-- Network Working Group                                         B. Kaliski
-- Request for Comments: 2898                              RSA Laboratories
-- Category: Informational                                   September 2000


--            PKCS #5: Password-Based Cryptography Specification
--                               Version 2.0

   -- PKCS #5 v2.0 ASN.1 Module
   -- Revised March 25, 1999

   -- This module has been checked for conformance with the
   -- ASN.1 standard by the OSS ASN.1 Tools

   PKCS5v2-0 {iso(1) member-body(2) us(840) rsadsi(113549)
       pkcs(1) pkcs-5(5) modules(16) pkcs5v2-0(1)}

   DEFINITIONS ::= BEGIN

   -- Basic object identifiers

   rsadsi OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) 113549}
   pkcs OBJECT IDENTIFIER ::= {rsadsi 1}

   pkcs-5 OBJECT IDENTIFIER ::= {pkcs 5}

   -- Basic types and classes

--PSIM(Ignore)    AlgorithmIdentifier { ALGORITHM-IDENTIFIER:InfoObjectSet } ::=
--PSIM(Ignore)      SEQUENCE {
--PSIM(Ignore)        algorithm ALGORITHM-IDENTIFIER.&id({InfoObjectSet}),
--PSIM(Ignore)        parameters ALGORITHM-IDENTIFIER.&Type({InfoObjectSet}
--PSIM(Ignore)        {@algorithm}) OPTIONAL
--PSIM(Ignore)    }

--PSIM(Ignore)    ALGORITHM-IDENTIFIER ::= TYPE-IDENTIFIER

   -- PBKDF2

--PSIM(Ignore)    PBKDF2Algorithms ALGORITHM-IDENTIFIER ::=
--PSIM(Ignore)        { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ...}

   id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12}

--PSIM(Ignore)    algid-hmacWithSHA1 AlgorithmIdentifier {{PBKDF2-PRFs}} ::=
--PSIM(Ignore)        {algorithm id-hmacWithSHA1, parameters NULL : NULL}

--PSIM(Ignore)    PBKDF2-params ::= SEQUENCE {
--PSIM(Ignore)        salt CHOICE {
--PSIM(Ignore)          specified OCTET STRING,
--PSIM(Ignore)          otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
--PSIM(Ignore)        },
--PSIM(Ignore)        iterationCount INTEGER (1..MAX),
--PSIM(Ignore)        keyLength INTEGER (1..MAX) OPTIONAL,
--PSIM(Ignore)        prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT
--PSIM(Ignore)        algid-hmacWithSHA1
--PSIM(Ignore)    }

--PSIM(Ignore)    PBKDF2-SaltSources ALGORITHM-IDENTIFIER ::= { ... }

--PSIM(Ignore)    PBKDF2-PRFs ALGORITHM-IDENTIFIER ::=
--PSIM(Ignore)        { {NULL IDENTIFIED BY id-hmacWithSHA1}, ... }

   -- PBES1


--PSIM(Ignore)    PBES1Algorithms ALGORITHM-IDENTIFIER ::= {
--PSIM(Ignore)        {PBEParameter IDENTIFIED BY pbeWithMD2AndDES-CBC}  |
--PSIM(Ignore)        {PBEParameter IDENTIFIED BY pbeWithMD2AndRC2-CBC}  |
--PSIM(Ignore)        {PBEParameter IDENTIFIED BY pbeWithMD5AndDES-CBC}  |
--PSIM(Ignore)        {PBEParameter IDENTIFIED BY pbeWithMD5AndRC2-CBC}  |
--PSIM(Ignore)        {PBEParameter IDENTIFIED BY pbeWithSHA1AndDES-CBC} |
--PSIM(Ignore)        {PBEParameter IDENTIFIED BY pbeWithSHA1AndRC2-CBC},
--PSIM(Ignore)        ...
--PSIM(Ignore)    }

   pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1}
   pbeWithMD2AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 4}
   pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3}
   pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6}
   pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10}
   pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11}

--PSIM(Ignore)    PBEParameter ::= SEQUENCE {
--PSIM(Ignore)        salt OCTET STRING (SIZE(8)),
--PSIM(Ignore)        iterationCount INTEGER
--PSIM(Ignore)    }

   -- PBES2

--PSIM(Ignore)    PBES2Algorithms ALGORITHM-IDENTIFIER ::=
--PSIM(Ignore)        { {PBES2-params IDENTIFIED BY id-PBES2}, ...}

   id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}

--PSIM(Ignore)    PBES2-params ::= SEQUENCE {
--PSIM(Ignore)        keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
--PSIM(Ignore)        encryptionScheme AlgorithmIdentifier {{PBES2-Encs}}
--PSIM(Ignore)    }

--PSIM(Ignore)    PBES2-KDFs ALGORITHM-IDENTIFIER ::=
--PSIM(Ignore)        { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ... }

--PSIM(Ignore)    PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... }

   -- PBMAC1

--PSIM(Ignore)    PBMAC1Algorithms ALGORITHM-IDENTIFIER ::=
--PSIM(Ignore)        { {PBMAC1-params IDENTIFIED BY id-PBMAC1}, ...}

   id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14}

--PSIM(Ignore)    PBMAC1-params ::=  SEQUENCE {
--PSIM(Ignore)        keyDerivationFunc AlgorithmIdentifier {{PBMAC1-KDFs}},
--PSIM(Ignore)        messageAuthScheme AlgorithmIdentifier {{PBMAC1-MACs}}
--PSIM(Ignore)    }

--PSIM(Ignore)    PBMAC1-KDFs ALGORITHM-IDENTIFIER ::=
--PSIM(Ignore)        { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ... }

--PSIM(Ignore)    PBMAC1-MACs ALGORITHM-IDENTIFIER ::= { ... }

   -- Supporting techniques

   digestAlgorithm OBJECT IDENTIFIER     ::= {rsadsi 2}
   encryptionAlgorithm OBJECT IDENTIFIER ::= {rsadsi 3}

--PSIM(Ignore)    SupportingAlgorithms ALGORITHM-IDENTIFIER ::= {
--PSIM(Ignore)        {NULL IDENTIFIED BY id-hmacWithSHA1} |
--PSIM(Ignore)        {OCTET STRING (SIZE(8)) IDENTIFIED BY desCBC} |
--PSIM(Ignore)        {OCTET STRING (SIZE(8)) IDENTIFIED BY des-EDE3-CBC} |
--PSIM(Ignore)        {RC2-CBC-Parameter IDENTIFIED BY rc2CBC} |
--PSIM(Ignore)        {RC5-CBC-Parameters IDENTIFIED BY rc5-CBC-PAD},
--PSIM(Ignore)        ...
--PSIM(Ignore)    }

   id-hmacWithSHA1 OBJECT IDENTIFIER ::= {digestAlgorithm 7}

   desCBC OBJECT IDENTIFIER ::=
       {iso(1) identified-organization(3) oiw(14) secsig(3)
        algorithms(2) 7} -- from OIW

   des-EDE3-CBC OBJECT IDENTIFIER ::= {encryptionAlgorithm 7}

   rc2CBC OBJECT IDENTIFIER ::= {encryptionAlgorithm 2}

--PSIM(Ignore)    RC2-CBC-Parameter ::= SEQUENCE {
--PSIM(Ignore)        rc2ParameterVersion INTEGER OPTIONAL,
--PSIM(Ignore)        iv OCTET STRING (SIZE(8))
--PSIM(Ignore)    }

   rc5-CBC-PAD OBJECT IDENTIFIER ::= {encryptionAlgorithm 9}

--PSIM(Ignore)    RC5-CBC-Parameters ::= SEQUENCE {
--PSIM(Ignore)        version INTEGER {v1-0(16)} (v1-0),
--PSIM(Ignore)        rounds INTEGER (8..127),
--PSIM(Ignore)        blockSizeInBits INTEGER (64 | 128),
--PSIM(Ignore)        iv OCTET STRING OPTIONAL
--PSIM(Ignore)    }

   END