idnits 2.17.1 

draft-popov-cryptopro-cpalgs-02.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** It looks like you're using RFC 3978 boilerplate.  You should update this
     to the boilerplate described in the IETF Trust License Policy document
     (see https://trustee.ietf.org/license-info), which is required now.

  -- Found old boilerplate from RFC 3667, Section 5.1 on line 17.

  -- Found old boilerplate from RFC 3978, Section 5.5 on line 2543.

  ** Found boilerplate matching RFC 3978, Section 5.4, paragraph 1 (on line
     2535), which is fine, but *also* found old RFC 2026, Section 10.4C,
     paragraph 1 text on line 35.

  ** The document seems to lack an RFC 3978 Section 5.1 IPR Disclosure
     Acknowledgement -- however, there's a paragraph with a matching
     beginning. Boilerplate error?

  ** This document has an original RFC 3978 Section 5.4 Copyright Line,
     instead of the newer IETF Trust Copyright according to RFC 4748.

  ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead
     of the newer disclaimer which includes the IETF Trust according to RFC
     4748.

  ** The document seems to lack an RFC 3979 Section 5, para. 1 IPR Disclosure
     Acknowledgement. 

  ** The document seems to lack an RFC 3979 Section 5, para. 2 IPR Disclosure
     Acknowledgement. 

  ** The document seems to lack an RFC 3979 Section 5, para. 3 IPR Disclosure
     Invitation. 

  ** The document uses RFC 3667 boilerplate or RFC 3978-like boilerplate
     instead of verbatim RFC 3978 boilerplate.  After 6 May 2005, submission
     of drafts without verbatim RFC 3978 boilerplate is not accepted.

     The following non-3978 patterns matched text found in the document. 
     That text should be removed or replaced:

        By submitting this Internet-Draft, I certify that any applicable patent
        or other IPR claims of which I am aware have been disclosed, or
        will be disclosed, and any of which I become aware will be
        disclosed, in accordance with RFC 3668.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  ** The document seems to lack a 1id_guidelines paragraph about
     Internet-Drafts being working documents. 

  ** The document seems to lack a 1id_guidelines paragraph about 6 months
     document validity. 

  ** The document seems to lack a 1id_guidelines paragraph about the list of
     current Internet-Drafts. 

  ** The document seems to lack a 1id_guidelines paragraph about the list of
     Shadow Directories. 


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The document seems to lack an IANA Considerations section.  (See Section
     2.2 of https://www.ietf.org/id-info/checklist for how to handle the case
     when there are no actions for IANA.)

  ** The document seems to lack separate sections for Informative/Normative
     References.  All references will be assumed normative when checking for
     downward references.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  == Line 736 has weird spacing: '...modules  gostR...'

  == Line 742 has weird spacing: '...modules  gostR...'

  == Line 746 has weird spacing: '...modules  gostR...'

  == The document seems to lack the recommended RFC 2119 boilerplate, even if
     it appears to use RFC 2119 keywords. 

     (The document does seem to have the reference to RFC 2119 which the
     ID-Checklist requires).
  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (April 5, 2005) is 6961 days in the past.  Is this
     intentional?


  Checking references for intended status: Informational
  ----------------------------------------------------------------------------

  -- Looks like a reference, but probably isn't: '0' on line 855

  -- Looks like a reference, but probably isn't: '1' on line 413

  -- Looks like a reference, but probably isn't: '7' on line 409

  -- Looks like a reference, but probably isn't: '8' on line 424

  == Missing Reference: 'GOST341194' is mentioned on line 540, but not defined

  ** Obsolete normative reference: RFC 2246 (ref. 'TLS') (Obsoleted by RFC
     4346)


     Summary: 16 errors (**), 0 flaws (~~), 6 warnings (==), 8 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	Internet Draft                               Vladimir Popov, CRYPTO-PRO
3	                                              Igor Kurepkin, CRYPTO-PRO
4	Expires October 5, 2005                    Serguei Leontiev, CRYPTO-PRO
5	Intended Category: Informational                          April 5, 2005

7	      Additional cryptographic algorithms for use with GOST 28147-89,
8	    GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 algorithms.

10	                   <draft-popov-cryptopro-cpalgs-02.txt>

12	Status of this Memo

14	   By submitting this Internet-Draft, I certify that any applicable
15	   patent or other IPR claims of which I am aware have been disclosed,
16	   and any of which I become aware will be disclosed, in accordance with
17	   RFC 3668.

19	   This document is an Internet Draft and is subject to all provisions
20	   of Section 10 of RFC2026. Internet Drafts are working documents of
21	   the Internet Engineering Task Force (IETF), its areas, and its
22	   working groups.  Note that other groups may also distribute working
23	   documents as Internet Drafts. Internet Drafts are draft documents
24	   valid for a maximum of 6 months and may be updated, replaced, or
25	   obsoleted by other documents at any time.  It is inappropriate to use
26	   Internet Drafts as reference material or to cite them other than as a
27	   "work in progress".

29	   The list of current Internet Drafts can be accessed at
30	   http://www.ietf.org/1id-abstracts.html

32	   The list of Internet Draft Shadow Directories can be accessed at
33	   http://www.ietf.org/shadow.html

35	   Copyright (C) The Internet Society (2005).  All Rights Reserved.

37	Abstract

39	   This document describes the cryptographic algorithms and parameters
40	   supplementary to the original GOST specifications GOST 28147-89, GOST
41	   R 34.10-94, GOST R 34.10-2001 and GOST R 34.11-94 for use in internet
42	   applications.

44	Table of Contents
45	   1      Introduction . . . . . . . . . . . . . . . . . . . . . .  2
46	   1.2    Terminology. . . . . . . . . . . . . . . . . . . . . . .  2
47	   2      Cipher modes and parameters. . . . . . . . . . . . . . .  3
48	   2.1    GOST 28147-89 CBC mode . . . . . . . . . . . . . . . . .  3
49	   2.2    GOST 28147-89 padding modes. . . . . . . . . . . . . . .  4
50	   2.3    Key Meshing Algorithms . . . . . . . . . . . . . . . . .  4
51	   2.3.1  Null Key Meshing . . . . . . . . . . . . . . . . . . . .  4
52	   2.3.2  CryptoPro Key Meshing. . . . . . . . . . . . . . . . . .  4
53	   3      HMAC_GOSTR3411 . . . . . . . . . . . . . . . . . . . . .  5
54	   4      PRF_GOSTR3411. . . . . . . . . . . . . . . . . . . . . .  5
55	   5      Key Derivation Algorithms. . . . . . . . . . . . . . . .  5
56	   5.1    VKO GOST R 34.10-94. . . . . . . . . . . . . . . . . . .  5
57	   5.2    VKO GOST R 34.10-2001. . . . . . . . . . . . . . . . . .  6
58	   6      Key Wrap algorithms. . . . . . . . . . . . . . . . . . .  6
59	   6.1    GOST 28147-89 Key Wrap . . . . . . . . . . . . . . . . .  6
60	   6.2    GOST 28147-89 Key Unrap. . . . . . . . . . . . . . . . .  7
61	   6.3    CryptoPro Key Wrap . . . . . . . . . . . . . . . . . . .  7
62	   6.4    CryptoPro Key Unwrap . . . . . . . . . . . . . . . . . .  8
63	   6.5    CryptoPro KEK Diversification Algorithm. . . . . . . . .  8
64	   7      Secret Key Diversification . . . . . . . . . . . . . . .  9
65	   8      Algorithm parameters . . . . . . . . . . . . . . . . . .  9
66	   8.1    Encryption algorithm parameters  . . . . . . . . . . . .  9
67	   8.2    Digest algorithm parameters. . . . . . . . . . . . . . . 11
68	   8.3    GOST R 34.10-94 public key algorithm parameters  . . . . 11
69	   8.4    GOST R 34.10-2001 public key algorithm parameters. . . . 12
70	   9      Security Considerations. . . . . . . . . . . . . . . . . 13
71	   10     Appendix ASN.1 Modules . . . . . . . . . . . . . . . . . 14
72	   11     References . . . . . . . . . . . . . . . . . . . . . . . 49
73	   12     Acknowledgments. . . . . . . . . . . . . . . . . . . . . 51
74	   Author's Address. . . . . . . . . . . . . . . . . . . . . . . . 51
75	   Full Copyright Statement. . . . . . . . . . . . . . . . . . . . 53

77	1  Introduction

79	   Russian cryptographic standards that define the algorithms GOST
80	   28147-89 [GOST28147], GOST R 34.10-94 [GOSTR341094], GOST R
81	   34.10-2001 [GOSTR34102001] and GOST R34.11-94 [GOSTR341194] provide
82	   basic information about how the algorithms work, but need
83	   supplemental specifications to effectively use the algorithms (a
84	   brief english technical description of these algorithms can be found
85	   in [Schneier95]).

87	   This document is a proposal put forward by the CRYPT-PRO Company to
88	   provide supplemental information and specifications needed by the
89	   "Russian Cryptographic Software Compatibility Agreement" community.

91	1.2   Terminology

93	   In this document, the key words MUST, MUST NOT, REQUIRED, SHOULD,
94	   SHOULD NOT, RECOMMENDED, and MAY are to be interpreted as described
95	   in [RFC 2119].

97	   The following functions and operators are also used in this document:

99	   '|' stands for concatenation

101	   encryptECB (K, D) - is D, encrypted with key K using GOST 28147-89 in
102	   "prostaya zamena" (ECB) mode

104	   decryptECB (K, D) - is D, decrypted with key K using GOST 28147-89 in
105	   ECB mode

107	   encryptCFB (IV, K, D) - is D, encrypted with key K using GOST
108	   28147-89 in "gammirovanie s obratnoj svyaziyu" (64-bit CFB) mode, and
109	   IV as initialization vector.

111	   encryptCNT (IV, K, D) - is D, encrypted with key K using GOST
112	   28147-89 in "gammirovanie" (counter) mode, and IV as initialization
113	   vector.

115	   gostR3411 (D) - is the 256-bit result of GOST R 34.11-94 hash
116	   function, used with zero intitialization vector, and S-Box parameter,
117	   defined by gostR3411CryptoProParamSetAI (see Appendix,
118	   GostR3411-94-ParamSetSyntax module).

120	   gost28147IMIT (IV, K, D) - is the 32-bit result of GOST 28147-89 in
121	   "imitovstavka" (MAC) mode, used with D as plaintext, K as key and IV
122	   as initialization vector.  Note, that standard specifies it's use in
123	   this mode only with zero initialization vector.

125	   When keys and initialization vectors are converted to/from byte
126	   arrays, little-endian byte order is assumed.

128	2  Cipher modes and parameters

130	   This document defines four cipher properties that allow an
131	   implementer to vary cipher operations.  The four parameters are the
132	   cipher mode, the key meshing algorithm, the padding mode, and the S-
133	   box.

135	   [GOST28147] defines only three cipher modes for GOST 28147-89: ECB,
136	   CFB and counter mode. This document defines an additional cipher
137	   mode, CBC.

139	   When GOST 28147-89 is used to process large amounts of data, a
140	   symmetric key should be protected by key meshing algorithm. Key
141	   meshing transforms a symmetric key after some amount of data has been
142	   processed.  This document defines CryptoPro key meshing algorithm.

144	   The cipher mode, key meshing algorithm, padding mode, and S-box are
145	   specified by algorithm parameters.

147	2.1   GOST 28147-89 CBC mode

149	   This section provides the supplemental information to GOST 28147-89
150	   (a block to block primitive) needed to operate in CBC mode.

152	   Before each plaintext block is encrypted, it is combined with the
153	   cipher text of the previous block via a bitwise XOR operation.  This
154	   ensures that even if the plaintext contains many identical blocks,
155	   each block will encrypt to a different cipher text block.  The
156	   initialization vector is combined with the first plaintext block by a
157	   bitwise XOR operation before the block is encrypted.

159	2.2   GOST 28147-89 padding modes

161	   This section provides the supplemental information to GOST 28147-89,
162	   needed to operate on plaintext where the length is not divisible by
163	   GOST 28147-89 block size (8 bytes).

165	   Let x (0 < x < 8) be the number of bytes in the last, possibly
166	   incomplete, block of data.

168	   There are three padding modes:
169	    * Zero padding: 8-x remaining bytes are filled with zero
170	    * PKCS#5 padding: 8-x remaining bytes are filled with value of 8-x.
171	      If there's no incomplete block, one extra block filled with
172	      value 8 is added.
173	    * Random padding: 8-x remaining bytes of the last block are
174	      set to random.

176	2.3   Key Meshing Algorithms

178	   When there is a need to limit the amount of data enciphered with the
179	   same key, several key meshing algorithms can be used.  Key meshing
180	   algorithms transform the key after processing a certain amount of
181	   data.

183	   All encryption parameter sets defined in this document specify the
184	   use of CryptoPro key meshing algorithm, except for id-
185	   Gost28147-89-TestParamSet, which specifies use of null key meshing
186	   algorithm.

188	2.3.1   Null Key Meshing

190	   The null key meshing algorithm never changes a key.

192	   The identifier for this algorithm is:

194	       id-Gost28147-89-None-KeyMeshing OBJECT IDENTIFIER ::=
195	           { id-CryptoPro-algorithms keyMeshing(14) none(0) }

197	   There are no meaningful parameters to this algorithm. If present,
198	   AlgorithmIdentifier.parameters MUST contain NULL.

200	2.3.2   CryptoPro Key Meshing

202	   The CryptoPro key meshing algorithm transforms the key and
203	   initialization vector every 1KB of plaintext data.

205	   The identifier for this algorithm is:

207	       id-Gost28147-89-CryptoPro-KeyMeshing  OBJECT IDENTIFIER ::=
208	           { id-CryptoPro-algorithms keyMeshing(14) cryptoPro(1) }

210	   There are no meaningful parameters to this algorithm. If present,
211	   AlgorithmIdentifier.parameters MUST contain NULL.

213	   Encryption or decryption starts with key K[0] = K, IV0[0] = IV, i =
214	   0.  Let IV[0] be the value of the initialization vector after
215	   processing the first 1K block of data. Encryption or decryption of
216	   the next 1K data block will start with K[1] and IV0[1], which are
217	   calculated using the formula:

219	       K[i+1] = decryptECB (K[i], C);
220	       IV0[i+1] = encryptECB (K[i+1],IV[i])

222	   Where C = {0x69, 0x00, 0x72, 0x22,   0x64, 0xC9, 0x04, 0x23,
223	              0x8D, 0x3A, 0xDB, 0x96,   0x46, 0xE9, 0x2A, 0xC4,
224	              0x18, 0xFE, 0xAC, 0x94,   0x00, 0xED, 0x07, 0x12,
225	              0xC0, 0x86, 0xDC, 0xC2,   0xEF, 0x4C, 0xA9, 0x2B};

227	   After processing each 1K block of data:
228	    * the resulting initialization vector is stored as IV[i].
229	    * K[i+1] and IV0[i+1] are calculated
230	    * i is incremented.
231	    * Next block is encrypted or decrypted using the new key and IV.
232	   The process is repeated until all the data has been processed.

234	3  HMAC_GOSTR3411

236	   HMAC_GOSTR3411 (K,text) function is based on hash function GOST R
237	   34.11-94, as defined in [HMAC], with the following parameter values:
238	   B = 32, L = 32.

240	4  PRF_GOSTR3411

242	   PRF_GOSTR3411 is a pseudorandom function, based on HMAC_GOSTR3411.
243	   It is calculated as P_hash, defined in section 5 of [TLS].
244	   PRF_GOSTR3411(secret,label,seed) = P_GOSTR3411 (secret,label|seed)

246	5  Key Derivation Algorithms

248	   Standards [GOSTR341094] and [GOSTR34102001] do not define any key
249	   derivation algorithms.

251	   Section 5.1 specifies algorithm VKO GOST R 34.10-94, which generates
252	   GOST KEK using two GOST R 34.10-94 keypairs.

254	   Section 5.2 specifies algorithm VKO GOST R 34.10-2001, which
255	   generates GOST KEK using two GOST R 34.10-2001 keypairs and UKM.

257	   Keypairs MUST have identical parameters.

259	5.1  VKO GOST R 34.10-94

261	   This algorithm creates a a key encryption key (KEK) using the
262	   sender's private key and the recipient's public key (or vice versa).

264	  Exchange key EK is a 256-bit hash of 1024-bit Diffie-Hellman key
265	  K(x,y);

267	  1. Let K(x,y) = a^(x*y) (mod p), where
268	     x - sender's private key, a^x - sender's public key
269	     y - recipient's private key, a^y - recipient's public key
270	     a, p - parameters 2. Calculate a 256-bit hash of K(x,y):
271	     KEK(x,y) = gostR3411 (K(x,y))

273	  Keypairs x and y MUST comply with [GOSTR341094].

275	  This algorithm MUST NOT be used when a^x = a (mod p) or a^y = a (mod
276	  p).

278	5.2  VKO GOST R 34.10-2001

280	  This algorithm creates a key encryption key (KEK) using 64 bit UKM,
281	  the sender's private key and the recipient's public key (or the
282	  reverse of the latter pair).

284	  1. Let K(x,y,UKM) = ((UKM*x)(mod q)) . (y.P) (512 bit), where
285	     x - sender's private key (256 bit)
286	     x.P - sender's public key (512 bit)
287	     y - recipient's private key (256 bit)
288	     y.P - recipient's public key (512 bit)
289	     UKM - User Keying Material (64 bit)
290	     P - base point on the elliptic curve (two 256-bit coordinates)
291	     UKM*x - x multiplied by UKM as integers
292	     x.P - a multiple point

294	  2. Calculate a 256-bit hash of K(x,y,UKM):
295	     KEK(x,y,UKM) = gostR3411 (K(x,y,UKM))

297	  Keypairs x and y MUST comply with [GOSTR34102001].

299	  This algorithm MUST NOT be used when x.P = P, y.P = P

301	6  Key Wrap algorithms

303	  This document defines two key wrap algorithms: GOST 28147-89 Key Wrap
304	  and CryptoPro Key Wrap. These are used to encrypt a Content Encryption
305	  Key (CEK) with a Key Encryption Key (KEK).

307	6.1 GOST 28147-89 Key Wrap

309	  This algorithm encrypts GOST 28147-89 CEK with a GOST 28147-89 KEK.

311	  Note: This algorithm MUST NOT be used with a KEK produced by VKO GOST
312	  R 34.10-94, because such a KEK is constant for every sender-recipient
313	  pair. Encrypting many different content encryption keys on the same
314	  constant KEK may reveal that KEK.

316	  The identifier for this algorithm is:

318	       id-Gost28147-89-None-KeyWrap OBJECT IDENTIFIER ::=
319	           { id-CryptoPro-algorithms keyWrap(13) none(0) }

321	   The GOST 28147-89 key wrap algorithm is:

323	    1. For a unique symmetric KEK, generate 8 octets at random,
324	       call the result UKM.
325	       For a KEK, produced by VKO GOST R 34.10-2001, use the UKM
326	       that was used for key derivation.
327	    2. Compute a 4-byte checksum value, gost28147IMIT (UKM, KEK, CEK).
328	       Call the result CEK_MAC.
329	    3. Encrypt the CEK in ECB mode using the KEK.
330	       Call the ciphertext CEK_ENC.
331	    4. Let RES = UKM | CEK_ENC | CEK_MAC.

333	6.2 GOST 28147-89 Key Unwrap

335	   This algorithm decrypts GOST 28147-89 CEK with a GOST 28147-89 KEK.

337	   The GOST 28147-89 key unwrap algorithm is:

339	    1. If the wrapped content-encryption key is not 44 octets, then
340	       error.
341	    2. Decompose the the wrapped content-encryption key into UKM,
342	   CEK_ENC
343	       and CEK_MAC. UKM is the most significant (first) 8 octets.
344	   CEK_ENC
345	       is next 32 octets, and CEK_MAC is the least significant (last) 4
346	       octets.
347	    3. Decrypt CEK_ENC in ECB mode using the KEK.
348	       Call the output CEK.
349	    4. Compute a 4-byte checksum value, gost28147IMIT (UKM, KEK, CEK),
350	       compare the result with CEK_MAC. If not equal, then error.

352	6.3 CryptoPro Key Wrap

354	   This algorithm encrypts GOST 28147-89 CEK with a GOST 28147-89 KEK.
355	   It can be used with any KEK (e.g. produced by VKO GOST R 34.10-94 or
356	   VKO GOST R 34.10-2001) because unique UKM is used to diversify the
357	   KEK.

359	   Identifier for this algorithm:

361	       id-Gost28147-89-CryptoPro-KeyWrap OBJECT IDENTIFIER ::=
362	           { id-CryptoPro-algorithms keyWrap(13) cryptoPro(1) }

364	   The CryptoPro key wrap algorithm is:

366	    1. For a unique symmetric KEK or a KEK produced by VKO GOST R
367	   34.10-94,
368	       generate 8 octets at random. Call the result UKM.
369	       For a KEK, produced by VKO GOST R 34.10-2001, use the UKM
370	       that was used for key derivation.
371	    2. Diversify KEK, using the CryptoPro KEK Diversification Algorithm,
372	       described in section 6.5. Call the result KEK(UKM).
373	    3. Compute a 4-byte checksum value, gost28147IMIT (UKM, KEK(UKM),
374	   CEK).
375	       Call the result CEK_MAC.
376	    4. Encrypt CEK in ECB mode using KEK(UKM).  Call the ciphertext
377	   CEK_ENC.
378	    5. Let RES = UKM | CEK_ENC | CEK_MAC.

380	6.4 CryptoPro Key Unrap

382	   This algorithm encrypts GOST 28147-89 CEK with a GOST 28147-89 KEK.
383	   The CryptoPro key unwrap algorithm is:

385	    1. If the wrapped content-encryption key is not 44 octets, then
386	       error.
387	    2. Decompose the the wrapped content-encryption key into UKM,
388	   CEK_ENC
389	       and CEK_MAC. UKM is the most significant (first) 8 octets.
390	   CEK_ENC
391	       is next 32 octets, and CEK_MAC is the least significant (last)
392	       4 octets.
393	    3. Diversify KEK using the CryptoPro KEK Diversification Algorithm,
394	       described in section 6.5.  Call the result KEK(UKM).
395	    4. Decrypt CEK_ENC in ECB mode using KEK(UKM).
396	       Call the output CEK.
397	    5. Compute a 4-byte checksum value, gost28147IMIT (UKM, KEK(UKM),
398	   CEK),
399	       compare the result with CEK_MAC. If not equal, then error.

401	6.5  CryptoPro KEK Diversification Algorithm

403	   Given a random 64-bit UKM, and a GOST 28147-89 key K, this algorithm
404	   creates a new GOST 28147-89 key K(UKM).

406	    1. Let K[0] = K;

408	    2. UKM is split into components a[i,j]:
409	       UKM = a[0]|..|a[7] (a[i] - byte, a[i,0]..a[i,7] - it's bits)

411	    3. Let i be 0.

413	    4. K[1]..K[8] are calculated by repeating the
414	       following algorithm eight times:

416	     A) K[i] is split into components k[i,j]:
417	        K[i] = k[i,0]|k[i,1]|..|k[i,7] (k[i,j] - 32-bit integer)
418	     B) Vector S[i] is calculated:
419	        S[i] = ((a[i,0]*k[i,0] + ... + a[i,7]*k[i,7]) mod 2^32)
420	           | ((~a[i,0]*k[i,0] + ... + ~a[i,7]*k[i,7]) mod 2^32);
421	     C) K[i+1] = encryptCFB (S[i], K[i], K[i])
422	     D) i = i + 1

424	   5. Let K(UKM) be K[8].

426	7  Secret Key Diversification

428	   This algorithm creates a GOST 28147-89 key Kd, given GOST R 34.10-94
429	   or GOST R 34.10-2001 secret key K and diversification data D of size
430	   4..40 bytes.

432	   1) 40-byte blob B is created from D by cloning it enough times to
433	   fill all 40 bytes. For example, if D is 40-bytes long, B = D; If D is
434	   4-bytes long, B = D|D|D|D|D|D|D|D|D|D.

436	   2) B is split into 8-byte UKM and 32-byte SRCKEY (B = UKM|SRCKEY).

438	   3) The algorithm from section 6.5 is used to create K(UKM) from key K
439	   and UKM with two differences:
440	    * Instead of S[i], vector (0,0,0,UKM[i],ff,ff,ff,ff XOR UKM[i]) is
441	   used.
442	    * During each encryption step, only 8 out of 32 GOST 28147-89 steps
443	      are done.

445	   4) Kd is calculated:
446	    Kd = encryptCFB (UKM, K(UKM), SRCKEY).

448	8  Algorithm parameters

450	   Standards [GOST28147], [GOST341194], [GOSTR341094] and
451	   [GOSTR34102001] do not define specific values for algorithm
452	   parameters.

454	   This document introduces the use of OIDs to specify algorithm
455	   parameters.

457	   Identifiers and corresponding parameter values for all of the
458	   proposed parameter sets can be found in the Appendix in the form of
459	   ASN.1 modules [X.660].

461	8.1 Encryption algorithm parameters

463	   GOST 28147-89 can be used in several modes, additional CBC mode is
464	   defined in section 2.1 this document. It also has an S-Box parameter
465	   (see Algorithm Parameters part in [GOST28147] in Russian, description
466	   in English see in [Schneier95] ch. 14.1, p. 331).

468	   This table contains the list of proposed parameter sets for GOST
469	   28147-89:

471	    Gost28147-89-ParamSetAlgorithms ALGORITHM-IDENTIFIER ::= {
472	        { Gost28147-89-ParamSetParameters IDENTIFIED BY
473	               id-Gost28147-89-TestParamSet  } |
474	        { Gost28147-89-ParamSetParameters IDENTIFIED BY
475	               id-Gost28147-89-CryptoPro-A-ParamSet  } |
476	        { Gost28147-89-ParamSetParameters IDENTIFIED BY
477	               id-Gost28147-89-CryptoPro-B-ParamSet  } |
478	        { Gost28147-89-ParamSetParameters IDENTIFIED BY
479	               id-Gost28147-89-CryptoPro-C-ParamSet  } |
480	        { Gost28147-89-ParamSetParameters IDENTIFIED BY
481	               id-Gost28147-89-CryptoPro-D-ParamSet  } |
482	        { Gost28147-89-ParamSetParameters IDENTIFIED BY
483	               id-Gost28147-89-CryptoPro-Simple-A-ParamSet  } |
484	        { Gost28147-89-ParamSetParameters IDENTIFIED BY
485	               id-Gost28147-89-CryptoPro-Simple-B-ParamSet  } |
486	        { Gost28147-89-ParamSetParameters IDENTIFIED BY
487	               id-Gost28147-89-CryptoPro-Simple-C-ParamSet  } |
488	        { Gost28147-89-ParamSetParameters IDENTIFIED BY
489	               id-Gost28147-89-CryptoPro-Simple-D-ParamSet  }
490	    }

492	   Identifier values are in the Appendix.

494	   Parameters for GOST 28147-89 are presented in the following form:

496	    Gost28147-89-ParamSetParameters ::= SEQUENCE {
497	        eUZ          Gost28147-89-UZ,
498	        mode         INTEGER {
499	                         gost28147-89-CNT(0),
500	                         gost28147-89-CFB(1),
501	                         cryptoPro-CBC(2)
502	                     },
503	        shiftBits    INTEGER { gost28147-89-block(64) },
504	        keyWrap      AlgorithmIdentifier,
505	        keyMeshing   AlgorithmIdentifier
506	    }
507	    Gost28147-89-UZ ::= OCTET STRING (SIZE (64))
508	    Gost28147-89-KeyMeshingAlgorithms  ALGORITHM-IDENTIFIER ::= {
509	        { NULL IDENTIFIED BY id-Gost28147-89-CryptoPro-KeyMeshing } |
510	        { NULL IDENTIFIED BY id-Gost28147-89-None-KeyMeshing }
511	    }
512	    Gost28147-89-KeyWrapAlgorithms  ALGORITHM-IDENTIFIER ::= {
513	        { NULL IDENTIFIED BY id-Gost28147-89-CryptoPro-KeyWrap } |
514	        { NULL IDENTIFIED BY id-Gost28147-89-None-KeyWrap }
515	    }

517	   where
518	      eUZ        - S-box value;
519	      mode       - cipher mode;
520	      shiftBits  - cipher parameter;
521	      keyWrap    - key export algorithm identifier;
522	      keyMeshing - key meshing algorithm identifier.

524	8.2 Digest algorithm parameters

526	   This table contains the list of proposed parameter sets for
527	   [GOST341194]:

529	    GostR3411-94-ParamSetAlgorithms ALGORITHM-IDENTIFIER ::= {
530	        { GostR3411-94-ParamSetParameters IDENTIFIED BY
531	          id-GostR3411-94-TestParamSet
532	        } |
533	        { GostR3411-94-ParamSetParameters IDENTIFIED BY
534	          id-GostR3411-94-CryptoProParamSet
535	        }
536	    }

538	   Identifier values are in the Appendix.

540	   Parameters for [GOST341194] are presented in the following form:

542	    GostR3411-94-ParamSetParameters ::=
543	        SEQUENCE {
544	            hUZ Gost28147-89-UZ,    -- S-Box for digest
545	            h0  GostR3411-94-Digest -- start digest value
546	        }
547	    GostR3411-94-Digest ::= OCTET STRING (SIZE (32))

549	6.3 GOST R 34.10-94 public key algorithm parameters

551	   This table contains the list of proposed parameter sets for GOST R
552	   34.10-94:

554	    GostR3410-94-ParamSetAlgorithm ALGORITHM-IDENTIFIER ::= {
555	        { GostR3410-94-ParamSetParameters IDENTIFIED BY
556	               id-GostR3410-94-TestParamSet } |
557	        { GostR3410-94-ParamSetParameters IDENTIFIED BY
558	               id-GostR3410-94-CryptoPro-A-ParamSet  } |
559	        { GostR3410-94-ParamSetParameters IDENTIFIED BY
560	               id-GostR3410-94-CryptoPro-B-ParamSet  } |
561	        { GostR3410-94-ParamSetParameters IDENTIFIED BY
562	               id-GostR3410-94-CryptoPro-C-ParamSet  } |
563	        { GostR3410-94-ParamSetParameters IDENTIFIED BY
564	               id-GostR3410-94-CryptoPro-D-ParamSet  } |
565	        { GostR3410-94-ParamSetParameters IDENTIFIED BY
566	               id-GostR3410-94-CryptoPro-XchA-ParamSet  } |
567	        { GostR3410-94-ParamSetParameters IDENTIFIED BY
568	               id-GostR3410-94-CryptoPro-XchB-ParamSet  } |
569	        { GostR3410-94-ParamSetParameters IDENTIFIED BY
570	               id-GostR3410-94-CryptoPro-XchC-ParamSet  }
571	    }

573	   Identifier values are in the Appendix.

575	   Parameters for GOST R 34.10-94 are presented in the following form:

577	    GostR3410-94-ParamSetParameters ::=
578	       SEQUENCE {
579	           t       INTEGER,
580	           p       INTEGER,
581	           q       INTEGER,
582	           a       INTEGER,
583	           validationAlgorithm   AlgorithmIdentifier {{
584	             GostR3410-94-ValidationAlgorithms
585	             }} OPTIONAL
586	       }

588	    GostR3410-94-ValidationParameters ::=
589	         SEQUENCE {
590	             x0      INTEGER,
591	             c       INTEGER,
592	             d       INTEGER OPTIONAL
593	         }

595	   Where
596	    t - bit length of p (512 or 1024 bits);
597	    p - modulus, prime number, 2^(t-1)<p<2^t;
598	    q - order of cyclic group, prime number, 2^254<q<2^256, q is a
599	   factor
600	    of p-1;
601	    a - generator, integer, 1<a<p-1, at that aq (mod p) = 1;
602	    validationAlgorithm - constant p, q and a calculating algorithm.

604	    x0 - seed;
605	    c  - used for p and q generation;
606	    d  - used for a generation.

608	8.4 GOST R 34.10-2001 public key algorithm parameters

610	   This table contains the list of proposed parameter sets for GOST R
611	   34.10-2001:

613	    GostR3410-2001-ParamSetAlgorithm ALGORITHM-IDENTIFIER ::= {
614	        { GostR3410-2001-ParamSetParameters IDENTIFIED BY
615	               id-GostR3410-2001-TestParamSet } |
616	        { GostR3410-2001-ParamSetParameters IDENTIFIED BY
617	               id-GostR3410-2001-CryptoPro-A-ParamSet  } |
618	        { GostR3410-2001-ParamSetParameters IDENTIFIED BY
619	               id-GostR3410-2001-CryptoPro-B-ParamSet  } |
620	        { GostR3410-2001-ParamSetParameters IDENTIFIED BY
621	               id-GostR3410-2001-CryptoPro-C-ParamSet  } |
622	        { GostR3410-2001-ParamSetParameters IDENTIFIED BY
623	               id-GostR3410-2001-CryptoPro-XchA-ParamSet  } |
624	        { GostR3410-2001-ParamSetParameters IDENTIFIED BY
625	               id-GostR3410-2001-CryptoPro-XchB-ParamSet  }
626	    }

628	   Identifier values are in the Appendix.

630	   Parameters for GOST R 34.10-2001 are presented in the following form:

632	    GostR3410-2001-ParamSetParameters ::=
633	       SEQUENCE {
634	           a       INTEGER,
635	           b       INTEGER,
636	           p       INTEGER,
637	           q       INTEGER,
638	           x       INTEGER,
639	           y       INTEGER
640	       }

642	    a, b - coefficients a and b of the elliptic curve E;
643	    p    - prime number - elliptic curve modulus;
644	    q    - prime number - order of cyclic group;
645	    x, y - base point p coordinates.

647	9  Security Considerations

649	   It is RECCOMENDED that software applications verify signature values,
650	   subject public keys, and algorithm parameters to conform to
651	   [GOSTR34102001], [GOSTR341094] standards prior to their use.

653	   Cryptographic algorithm parameters affect rigidity of algorithms.
654	   The algorithm parameters proposed and described herein have been
655	   analyzed by special certification laboratory of Scientific and
656	   Technical Center "ATLAS" and by Center of Certificational
657	   Investigations in appropriate levels of target_of_evaluation (TOE),
658	   according to [RFDSL], [RFLLIC] and [CRYPTOLIC].

660	   Use of different parameter sets is NOT RECOMENDED. When different
661	   parameters are used it is RECCOMENDED to subject them to examination
662	   by an authorized agency with approved methods of cryptographic
663	   analysis.

665	10 Appendix ASN.1 Modules

667	10.1  Cryptographic-Gost-Useful-Definitions

669	Cryptographic-Gost-Useful-Definitions
670	    { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
671	      other(1) modules(1) cryptographic-Gost-Useful-Definitions(0)
672	1 }
673	DEFINITIONS ::=
674	BEGIN
675	-- EXPORTS All --
676	-- The types and values defined in this module are exported for
677	-- use in the other ASN.1 modules contained within the Russian
678	-- Cryptography "GOST" & "GOST R" Specifications, and for the use
679	-- of other applications which will use them to access Russian
680	-- Cryptography services. Other applications may use them for
681	-- their own purposes, but this will not constrain extensions and
682	-- modifications needed to maintain or improve the Russian
683	-- Cryptography service.
684	  -- Crypto-Pro OID branch
685	    id-CryptoPro OBJECT IDENTIFIER ::=
686	        { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) }
687	    id-CryptoPro-algorithms OBJECT IDENTIFIER ::=
688	        id-CryptoPro
689	    id-CryptoPro-modules OBJECT IDENTIFIER ::=
690	        { id-CryptoPro other(1) modules(1) }
691	    id-CryptoPro-hashes OBJECT IDENTIFIER ::=
692	        { id-CryptoPro-algorithms hashes(30) }
693	    id-CryptoPro-encrypts OBJECT IDENTIFIER ::=
694	        { id-CryptoPro-algorithms encrypts(31) }
695	    id-CryptoPro-signs OBJECT IDENTIFIER ::=
696	        { id-CryptoPro-algorithms signs(32) }
697	    id-CryptoPro-exchanges OBJECT IDENTIFIER ::=
698	        { id-CryptoPro-algorithms exchanges(33) }
699	    id-CryptoPro-extensions OBJECT IDENTIFIER ::=
700	        { id-CryptoPro extensions(34) }
701	    id-CryptoPro-ecc-signs OBJECT IDENTIFIER ::=
702	        { id-CryptoPro-algorithms ecc-signs(35) }
703	    id-CryptoPro-ecc-exchanges OBJECT IDENTIFIER ::=
704	        { id-CryptoPro-algorithms ecc-exchanges(36) }
705	    id-CryptoPro-private-keys OBJECT IDENTIFIER ::=
706	        { id-CryptoPro-algorithms private-keys(37) }
707	    id-CryptoPro-policyIds OBJECT IDENTIFIER ::=
708	      { id-CryptoPro policyIds(38) }
709	    id-CryptoPro-policyQt OBJECT IDENTIFIER ::=
710	        { id-CryptoPro policyQt(39) }
711	    id-CryptoPro-pkixcmp-infos OBJECT IDENTIFIER ::=
712	        { id-CryptoPro-algorithms pkixcmp-infos(41) }
713	    id-CryptoPro-audit-service-types OBJECT IDENTIFIER ::=
714	        { id-CryptoPro-algorithms audit-service-types(42) }
715	    id-CryptoPro-audit-record-types OBJECT IDENTIFIER ::=
716	        { id-CryptoPro-algorithms audit-record-types(43) }
717	    id-CryptoPro-attributes OBJECT IDENTIFIER ::=
718	        { id-CryptoPro-algorithms attributes(44) }
719	    id-CryptoPro-name-service-types OBJECT IDENTIFIER ::=
720	        { id-CryptoPro-algorithms name-service-types(45) }

722	  -- ASN.1 modules of Russian Cryptography "GOST" & "GOST R"
723	  -- Specifications
724	    cryptographic-Gost-Useful-Definitions OBJECT IDENTIFIER ::=
725	        { id-CryptoPro-modules
726	          cryptographic-Gost-Useful-Definitions(0) 1 }
727	  -- GOST R 34.11-94

729	    gostR3411-94-DigestSyntax OBJECT IDENTIFIER ::=
730	        { id-CryptoPro-modules gostR3411-94-DigestSyntax(1) 1 }
731	    gostR3411-94-ParamSetSyntax OBJECT IDENTIFIER ::=
732	        { id-CryptoPro-modules gostR3411-94-ParamSetSyntax(7) 1 }
733	  -- GOST R 34.10-94

735	    gostR3410-94-PKISyntax OBJECT IDENTIFIER ::=
736	        { id-CryptoPro-modules  gostR3410-94-PKISyntax(2) 1 }
737	    gostR3410-94-SignatureSyntax OBJECT IDENTIFIER ::=
738	        { id-CryptoPro-modules gostR3410-94-SignatureSyntax(3) 1 }
739	    gostR3410-EncryptionSyntax OBJECT IDENTIFIER ::=
740	        { id-CryptoPro-modules gostR3410-EncryptionSyntax(5) 2 }
741	    gostR3410-94-ParamSetSyntax OBJECT IDENTIFIER ::=
742	        { id-CryptoPro-modules  gostR3410-94-ParamSetSyntax(8) 1 }
743	  -- GOST R 34.10-2001

745	    gostR3410-2001-PKISyntax OBJECT IDENTIFIER ::=
746	        { id-CryptoPro-modules  gostR3410-2001-PKISyntax(9) 1 }
747	    gostR3410-2001-SignatureSyntax OBJECT IDENTIFIER ::=
748	        { id-CryptoPro-modules
749	          gostR3410-2001-SignatureSyntax(10) 1 }
750	    gostR3410-2001-ParamSetSyntax OBJECT IDENTIFIER ::=
751	        { id-CryptoPro-modules
752	          gostR3410-2001-ParamSetSyntax(12) 1 }
753	  -- GOST 28147-89

755	    gost28147-89-EncryptionSyntax OBJECT IDENTIFIER ::=
756	        { id-CryptoPro-modules gost28147-89-EncryptionSyntax(4) 1 }
757	    gost28147-89-ParamSetSyntax OBJECT IDENTIFIER ::=
758	        { id-CryptoPro-modules gost28147-89-ParamSetSyntax(6) 1 }
759	  -- Extended Key Usage for Crypto-Pro

761	    gost-CryptoPro-ExtendedKeyUsage OBJECT IDENTIFIER ::=
762	        { id-CryptoPro-modules
763	          gost-CryptoPro-ExtendedKeyUsage(13) 1 }
764	  -- Crypto-Pro Private keys

766	    gost-CryptoPro-PrivateKey OBJECT IDENTIFIER ::=
767	        { id-CryptoPro-modules gost-CryptoPro-PrivateKey(14) 1 }
768	  -- Crypto-Pro PKIXCMP structures
769	    gost-CryptoPro-PKIXCMP OBJECT IDENTIFIER ::=
770	        { id-CryptoPro-modules gost-CryptoPro-PKIXCMP(15) 1 }
771	  -- Crypto-Pro Transport Layer Security structures
772	    gost-CryptoPro-TransportLayerSecurity OBJECT IDENTIFIER ::=
773	        { id-CryptoPro-modules gost-CryptoPro-TransportLayerSecurit
774	y(16) 1 }

776	  -- Crypto-Pro Policy
777	    gost-CryptoPro-Policy OBJECT IDENTIFIER ::=
778	        { id-CryptoPro-modules gost-CryptoPro-Policy(17) 1 }
779	  -- Useful types
780	    ALGORITHM-IDENTIFIER ::= CLASS {
781	        &id    OBJECT IDENTIFIER UNIQUE,
782	        &Type  OPTIONAL
783	    }
784	    WITH SYNTAX { [&Type] IDENTIFIED BY &id }
785	END -- Cryptographic-Gost-Useful-Definitions

787	10.2  Gost28147-89-EncryptionSyntax

789	Gost28147-89-EncryptionSyntax
790	    { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
791	      other(1) modules(1) gost28147-89-EncryptionSyntax(4) 1 }
792	DEFINITIONS EXPLICIT TAGS ::=
793	BEGIN
794	-- EXPORTS All --
795	-- The types and values defined in this module are exported for
796	-- use in the other ASN.1 modules contained within the Russian
797	-- Cryptography "GOST" & "GOST R" Specifications, and for the use
798	-- of other applications which will use them to access Russian
799	-- Cryptography services. Other applications may use them for
800	-- their own purposes, but this will not constrain extensions and
801	-- modifications needed to maintain or improve the Russian
802	-- Cryptography service.
803	    IMPORTS
804	        id-CryptoPro-algorithms, id-CryptoPro-encrypts,
805	        ALGORITHM-IDENTIFIER,
806	        cryptographic-Gost-Useful-Definitions
807	        FROM Cryptographic-Gost-Useful-Definitions
808	            { iso(1) member-body(2) ru(643) rans(2)
809	              cryptopro(2) other(1) modules(1)
810	              cryptographic-Gost-Useful-Definitions(0) 1 }
811	    ;
812	  -- GOST 28147-89 OID
813	    id-Gost28147-89 OBJECT IDENTIFIER ::=
814	        { id-CryptoPro-algorithms gost28147-89(21) }
815	    id-Gost28147-89-MAC OBJECT IDENTIFIER ::=
816	        { id-CryptoPro-algorithms gost28147-89-MAC(22) }

818	  -- GOST 28147-89 cryptographic parameter sets OIDs
819	    id-Gost28147-89-TestParamSet OBJECT IDENTIFIER ::=
820	        { id-CryptoPro-encrypts test(0) }
821	    id-Gost28147-89-CryptoPro-A-ParamSet OBJECT IDENTIFIER ::=
822	        { id-CryptoPro-encrypts cryptopro-A(1) }
823	    id-Gost28147-89-CryptoPro-B-ParamSet OBJECT IDENTIFIER ::=
824	        { id-CryptoPro-encrypts cryptopro-B(2) }
825	    id-Gost28147-89-CryptoPro-C-ParamSet OBJECT IDENTIFIER ::=
826	        { id-CryptoPro-encrypts cryptopro-C(3) }
827	    id-Gost28147-89-CryptoPro-D-ParamSet OBJECT IDENTIFIER ::=
828	        { id-CryptoPro-encrypts cryptopro-D(4) }
829	    id-Gost28147-89-CryptoPro-Oscar-ParamSet
830	        OBJECT IDENTIFIER ::=
831	           { id-CryptoPro-encrypts cryptopro-Oscar(5) }
832	    id-Gost28147-89-CryptoPro-Simple-A-ParamSet
833	        OBJECT IDENTIFIER ::=
834	           { id-CryptoPro-encrypts cryptopro-Simple-A(6) }
835	    id-Gost28147-89-CryptoPro-Simple-B-ParamSet
836	        OBJECT IDENTIFIER ::=
837	           { id-CryptoPro-encrypts cryptopro-Simple-B(7) }
838	    id-Gost28147-89-CryptoPro-Simple-C-ParamSet
839	        OBJECT IDENTIFIER ::=
840	           { id-CryptoPro-encrypts cryptopro-Simple-C(8) }
841	    id-Gost28147-89-CryptoPro-Simple-D-ParamSet
842	        OBJECT IDENTIFIER ::=
843	           { id-CryptoPro-encrypts cryptopro-Simple-D(9) }
844	  -- GOST 28147-89 Types
845	    Gost28147-89-Data ::= OCTET STRING (SIZE (0..4294967294))
846	    Gost28147-89-EncryptedData ::=
847	        OCTET STRING (SIZE (0..4294967294))
848	    Gost28147-89-UZ ::= OCTET STRING (SIZE (64))
849	    Gost28147-89-IV ::= OCTET STRING (SIZE (8))
850	    Gost28147-89-Key ::= OCTET STRING (SIZE (32))
851	    Gost28147-89-MAC ::= OCTET STRING (SIZE (1..4))
852	    Gost28147-89-EncryptedKey ::=
853	        SEQUENCE {
854	            encryptedKey         Gost28147-89-Key,
855	            maskKey              [0] IMPLICIT Gost28147-89-Key OPTI
856	ONAL,
857	            macKey               Gost28147-89-MAC (SIZE (4))
858	        }
859	    Gost28147-89-BlobParameters ::=
860	        SEQUENCE {
861	            encryptionParamSet
862	                OBJECT IDENTIFIER (
863	                    id-Gost28147-89-TestParamSet |      -- Only for
864	 testing purposes
865	                    id-Gost28147-89-CryptoPro-A-ParamSet |
866	                    id-Gost28147-89-CryptoPro-B-ParamSet |
867	                    id-Gost28147-89-CryptoPro-C-ParamSet |
868	                    id-Gost28147-89-CryptoPro-D-ParamSet |
869	                    id-Gost28147-89-CryptoPro-Simple-A-ParamSet |
870	                    id-Gost28147-89-CryptoPro-Simple-B-ParamSet |
871	                    id-Gost28147-89-CryptoPro-Simple-C-ParamSet |
872	                    id-Gost28147-89-CryptoPro-Simple-D-ParamSet
873	                ),
874	            ...
875	        }
876	  -- GOST 28147-89 encryption algorithm parameters
877	    Gost28147-89-Parameters ::=
878	        SEQUENCE {
879	            iv                   Gost28147-89-IV,
880	            encryptionParamSet
881	                OBJECT IDENTIFIER (
882	                    id-Gost28147-89-TestParamSet | -- Only for test
883	ing purposes
884	                    id-Gost28147-89-CryptoPro-A-ParamSet |
885	                    id-Gost28147-89-CryptoPro-B-ParamSet |
886	                    id-Gost28147-89-CryptoPro-C-ParamSet |
887	                    id-Gost28147-89-CryptoPro-D-ParamSet |
888	                    id-Gost28147-89-CryptoPro-Simple-A-ParamSet |
889	                    id-Gost28147-89-CryptoPro-Simple-B-ParamSet |
890	                    id-Gost28147-89-CryptoPro-Simple-C-ParamSet |
891	                    id-Gost28147-89-CryptoPro-Simple-D-ParamSet
892	                )
893	        }
894	    Gost28147-89-Algorithms ALGORITHM-IDENTIFIER ::= {
895	        { Gost28147-89-Parameters IDENTIFIED BY
896	                        id-Gost28147-89 }
897	    }
898	END -- Gost28147-89-EncryptionSyntax

900	10.3  Gost28147-89-ParamSetSyntax

902	Gost28147-89-ParamSetSyntax
903	    { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
904	      other(1) modules(1) gost28147-89-ParamSetSyntax(6) 1 }
905	DEFINITIONS EXPLICIT TAGS ::=
906	BEGIN
907	-- EXPORTS All --
908	-- The types and values defined in this module are exported for
909	-- use in the other ASN.1 modules contained within the Russian
910	-- Cryptography "GOST" & "GOST R" Specifications, and for the use
911	-- of other applications which will use them to access Russian
912	-- Cryptography services. Other applications may use them for
913	-- their own purposes, but this will not constrain extensions and
914	-- modifications needed to maintain or improve the Russian
915	-- Cryptography service.
916	    IMPORTS
917	        id-CryptoPro-algorithms, id-CryptoPro-encrypts,
918	        gost28147-89-EncryptionSyntax, ALGORITHM-IDENTIFIER,
919	        cryptographic-Gost-Useful-Definitions
920	        FROM Cryptographic-Gost-Useful-Definitions
921	            { iso(1) member-body(2) ru(643) rans(2)
922	              cryptopro(2) other(1) modules(1)
923	              cryptographic-Gost-Useful-Definitions(0) 1 }
924	        Gost28147-89-UZ,
925	        id-Gost28147-89-TestParamSet,
926	        id-Gost28147-89-CryptoPro-A-ParamSet,
927	        id-Gost28147-89-CryptoPro-B-ParamSet,
928	        id-Gost28147-89-CryptoPro-C-ParamSet,
929	        id-Gost28147-89-CryptoPro-D-ParamSet,
930	        id-Gost28147-89-CryptoPro-Simple-A-ParamSet,
931	        id-Gost28147-89-CryptoPro-Simple-B-ParamSet,
932	        id-Gost28147-89-CryptoPro-Simple-C-ParamSet,
933	        id-Gost28147-89-CryptoPro-Simple-D-ParamSet
934	        FROM Gost28147-89-EncryptionSyntax
935	             gost28147-89-EncryptionSyntax
936	        AlgorithmIdentifier
937	        FROM PKIX1Explicit88 {iso(1) identified-organization(3)
938	        dod(6) internet(1) security(5) mechanisms(5) pkix(7)
939	        id-mod(0) id-pkix1-explicit-88(1)}
940	    ;
941	  -- GOST 28147-89 cryptographic parameter sets:
942	  -- OIDs for parameter sets are imported from
943	  -- Gost28147-89-EncryptionSyntax
944	  Gost28147-89-ParamSetParameters ::=
945	    SEQUENCE {
946	        eUZ             Gost28147-89-UZ,
947	        mode            INTEGER {
948	                            gost28147-89-CNT(0),
949	                            gost28147-89-CFB(1),
950	                            cryptoPro-CBC(2)
951	                        },
952	        shiftBits       INTEGER { gost28147-89-block(64) },
953	        keyWrap         AlgorithmIdentifier,
954	        keyMeshing      AlgorithmIdentifier
955	    }
956	  Gost28147-89-ParamSetAlgorithms ALGORITHM-IDENTIFIER ::= {
957	    { Gost28147-89-ParamSetParameters IDENTIFIED BY
958	                id-Gost28147-89-TestParamSet  } |
959	    { Gost28147-89-ParamSetParameters IDENTIFIED BY
960	                id-Gost28147-89-CryptoPro-A-ParamSet  } |
961	    { Gost28147-89-ParamSetParameters IDENTIFIED BY
962	                id-Gost28147-89-CryptoPro-B-ParamSet  } |
963	    { Gost28147-89-ParamSetParameters IDENTIFIED BY
964	                id-Gost28147-89-CryptoPro-C-ParamSet  } |
965	    { Gost28147-89-ParamSetParameters IDENTIFIED BY
966	                id-Gost28147-89-CryptoPro-D-ParamSet  } |
967	    { Gost28147-89-ParamSetParameters IDENTIFIED BY
968	                id-Gost28147-89-CryptoPro-Simple-A-ParamSet  } |
969	    { Gost28147-89-ParamSetParameters IDENTIFIED BY
970	                id-Gost28147-89-CryptoPro-Simple-B-ParamSet  } |
971	    { Gost28147-89-ParamSetParameters IDENTIFIED BY
972	                id-Gost28147-89-CryptoPro-Simple-C-ParamSet  } |
973	    { Gost28147-89-ParamSetParameters IDENTIFIED BY
974	                id-Gost28147-89-CryptoPro-Simple-D-ParamSet  }
975	  }
976	  id-Gost28147-89-CryptoPro-KeyWrap OBJECT IDENTIFIER ::=
977	    { id-CryptoPro-algorithms keyWrap(13) cryptoPro(1) }
978	  id-Gost28147-89-None-KeyWrap OBJECT IDENTIFIER ::=
979	    { id-CryptoPro-algorithms keyWrap(13) none(0) }
980	  Gost28147-89-KeyWrapAlgorithms  ALGORITHM-IDENTIFIER ::= {
981	    { NULL IDENTIFIED BY id-Gost28147-89-CryptoPro-KeyWrap } |
982	    { NULL IDENTIFIED BY id-Gost28147-89-None-KeyWrap }
983	  }
984	  id-Gost28147-89-CryptoPro-KeyMeshing  OBJECT IDENTIFIER ::=
985	    { id-CryptoPro-algorithms keyMeshing(14) cryptoPro(1) }
986	  id-Gost28147-89-None-KeyMeshing OBJECT IDENTIFIER ::=
987	    { id-CryptoPro-algorithms keyMeshing(14) none(0) }
988	  Gost28147-89-KeyMeshingAlgorithms  ALGORITHM-IDENTIFIER ::= {
989	    { NULL IDENTIFIED BY id-Gost28147-89-CryptoPro-KeyMeshing } |
990	    { NULL IDENTIFIED BY id-Gost28147-89-None-KeyMeshing }
991	  }
992	  -- GOST 28147-89 cryptographic parameter set: values
993	    -- Test parameter set
994	  gost28147-89-UZ-Test Gost28147-89-UZ ::=
995	   '4CDE389C2989EFB6FFEB56C55EC29B029875613B113F896003970C798AA1D55
996	DE210AD43375DB38EB42C77E7CD46CAFAD66A201F70F41EA4AB03F22165B844D8'H
997	  gost28147-89-TestParamSetAI
998	    AlgorithmIdentifier ::= {
999	      algorithm
1000	        id-Gost28147-89-TestParamSet,
1001	      parameters
1002	        Gost28147-89-ParamSetParameters:{
1003	          eUZ           gost28147-89-UZ-Test,
1004	          mode          gost28147-89-CNT,
1005	          shiftBits     64,
1006	          keyWrap       { algorithm id-Gost28147-89-None-KeyWrap },
1007	          keyMeshing    { algorithm id-Gost28147-89-None-KeyMeshing
1008	 }
1009	        }

1011	    }
1012	  -- CryptoPro parameter sets
1013	  gost28147-89-UZ-CryptoPro-A Gost28147-89-UZ ::=
1014	   -- K1 K2 K3 K4 K5 K6 K7 K8
1015	   -- 9  3  E  E  B  3  1  B
1016	   -- 6  7  4  7  5  A  D  A
1017	   -- 3  E  6  A  1  D  2  F
1018	   -- 2  9  2  C  9  C  9  5
1019	   -- 8  8  B  D  8  1  7  0
1020	   -- B  A  3  1  D  2  A  C
1021	   -- 1  F  D  3  F  0  6  E
1022	   -- 7  0  8  9  0  B  0  8
1023	   -- A  5  C  0  E  7  8  6
1024	   -- 4  2  F  2  4  5  C  2
1025	   -- E  6  5  B  2  9  4  3
1026	   -- F  C  A  4  3  4  5  9
1027	   -- C  B  0  F  C  8  F  1
1028	   -- 0  4  7  8  7  F  3  7
1029	   -- D  D  1  5  A  E  B  D
1030	   -- 5  1  9  6  6  6  E  4
1031	   '93EEB31B67475ADA3E6A1D2F292C9C9588BD8170BA31D2AC1FD3F06E70890B0
1032	8A5C0E78642F245C2E65B2943FCA43459CB0FC8F104787F37DD15AEBD519666E4'H
1033	    gost28147-89-CryptoPro-A-ParamSetAI
1034	        AlgorithmIdentifier  ::=
1035	        {
1036	            algorithm
1037	                id-Gost28147-89-CryptoPro-A-ParamSet,
1038	            parameters
1039	                Gost28147-89-ParamSetParameters:{
1040	                    eUZ         gost28147-89-UZ-CryptoPro-A,
1041	                    mode        gost28147-89-CFB,
1042	                    shiftBits   64,
1043	                    keyWrap
1044	                        { algorithm id-Gost28147-89-CryptoPro-KeyWr
1045	ap },
1046	                    keyMeshing
1047	                        { algorithm id-Gost28147-89-CryptoPro-KeyMe
1048	shing }
1049	                }
1050	        }
1051	    --
1052	  gost28147-89-UZ-CryptoPro-B Gost28147-89-UZ ::=
1053	   -- K1 K2 K3 K4 K5 K6 K7 K8
1054	   -- 8  0  E  7  2  8  5  0
1055	   -- 4  1  C  5  7  3  2  4
1056	   -- B  2  0  0  C  2  A  B
1057	   -- 1  A  A  D  F  6  B  E
1058	   -- 3  4  9  B  9  4  9  8
1059	   -- 5  D  2  6  5  D  1  3
1060	   -- 0  5  D  1  A  E  C  7
1061	   -- 9  C  B  2  B  B  3  1
1062	   -- 2  9  7  3  1  C  7  A
1063	   -- E  7  5  A  4  1  4  2
1064	   -- A  3  8  C  0  7  D  9
1065	   -- C  F  F  F  D  F  0  6
1066	   -- D  B  3  4  6  A  6  F
1067	   -- 6  8  6  E  8  0  F  D
1068	   -- 7  6  1  9  E  9  8  5
1069	   -- F  E  4  8  3  5  E  C
1070	   '80E7285041C57324B200C2AB1AADF6BE349B94985D265D1305D1AEC79CB2BB3
1071	129731C7AE75A4142A38C07D9CFFFDF06DB346A6F686E80FD7619E985FE4835EC'H
1072	    gost28147-89-CryptoPro-B-ParamSetAI
1073	        AlgorithmIdentifier ::=
1074	        {
1075	            algorithm
1076	                id-Gost28147-89-CryptoPro-B-ParamSet,
1077	            parameters
1078	                Gost28147-89-ParamSetParameters:{
1079	                    eUZ         gost28147-89-UZ-CryptoPro-B,
1080	                    mode        gost28147-89-CFB,
1081	                    shiftBits   64,
1082	                    keyWrap
1083	                        { algorithm id-Gost28147-89-CryptoPro-KeyWr
1084	ap },
1085	                    keyMeshing
1086	                        { algorithm id-Gost28147-89-CryptoPro-KeyMe
1087	shing }
1088	                }
1089	        }
1090	    --
1091	  gost28147-89-UZ-CryptoPro-C Gost28147-89-UZ ::=
1092	   -- K1 K2 K3 K4 K5 K6 K7 K8
1093	   -- 1  0  8  3  8  C  A  7
1094	   -- B  1  2  6  D  9  9  4
1095	   -- C  7  5  0  B  B  6  0
1096	   -- 2  D  0  1  0  1  8  5
1097	   -- 9  B  4  5  4  8  D  A
1098	   -- D  4  9  D  5  E  E  2
1099	   -- 0  5  F  A  1  2  2  F
1100	   -- F  2  A  8  2  4  0  E
1101	   -- 4  8  3  B  9  7  F  C
1102	   -- 5  E  7  2  3  3  3  6
1103	   -- 8  F  C  9  C  6  5  1
1104	   -- E  C  D  7  E  5  B  B
1105	   -- A  9  6  E  6  A  4  D
1106	   -- 7  A  E  F  F  0  1  9
1107	   -- 6  6  1  C  A  F  C  3
1108	   -- 3  3  B  4  7  D  7  8
1109	   '10838CA7B126D994C750BB602D0101859B4548DAD49D5EE205FA122FF2A8240
1110	E483B97FC5E7233368FC9C651ECD7E5BBA96E6A4D7AEFF019661CAFC333B47D78'H
1111	    gost28147-89-CryptoPro-C-ParamSetAI
1112	        AlgorithmIdentifier ::=
1113	        {
1114	            algorithm
1115	                id-Gost28147-89-CryptoPro-C-ParamSet,
1116	            parameters
1117	                Gost28147-89-ParamSetParameters:{
1118	                    eUZ         gost28147-89-UZ-CryptoPro-C,
1119	                    mode        gost28147-89-CFB,
1120	                    shiftBits   64,
1121	                    keyWrap
1122	                        { algorithm id-Gost28147-89-CryptoPro-KeyWr
1123	ap },
1124	                    keyMeshing
1125	                        { algorithm id-Gost28147-89-CryptoPro-KeyMe
1126	shing }
1127	                }
1128	        }
1129	    --
1130	  gost28147-89-UZ-CryptoPro-D Gost28147-89-UZ ::=
1131	   -- K1 K2 K3 K4 K5 K6 K7 K8
1132	   -- F  B  1  1  0  8  3  1
1133	   -- C  6  C  5  C  0  0  A
1134	   -- 2  3  B  E  8  F  6  6
1135	   -- A  4  0  C  9  3  F  8
1136	   -- 6  C  F  A  D  2  1  F
1137	   -- 4  F  E  7  2  5  E  B
1138	   -- 5  E  6  0  A  E  9  0
1139	   -- 0  2  5  D  B  B  2  4
1140	   -- 7  7  A  6  7  1  D  C
1141	   -- 9  D  D  2  3  A  8  3
1142	   -- E  8  4  B  6  4  C  5
1143	   -- D  0  8  4  5  7  4  9
1144	   -- 1  5  9  9  4  C  B  7
1145	   -- B  A  3  3  E  9  A  D
1146	   -- 8  9  7  F  F  D  5  2
1147	   -- 3  1  2  8  1  6  7  E'H
1148	   'FB110831C6C5C00A23BE8F66A40C93F86CFAD21F4FE725EB5E60AE90025DBB2
1149	477A671DC9DD23A83E84B64C5D084574915994CB7BA33E9AD897FFD523128167E'H
1150	    gost28147-89-CryptoPro-D-ParamSetAI
1151	        AlgorithmIdentifier ::=
1152	        {
1153	            algorithm
1154	                id-Gost28147-89-CryptoPro-D-ParamSet,

1156	            parameters
1157	                Gost28147-89-ParamSetParameters:{
1158	                    eUZ         gost28147-89-UZ-CryptoPro-D,
1159	                    mode        gost28147-89-CFB,
1160	                    shiftBits   64,
1161	                    keyWrap
1162	                        { algorithm id-Gost28147-89-CryptoPro-KeyWr
1163	ap },
1164	                    keyMeshing
1165	                        { algorithm id-Gost28147-89-CryptoPro-KeyMe
1166	shing }
1167	                }
1168	        }
1169	    --
1170	    gost28147-89-CryptoPro-Simple-A-ParamSetAI
1171	        AlgorithmIdentifier ::=
1172	        {
1173	            algorithm
1174	                id-Gost28147-89-CryptoPro-Simple-A-ParamSet,
1175	            parameters
1176	                Gost28147-89-ParamSetParameters:{
1177	                    eUZ         gost28147-89-UZ-CryptoPro-A,
1178	                    mode        gost28147-89-CFB,
1179	                    shiftBits   64,
1180	                    keyWrap
1181	                        { algorithm id-Gost28147-89-None-KeyWrap },
1182	                    keyMeshing
1183	                        { algorithm id-Gost28147-89-CryptoPro-KeyMe
1184	shing }
1185	                }
1186	        }
1187	    --
1188	    gost28147-89-CryptoPro-Simple-B-ParamSetAI
1189	        AlgorithmIdentifier ::=
1190	        {
1191	            algorithm
1192	                id-Gost28147-89-CryptoPro-Simple-B-ParamSet,
1193	            parameters
1194	                Gost28147-89-ParamSetParameters:{
1195	                    eUZ         gost28147-89-UZ-CryptoPro-B,
1196	                    mode        gost28147-89-CFB,
1197	                    shiftBits   64,
1198	                    keyWrap
1199	                        { algorithm id-Gost28147-89-None-KeyWrap },
1200	                    keyMeshing
1201	                        { algorithm id-Gost28147-89-CryptoPro-KeyMe
1202	shing }
1203	                }

1205	        }
1206	    --
1207	    gost28147-89-CryptoPro-Simple-C-ParamSetAI
1208	        AlgorithmIdentifier ::=
1209	        {
1210	            algorithm
1211	                id-Gost28147-89-CryptoPro-Simple-C-ParamSet,
1212	            parameters
1213	                Gost28147-89-ParamSetParameters:{
1214	                    eUZ         gost28147-89-UZ-CryptoPro-C,
1215	                    mode        gost28147-89-CFB,
1216	                    shiftBits   64,
1217	                    keyWrap
1218	                        { algorithm id-Gost28147-89-None-KeyWrap },
1219	                    keyMeshing
1220	                        { algorithm id-Gost28147-89-CryptoPro-KeyMe
1221	shing }
1222	                }
1223	        }
1224	    --
1225	    gost28147-89-CryptoPro-Simple-D-ParamSetAI
1226	        AlgorithmIdentifier ::=
1227	        {
1228	            algorithm
1229	                id-Gost28147-89-CryptoPro-Simple-D-ParamSet,
1230	            parameters
1231	                Gost28147-89-ParamSetParameters:{
1232	                    eUZ         gost28147-89-UZ-CryptoPro-D,
1233	                    mode        gost28147-89-CFB,
1234	                    shiftBits   64,
1235	                    keyWrap
1236	                        { algorithm id-Gost28147-89-None-KeyWrap },
1237	                    keyMeshing
1238	                        { algorithm id-Gost28147-89-CryptoPro-KeyMe
1239	shing }
1240	                }
1241	        }
1242	END -- Gost28147-89-ParamSetSyntax

1244	10.4  GostR3411-94-DigestSyntax

1246	GostR3411-94-DigestSyntax
1247	    { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
1248	      other(1) modules(1) gostR3411-94-DigestSyntax(1) 1 }
1249	DEFINITIONS ::=
1250	BEGIN
1251	-- EXPORTS All --
1252	-- The types and values defined in this module are exported for
1253	-- use in the other ASN.1 modules contained within the Russian
1254	-- Cryptography "GOST" & "GOST R" Specifications, and for the use
1255	-- of other applications which will use them to access Russian
1256	-- Cryptography services. Other applications may use them for
1257	-- their own purposes, but this will not constrain extensions and
1258	-- modifications needed to maintain or improve the Russian
1259	-- Cryptography service.
1260	    IMPORTS
1261	        id-CryptoPro-algorithms, id-CryptoPro-hashes,
1262	        gost28147-89-EncryptionSyntax, ALGORITHM-IDENTIFIER,
1263	        cryptographic-Gost-Useful-Definitions
1264	        FROM Cryptographic-Gost-Useful-Definitions
1265	            { iso(1) member-body(2) ru(643) rans(2)
1266	              cryptopro(2) other(1) modules(1)
1267	              cryptographic-Gost-Useful-Definitions(0) 1 }
1268	        Gost28147-89-Data, Gost28147-89-UZ
1269	        FROM Gost28147-89-EncryptionSyntax
1270	             gost28147-89-EncryptionSyntax
1271	    ;
1272	  -- GOST R 34.11-94 OID
1273	    id-GostR3411-94 OBJECT IDENTIFIER ::=
1274	        { id-CryptoPro-algorithms gostR3411-94(9) }
1275	  -- GOST R 34.11-94 cryptographic parameter set OIDs
1276	    id-GostR3411-94-TestParamSet OBJECT IDENTIFIER ::=
1277	        { id-CryptoPro-hashes test(0) }
1278	    id-GostR3411-94-CryptoProParamSet OBJECT IDENTIFIER ::=
1279	        { id-CryptoPro-hashes cryptopro(1) }
1280	  -- GOST R 34.11-94 data types
1281	    GostR3411-94-Data ::= Gost28147-89-Data
1282	    GostR3411-94-Digest ::= OCTET STRING (SIZE (32))
1283	  -- GOST R 34.11-94 digest algorithm & parameters
1284	    GostR3411-94-DigestParameters ::=
1285	        OBJECT IDENTIFIER (
1286	                id-GostR3411-94-TestParamSet |  -- Only for testing
1287	 purposes
1288	                id-GostR3411-94-CryptoProParamSet
1289	        )
1290	    GostR3411-94-DigestAlgorithms ALGORITHM-IDENTIFIER ::= {
1291	        { NULL IDENTIFIED BY id-GostR3411-94 } |
1292	                -- Assume id-GostR3411-94-CryptoProParamSet
1293	        { GostR3411-94-DigestParameters
1294	                IDENTIFIED BY id-GostR3411-94 }
1295	    }
1296	END -- GostR3411-94-DigestSyntax

1298	10.5  GostR3411-94-ParamSetSyntax

1300	GostR3411-94-ParamSetSyntax
1301	    { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
1302	      other(1) modules(1) gostR3411-94-ParamSetSyntax(7) 1 }
1303	DEFINITIONS ::=
1304	BEGIN
1305	-- EXPORTS All --
1306	-- The types and values defined in this module are exported for
1307	-- use in the other ASN.1 modules contained within the Russian
1308	-- Cryptography "GOST" & "GOST R" Specifications, and for the use
1309	-- of other applications which will use them to access Russian
1310	-- Cryptography services. Other applications may use them for
1311	-- their own purposes, but this will not constrain extensions and
1312	-- modifications needed to maintain or improve the Russian
1313	-- Cryptography service.
1314	    IMPORTS
1315	        id-CryptoPro-algorithms, id-CryptoPro-hashes,
1316	        gost28147-89-EncryptionSyntax,
1317	        gostR3411-94-DigestSyntax, ALGORITHM-IDENTIFIER,
1318	        cryptographic-Gost-Useful-Definitions
1319	        FROM Cryptographic-Gost-Useful-Definitions
1320	            { iso(1) member-body(2) ru(643) rans(2)
1321	              cryptopro(2) other(1) modules(1)
1322	              cryptographic-Gost-Useful-Definitions(0) 1 }
1323	        Gost28147-89-UZ
1324	        FROM Gost28147-89-EncryptionSyntax
1325	             gost28147-89-EncryptionSyntax
1326	        id-GostR3411-94-TestParamSet,
1327	        id-GostR3411-94-CryptoProParamSet,
1328	        GostR3411-94-Digest
1329	        FROM GostR3411-94-DigestSyntax gostR3411-94-DigestSyntax
1330	        AlgorithmIdentifier
1331	        FROM PKIX1Explicit88 {iso(1) identified-organization(3)
1332	        dod(6) internet(1) security(5) mechanisms(5) pkix(7)
1333	        id-mod(0) id-pkix1-explicit-88(1)}
1334	    ;
1335	  -- GOST R 34.11-94 cryptographic parameter sets:
1336	  -- OIDs for parameter sets are imported from GostR3411-94-DigestS
1337	yntax
1338	    GostR3411-94-ParamSetParameters ::=
1339	        SEQUENCE {
1340	            hUZ Gost28147-89-UZ,    -- S-Box for digest
1341	            h0  GostR3411-94-Digest -- initial digest value
1342	        }
1343	    GostR3411-94-ParamSetAlgorithms ALGORITHM-IDENTIFIER ::= {
1344	        { GostR3411-94-ParamSetParameters IDENTIFIED BY
1345	                id-GostR3411-94-TestParamSet
1346	        } |
1347	        { GostR3411-94-ParamSetParameters IDENTIFIED BY
1348	                id-GostR3411-94-CryptoProParamSet

1350	        }
1351	    }
1352	    -- GOST R 34.11-94 Tests parameter set
1353	    -- (GOST R 34.11-94 Annex A. Test vector)
1354	    gostR3411TestParamSetAI
1355	        AlgorithmIdentifier ::=
1356	        {
1357	            algorithm
1358	                id-GostR3411-94-TestParamSet,
1359	            parameters
1360	                GostR3411-94-ParamSetParameters:{
1361	                    hUZ
1362	                       -- pi1 pi2 pi3 pi4 pi5 pi6 pi7 pi8
1363	                       -- 4   E   5   7   6   4   D   1
1364	                       -- A   B   8   D   C   B   B   F
1365	                       -- 9   4   1   A   7   A   4   D
1366	                       -- 2   C   D   1   1   0   1   0
1367	                       -- D   6   A   0   5   7   3   5
1368	                       -- 8   D   3   8   F   2   F   7
1369	                       -- 0   F   4   9   D   1   5   A
1370	                       -- E   A   2   F   8   D   9   4
1371	                       -- 6   2   E   E   4   3   0   9
1372	                       -- B   3   F   4   A   6   A   2
1373	                       -- 1   8   C   6   9   8   E   3
1374	                       -- C   1   7   C   E   5   7   E
1375	                       -- 7   0   6   B   0   9   6   6
1376	                       -- F   7   0   2   3   C   8   B
1377	                       -- 5   5   9   5   B   F   2   8
1378	                       -- 3   9   B   3   2   E   C   C
1379	                         '4E5764D1AB8DCBBF941A7A4D2CD11010D6A057358
1380	D38F2F70F49D15AEA2F8D9462EE4309B3F4A6A218C698E3C17CE57E706B0966F702
1381	3C8B5595BF2839B32ECC'H,
1382	                    h0   '00000000000000000000000000000000000000000
1383	00000000000000000000000'H
1384	                }
1385	        }
1386	    -- CryptoPro parameters
1387	    gostR3411CryptoProParamSetAI
1388	        AlgorithmIdentifier ::=
1389	        {
1390	            algorithm
1391	                id-GostR3411-94-CryptoProParamSet,
1392	            parameters
1393	                GostR3411-94-ParamSetParameters:{
1394	                    hUZ
1395	                       -- pi1 pi2 pi3 pi4 pi5 pi6 pi7 pi8
1396	                       -- A   5   7   4   7   7   D   1
1397	                       -- 4   F   F   A   6   6   E   3
1398	                       -- 5   4   C   7   4   2   4   A
1399	                       -- 6   0   E   C   B   4   1   9
1400	                       -- 8   2   9   0   9   D   7   5
1401	                       -- 1   D   4   F   C   9   0   B
1402	                       -- 3   B   1   2   2   F   5   4
1403	                       -- 7   9   0   8   A   0   A   F
1404	                       -- D   1   3   E   1   A   3   8
1405	                       -- C   7   B   1   8   1   C   6
1406	                       -- E   6   5   6   0   5   8   7
1407	                       -- 0   3   2   5   E   B   F   E
1408	                       -- 9   C   6   D   F   8   6   D
1409	                       -- 2   E   A   B   D   E   2   0
1410	                       -- B   A   8   9   3   C   9   2
1411	                       -- F   8   D   3   5   3   B   C
1412	                         'A57477D14FFA66E354C7424A60ECB41982909D751
1413	D4FC90B3B122F547908A0AFD13E1A38C7B181C6E65605870325EBFE9C6DF86D2EAB
1414	DE20BA893C92F8D353BC'H,
1415	                    h0   '00000000000000000000000000000000000000000
1416	00000000000000000000000'H
1417	                }
1418	        }
1419	END -- GostR3411-94-ParamSetSyntax

1421	10.6  GostR3410-94-PKISyntax

1423	GostR3410-94-PKISyntax
1424	    { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
1425	      other(1) modules(1) gostR3410-94-PKISyntax(2) 1 }
1426	DEFINITIONS ::=
1427	BEGIN
1428	-- EXPORTS All --
1429	-- The types and values defined in this module are exported for
1430	-- use in the other ASN.1 modules contained within the Russian
1431	-- Cryptography "GOST" & "GOST R" Specifications, and for the use
1432	-- of other applications which will use them to access Russian
1433	-- Cryptography services. Other applications may use them for
1434	-- their own purposes, but this will not constrain extensions and
1435	-- modifications needed to maintain or improve the Russian
1436	-- Cryptography service.
1437	    IMPORTS
1438	        id-CryptoPro-algorithms,
1439	        id-CryptoPro-signs, id-CryptoPro-exchanges,
1440	        gost28147-89-EncryptionSyntax,
1441	        gostR3411-94-DigestSyntax, ALGORITHM-IDENTIFIER,
1442	        cryptographic-Gost-Useful-Definitions
1443	        FROM Cryptographic-Gost-Useful-Definitions
1444	            { iso(1) member-body(2) ru(643) rans(2)
1445	              cryptopro(2) other(1) modules(1)
1446	              cryptographic-Gost-Useful-Definitions(0) 1 }
1447	        id-Gost28147-89-TestParamSet,
1448	        id-Gost28147-89-CryptoPro-A-ParamSet,
1449	        id-Gost28147-89-CryptoPro-B-ParamSet,
1450	        id-Gost28147-89-CryptoPro-C-ParamSet,
1451	        id-Gost28147-89-CryptoPro-D-ParamSet,
1452	        id-Gost28147-89-CryptoPro-Simple-A-ParamSet,
1453	        id-Gost28147-89-CryptoPro-Simple-B-ParamSet,
1454	        id-Gost28147-89-CryptoPro-Simple-C-ParamSet,
1455	        id-Gost28147-89-CryptoPro-Simple-D-ParamSet
1456	        FROM Gost28147-89-EncryptionSyntax
1457	             gost28147-89-EncryptionSyntax
1458	        id-GostR3411-94-TestParamSet,
1459	        id-GostR3411-94-CryptoProParamSet
1460	        FROM GostR3411-94-DigestSyntax gostR3411-94-DigestSyntax
1461	    ;
1462	  -- GOST R 34.10-94 OIDs
1463	    id-GostR3410-94 OBJECT IDENTIFIER ::=
1464	        { id-CryptoPro-algorithms gostR3410-94(20) }
1465	    id-GostR3411-94-with-GostR3410-94 OBJECT IDENTIFIER ::=
1466	        { id-CryptoPro-algorithms
1467	          gostR3411-94-with-gostR3410-94(4) }
1468	  -- GOST R 34.10-94 public key parameter set OIDs
1469	    id-GostR3410-94-TestParamSet OBJECT IDENTIFIER ::=
1470	        { id-CryptoPro-signs test(0) }
1471	    id-GostR3410-94-CryptoPro-A-ParamSet OBJECT IDENTIFIER ::=
1472	        { id-CryptoPro-signs cryptopro-A(2) }
1473	    id-GostR3410-94-CryptoPro-B-ParamSet OBJECT IDENTIFIER ::=
1474	        { id-CryptoPro-signs cryptopro-B(3) }
1475	    id-GostR3410-94-CryptoPro-C-ParamSet OBJECT IDENTIFIER ::=
1476	        { id-CryptoPro-signs cryptopro-C(4) }
1477	    id-GostR3410-94-CryptoPro-D-ParamSet OBJECT IDENTIFIER ::=
1478	        { id-CryptoPro-signs cryptopro-D(5) }
1479	    id-GostR3410-94-CryptoPro-XchA-ParamSet OBJECT IDENTIFIER ::=
1480	        { id-CryptoPro-exchanges cryptopro-XchA(1) }
1481	    id-GostR3410-94-CryptoPro-XchB-ParamSet OBJECT IDENTIFIER ::=
1482	        { id-CryptoPro-exchanges cryptopro-XchB(2) }
1483	    id-GostR3410-94-CryptoPro-XchC-ParamSet OBJECT IDENTIFIER ::=
1484	        { id-CryptoPro-exchanges cryptopro-XchC(3) }
1485	  -- GOST R 34.10-94 data types
1486	    GostR3410-94-CertificateSignature ::=
1487	        BIT STRING ( SIZE(256..512) )
1488	    GostR3410-94-PublicKeyOctetString ::=
1489	        OCTET STRING ( SIZE(
1490	                        64 |    -- Only for testing purposes
1491	                        128
1492	                        ) )
1493	    GostR3410-94-PublicKey ::=
1494	        BIT STRING ( SIZE(16..1048) )
1495	                        -- Container for GostR3410-94-PublicKeyOcte
1496	tString
1497	    GostR3410-94-PublicKeyParameters ::=
1498	        SEQUENCE {
1499	            publicKeyParamSet
1500	                OBJECT IDENTIFIER (
1501	                    id-GostR3410-94-TestParamSet |      -- Only for
1502	 testing purposes
1503	                    id-GostR3410-94-CryptoPro-A-ParamSet |
1504	                    id-GostR3410-94-CryptoPro-B-ParamSet |
1505	                    id-GostR3410-94-CryptoPro-C-ParamSet |
1506	                    id-GostR3410-94-CryptoPro-D-ParamSet |
1507	                    id-GostR3410-94-CryptoPro-XchA-ParamSet |
1508	                    id-GostR3410-94-CryptoPro-XchB-ParamSet |
1509	                    id-GostR3410-94-CryptoPro-XchC-ParamSet
1510	                ),
1511	            digestParamSet
1512	                OBJECT IDENTIFIER (
1513	                    id-GostR3411-94-TestParamSet |      -- Only for
1514	 testing purposes
1515	                    id-GostR3411-94-CryptoProParamSet
1516	                ),
1517	            encryptionParamSet
1518	                OBJECT IDENTIFIER (
1519	                    id-Gost28147-89-TestParamSet |      -- Only for
1520	 testing purposes
1521	                    id-Gost28147-89-CryptoPro-A-ParamSet |
1522	                    id-Gost28147-89-CryptoPro-B-ParamSet |
1523	                    id-Gost28147-89-CryptoPro-C-ParamSet |
1524	                    id-Gost28147-89-CryptoPro-D-ParamSet |
1525	                    id-Gost28147-89-CryptoPro-Simple-A-ParamSet |
1526	                    id-Gost28147-89-CryptoPro-Simple-B-ParamSet |
1527	                    id-Gost28147-89-CryptoPro-Simple-C-ParamSet |
1528	                    id-Gost28147-89-CryptoPro-Simple-D-ParamSet
1529	                ) OPTIONAL
1530	        }
1531	    GostR3410-94-PublicKeyAlgorithms  ALGORITHM-IDENTIFIER ::= {
1532	        { GostR3410-94-PublicKeyParameters IDENTIFIED BY
1533	                        id-GostR3410-94 }
1534	    }
1535	    GostR3410-94-CertificateSignatureAlgorithms
1536	        ALGORITHM-IDENTIFIER ::= {
1537	                { NULL IDENTIFIED BY
1538	                        id-GostR3411-94-with-GostR3410-94 } |
1539	                { GostR3410-94-PublicKeyParameters IDENTIFIED BY
1540	                        id-GostR3411-94-with-GostR3410-94 }
1541	        }

1543	END -- GostR3410-94-PKISyntax

1545	10.7  GostR3410-94-ParamSetSyntax

1547	GostR3410-94-ParamSetSyntax
1548	    { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
1549	      other(1) modules(1) gostR3410-94-ParamSetSyntax(8) 1 }
1550	DEFINITIONS ::=
1551	BEGIN
1552	-- EXPORTS All --
1553	-- The types and values defined in this module are exported for
1554	-- use in the other ASN.1 modules contained within the Russian
1555	-- Cryptography "GOST" & "GOST R" Specifications, and for the use
1556	-- of other applications which will use them to access Russian
1557	-- Cryptography services. Other applications may use them for
1558	-- their own purposes, but this will not constrain extensions and
1559	-- modifications needed to maintain or improve the Russian
1560	-- Cryptography service.
1561	    IMPORTS
1562	        id-CryptoPro-algorithms,
1563	        id-CryptoPro-signs, id-CryptoPro-exchanges,
1564	        gostR3410-94-PKISyntax, ALGORITHM-IDENTIFIER,
1565	        cryptographic-Gost-Useful-Definitions
1566	        FROM Cryptographic-Gost-Useful-Definitions
1567	            { iso(1) member-body(2) ru(643) rans(2)
1568	              cryptopro(2) other(1) modules(1)
1569	              cryptographic-Gost-Useful-Definitions(0) 1 }
1570	        id-GostR3410-94,
1571	        id-GostR3410-94-TestParamSet,
1572	        id-GostR3410-94-CryptoPro-A-ParamSet,
1573	        id-GostR3410-94-CryptoPro-B-ParamSet,
1574	        id-GostR3410-94-CryptoPro-C-ParamSet,
1575	        id-GostR3410-94-CryptoPro-D-ParamSet,
1576	        id-GostR3410-94-CryptoPro-XchA-ParamSet,
1577	        id-GostR3410-94-CryptoPro-XchB-ParamSet,
1578	        id-GostR3410-94-CryptoPro-XchC-ParamSet
1579	        FROM GostR3410-94-PKISyntax gostR3410-94-PKISyntax
1580	        AlgorithmIdentifier
1581	        FROM PKIX1Explicit88 {iso(1) identified-organization(3)
1582	        dod(6) internet(1) security(5) mechanisms(5) pkix(7)
1583	        id-mod(0) id-pkix1-explicit-88(1)}
1584	    ;
1585	  -- GOST R 34.10-94 public key parameter sets:
1586	  -- OIDs for parameter sets are imported from GostR3410-94-PKISynt
1587	ax
1588	    GostR3410-94-ParamSetParameters ::=
1589	        SEQUENCE {
1590	            t    INTEGER (512 | 1024),  -- 512 - only for testing p

1592	urposes
1593	            p    INTEGER (
1594	                        1675975991242824637446753124775730765934920
1595	7275740491722154451804652205037591933721002342872708629284612539822
1596	73310756356719235351493321243304206125760513
1597	                        ..
1598	                        1340780792994259709957402499820584612747936
1599	5820592393377723561443721764030073546976801874298166903427690031858
1600	186486050853753882811946569946433649006084095
1601	                        |
1602	                        1123558209288947442330815744243140458511235
1603	6118389416079589380072358292237843810195794279832650471001320007117
1604	4919620848536743605509010389058029644149671327736104933390540928297
1605	6888872507788088246581768450531286055238441764640393009211956940880
1606	1702322709406917786643639996702871154982269052209770601514008577
1607	                        ..
1608	                        1797693134862315907729305190789024733617976
1609	9789423065727343008115773267580550096313270847732240753602112011387
1610	9871393357658789768814416622492847430639474124377767893424865485276
1611	3022196012460941194530829520850057688381506823424628814739131105408
1612	27237163350510684586298239947245938479716304835356329624224137215
1613	                        ),      -- 2^509 < p < 2^512 or 2^1020 < p
1614	< 2^1024
1615	            q       INTEGER (
1616	                        2894802230932904885589274625217197696331749
1617	6166410141009864396001978282409985
1618	                        ..
1619	                        1157920892373161954235709850086879078532699
1620	84665640564039457584007913129639935
1621	                        ),      -- 2^254 < q < 2^256
1622	            a       INTEGER (
1623	                        2
1624	                        ..
1625	                        1797693134862315907729305190789024733617976
1626	9789423065727343008115773267580550096313270847732240753602112011387
1627	9871393357658789768814416622492847430639474124377767893424865485276
1628	3022196012460941194530829520850057688381506823424628814739131105408
1629	27237163350510684586298239947245938479716304835356329624224137214
1630	                        ),      -- 1 < a < p-1 < 2^1024-1
1631	            validationAlgorithm
1632	                AlgorithmIdentifier OPTIONAL
1633	                        -- {{ GostR3410-94-ValidationAlgorithms }}
1634	        }
1635	    GostR3410-94-ParamSetAlgorithm ALGORITHM-IDENTIFIER ::= {
1636	        { GostR3410-94-ParamSetParameters IDENTIFIED BY
1637	                        id-GostR3410-94-TestParamSet } |
1638	        { GostR3410-94-ParamSetParameters IDENTIFIED BY
1639	                        id-GostR3410-94-CryptoPro-A-ParamSet  } |

1641	        { GostR3410-94-ParamSetParameters IDENTIFIED BY
1642	                        id-GostR3410-94-CryptoPro-B-ParamSet  } |
1643	        { GostR3410-94-ParamSetParameters IDENTIFIED BY
1644	                        id-GostR3410-94-CryptoPro-C-ParamSet  } |
1645	        { GostR3410-94-ParamSetParameters IDENTIFIED BY
1646	                        id-GostR3410-94-CryptoPro-D-ParamSet  } |
1647	        { GostR3410-94-ParamSetParameters IDENTIFIED BY
1648	                        id-GostR3410-94-CryptoPro-XchA-ParamSet  }
1649	|
1650	        { GostR3410-94-ParamSetParameters IDENTIFIED BY
1651	                        id-GostR3410-94-CryptoPro-XchB-ParamSet  }
1652	|
1653	        { GostR3410-94-ParamSetParameters IDENTIFIED BY
1654	                        id-GostR3410-94-CryptoPro-XchC-ParamSet  }
1655	    }
1656	  -- GOST R 34.10-94 validation/constructor
1657	    id-GostR3410-94-a           OBJECT IDENTIFIER ::=
1658	        { id-GostR3410-94 a(1) }
1659	    id-GostR3410-94-aBis        OBJECT IDENTIFIER ::=
1660	        { id-GostR3410-94 aBis(2) }
1661	    id-GostR3410-94-b           OBJECT IDENTIFIER ::=
1662	        { id-GostR3410-94 b(3) }
1663	    id-GostR3410-94-bBis        OBJECT IDENTIFIER ::=
1664	        { id-GostR3410-94 bBis(4) }
1665	    GostR3410-94-ValidationParameters ::=
1666	        SEQUENCE {
1667	            x0   INTEGER (0 .. 65535),
1668	            c    INTEGER (0 .. 65535),
1669	            d    INTEGER (
1670	                        2
1671	                        ..
1672	                        1797693134862315907729305190789024733617976
1673	9789423065727343008115773267580550096313270847732240753602112011387
1674	9871393357658789768814416622492847430639474124377767893424865485276
1675	3022196012460941194530829520850057688381506823424628814739131105408
1676	27237163350510684586298239947245938479716304835356329624224137214
1677	                        )       -- 1 < d < p-1 < 2^1024-1
1678	                        OPTIONAL
1679	        }
1680	    GostR3410-94-ValidationBisParameters ::=
1681	        SEQUENCE {
1682	            x0   INTEGER (0 .. 4294967295),
1683	            c    INTEGER (0 .. 4294967295),
1684	            d    INTEGER (
1685	                        2
1686	                        ..
1687	                        1797693134862315907729305190789024733617976
1688	9789423065727343008115773267580550096313270847732240753602112011387
1689	9871393357658789768814416622492847430639474124377767893424865485276
1690	3022196012460941194530829520850057688381506823424628814739131105408
1691	27237163350510684586298239947245938479716304835356329624224137214
1692	                        )       -- 1 < d < p-1 < 2^1024-1
1693	                        OPTIONAL
1694	        }
1695	    GostR3410-94-ValidationAlgorithms  ALGORITHM-IDENTIFIER ::= {
1696	        { GostR3410-94-ValidationParameters IDENTIFIED BY
1697	                        id-GostR3410-94-a } |
1698	        { GostR3410-94-ValidationBisParameters IDENTIFIED BY
1699	                        id-GostR3410-94-aBis } |
1700	        { GostR3410-94-ValidationParameters IDENTIFIED BY
1701	                        id-GostR3410-94-b } |
1702	        { GostR3410-94-ValidationBisParameters IDENTIFIED BY
1703	                        id-GostR3410-94-bBis }
1704	    }
1705	  -- GOST R 34.10-94 keys parameter sets
1706	    -- GOST R 34.10-94 Tests parameter set
1707	    -- (GOST R 34.10-94 Annex A. Test vector)
1708	    gostR3410-94-TestParamSetAI
1709	        AlgorithmIdentifier ::=
1710	        {
1711	            algorithm
1712	                id-GostR3410-94-TestParamSet,
1713	            parameters
1714	                GostR3410-94-ParamSetParameters:{
1715	                    t       512,
1716	                    p       124915547966163973920072918453616810199
1717	8078908472884630401364679546630263334642577236927706463888185842887
1718	9662416202925770315709968465491470753112581700067,
1719	                    q       690083979912374782185295287117535788574
1720	64356221556536838757636132646301588781,
1721	                    a       830582195677962819385275050881175724488
1722	9982632821843521491035713173371468528798753831744267407230704527461
1723	062321732669034432746173786958142572929772413468,
1724	                    validationAlgorithm {
1725	                            algorithm
1726	                                id-GostR3410-94-a,
1727	                            parameters
1728	                                GostR3410-94-ValidationParameters:
1729	{
1730	                                    x0      24265,
1731	                                    c       29505,
1732	                                    d       2
1733	                                }
1734	                        }
1735	                }
1736	        }

1738	    -- CryptoPro parameters
1739	    gostR3410-94-CryptoPro-A-ParamSetAI
1740	        AlgorithmIdentifier ::=
1741	        {
1742	            algorithm
1743	                id-GostR3410-94-CryptoPro-A-ParamSet,
1744	            parameters
1745	                GostR3410-94-ParamSetParameters:{
1746	                    t       1024,
1747	                    p       127021248288932417465907042777176443525
1748	7876535089165358128175072657050312609850984974231883334834011809259
1749	9999512098893413065920561499672425412104927434935707492031276956145
1750	1689224110579311248812610229678534638401693520013288995000362260684
1751	2227508135323070045173416336850045410625869714168836867788425378203
1752	83,
1753	                    q       683631961449557007844441656118272528951
1754	02170888761442055095051287550314083023,
1755	                    a       100997906755055304772081815535925224869
1756	8410825720534578748235158755771479905292727772441528526992987964833
1757	5669968284202797289605274717317548059048560713474685214192868091256
1758	1502802222185647539190902656116367847270145019066794290930185446216
1759	3997308722217328898303231940973554032134009725883228768509467406639
1760	62,
1761	                    validationAlgorithm {
1762	                            algorithm
1763	                                id-GostR3410-94-bBis,
1764	                            parameters
1765	                                GostR3410-94-ValidationBisParameter
1766	s: {
1767	                                    x0      1376285941,
1768	                                    c       3996757427
1769	                                }
1770	                        }
1771	                }
1772	        }
1773	    --
1774	    gostR3410-94-CryptoPro-B-ParamSetAI
1775	        AlgorithmIdentifier ::=
1776	        {
1777	            algorithm
1778	                id-GostR3410-94-CryptoPro-B-ParamSet,
1779	            parameters
1780	                GostR3410-94-ParamSetParameters:{
1781	                    t       1024,
1782	                    p       139454871199115825601409655107690713107
1783	0417070599280317977580014543757653577229840941243685222882398330391
1784	1468164807668823692122073732267216074074777170091113455043205380464
1785	7694904686120113087816240740184800477047157336662926249423571248823
1786	9685422217536601433914856808405203368594584948031873412885804895251
1787	63,
1788	                    q       798851416634109768976271189357563237473
1789	07951916507639758300472692338873533959,
1790	                    a       429418261486158041438734477379555023926
1791	7234596860714306679811299408947123142002706038521669956384871995765
1792	7284814898909770759462613437669456364882730370838934791080835932647
1793	9767786019153434744009610342313166725786869204821949328786333602033
1794	8479709268434224762105576023501613261478065276102850944540333865234
1795	1,
1796	                    validationAlgorithm {
1797	                            algorithm
1798	                                id-GostR3410-94-bBis,
1799	                            parameters
1800	                                GostR3410-94-ValidationBisParameter
1801	s: {
1802	                                    x0      1536654555,
1803	                                    c       1855361757,
1804	                                    d       14408629386140014567655
1805	4902939282056547857802241461782996702017713059974755104394739915140
1806	6115284791024439062735788342744854120601660303926203867703556828005
1807	8957203818114895398976594425537561271800850306
1808	                                }
1809	                        }
1810	                }
1811	        }
1812	    --
1813	    gostR3410-94-CryptoPro-C-ParamSetAI
1814	        AlgorithmIdentifier ::=
1815	        {
1816	            algorithm
1817	                id-GostR3410-94-CryptoPro-C-ParamSet,
1818	            parameters
1819	                GostR3410-94-ParamSetParameters:{
1820	                    t       1024,
1821	                    p       110624679233511963040518952417017040248
1822	5862954819831383774196396298584395948970608956170224210628525560327
1823	8638246716655439297654402921844747893079518669992827880792192992701
1824	1428546551433875806377110443534293554066712653034996277099320715774
1825	3542287621283671843703709141350171945045805050291770503634517804938
1826	01,
1827	                    q       113468861199819350564868233378875198043
1828	267947776488510997961231672532899549103,
1829	                    a       816552717970881016017893191415300348226
1830	2544051353358162468249467681876621283478212884286545844013955142622
1831	2087723485023722868022275009502224827866201744494021697716482008353
1832	6398202298024892620480898699335508064332313529725332208819456895108
1833	5155178100221003459370588291073071186553005962149936840737128710832
1834	3,
1835	                    validationAlgorithm {
1836	                            algorithm
1837	                                id-GostR3410-94-bBis,
1838	                            parameters
1839	                                GostR3410-94-ValidationBisParameter
1840	s: {
1841	                                    x0      1132758852,
1842	                                    c       3037364845,
1843	                                    d       9175906676429839327
1844	                                }
1845	                        }
1846	                }
1847	        }
1848	    --
1849	    gostR3410-94-CryptoPro-D-ParamSetAI
1850	        AlgorithmIdentifier ::=
1851	        {
1852	            algorithm
1853	                id-GostR3410-94-CryptoPro-D-ParamSet,
1854	            parameters
1855	                GostR3410-94-ParamSetParameters:{
1856	                    t       1024,
1857	                    p       905457649621929965904290958774625315611
1858	3056083907389766971404812524422262512556054474620855996091570786713
1859	5849550236741915584185990627801066465809510095784713989819413820871
1860	5964648914493053407920737078890520482730623038837767710173664838239
1861	8574828787891286471201460474326612697849693665518073864436497893214
1862	9,
1863	                    q       108988435796353506912374591498972192620
1864	190487557619582334771735390599299211593,
1865	                    a       756976611021707301782128757801610628085
1866	5283803109571158829574281419208532589041660017017859858216341400371
1867	4687551412794400562878935266630754392677014598582103365983119173924
1868	4732511225464712252386803315902707727668715343476086350472025298282
1869	7271461690125050616858238384366331089777463541013033926723743254833
1870	7,
1871	                    validationAlgorithm {
1872	                            algorithm
1873	                                id-GostR3410-94-bBis,
1874	                            parameters
1875	                                GostR3410-94-ValidationBisParameter
1876	s: {
1877	                                    x0      333089693,
1878	                                    c       2699681355,
1879	                                    d       69158877639013014811917
1880	44665240278894786443822142755842460366243252
1881	                                }

1883	                        }
1884	                }
1885	        }
1886	    --
1887	    gostR3410-94-CryptoPro-XchA-ParamSetAI
1888	        AlgorithmIdentifier ::=
1889	        {
1890	            algorithm
1891	                id-GostR3410-94-CryptoPro-XchA-ParamSet,
1892	            parameters
1893	                GostR3410-94-ParamSetParameters:{
1894	                    t       1024,
1895	                    p       142011741597563481196368286022318089743
1896	2761383952437387628725734419274593935127189736311660784676003608489
1897	4662356762579528277471921224192907104613420838063639408451269182889
1898	4000571524625445295769349356752728956831541775441763139384457191755
1899	0968471078465956625479423122933384839245143396147277606818806097342
1900	39,
1901	                    q       917715298965546059455881490183827502172
1902	96858393520724172743325725474374979801,
1903	                    a       133531813272720673433859519948319001217
1904	9423759678474868994823595993696425287347124615904033277318214103280
1905	1252925387191478859899310331056774413619636480306472137782665689868
1906	6468463277710150809401182608770201615324990468332931294920912776241
1907	1378780302243557466062839716593764268326742697808800616315281634758
1908	87,
1909	                    validationAlgorithm {
1910	                            algorithm
1911	                                id-GostR3410-94-bBis,
1912	                            parameters
1913	                                GostR3410-94-ValidationBisParameter
1914	s: {
1915	                                    x0      3495862036,
1916	                                    c       1177570399,
1917	                                    d       35478896102409188951396
1918	4706477208328196239186534141058228233456746622201867258017799725121
1919	69905264460862437764160334831107459
1920	                                }
1921	                        }
1922	                }
1923	        }
1924	    --
1925	    gostR3410-94-CryptoPro-XchB-ParamSetAI
1926	        AlgorithmIdentifier ::=
1927	        {
1928	            algorithm
1929	                id-GostR3410-94-CryptoPro-XchB-ParamSet,
1930	            parameters
1931	                GostR3410-94-ParamSetParameters:{
1932	                    t       1024,
1933	                    p       102894612662499485967655207436053031521
1934	7970499989304888248413244847492302275847016799887100360467070487737
1935	7286176171227694098633153908956878412911010951269050334539386987129
1936	5783467257264868341720019662986056119366675242968236739708481517975
1937	2036423595736533689573920617698552845939650425308950460880671602694
1938	33,
1939	                    q       910967139180262691658231805060355567362
1940	87694981825930883887968885281641595199,
1941	                    a       889086472782842315169999580187575789103
1942	1463338652579140051973659304813144068585706736982940794774449630665
1943	6291505503608252399443790027238674914599623086783222866197754399281
1944	6745254823298629859875357546628605173883785473616768576901778033580
1945	4511440773337196253842353291939447787366475282450998661787899244317
1946	7,
1947	                    validationAlgorithm {
1948	                            algorithm
1949	                                id-GostR3410-94-bBis,
1950	                            parameters
1951	                                GostR3410-94-ValidationBisParameter
1952	s: {
1953	                                    x0      2046851076,
1954	                                    c       3541716983,
1955	                                    d       57332667610989476056615
1956	969728891533566058787317492748441827236576904274546146
1957	                                }
1958	                        }
1959	                }
1960	        }
1961	    --
1962	    gostR3410-94-CryptoPro-XchC-ParamSetAI
1963	        AlgorithmIdentifier ::=
1964	        {
1965	            algorithm
1966	                id-GostR3410-94-CryptoPro-XchC-ParamSet,
1967	            parameters
1968	                GostR3410-94-ParamSetParameters:{
1969	                    t       1024,
1970	                    p       124699636699347751360714726579406443620
1971	3408861395055989217248455729987073769899965148066236472399285932086
1972	8822848751165438350943327664722262594061556058045004094721182602772
1973	9977563540237169063044807971577164944777844700059741903245772222625
1974	3269698374446528353527293043937461065763833491510017159309241154995
1975	49,
1976	                    q       678787613733659123438029502006568252711
1977	81294680501479431146754294748422492761,
1978	                    a       443061846429758418247313503080985932686

1980	3990650118941756995270074860997318142695023523962323911055745082691
1981	9295792878938752101867704718162325102751695310043185596483760265782
1982	7828194249605561893696586532551313719448313624777365346841011879674
1983	0709840825496997937556072234510670472108602597930996876319307290833
1984	4,
1985	                    validationAlgorithm {
1986	                            algorithm
1987	                                id-GostR3410-94-bBis,
1988	                            parameters
1989	                                GostR3410-94-ValidationBisParameter
1990	s: {
1991	                                    x0      371898640,
1992	                                    c       2482514131,
1993	                                    d       39341170171309491894611
1994	6909229454740026575590650016887148241594213466186452691964676993
1995	                                }
1996	                        }
1997	                }
1998	        }
1999	END -- GostR3410-94-ParamSetSyntax

2001	10.8  GostR3410-2001-PKISyntax

2003	GostR3410-2001-PKISyntax
2004	    { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
2005	      other(1) modules(1) gostR3410-2001-PKISyntax(9) 1 }
2006	DEFINITIONS ::=
2007	BEGIN
2008	-- EXPORTS All --
2009	-- The types and values defined in this module are exported for
2010	-- use in the other ASN.1 modules contained within the Russian
2011	-- Cryptography "GOST" & "GOST R" Specifications, and for the use
2012	-- of other applications which will use them to access Russian
2013	-- Cryptography services. Other applications may use them for
2014	-- their own purposes, but this will not constrain extensions and
2015	-- modifications needed to maintain or improve the Russian
2016	-- Cryptography service.
2017	    IMPORTS
2018	        id-CryptoPro-algorithms,
2019	        id-CryptoPro-ecc-signs, id-CryptoPro-ecc-exchanges,
2020	        gost28147-89-EncryptionSyntax,
2021	        gostR3411-94-DigestSyntax, ALGORITHM-IDENTIFIER,
2022	        cryptographic-Gost-Useful-Definitions
2023	        FROM Cryptographic-Gost-Useful-Definitions
2024	            { iso(1) member-body(2) ru(643) rans(2)
2025	              cryptopro(2) other(1) modules(1)
2026	              cryptographic-Gost-Useful-Definitions(0) 1 }
2027	        id-Gost28147-89-TestParamSet,
2028	        id-Gost28147-89-CryptoPro-A-ParamSet,
2029	        id-Gost28147-89-CryptoPro-B-ParamSet,
2030	        id-Gost28147-89-CryptoPro-C-ParamSet,
2031	        id-Gost28147-89-CryptoPro-D-ParamSet,
2032	        id-Gost28147-89-CryptoPro-Simple-A-ParamSet,
2033	        id-Gost28147-89-CryptoPro-Simple-B-ParamSet,
2034	        id-Gost28147-89-CryptoPro-Simple-C-ParamSet,
2035	        id-Gost28147-89-CryptoPro-Simple-D-ParamSet
2036	        FROM Gost28147-89-EncryptionSyntax
2037	             gost28147-89-EncryptionSyntax
2038	        id-GostR3411-94-TestParamSet,
2039	        id-GostR3411-94-CryptoProParamSet
2040	        FROM GostR3411-94-DigestSyntax gostR3411-94-DigestSyntax
2041	    ;
2042	  -- GOST R 34.10-2001 OIDs
2043	    id-GostR3410-2001 OBJECT IDENTIFIER ::=
2044	        { id-CryptoPro-algorithms gostR3410-2001(19) }
2045	    id-GostR3411-94-with-GostR3410-2001 OBJECT IDENTIFIER ::=
2046	        { id-CryptoPro-algorithms
2047	          gostR3411-94-with-gostR3410-2001(3) }
2048	  -- GOST R 34.10-2001 public key parameter set OIDs
2049	    id-GostR3410-2001-TestParamSet OBJECT IDENTIFIER ::=
2050	        { id-CryptoPro-ecc-signs test(0) }
2051	    id-GostR3410-2001-CryptoPro-A-ParamSet OBJECT IDENTIFIER ::=
2052	        { id-CryptoPro-ecc-signs cryptopro-A(1) }
2053	    id-GostR3410-2001-CryptoPro-B-ParamSet OBJECT IDENTIFIER ::=
2054	        { id-CryptoPro-ecc-signs cryptopro-B(2) }
2055	    id-GostR3410-2001-CryptoPro-C-ParamSet OBJECT IDENTIFIER ::=
2056	        { id-CryptoPro-ecc-signs cryptopro-C(3) }
2057	    id-GostR3410-2001-CryptoPro-XchA-ParamSet
2058	        OBJECT IDENTIFIER ::=
2059	                { id-CryptoPro-ecc-exchanges cryptopro-XchA(0) }
2060	    id-GostR3410-2001-CryptoPro-XchB-ParamSet
2061	        OBJECT IDENTIFIER ::=
2062	                { id-CryptoPro-ecc-exchanges cryptopro-XchB(1) }
2063	  -- GOST R 34.10-2001 Data Types
2064	    GostR3410-2001-CertificateSignature ::=
2065	        BIT STRING ( SIZE(256..512) )
2066	    GostR3410-2001-PublicKeyOctetString ::=
2067	        OCTET STRING ( SIZE(64) )
2068	    GostR3410-2001-PublicKey ::=
2069	        BIT STRING ( SIZE(16..524) )
2070	                        -- Container for GostR3410-2001-PublicKeyOc
2071	tetString
2072	    GostR3410-2001-PublicKeyParameters ::=
2073	        SEQUENCE {
2074	            publicKeyParamSet
2075	                OBJECT IDENTIFIER (
2076	                    id-GostR3410-2001-TestParamSet |    -- Only for
2077	 testing purposes
2078	                    id-GostR3410-2001-CryptoPro-A-ParamSet |
2079	                    id-GostR3410-2001-CryptoPro-B-ParamSet |
2080	                    id-GostR3410-2001-CryptoPro-C-ParamSet |
2081	                    id-GostR3410-2001-CryptoPro-XchA-ParamSet |
2082	                    id-GostR3410-2001-CryptoPro-XchB-ParamSet
2083	                ),
2084	            digestParamSet
2085	                OBJECT IDENTIFIER (
2086	                    id-GostR3411-94-TestParamSet |      -- Only for
2087	 testing purposes
2088	                    id-GostR3411-94-CryptoProParamSet
2089	                ),
2090	            encryptionParamSet
2091	                OBJECT IDENTIFIER (
2092	                    id-Gost28147-89-TestParamSet |      -- Only for
2093	 testing purposes
2094	                    id-Gost28147-89-CryptoPro-A-ParamSet |
2095	                    id-Gost28147-89-CryptoPro-B-ParamSet |
2096	                    id-Gost28147-89-CryptoPro-C-ParamSet |
2097	                    id-Gost28147-89-CryptoPro-D-ParamSet |
2098	                    id-Gost28147-89-CryptoPro-Simple-A-ParamSet |
2099	                    id-Gost28147-89-CryptoPro-Simple-B-ParamSet |
2100	                    id-Gost28147-89-CryptoPro-Simple-C-ParamSet |
2101	                    id-Gost28147-89-CryptoPro-Simple-D-ParamSet
2102	                ) OPTIONAL
2103	        }
2104	    GostR3410-2001-PublicKeyAlgorithms  ALGORITHM-IDENTIFIER ::= {
2105	        { GostR3410-2001-PublicKeyParameters IDENTIFIED BY
2106	                        id-GostR3410-2001 }
2107	    }
2108	    GostR3410-2001-CertificateSignatureAlgorithms
2109	        ALGORITHM-IDENTIFIER ::= {
2110	                { NULL IDENTIFIED BY
2111	                        id-GostR3411-94-with-GostR3410-2001 } |
2112	                { GostR3410-2001-PublicKeyParameters IDENTIFIED BY
2113	                        id-GostR3411-94-with-GostR3410-2001 }
2114	      }
2115	END -- GostR3410-2001-PKISyntax

2117	10.9  GostR3410-2001-ParamSetSyntax

2119	GostR3410-2001-ParamSetSyntax
2120	    { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
2121	      other(1) modules(1) gostR3410-2001-ParamSetSyntax(12) 1 }
2122	DEFINITIONS ::=
2123	BEGIN
2124	-- EXPORTS All --
2125	-- The types and values defined in this module are exported for
2126	-- use in the other ASN.1 modules contained within the Russian
2127	-- Cryptography "GOST" & "GOST R" Specifications, and for the use
2128	-- of other applications which will use them to access Russian
2129	-- Cryptography services. Other applications may use them for
2130	-- their own purposes, but this will not constrain extensions and
2131	-- modifications needed to maintain or improve the Russian
2132	-- Cryptography service.
2133	    IMPORTS
2134	        id-CryptoPro-algorithms,
2135	        id-CryptoPro-ecc-signs, id-CryptoPro-ecc-exchanges,
2136	        gostR3410-2001-PKISyntax, ALGORITHM-IDENTIFIER,
2137	        cryptographic-Gost-Useful-Definitions
2138	        FROM Cryptographic-Gost-Useful-Definitions
2139	            { iso(1) member-body(2) ru(643) rans(2)
2140	              cryptopro(2) other(1) modules(1)
2141	              cryptographic-Gost-Useful-Definitions(0) 1 }
2142	        id-GostR3410-2001,
2143	        id-GostR3410-2001-TestParamSet,
2144	        id-GostR3410-2001-CryptoPro-A-ParamSet,
2145	        id-GostR3410-2001-CryptoPro-B-ParamSet,
2146	        id-GostR3410-2001-CryptoPro-C-ParamSet,
2147	        id-GostR3410-2001-CryptoPro-XchA-ParamSet,
2148	        id-GostR3410-2001-CryptoPro-XchB-ParamSet
2149	        FROM GostR3410-2001-PKISyntax gostR3410-2001-PKISyntax
2150	        AlgorithmIdentifier
2151	        FROM PKIX1Explicit88 {iso(1) identified-organization(3)
2152	        dod(6) internet(1) security(5) mechanisms(5) pkix(7)
2153	        id-mod(0) id-pkix1-explicit-88(1)}
2154	    ;
2155	    GostR3410-2001-ParamSetParameters ::=
2156	        SEQUENCE {
2157	            a       INTEGER (
2158	                        1
2159	                  ..
2160	                        1157920892373161954235709850086879078532699
2161	84665640564039457584007913129639935
2162	                        ),      -- 0 < a < p < 2^256
2163	            b       INTEGER (
2164	                        1
2165	                  ..
2166	                        1157920892373161954235709850086879078532699
2167	84665640564039457584007913129639935
2168	                        ),      -- 0 < b < p < 2^256
2169	            p       INTEGER (
2170	                        2894802230932904885589274625217197696331749
2171	6166410141009864396001978282409985
2172	                        ..
2173	                        1157920892373161954235709850086879078532699
2174	84665640564039457584007913129639935
2175	                        ),      -- 2^254 < p < 2^256
2176	            q       INTEGER (
2177	                        2894802230932904885589274625217197696331749
2178	6166410141009864396001978282409985
2179	                        ..
2180	                        1157920892373161954235709850086879078532699
2181	84665640564039457584007913129639935
2182	                        ),      -- 2^254 < q < 2^256
2183	            x       INTEGER (0
2184	                  ..
2185	                        1157920892373161954235709850086879078532699
2186	84665640564039457584007913129639935
2187	                        ),      -- 0 < x < p < 2^256
2188	            y       INTEGER (0
2189	                  ..
2190	                        1157920892373161954235709850086879078532699
2191	84665640564039457584007913129639935
2192	                        )       -- 0 < y < p < 2^256
2193	        }
2194	  -- GOST R 34.10-2001 public key parameter set:
2195	  -- OIDs for parameter sets are imported from GostR3410-2001-PKISy
2196	ntax
2197	    GostR3410-2001-ParamSetAlgorithm ALGORITHM-IDENTIFIER ::= {
2198	        { GostR3410-2001-ParamSetParameters IDENTIFIED BY
2199	                        id-GostR3410-2001-TestParamSet } |
2200	        { GostR3410-2001-ParamSetParameters IDENTIFIED BY
2201	                        id-GostR3410-2001-CryptoPro-A-ParamSet  } |
2202	        { GostR3410-2001-ParamSetParameters IDENTIFIED BY
2203	                        id-GostR3410-2001-CryptoPro-B-ParamSet  } |
2204	        { GostR3410-2001-ParamSetParameters IDENTIFIED BY
2205	                        id-GostR3410-2001-CryptoPro-C-ParamSet  } |
2206	        { GostR3410-2001-ParamSetParameters IDENTIFIED BY
2207	                        id-GostR3410-2001-CryptoPro-XchA-ParamSet
2208	} |
2209	        { GostR3410-2001-ParamSetParameters IDENTIFIED BY
2210	                        id-GostR3410-2001-CryptoPro-XchB-ParamSet
2211	}
2212	    }
2213	    gostR3410-2001-TestParamSet
2214	        AlgorithmIdentifier ::=
2215	        {
2216	            algorithm
2217	                id-GostR3410-2001-TestParamSet,
2218	            parameters
2219	                GostR3410-2001-ParamSetParameters:{
2220	                    a   7,
2221	                    b   4330887654676727690576590459565093199594211
2222	1794451039583252968842033849580414,
2223	                        -- 5FBFF498AA938CE739B8E022FBAFEF40563F6E6A
2224	3472FC2A514C0CE9DAE23B7E
2225	                    p   5789604461865809771178549250434395392663499
2226	2332820282019728792003956564821041,
2227	                        -- 8000000000000000000000000000000000000000
2228	000000000000000000000431
2229	                    q   5789604461865809771178549250434395392708293
2230	4583725450622380973592137631069619,
2231	                        -- 8000000000000000000000000000000150FE8A18
2232	92976154C59CFC193ACCF5B3
2233	                    x   2,
2234	                    y   4018974056590375033354494229370597756357393
2235	89905545080690979365213431566280
2236	                        -- 8E2A8A0E65147D4BD6316030E16D19C85C97F0A9
2237	CA267122B96ABBCEA7E8FC8
2238	                }
2239	        }
2240	    gostR3410-2001-CryptoPro-A-ParamSet
2241	        AlgorithmIdentifier ::=
2242	        {
2243	            algorithm
2244	                id-GostR3410-2001-CryptoPro-A-ParamSet,
2245	            parameters
2246	                GostR3410-2001-ParamSetParameters:{
2247	                    a   1157920892373161954235709850086879078532699
2248	84665640564039457584007913129639316,
2249	                        -- -3 == p - 3
2250	                    b   166,
2251	                        -- a6
2252	                    p   1157920892373161954235709850086879078532699
2253	84665640564039457584007913129639319,
2254	                        -- ffffffffffffffffffffffffffffffffffffffff
2255	fffffffffffffffffffffd97
2256	                    q   1157920892373161954235709850086879078530737
2257	62908499243225378155805079068850323,
2258	                        -- ffffffffffffffffffffffffffffffff6c611070
2259	995ad10045841b09b761b893
2260	                    x   1,
2261	                    y   6403388114292720268364988145043347398593176
2262	0268884941288852745803908878638612
2263	                        -- 8d91e471e0989cda27df505a453f2b7635294f2d
2264	df23e3b122acc99c9e9f1e14
2265	                }
2266	        }
2267	    gostR3410-2001-CryptoPro-B-ParamSet
2268	        AlgorithmIdentifier ::=
2269	        {
2270	            algorithm
2271	                id-GostR3410-2001-CryptoPro-B-ParamSet,
2272	            parameters
2273	                GostR3410-2001-ParamSetParameters:{
2274	                    a   5789604461865809771178549250434395392663499
2275	2332820282019728792003956564823190,
2276	                        -- -3 == p - 3
2277	                    b   2809101935305809009699697900030956075912436
2278	8558014865957655842872397301267595,
2279	                        -- 3e1af419a269a5f866a7d3c25c3df80ae9792593
2280	73ff2b182f49d4ce7e1bbc8b
2281	                    p   5789604461865809771178549250434395392663499
2282	2332820282019728792003956564823193,
2283	                        -- 8000000000000000000000000000000000000000
2284	000000000000000000000c99
2285	                    q   5789604461865809771178549250434395392710213
2286	3160255826820068844496087732066703,
2287	                        -- 800000000000000000000000000000015f700cff
2288	f1a624e5e497161bcc8a198f
2289	                    x   1,
2290	                    y   2879266581485461129699234745838028413502863
2291	6778229113005756334730996303888124
2292	                        -- 3fa8124359f96680b83d1c3eb2c070e5c545c985
2293	8d03ecfb744bf8d717717efc
2294	                }
2295	        }
2296	    gostR3410-2001-CryptoPro-C-ParamSet
2297	        AlgorithmIdentifier ::=
2298	        {
2299	            algorithm
2300	                id-GostR3410-2001-CryptoPro-C-ParamSet,
2301	            parameters
2302	                GostR3410-2001-ParamSetParameters:{
2303	                    a   7039008535208330519954771801901843784107951
2304	6630045180471284346843705633502616,
2305	                        -- -3 == p - 3
2306	                    b   32858,
2307	                        -- 805a
2308	                    p   7039008535208330519954771801901843784107951
2309	6630045180471284346843705633502619,
2310	                        -- 9b9f605f5a858107ab1ec85e6b41c8aacf846e86
2311	789051d37998f7b9022d759b
2312	                    q   7039008535208330519954771801901843784092088
2313	2647164081035322601458352298396601,
2314	                        -- 9b9f605f5a858107ab1ec85e6b41c8aa582ca351
2315	1eddfb74f02f3a6598980bb9
2316	                    x   0,
2317	                    y   2981889391773124073347127324031476992724055
2318	0812383695689146495261604565990247
2319	                        -- 41ece55743711a8c3cbf3783cd08c0ee4d4dc440
2320	d4641a8f366e550dfdb3bb67
2321	                }
2322	        }
2323	    gostR3410-2001-CryptoPro-ExA-ParamSet
2324	        AlgorithmIdentifier ::=
2325	        {
2326	            algorithm
2327	                id-GostR3410-2001-CryptoPro-XchA-ParamSet,
2328	            parameters
2329	                GostR3410-2001-ParamSetParameters:{
2330	                    a   1157920892373161954235709850086879078532699
2331	84665640564039457584007913129639316,
2332	                        -- -3 == p - 3
2333	                    b   166,
2334	                        -- a6
2335	                    p   1157920892373161954235709850086879078532699
2336	84665640564039457584007913129639319,
2337	                        -- ffffffffffffffffffffffffffffffffffffffff
2338	fffffffffffffffffffffd97
2339	                    q   1157920892373161954235709850086879078530737
2340	62908499243225378155805079068850323,
2341	                        -- ffffffffffffffffffffffffffffffff6c611070
2342	995ad10045841b09b761b893
2343	                    x   1,
2344	                    y   6403388114292720268364988145043347398593176
2345	0268884941288852745803908878638612
2346	                        -- 8d91e471e0989cda27df505a453f2b7635294f2d
2347	df23e3b122acc99c9e9f1e14
2348	                }
2349	        }
2350	    gostR3410-2001-CryptoPro-ExB-ParamSet
2351	        AlgorithmIdentifier ::=
2352	        {
2353	            algorithm
2354	                id-GostR3410-2001-CryptoPro-XchB-ParamSet,
2355	            parameters
2356	                GostR3410-2001-ParamSetParameters:{
2357	                    a   7039008535208330519954771801901843784107951
2358	6630045180471284346843705633502616,
2359	                        -- -3 == p - 3
2360	                    b   32858,
2361	                        -- 805a
2362	                    p   7039008535208330519954771801901843784107951
2363	6630045180471284346843705633502619,
2364	                        -- 9b9f605f5a858107ab1ec85e6b41c8aacf846e86
2365	789051d37998f7b9022d759b
2366	                    q   7039008535208330519954771801901843784092088
2367	2647164081035322601458352298396601,
2368	                        -- 9b9f605f5a858107ab1ec85e6b41c8aa582ca351
2369	1eddfb74f02f3a6598980bb9
2370	                    x   0,
2371	                    y   2981889391773124073347127324031476992724055
2372	0812383695689146495261604565990247
2373	                        -- 41ece55743711a8c3cbf3783cd08c0ee4d4dc440
2374	d4641a8f366e550dfdb3bb67
2375	                }
2376	        }
2377	END -- GostR3410-2001-ParamSetSyntax

2379	11  References

2381	   [GOST28147]     "Cryptographic Protection for Data Processing Sys-
2382	                   tem", GOST 28147-89, Gosudarstvennyi Standard of
2383	                   USSR, Government Committee of the USSR for Standards,
2384	                   1989. (In Russian);

2386	   [GOSTR341094]   "Information technology. Cryptographic Data Security.
2387	                   Produce and check procedures of Electronic Digital
2388	                   Signatures based on Asymmetric Cryptographic Algo-
2389	                   rithm.", GOST R 34.10-94, Gosudarstvennyi Standard of
2390	                   Russian Federation, Government Committee of the Rus-
2391	                   sia for Standards, 1994. (In Russian);

2393	   [GOSTR34102001] "Information technology. Cryptographic data security.
2394	                   Signature and verification processes of [electronic]
2395	                   digital signature.", GOST R 34.10-2001, Gosudarstven-
2396	                   nyi Standard of Russian Federation, Government Com-
2397	                   mittee of the Russia for Standards, 2001. (In Rus-
2398	                   sian);

2400	   [GOSTR341194]   "Information technology. Cryptographic Data Security.
2401	                   Hashing function.", GOST R 34.11-94, Gosudarstvennyi
2402	                   Standard of Russian Federation, Government Committee
2403	                   of the Russia for Standards, 1994. (In Russian);

2405	   [Schneier95]    B.   Schneier, Applied cryptography, second edition,
2406	                   John Wiley & Sons, Inc., 1995;

2408	   [X.660]         ITU-T Recommendation X.660 Information Technology -
2409	                   ASN.1 encoding rules: Specification of Basic Encoding
2410	                   Rules (BER), Canonical Encoding Rules (CER) and Dis-
2411	                   tinguished Encoding Rules (DER), 1997.

2413	   [RFC 2119]      Bradner, S., "Key Words for Use in RFCs to Indi-
2414	                   cateRequirement Levels", BCP 14, RFC 2119, March
2415	                   1997.

2417	   [HMAC]          H. Krawczyk, M. Bellare, R. Canetti, "HMAC: Keyed-
2418	                   Hashing for Message Authentication", RFC 2104  Febru-
2419	                   ary 1997.

2421	   [TLS]           The TLS Protocol Version 1.0.  T.  Dierks, C.  Allen.
2422	                   January 1999, RFC 2246.

2424	   [RFDSL]         "Russian Federal Digital Signature Law", 10 Jan 2002
2425	                   N1-FZ

2427	   [RFLLIC]        "Russian Federal Law on Licensing of Selected Activ-
2428	                   ity Categories", 08 Aug 2001 N 128-FZ

2430	   [CRYPTOLIC]     "Russian Federal Goverment Regulation on Licensing of
2431	                   Selected Activity Categories in Cryptography Area",
2432	                   23 Sep 2002 N 691

2434	12 Acknowledgments

2436	   This document was created in accordance with "Russian Cryptographic
2437	   Software Compatibility Agreement", signed by FGUE STC "Atlas",
2438	   CRYPTO-PRO, Factor-TC, MD PREI, Infotecs GmbH, SPRCIS (SPbRCZI),
2439	   Cryptocom, R-Alpha.  The aim of this agreement is to achieve mutual
2440	   compatibility of the products and solutions.

2442	   The authors wish to thank:

2444	      Microsoft Corporation Russia for providing information about
2445	      company products and solutions, and also for technical consulting
2446	      in PKI.

2448	      RSA Security Russia and Demos Co Ltd for active collaboration and
2449	      critical help in creation of this document.

2451	      Russ Hously (Vigil Security, LLC, housley@vigilsec.com) and
2452	      Vasilij Sakharov (DEMOS Co Ltd, svp@dol.ru) for initiative,
2453	      creating this document.

2455	      Derek Atkins (IHTFP Consulting, derek@ihtfp.com) and his wife,
2456	      Heather Anne Harrison for making the document readable.

2458	   This document is based on a contribution of CRYPTO-PRO Company.  Any
2459	   substantial use of the text from this document must acknowledge
2460	   CRYPTO-PRO.  CRYPTO-PRO requests that all material mentioning or
2461	   referencing this document identify this as "CRYPTO-PRO CPALGS".

2463	Author's Addresses

2465	   Vladimir Popov
2466	   CRYPTO-PRO
2467	   38, Obraztsova,
2468	   Moscow, 127018, Russian Federation
2469	   EMail: vpopov@cryptopro.ru

2471	   Igor Kurepkin
2472	   CRYPTO-PRO
2473	   38, Obraztsova,
2474	   Moscow, 127018, Russian Federation
2475	   EMail: kure@cryptopro.ru

2477	   Serguei Leontiev
2478	   CRYPTO-PRO
2479	   38, Obraztsova,
2480	   Moscow, 127018, Russian Federation
2481	   EMail: lse@cryptopro.ru

2483	   Grigorij Chudov
2484	   CRYPTO-PRO
2485	   38, Obraztsova,
2486	   Moscow, 127018, Russian Federation
2487	   EMail: chudov@cryptopro.ru

2489	   Alexandr Afanasiev
2490	   Factor-TC
2491	   office 711, 14, Presnenskij val,
2492	   Moscow, 123557, Russian Federation
2493	   EMail: afa@factor-ts.ru

2495	   Nikolaj Nikishin
2496	   Infotecs GmbH
2497	   p/b 35, 80-5, Leningradskij prospekt,
2498	   Moscow, 125315, Russian Federation
2499	   EMail: nikishin@infotecs.ru

2501	   Boleslav Izotov
2502	   FGUE STC "Atlas"
2503	   38, Obraztsova,
2504	   Moscow, 127018, Russian Federation
2505	   EMail: izotov@stcnet.ru

2507	   Elena Minaeva
2508	   MD PREI
2509	   build 3, 6A, Vtoroj Troitskij per.,
2510	   Moscow, Russian Federation
2511	   EMail: evminaeva@mo.msk.ru

2513	   Serguei Murugov
2514	   R-Alpha
2515	   4/1, Raspletina,
2516	   Moscow, 123060, Russian Federation
2517	   EMail: msm@office.ru

2519	   Igori Ustinov
2520	   Cryptocom
2521	   office 239, 51, Leninskij prospekt,
2522	   Moscow, 119991, Russian Federation
2523	   EMail: igus@cryptocom.ru

2525	   Anatolij Erkin
2526	   SPRCIS (SPbRCZI)
2527	   1, Obrucheva,
2528	   St.Petersburg, 195220, Russian Federation
2529	   EMail: erkin@nevsky.net

2531	Full Copyright Statement

2533	   Copyright (C) The Internet Society (2005).  This document is subject
2534	   to the rights, licenses and restrictions contained in BCP 78, and
2535	   except as set forth therein, the authors retain all their rights.

2537	   This document and the information contained herein are provided on an
2538	   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
2539	   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
2540	   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
2541	   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
2542	   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
2543	   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.