost28147-89-CryptoPro-Simple-A-ParamSet, 667 id-Gost28147-89-CryptoPro-Simple-B-ParamSet, 668 id-Gost28147-89-CryptoPro-Simple-C-ParamSet, 669 id-Gost28147-89-CryptoPro-Simple-D-ParamSet 670 FROM Gost28147-89-EncryptionSyntax 671 gost28147-89-EncryptionSyntax 673 AlgorithmIdentifier, ALGORITHM-IDENTIFIER 674 FROM Cryptographic-Gost-Useful-Definitions 675 cryptographic-Gost-Useful-Definitions 676 ; 677 -- GOST 28147-89 Cryptographic Parameters Set: 678 -- algorithm & parameters 679 -- OID for Parameters Set imported from 680 -- Gost28147-89-EncryptionSyntax 681 Gost28147-89-ParamSetParameters ::= 682 SEQUENCE { 683 eUZ Gost28147-89-UZ, 684 mode INTEGER { 685 gost28147-89-OFB(0), 686 gost28147-89-CFB(1), 687 cryptoPro-CBC(2) 688 }, 689 shiftBits INTEGER { gost28147-89-block(64) }, 690 keyWrap AlgorithmIdentifier {{ 691 Gost28147-89-KeyWrapAlgorithms 692 }}, 693 keyMix AlgorithmIdentifier {{ 694 Gost28147-89-KeyMixAlgorithms 695 }} 696 } 697 Gost28147-89-ParamSetAlgorithms ALGORITHM-IDENTIFIER ::= { 698 { Gost28147-89-ParamSetParameters IDENTIFIED BY 699 id-Gost28147-89-TestParamSet } | 700 { Gost28147-89-ParamSetParameters IDENTIFIED BY 701 id-Gost28147-89-CryptoPro-A-ParamSet } | 702 { Gost28147-89-ParamSetParameters IDENTIFIED BY 703 id-Gost28147-89-CryptoPro-B-ParamSet } | 704 { Gost28147-89-ParamSetParameters IDENTIFIED BY 705 id-Gost28147-89-CryptoPro-C-ParamSet } | 706 { Gost28147-89-ParamSetParameters IDENTIFIED BY 707 id-Gost28147-89-CryptoPro-D-ParamSet } | 708 { Gost28147-89-ParamSetParameters IDENTIFIED BY 709 id-Gost28147-89-CryptoPro-Simple-A-ParamSet } | 710 { Gost28147-89-ParamSetParameters IDENTIFIED BY 711 id-Gost28147-89-CryptoPro-Simple-B-ParamSet } | 712 { Gost28147-89-ParamSetParameters IDENTIFIED BY 713 id-Gost28147-89-CryptoPro-Simple-C-ParamSet } | 714 { Gost28147-89-ParamSetParameters IDENTIFIED BY 715 id-Gost28147-89-CryptoPro-Simple-D-ParamSet } 716 } 717 id-Gost28147-89-CryptoPro-KeyWrap OBJECT IDENTIFIER ::= 718 { id-CryptoPro-algorithms keyWrap(13) cryptoPro(1) } 719 id-Gost28147-89-None-KeyWrap OBJECT IDENTIFIER ::= 720 { id-CryptoPro-algorithms keyWrap(13) none(0) } 722 Gost28147-89-KeyWrapAlgorithms ALGORITHM-IDENTIFIER ::= { 723 { NULL IDENTIFIED BY id-Gost28147-89-CryptoPro-KeyWrap } | 724 { NULL IDENTIFIED BY id-Gost28147-89-None-KeyWrap } 725 } 726 id-Gost28147-89-CryptoPro-KeyMix OBJECT IDENTIFIER ::= 727 { id-CryptoPro-algorithms keyMix(14) cryptoPro(1) } 728 id-Gost28147-89-None-KeyMix OBJECT IDENTIFIER ::= 729 { id-CryptoPro-algorithms keyMix(14) none(0) } 730 Gost28147-89-KeyMixAlgorithms ALGORITHM-IDENTIFIER ::= { 731 { NULL IDENTIFIED BY id-Gost28147-89-CryptoPro-KeyMix } | 732 { NULL IDENTIFIED BY id-Gost28147-89-None-KeyMix } 733 } 734 -- GOST 28147-89 Cryptographic Parameters Set: values 735 -- Test Parameters Set 736 gost28147-89-TestParamSetAI 737 AlgorithmIdentifier {{ 738 Gost28147-89-ParamSetAlgorithms 739 }} ::= 740 { 741 algorithm 742 id-Gost28147-89-TestParamSet, 743 parameters 744 Gost28147-89-ParamSetParameters:{ 745 eUZ '4CDE389C2989EFB6FFEB56C55EC29B029875613B113F896 746 003970C798AA1D55DE210AD43375DB38EB42C77E7CD46CAFAD66A201F70F41EA4AB 747 03F22165B844D8'H, 748 mode gost28147-89-OFB, 749 shiftBits 64, 750 keyWrap 751 { algorithm id-Gost28147-89-None-KeyWrap }, 752 keyMix 753 { algorithm id-Gost28147-89-None-KeyMix } 754 } 755 } 756 -- CryptoPro Parameters Sets 757 gost28147-89-UZ-CryptoPro-A Gost28147-89-UZ ::= 758 -- K1 K2 K3 K4 K5 K6 K7 K8 759 -- 9 3 E E B 3 1 B 760 -- 6 7 4 7 5 A D A 761 -- 3 E 6 A 1 D 2 F 762 -- 2 9 2 C 9 C 9 5 763 -- 8 8 B D 8 1 7 0 764 -- B A 3 1 D 2 A C 765 -- 1 F D 3 F 0 6 E 766 -- 7 0 8 9 0 B 0 8 767 -- A 5 C 0 E 7 8 6 768 -- 4 2 F 2 4 5 C 2 769 -- E 6 5 B 2 9 4 3 770 -- F C A 4 3 4 5 9 771 -- C B 0 F C 8 F 1 772 -- 0 4 7 8 7 F 3 7 773 -- D D 1 5 A E B D 774 -- 5 1 9 6 6 6 E 4 775 '93EEB31B67475ADA3E6A1D2F292C9C9588BD8170BA31D2AC1FD3F06E70 776 890B08A5C0E78642F245C2E65B2943FCA43459CB0FC8F104787F37DD15AEBD51966 777 6E4'H 778 gost28147-89-CryptoPro-A-ParamSetAI 779 AlgorithmIdentifier {{ 780 Gost28147-89-ParamSetAlgorithms 781 }} ::= 782 { 783 algorithm 784 id-Gost28147-89-CryptoPro-A-ParamSet, 785 parameters 786 Gost28147-89-ParamSetParameters:{ 787 eUZ gost28147-89-UZ-CryptoPro-A, 788 mode gost28147-89-CFB, 789 shiftBits 64, 790 keyWrap 791 { algorithm id-Gost28147-89-CryptoPro-KeyWrap }, 792 keyMix 793 { algorithm id-Gost28147-89-CryptoPro-KeyMix } 794 } 795 } 796 -- 797 gost28147-89-UZ-CryptoPro-B Gost28147-89-UZ ::= 798 -- K1 K2 K3 K4 K5 K6 K7 K8 799 -- 8 0 E 7 2 8 5 0 800 -- 4 1 C 5 7 3 2 4 801 -- B 2 0 0 C 2 A B 802 -- 1 A A D F 6 B E 803 -- 3 4 9 B 9 4 9 8 804 -- 5 D 2 6 5 D 1 3 805 -- 0 5 D 1 A E C 7 806 -- 9 C B 2 B B 3 1 807 -- 2 9 7 3 1 C 7 A 808 -- E 7 5 A 4 1 4 2 809 -- A 3 8 C 0 7 D 9 810 -- C F F F D F 0 6 811 -- D B 3 4 6 A 6 F 812 -- 6 8 6 E 8 0 F D 813 -- 7 6 1 9 E 9 8 5 814 -- F E 4 8 3 5 E C 815 '80E7285041C57324B200C2AB1AADF6BE349B94985D265D1305D1AEC79C 816 B2BB3129731C7AE75A4142A38C07D9CFFFDF06DB346A6F686E80FD7619E985FE483 817 5EC'H 818 gost28147-89-CryptoPro-B-ParamSetAI 819 AlgorithmIdentifier {{ 820 Gost28147-89-ParamSetAlgorithms 821 }} ::= 822 { 823 algorithm 824 id-Gost28147-89-CryptoPro-B-ParamSet, 825 parameters 826 Gost28147-89-ParamSetParameters:{ 827 eUZ gost28147-89-UZ-CryptoPro-B, 828 mode gost28147-89-CFB, 829 shiftBits 64, 830 keyWrap 831 { algorithm id-Gost28147-89-CryptoPro-KeyWrap }, 832 keyMix 833 { algorithm id-Gost28147-89-CryptoPro-KeyMix } 834 } 835 } 836 -- 837 gost28147-89-UZ-CryptoPro-C Gost28147-89-UZ ::= 838 -- K1 K2 K3 K4 K5 K6 K7 K8 839 -- 1 0 8 3 8 C A 7 840 -- B 1 2 6 D 9 9 4 841 -- C 7 5 0 B B 6 0 842 -- 2 D 0 1 0 1 8 5 843 -- 9 B 4 5 4 8 D A 844 -- D 4 9 D 5 E E 2 845 -- 0 5 F A 1 2 2 F 846 -- F 2 A 8 2 4 0 E 847 -- 4 8 3 B 9 7 F C 848 -- 5 E 7 2 3 3 3 6 849 -- 8 F C 9 C 6 5 1 850 -- E C D 7 E 5 B B 851 -- A 9 6 E 6 A 4 D 852 -- 7 A E F F 0 1 9 853 -- 6 6 1 C A F C 3 854 -- 3 3 B 4 7 D 7 8 855 '10838CA7B126D994C750BB602D0101859B4548DAD49D5EE205FA122FF2 856 A8240E483B97FC5E7233368FC9C651ECD7E5BBA96E6A4D7AEFF019661CAFC333B47 857 D78'H 858 gost28147-89-CryptoPro-C-ParamSetAI 859 AlgorithmIdentifier {{ 860 Gost28147-89-ParamSetAlgorithms 861 }} ::= 862 { 863 algorithm 864 id-Gost28147-89-CryptoPro-C-ParamSet, 865 parameters 867 Gost28147-89-ParamSetParameters:{ 868 eUZ gost28147-89-UZ-CryptoPro-C, 869 mode gost28147-89-CFB, 870 shiftBits 64, 871 keyWrap 872 { algorithm id-Gost28147-89-CryptoPro-KeyWrap }, 873 keyMix 874 { algorithm id-Gost28147-89-CryptoPro-KeyMix } 875 } 876 } 877 -- 878 gost28147-89-UZ-CryptoPro-D Gost28147-89-UZ ::= 879 -- K1 K2 K3 K4 K5 K6 K7 K8 880 -- F B 1 1 0 8 3 1 881 -- C 6 C 5 C 0 0 A 882 -- 2 3 B E 8 F 6 6 883 -- A 4 0 C 9 3 F 8 884 -- 6 C F A D 2 1 F 885 -- 4 F E 7 2 5 E B 886 -- 5 E 6 0 A E 9 0 887 -- 0 2 5 D B B 2 4 888 -- 7 7 A 6 7 1 D C 889 -- 9 D D 2 3 A 8 3 890 -- E 8 4 B 6 4 C 5 891 -- D 0 8 4 5 7 4 9 892 -- 1 5 9 9 4 C B 7 893 -- B A 3 3 E 9 A D 894 -- 8 9 7 F F D 5 2 895 -- 3 1 2 8 1 6 7 E'H 896 'FB110831C6C5C00A23BE8F66A40C93F86CFAD21F4FE725EB5E60AE9002 897 5DBB2477A671DC9DD23A83E84B64C5D084574915994CB7BA33E9AD897FFD5231281 898 67E'H 899 gost28147-89-CryptoPro-D-ParamSetAI 900 AlgorithmIdentifier {{ 901 Gost28147-89-ParamSetAlgorithms 902 }} ::= 903 { 904 algorithm 905 id-Gost28147-89-CryptoPro-D-ParamSet, 906 parameters 907 Gost28147-89-ParamSetParameters:{ 908 eUZ gost28147-89-UZ-CryptoPro-D, 909 mode gost28147-89-CFB, 910 shiftBits 64, 911 keyWrap 912 { algorithm id-Gost28147-89-CryptoPro-KeyWrap }, 913 keyMix 914 { algorithm id-Gost28147-89-CryptoPro-KeyMix } 916 } 917 } 918 -- 919 gost28147-89-CryptoPro-Simple-A-ParamSetAI 920 AlgorithmIdentifier {{ 921 Gost28147-89-ParamSetAlgorithms 922 }} ::= 923 { 924 algorithm 925 id-Gost28147-89-CryptoPro-Simple-A-ParamSet, 926 parameters 927 Gost28147-89-ParamSetParameters:{ 928 eUZ gost28147-89-UZ-CryptoPro-A, 929 mode gost28147-89-CFB, 930 shiftBits 64, 931 keyWrap 932 { algorithm id-Gost28147-89-None-KeyWrap }, 933 keyMix 934 { algorithm id-Gost28147-89-CryptoPro-KeyMix } 935 } 936 } 937 -- 938 gost28147-89-CryptoPro-Simple-B-ParamSetAI 939 AlgorithmIdentifier {{ 940 Gost28147-89-ParamSetAlgorithms 941 }} ::= 942 { 943 algorithm 944 id-Gost28147-89-CryptoPro-Simple-B-ParamSet, 945 parameters 946 Gost28147-89-ParamSetParameters:{ 947 eUZ gost28147-89-UZ-CryptoPro-B, 948 mode gost28147-89-CFB, 949 shiftBits 64, 950 keyWrap 951 { algorithm id-Gost28147-89-None-KeyWrap }, 952 keyMix 953 { algorithm id-Gost28147-89-CryptoPro-KeyMix } 954 } 955 } 956 -- 957 gost28147-89-CryptoPro-Simple-C-ParamSetAI 958 AlgorithmIdentifier {{ 959 Gost28147-89-ParamSetAlgorithms 960 }} ::= 961 { 962 algorithm 963 id-Gost28147-89-CryptoPro-Simple-C-ParamSet, 964 parameters 965 Gost28147-89-ParamSetParameters:{ 966 eUZ gost28147-89-UZ-CryptoPro-C, 967 mode gost28147-89-CFB, 968 shiftBits 64, 969 keyWrap 970 { algorithm id-Gost28147-89-None-KeyWrap }, 971 keyMix 972 { algorithm id-Gost28147-89-CryptoPro-KeyMix } 973 } 974 } 975 -- 976 gost28147-89-CryptoPro-Simple-D-ParamSetAI 977 AlgorithmIdentifier {{ 978 Gost28147-89-ParamSetAlgorithms 979 }} ::= 980 { 981 algorithm 982 id-Gost28147-89-CryptoPro-Simple-D-ParamSet, 983 parameters 984 Gost28147-89-ParamSetParameters:{ 985 eUZ gost28147-89-UZ-CryptoPro-D, 986 mode gost28147-89-CFB, 987 shiftBits 64, 988 keyWrap 989 { algorithm id-Gost28147-89-None-KeyWrap }, 990 keyMix 991 { algorithm id-Gost28147-89-CryptoPro-KeyMix } 992 } 993 } 994 END -- Gost28147-89-ParamSetSyntax 996 9.3 GostR3410-94-EncryptionSyntax 998 -- Copyright(C) CRYPTO-PRO Company 999 GostR3410-94-EncryptionSyntax 1000 { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) 1001 other(1) modules(1) gostR3410-94-EncryptionSyntax(5) 2 } 1002 DEFINITIONS ::= 1003 BEGIN 1004 -- EXPORTS All -- 1005 -- The types and values defined in this module are exported for 1006 -- use in the other ASN.1 modules contained within the Russian 1007 -- Cryptography "GOST" & "GOST R" Specifications, and for the use 1008 -- of other applications which will use them to access Russian 1009 -- Cryptography services. Other applications may use them for 1010 -- their own purposes, but this will not constrain extensions and 1011 -- modifications needed to maintain or improve the Russian 1012 -- Cryptography service. 1013 IMPORTS 1014 id-CryptoPro-algorithms, 1015 gost28147-89-EncryptionSyntax, 1016 gostR3410-94-PKISyntax, 1017 cryptographic-Gost-Useful-Definitions 1018 FROM Cryptographic-Gost-Useful-Definitions 1019 { iso(1) member-body(2) ru(643) rans(2) 1020 cryptopro(2) other(1) modules(1) 1021 cryptographic-Gost-Useful-Definitions(0) 1 } 1022 id-GostR3410-94, 1023 GostR3410-94-PublicKeyParameters, 1024 GostR3410-94-PublicKeyAlgorithms 1025 FROM GostR3410-94-PKISyntax gostR3410-94-PKISyntax 1026 id-Gost28147-89-TestParamSet, 1027 id-Gost28147-89-CryptoPro-A-ParamSet, 1028 id-Gost28147-89-CryptoPro-B-ParamSet, 1029 id-Gost28147-89-CryptoPro-C-ParamSet, 1030 id-Gost28147-89-CryptoPro-D-ParamSet, 1031 id-Gost28147-89-CryptoPro-Simple-A-ParamSet, 1032 id-Gost28147-89-CryptoPro-Simple-B-ParamSet, 1033 id-Gost28147-89-CryptoPro-Simple-C-ParamSet, 1034 id-Gost28147-89-CryptoPro-Simple-D-ParamSet, 1035 Gost28147-89-EncryptedKey 1036 FROM Gost28147-89-EncryptionSyntax 1037 gost28147-89-EncryptionSyntax 1038 -- id-external-PKIX1Explicit93, 1039 AlgorithmIdentifier, ALGORITHM-IDENTIFIER 1040 FROM Cryptographic-Gost-Useful-Definitions 1041 cryptographic-Gost-Useful-Definitions 1042 -- SubjectPublicKeyInfo 1043 -- FROM PKIX1Explicit93 id-external-PKIX1Explicit93 1044 SubjectPublicKeyInfo 1045 FROM PKIX1Explicit88 {iso(1) identified-organization(3) 1046 dod(6) internet(1) security(5) mechanisms(5) pkix(7) 1047 id-mod(0) id-pkix1-explicit(1)} 1048 ; 1049 -- CMS/PKCS#7 Key transport OID, Algorithm & Parameters 1050 -- OID for CMS/PKCS#7 Key transport is id-GostR3410-94 from 1051 -- GostR3410-94-PKISyntax 1052 -- Parameters for CMS/PKCS#7 Key transport is 1053 -- GostR3410-94-PublicKeyParameters from 1054 -- GostR3410-94-PKISyntax with encryptionParameterOID 1055 -- Algorithm for CMS/PKCS#7 Key transport is 1056 -- GostR3410-94-PublicKeyAlgorithms from 1057 -- GostR3410-94-PKISyntax 1058 -- SMIMECapability for CMS/PKCS#7 Key transport is 1059 -- id-GostR3410-94 from GostR3410-94-PKISyntax 1060 id-GostR3410-94-KeyTransportSMIMECapability 1061 OBJECT IDENTIFIER ::= id-GostR3410-94 1062 GostR3410-94-KeyTransportEncryptedKeyOctetString ::= 1063 SEQUENCE { 1064 sessionEncryptedKey Gost28147-89-EncryptedKey, 1065 transportParameters GostR3410-94-TransportParameters -- 1066 OPTIONAL 1067 } 1068 GostR3410-94-TransportParameters ::= 1069 SEQUENCE { 1070 encryptionParamSet 1071 OBJECT IDENTIFIER ( 1072 id-Gost28147-89-TestParamSet | -- Only for tests use 1073 id-Gost28147-89-CryptoPro-A-ParamSet | 1074 id-Gost28147-89-CryptoPro-B-ParamSet | 1075 id-Gost28147-89-CryptoPro-C-ParamSet | 1076 id-Gost28147-89-CryptoPro-D-ParamSet | 1077 id-Gost28147-89-CryptoPro-Simple-A-ParamSet | 1078 id-Gost28147-89-CryptoPro-Simple-B-ParamSet | 1079 id-Gost28147-89-CryptoPro-Simple-C-ParamSet | 1080 id-Gost28147-89-CryptoPro-Simple-D-ParamSet 1081 ), 1082 ephemeralPublicKey SubjectPublicKeyInfo OPTIONAL, 1083 ukm OCTET STRING 1084 } 1085 GostR3410-94-KeyEncryptionAlgorithms 1086 ALGORITHM-IDENTIFIER ::= { 1087 { GostR3410-94-PublicKeyParameters IDENTIFIED BY 1088 id-GostR3410-94 } 1089 } 1090 END -- GostR3410-94-EncryptionSyntax 1092 9.4 GostR3410-94-SignatureSyntax 1094 -- Copyright(C) CRYPTO-PRO Company 1095 GostR3410-94-SignatureSyntax 1096 { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) 1097 other(1) modules(1) gostR3410-94-SignatureSyntax(3) 1 } 1098 DEFINITIONS ::= 1099 BEGIN 1100 -- EXPORTS All -- 1101 -- The types and values defined in this module are exported for 1102 -- use in the other ASN.1 modules contained within the Russian 1103 -- Cryptography "GOST" & "GOST R" Specifications, and for the use 1104 -- of other applications which will use them to access Russian 1105 -- Cryptography services. Other applications may use them for 1106 -- their own purposes, but this will not constrain extensions and 1107 -- modifications needed to maintain or improve the Russian 1108 -- Cryptography service. 1109 IMPORTS 1110 gostR3411-94-DigestSyntax, 1111 gostR3410-94-PKISyntax, 1112 cryptographic-Gost-Useful-Definitions 1113 FROM Cryptographic-Gost-Useful-Definitions 1114 { iso(1) member-body(2) ru(643) rans(2) 1115 cryptopro(2) other(1) modules(1) 1116 cryptographic-Gost-Useful-Definitions(0) 1 } 1117 id-GostR3411-94, GostR3411-94-Digest, 1118 GostR3411-94-DigestParameters, 1119 id-GostR3411-94-TestParamSet, 1120 id-GostR3411-94-CryptoProParamSet 1121 FROM GostR3411-94-DigestSyntax gostR3411-94-DigestSyntax 1122 id-GostR3410-94, 1123 GostR3410-94-PublicKeyParameters, 1124 id-GostR3410-94-TestParamSet, 1125 id-GostR3410-94-CryptoPro-A-ParamSet, 1126 id-GostR3410-94-CryptoPro-B-ParamSet, 1127 id-GostR3410-94-CryptoPro-C-ParamSet, 1128 id-GostR3410-94-CryptoPro-D-ParamSet, 1129 id-GostR3410-94-CryptoPro-XchA-ParamSet, 1130 id-GostR3410-94-CryptoPro-XchB-ParamSet, 1131 id-GostR3410-94-CryptoPro-XchC-ParamSet 1132 FROM GostR3410-94-PKISyntax gostR3410-94-PKISyntax 1133 AlgorithmIdentifier, ALGORITHM-IDENTIFIER 1134 FROM Cryptographic-Gost-Useful-Definitions 1135 cryptographic-Gost-Useful-Definitions 1136 ; 1137 -- GOST R 34.10-94 Signature Data Type 1138 GostR3410-94-Signature ::= 1139 OCTET STRING (SIZE (64)) 1140 -- GOST R 34.10-94 Signature Parameters & Algorithm 1141 GostR3410-94-CMSSignatureAlgorithms ALGORITHM-IDENTIFIER ::= { 1142 { GostR3410-94-PublicKeyParameters IDENTIFIED BY 1143 id-GostR3410-94 } 1144 } 1146 END -- GostR3410-94-SignatureSyntax 1148 9.5 GostR3410-2001-EncryptionSyntax 1150 -- Copyright(C) CRYPTO-PRO Company 1151 GostR3410-2001-EncryptionSyntax 1152 { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) 1153 other(1) modules(1) gostR3410-2001-EncryptionSyntax(11) 2 } 1154 DEFINITIONS ::= 1155 BEGIN 1156 -- EXPORTS All -- 1157 -- The types and values defined in this module are exported for 1158 -- use in the other ASN.1 modules contained within the Russian 1159 -- Cryptography "GOST" & "GOST R" Specifications, and for the use 1160 -- of other applications which will use them to access Russian 1161 -- Cryptography services. Other applications may use them for 1162 -- their own purposes, but this will not constrain extensions and 1163 -- modifications needed to maintain or improve the Russian 1164 -- Cryptography service. 1165 IMPORTS 1166 id-CryptoPro-algorithms, 1167 gost28147-89-EncryptionSyntax, 1168 gostR3410-2001-PKISyntax, 1169 cryptographic-Gost-Useful-Definitions 1170 FROM Cryptographic-Gost-Useful-Definitions 1171 { iso(1) member-body(2) ru(643) rans(2) 1172 cryptopro(2) other(1) modules(1) 1173 cryptographic-Gost-Useful-Definitions(0) 1 } 1174 id-GostR3410-2001, 1175 GostR3410-2001-PublicKeyParameters, 1176 GostR3410-2001-PublicKeyAlgorithms 1177 FROM GostR3410-2001-PKISyntax gostR3410-2001-PKISyntax 1178 id-Gost28147-89-TestParamSet, 1179 id-Gost28147-89-CryptoPro-A-ParamSet, 1180 id-Gost28147-89-CryptoPro-B-ParamSet, 1181 id-Gost28147-89-CryptoPro-C-ParamSet, 1182 id-Gost28147-89-CryptoPro-D-ParamSet, 1183 id-Gost28147-89-CryptoPro-Simple-A-ParamSet, 1184 id-Gost28147-89-CryptoPro-Simple-B-ParamSet, 1185 id-Gost28147-89-CryptoPro-Simple-C-ParamSet, 1186 id-Gost28147-89-CryptoPro-Simple-D-ParamSet, 1187 Gost28147-89-EncryptedKey 1188 FROM Gost28147-89-EncryptionSyntax 1189 gost28147-89-EncryptionSyntax 1190 -- id-external-PKIX1Explicit93, 1191 AlgorithmIdentifier, ALGORITHM-IDENTIFIER 1192 FROM Cryptographic-Gost-Useful-Definitions 1193 cryptographic-Gost-Useful-Definitions 1194 -- id-external-PKIX1Explicit93, 1195 SubjectPublicKeyInfo 1196 FROM PKIX1Explicit88 {iso(1) identified-organization(3) 1197 dod(6) internet(1) security(5) mechanisms(5) pkix(7) 1198 id-mod(0) id-pkix1-explicit(1)} 1199 ; 1200 -- CMS/PKCS#7 Key transport OID, Algorithm & Parameters 1201 -- OID for CMS/PKCS#7 Key transport is id-GostR3410-2001 from 1202 -- GostR3410-2001-PKISyntax 1203 -- Parameters for CMS/PKCS#7 Key transport is 1204 -- GostR3410-2001-PublicKeyParameters from 1205 -- GostR3410-2001-PKISyntax with encryptionParameterOID 1206 -- Algorithm for CMS/PKCS#7 Key transport is 1207 -- GostR3410-2001-PublicKeyAlgorithms from 1208 -- GostR3410-2001-PKISyntax 1209 -- SMIMECapability for CMS/PKCS#7 Key transport is 1210 -- id-GostR3410-2001 from GostR3410-2001-PKISyntax 1211 id-GostR3410-2001-KeyTransportSMIMECapability 1212 OBJECT IDENTIFIER ::= id-GostR3410-2001 1213 GostR3410-2001-KeyTransportEncryptedKeyOctetString ::= 1214 SEQUENCE { 1215 sessionEncryptedKey Gost28147-89-EncryptedKey, 1216 transportParameters GostR3410-2001-TransportParameters 1217 OPTIONAL 1218 } 1219 GostR3410-2001-TransportParameters ::= 1220 SEQUENCE { 1221 encryptionParamSet 1222 OBJECT IDENTIFIER ( 1223 id-Gost28147-89-TestParamSet | -- Only for tests use 1224 id-Gost28147-89-CryptoPro-A-ParamSet | 1225 id-Gost28147-89-CryptoPro-B-ParamSet | 1226 id-Gost28147-89-CryptoPro-C-ParamSet | 1227 id-Gost28147-89-CryptoPro-D-ParamSet | 1228 id-Gost28147-89-CryptoPro-Simple-A-ParamSet | 1229 id-Gost28147-89-CryptoPro-Simple-B-ParamSet | 1230 id-Gost28147-89-CryptoPro-Simple-C-ParamSet | 1231 id-Gost28147-89-CryptoPro-Simple-D-ParamSet 1232 ), 1233 ephemeralPublicKey SubjectPublicKeyInfo OPTIONAL, 1234 ukm OCTET STRING ( SIZE(8) ) 1235 } 1236 GostR3410-2001-KeyEncryptionAlgorithms 1237 ALGORITHM-IDENTIFIER ::= { 1238 { GostR3410-2001-PublicKeyParameters IDENTIFIED BY 1239 id-GostR3410-2001 } 1240 } 1241 END -- GostR3410-2001-EncryptionSyntax 1243 9.6 GostR3410-2001-SignatureSyntax 1245 -- Copyright(C) CRYPTO-PRO Company 1246 GostR3410-2001-SignatureSyntax 1247 { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) 1248 other(1) modules(1) gostR3410-2001-SignatureSyntax(10) 1 } 1249 DEFINITIONS ::= 1250 BEGIN 1251 -- EXPORTS All -- 1252 -- The types and values defined in this module are exported for 1253 -- use in the other ASN.1 modules contained within the Russian 1254 -- Cryptography "GOST" & "GOST R" Specifications, and for the use 1255 -- of other applications which will use them to access Russian 1256 -- Cryptography services. Other applications may use them for 1257 -- their own purposes, but this will not constrain extensions and 1258 -- modifications needed to maintain or improve the Russian 1259 -- Cryptography service. 1260 IMPORTS 1261 gostR3410-2001-PKISyntax, 1262 cryptographic-Gost-Useful-Definitions 1263 FROM Cryptographic-Gost-Useful-Definitions 1264 { iso(1) member-body(2) ru(643) rans(2) 1265 cryptopro(2) other(1) modules(1) 1266 cryptographic-Gost-Useful-Definitions(0) 1 } 1267 id-GostR3410-2001, 1268 GostR3410-2001-PublicKeyParameters 1269 FROM GostR3410-2001-PKISyntax gostR3410-2001-PKISyntax 1270 AlgorithmIdentifier, ALGORITHM-IDENTIFIER 1271 FROM Cryptographic-Gost-Useful-Definitions 1272 cryptographic-Gost-Useful-Definitions 1273 ; 1274 -- GOST R 34.10-2001 Signature Data Type 1275 GostR3410-2001-Signature ::= 1276 OCTET STRING (SIZE (64)) 1277 -- GOST R 34.10-2001 Signature Parameters & Algorithm 1278 GostR3410-2001-CMSSignatureAlgorithms 1279 ALGORITHM-IDENTIFIER ::= { 1280 { GostR3410-2001-PublicKeyParameters IDENTIFIED BY 1281 id-GostR3410-2001 } 1282 } 1283 END -- GostR3410-2001-SignatureSyntax 1285 10 References 1287 [GOST28147] "Cryptographic Protection for Data Processing Sys- 1288 tem", GOST 28147-89, Gosudarstvennyi Standard of 1289 USSR, Government Committee of the USSR for Standards, 1290 1989. (In Russian); 1292 [GOSTR341094] "Information technology. Cryptographic Data Security. 1293 Produce and check procedures of Electronic Digital 1294 Signatures based on Asymmetric Cryptographic Algo- 1295 rithm.", GOST R 34.10-94, Gosudarstvennyi Standard of 1296 Russian Federation, Government Committee of the Rus- 1297 sia for Standards, 1994. (In Russian); 1299 [GOSTR34102001] "Information technology. Cryptographic data security. 1300 Signature and verification processes of [electronic] 1301 digital signature.", GOST R 34.10-2001, Gosudarstven- 1302 nyi Standard of Russian Federation, Government Com- 1303 mittee of the Russia for Standards, 2001. (In Rus- 1304 sian); 1306 [GOSTR341194] "Information technology. Cryptographic Data Security. 1307 Hashing function.", GOST R 34.10-94, Gosudarstvennyi 1308 Standard of Russian Federation, Government Committee 1309 of the Russia for Standards, 1994. (In Russian); 1311 [CPALGS] Cryptographic Algorithm "CryptoPro CSP" 1313 [Schneier95] B. Schneier, Applied cryptography, second edition, 1314 John Wiley & Sons, Inc., 1995; 1316 [RFC 3280] Housley, R., Polk, W., Ford, W. and D. Solo, 1317 "Internet X.509 Public Key Infrastructure Certificate 1318 and Certificate Revocation List (CRL) Profile", RFC 1319 3280, April 2002. 1321 [RFC 3279] Algorithms and Identifiers for the Internet X.509 1322 Public Key Infrastructure Certificate and Certificate 1323 Revocation List (CRL) Profile. L. Bassham, W. 1324 Polk, R. Housley. April 2002. 1326 [RFC 2219] Bradner, S., "Key Words for Use in RFCs to Indi- 1327 cateRequirement Levels", BCP 14, RFC 2119, March 1328 1997. 1330 [TLS] The TLS Protocol Version 1.0. T. Dierks, C. 1331 Allen. January 1999, RFC 2246. 1333 [X.208-88] CCITT. Recommendation X.208: Specification of 1334 Abstract Syntax Notation One (ASN.1). 1988. 1336 [X.209-88] CCITT. Recommendation X.209: Specification of Basic 1337 Encoding Rules for Abstract Syntax Notation One 1338 (ASN.1). 1988.. 1340 [CPPK] "Algorithms and Identifiers for the Internet X.509 1341 Public Key Infrastructure Certificates and Certifi- 1342 cate Revocation List (CRL), corresponding to the 1343 algorithms GOST R 34.10-94, GOST R 34.10-2001, GOST R 1344 34.11-94", IETF draft, , 1345 ... 1347 Acknowledgments 1349 This document was created in accordance with "Russian Cryptographic 1350 Software Compatibility Agreement", signed by FGUE STC "Atlas", 1351 CRYPTO-PRO, Factor-TC, MD PREI, Infotecs GmbH, SPRCIS (SPbRCZI), 1352 Cryptocom, R-Alpha. The aim of this agreement is to achieve mutual 1353 compatibility of the products and solutions. 1355 The authors wish to thank: 1357 Microsoft Corporation Russia for provided information about company 1358 products and solutions, and also for technical consulting in PKI. 1360 RSA Security Russia and Demos Co Ltd for active collaboration and 1361 critical help in creation of this document. 1363 Russ Hously (Vigil Security, LLC, housley@vigilsec.com) and Vasilij 1364 Sakharov (DEMOS Co Ltd, svp@dol.ru) for initiative, creating this 1365 document. 1367 This document is based on a contribution of CRYPTO-PRO Company. Any 1368 substantial use of the text from this document must acknowledge 1369 CRYPTO-PRO. CRYPTO-PRO requests that all material mentioning or 1370 referencing this document identify this as "CRYPTO-PRO CPCMS". 1372 Author's Addresses 1374 Serguei Leontiev 1375 CRYPTO-PRO 1376 38, Obraztsova, 1377 Moscow, 127018, Russian Federation 1378 EMail: lse@CryptoPro.ru 1380 Vladimir Popov 1381 CRYPTO-PRO 1382 38, Obraztsova, 1383 Moscow, 127018, Russian Federation 1384 EMail: vpopov@CryptoPro.ru 1386 Alexandr Afanasiev 1387 Factor-TC 1388 office 711, 14, Presnenskij val, 1389 Moscow, 123557, Russian Federation 1390 EMail: aaaf@factor-ts.ru 1392 Nikolaj Nikishin 1393 Infotecs GmbH 1394 p/b 35, 80-5, Leningradskij prospekt, 1395 Moscow, 125315, Russian Federation 1396 EMail: nikishin@infotecs.ru 1398 Boleslav Izotov 1399 FGUE STC "Atlas" 1400 38, Obraztsova, 1401 Moscow, 127018, Russian Federation 1402 EMail: izotov@stcnet.ru 1404 Elena Minaeva 1405 MD PREI 1406 build 3, 6A, Vtoroj Troitskij per., 1407 Moscow, Russian Federation 1408 EMail: evminaeva@mo.msk.ru 1410 Serguei Murugov 1411 R-Alpha 1412 4/1, Raspletina, 1413 Moscow, 123060, Russian Federation 1414 EMail: msm@office.ru 1416 Igori Ustinov 1417 Cryptocom 1418 office 239, 51, Leninskij prospekt, 1419 Moscow, 119991, Russian Federation 1420 EMail: igus@cryptocom.ru 1422 Anatolij Erkin 1423 SPRCIS (SPbRCZI) 1424 1, Obrucheva, 1425 St.Petersburg, 195220, Russian Federation 1426 EMail: erkin@nevsky.net 1428 Full Copyright Statement 1430 Copyright (C) The Internet Society (2003). All Rights Reserved. 1432 This document and translations of it may be copied and furnished to 1433 others, and derivative works that comment on or otherwise explain it 1434 or assist in its implementation may be prepared, copied, published 1435 and distributed, in whole or in part, without restriction of any 1436 kind, provided that the above copyright notice and this paragraph are 1437 included on all such copies and derivative works. However, this 1438 document itself may not be modified in any way, such as by removing 1439 the copyright notice or references to the Internet Society or other 1440 Internet organizations, except as needed for the purpose of 1441 developing Internet standards in which case the procedures for 1442 copyrights defined in the Internet Standards process must be 1443 followed, or as required to translate it into languages other than 1444 English. 1446 The limited permissions granted above are perpetual and will not be 1447 revoked by the Internet Society or its successors or assigns. 1449 This document and the information contained herein is provided on an 1450 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 1451 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 1452 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 1453 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 1454 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.