-- ASN module extracted from ITU-T X.510 (10/2023)
CryptoTools {joint-iso-itu-t ds(5) module(1) cryptoTools(42) 10}
DEFINITIONS IMPLICIT TAGS ::=
BEGIN
-- EXPORTS All
IMPORTS
AlgoInvoke{}, ALGORITHM, AlgorithmIdentifier{}, AlgorithmWithInvoke{}
FROM PKI-Stub
{joint-iso-itu-t ds(5) module(1) pki-stub(999) 10} WITH SUCCESSORS
id-algo-mca
FROM GenAlgo
{joint-iso-itu-t ds(5) module(1) genAlgo(48) 10} WITH SUCCESSORS ;
SupportedSignatureAlgorithms ALGORITHM ::= {...}
SupportedAltSignatureAlgorithms ALGORITHM ::= {...}
SupportedSymmetricKeyAlgorithms ALGORITHM ::= {...}
SupportedAltSymmetricKeyAlgorithms ALGORITHM ::= {...}
SupportedPublicKeyAlgorithms ALGORITHM ::= {...}
SupportedAltPublicKeyAlgorithms ALGORITHM ::= {...}
SupportedHashAlgorithms ALGORITHM ::= {...}
SupportedAltHashAlgorithms ALGORITHM ::= {...}
SupportedKeyEstablishmentAlgos ALGORITHM ::= {...}
SupportedAltKeyEstablishmentAlgos ALGORITHM ::= {...}
SupportedAuthenEncryptAlgorithms ALGORITHM ::= {...}
SupportedAltAuthenEncryptAlgorithms ALGORITHM ::= {...}
SupportedIcvAlgorithms ALGORITHM ::= {...}
SupportedAltIcvAlgorithms ALGORITHM ::= {...}
-- Double cryptographic algorithms, no invoke
multipleSignaturesAlgo ALGORITHM ::= {
PARMS MultipleSignaturesAlgo
IDENTIFIED BY {id-algo-mca 1} }
MultipleSignaturesAlgo ::= SEQUENCE {
native AlgorithmIdentifier{{SupportedSignatureAlgorithms}},
alt AlgorithmIdentifier{{SupportedAltSignatureAlgorithms}} OPTIONAL }
multiplePublicKeyAlgo ALGORITHM ::= {
PARMS MultiplePublicKeyAlgo
IDENTIFIED BY {id-algo-mca 2} }
MultiplePublicKeyAlgo ::= SEQUENCE {
native AlgorithmIdentifier{{SupportedPublicKeyAlgorithms}},
alt AlgorithmIdentifier{{SupportedAltPublicKeyAlgorithms}} OPTIONAL }
multipleHashAlgo ALGORITHM ::= {
PARMS MultipleHashAlgo
IDENTIFIED BY {id-algo-mca 3} }
MultipleHashAlgo ::= SEQUENCE {
native AlgorithmIdentifier{{SupportedHashAlgorithms}},
alternative AlgorithmIdentifier{{SupportedAltHashAlgorithms}} OPTIONAL }
multipleKeyEstablishmentAlgo ALGORITHM ::= {
PARMS MultipleKeyEstablishmentAlgo
IDENTIFIED BY {id-algo-mca 4} }
MultipleKeyEstablishmentAlgo ::= SEQUENCE {
native AlgorithmIdentifier{{SupportedKeyEstablishmentAlgos}},
alternative AlgorithmIdentifier{{SupportedAltKeyEstablishmentAlgos}} OPTIONAL }
multipleDataPhaseProtection ALGORITHM ::= {
PARMS MultipleDataPhaseProtection
IDENTIFIED BY {id-algo-mca 5} }
MultipleDataPhaseProtection ::= SEQUENCE {
native CHOICE {
aead [0] AlgorithmIdentifier{{SupportedAuthenEncryptAlgorithms}},
non-aead [1] SEQUENCE {
encr [0] AlgorithmIdentifier{{SupportedSymmetricKeyAlgorithms}} OPTIONAL,
icv [1] AlgorithmIdentifier{{SupportedIcvAlgorithms}},
... },
... },
alt CHOICE {
aead [0] AlgorithmIdentifier{{SupportedAuthenEncryptAlgorithms}},
non-aead [1] SEQUENCE {
encr [0] AlgorithmIdentifier{{SupportedAltSignatureAlgorithms}} OPTIONAL,
icv [1] AlgorithmIdentifier{{SupportedAltIcvAlgorithms}},
... },
... } OPTIONAL }
-- Double choice algorithms, no invoke
choiceSignatureAlgo ALGORITHM ::= {
PARMS ChoiceSignatureAlgo
IDENTIFIED BY {id-algo-mca 10} }
ChoiceSignatureAlgo ::= CHOICE {
native [0] AlgorithmIdentifier{{SupportedSignatureAlgorithms}},
alt [1] AlgorithmIdentifier{{SupportedAltSignatureAlgorithms}} }
choicePublicKeyAlgo ALGORITHM ::= {
PARMS ChoicePublicKeyAlgo
IDENTIFIED BY {id-algo-mca 11} }
ChoicePublicKeyAlgo ::= CHOICE {
native [0] AlgorithmIdentifier{{SupportedPublicKeyAlgorithms}},
alt [1] AlgorithmIdentifier{{SupportedAltPublicKeyAlgorithms}} }
choiceHashAlgo ALGORITHM ::= {
PARMS ChoiceHashAlgo
IDENTIFIED BY {id-algo-mca 12} }
ChoiceHashAlgo ::= CHOICE {
native [0] AlgorithmIdentifier{{SupportedHashAlgorithms}},
alt [1] AlgorithmIdentifier{{SupportedAltHashAlgorithms}} }
choiceKeyEstablishmentAlgo ALGORITHM ::= {
PARMS ChoiceKeyEstablishmentAlgo
IDENTIFIED BY {id-algo-mca 13} }
ChoiceKeyEstablishmentAlgo ::= CHOICE {
native [0] AlgorithmIdentifier{{SupportedKeyEstablishmentAlgos}},
alt [1] AlgorithmIdentifier{{SupportedAltKeyEstablishmentAlgos}} }
choiceDataPhaseProtection ALGORITHM ::= {
PARMS ChoiceDataPhaseProtection
IDENTIFIED BY {id-algo-mca 14} }
ChoiceDataPhaseProtection ::= CHOICE {
native [0] CHOICE {
aead [0] AlgorithmIdentifier{{SupportedAuthenEncryptAlgorithms}},
non-aead [1] SEQUENCE {
encr [0] AlgorithmIdentifier{{SupportedSymmetricKeyAlgorithms}} OPTIONAL,
icv [1] AlgorithmIdentifier{{SupportedIcvAlgorithms}},
... }
},
alt [1] CHOICE {
aead [0] AlgorithmIdentifier{{SupportedAuthenEncryptAlgorithms}},
non-aead [1] SEQUENCE {
encr [0] AlgorithmIdentifier{{SupportedAltSignatureAlgorithms}} OPTIONAL,
icv [1] AlgorithmIdentifier{{SupportedAltIcvAlgorithms}},
... }
} }
-- Double cryptographic algorithms, invoke
multipleSignaturesAlgoInvoke ALGORITHM ::= {
PARMS MultipleSignaturesAlgo
IDENTIFIED BY {id-algo-mca 20} }
MultipleSignaturesAlgoInvoke ::= SEQUENCE {
native AlgorithmWithInvoke{{SupportedSignatureAlgorithms}},
alt AlgorithmWithInvoke{{SupportedAltSignatureAlgorithms}} OPTIONAL }
multiplePublicKeyAlgoInvoke ALGORITHM ::= {
PARMS MultiplePublicKeyAlgoInvoke
IDENTIFIED BY {id-algo-mca 21} }
MultiplePublicKeyAlgoInvoke ::= SEQUENCE {
native AlgorithmWithInvoke{{SupportedPublicKeyAlgorithms}},
alt AlgorithmWithInvoke{{SupportedAltPublicKeyAlgorithms}} OPTIONAL }
multipleHashAlgoInvoke ALGORITHM ::= {
PARMS MultipleHashAlgoInvoke
IDENTIFIED BY {id-algo-mca 22} }
MultipleHashAlgoInvoke ::= SEQUENCE {
native AlgorithmWithInvoke{{SupportedHashAlgorithms}},
alt AlgorithmWithInvoke{{SupportedAltHashAlgorithms}} OPTIONAL }
multipleKeyEstablishmentAlgoInvoke ALGORITHM ::= {
PARMS MultipleKeyEstablishmentAlgoInvoke
IDENTIFIED BY {id-algo-mca 23} }
MultipleKeyEstablishmentAlgoInvoke ::= SEQUENCE {
native AlgorithmWithInvoke {{SupportedKeyEstablishmentAlgos}},
alt AlgorithmWithInvoke {{SupportedAltKeyEstablishmentAlgos}} OPTIONAL }
-- Double choice algorithms, invoke
choiceSignatureAlgoInvoke ALGORITHM ::= {
PARMS ChoiceSignatureAlgoInvoke
IDENTIFIED BY {id-algo-mca 30} }
ChoiceSignatureAlgoInvoke ::= CHOICE {
native [0] AlgorithmWithInvoke{{SupportedSignatureAlgorithms}},
alt [1] AlgorithmWithInvoke{{SupportedAltSignatureAlgorithms}} }
choicePublicKeyAlgoInvoke ALGORITHM ::= {
PARMS ChoicePublicKeyAlgoInvoke
IDENTIFIED BY {id-algo-mca 31} }
ChoicePublicKeyAlgoInvoke ::= CHOICE {
native [0] AlgorithmWithInvoke{{SupportedPublicKeyAlgorithms}},
alt [1] AlgorithmWithInvoke{{SupportedAltPublicKeyAlgorithms}} }
choiceHashAlgoInvoke ALGORITHM ::= {
PARMS ChoiceHashAlgoInvoke
IDENTIFIED BY {id-algo-mca 32} }
ChoiceHashAlgoInvoke ::= CHOICE {
native [0] AlgorithmWithInvoke{{SupportedHashAlgorithms}},
alt [1] AlgorithmWithInvoke{{SupportedAltHashAlgorithms}} }
choiceKeyEstablishmentAlgoInvoke ALGORITHM ::= {
PARMS ChoiceKeyEstablishmentAlgoInvoke
IDENTIFIED BY {id-algo-mca 33} }
ChoiceKeyEstablishmentAlgoInvoke ::= CHOICE {
native [0] AlgorithmWithInvoke{{SupportedKeyEstablishmentAlgos}},
alt [1] AlgorithmWithInvoke{{SupportedAltKeyEstablishmentAlgos}} }
-- Auxiliary data types
MULTY-SIGNED{ToBeSigned} ::= SEQUENCE {
toBeSigned ToBeSigned,
algorithm ALGORITHM.&id({multipleSignaturesAlgo}),
parmeters SEQUENCE SIZE (1..MAX) OF
sign SEQUENCE {
algo AlgorithmIdentifier{{SupportedSignatureAlgorithms}},
signature BIT STRING,
... },
... }
Signed{ToBeSigned} ::= SEQUENCE {
toBeSigned ToBeSigned,
signature BIT STRING,
altSignature BIT STRING OPTIONAL,
... }
ICV-Total{ToBeProtected} ::= SEQUENCE {
toBeProtected ToBeProtected,
algorithmIdentifier AlgorithmWithInvoke{{SupportedIcvAlgorithms}},
icv BIT STRING,
altAlgorithmIdentifier [0] AlgorithmWithInvoke{{SupportedIcvAlgorithms}} OPTIONAL,
altIcv [1] BIT STRING OPTIONAL,
... }
(WITH COMPONENTS {..., altAlgorithmIdentifier PRESENT, altIcv PRESENT } |
WITH COMPONENTS {..., altAlgorithmIdentifier ABSENT, altIcv ABSENT } )
ICV-Invoke{ToBeProtected} ::= SEQUENCE {
toBeProtected ToBeProtected,
dynParms [0] AlgoInvoke{{SupportedIcvAlgorithms}} OPTIONAL,
icv BIT STRING,
... }
ENCIPHERED{ToBeEnciphered} ::= OCTET STRING (CONSTRAINED BY {
-- shall be the result of applying an encipherment procedure
-- to the BER-encoded octets of a value of -- ToBeEnciphered } )
AUTHEN-ENCRYPT{ToBeAuth, ToBeEnciphered} ::= SEQUENCE {
aad [0] ToBeAuth OPTIONAL,
encr [1] ToBeEnciphered,
... }
END -- CryptoTools