

   DEFINITIONS ::=

   BEGIN


   -- EXPORTS ALL

   -- IMPORTS None

   -- Useful types and definitions





   OID ::= OBJECT IDENTIFIER  -- alias

   -- Unless otherwise stated, if an object identifier has associated
   -- parameters (i.e., the PARMS element is specified), the
   -- parameters field shall be included in algorithm identifier
   -- values.  The parameters field shall be omitted if and only if
   -- the object identifier does not have associated parameters
   -- (i.e., the PARMS element is omitted), unless otherwise stated.

   ALGORITHM ::= CLASS {
      &id    OBJECT IDENTIFIER  UNIQUE,
      &Type  OPTIONAL
   }
   WITH SYNTAX { OID &id [PARMS &Type] }

   AlgorithmIdentifier { ALGORITHM:IOSet } ::= SEQUENCE {
      algorithm   ALGORITHM.&id( {IOSet} ),
      parameters  ALGORITHM.&Type( {IOSet}{@algorithm} ) OPTIONAL
   }

   NullParms ::= NULL

   -- ISO/IEC 18033-2 arc

   is18033-2 OID ::= { iso(1) standard(0) is18033(18033) part2(2) }

   -- NIST algorithm arc

   nistAlgorithm OID ::= {
      joint-iso-itu-t(2) country(16) us(840) organization(1)
      gov(101) csor(3) nistAlgorithm(4)
   }

   -- PKCS #1 arc

   pkcs-1 OID ::= {
      iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)
   }

   -- RSA-KEM Key Transport Algorithm

   id-rsa-kem OID ::= {
      iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
      pkcs-9(9) smime(16) alg(3) 14
   }








   GenericHybridParameters ::= SEQUENCE {
      kem  KeyEncapsulationMechanism,
      dem  DataEncapsulationMechanism
   }

   KeyEncapsulationMechanism ::= AlgorithmIdentifier {{KEMAlgorithms}}

   KEMAlgorithms ALGORITHM ::= { kem-rsa, ... }

   kem-rsa ALGORITHM ::= { OID id-kem-rsa PARMS RsaKemParameters }

   id-kem-rsa OID ::= {
      is18033-2 key-encapsulation-mechanism(2) rsa(4)
   }

   RsaKemParameters ::= SEQUENCE {
      keyDerivationFunction  KeyDerivationFunction,
      keyLength              KeyLength
   }

   KeyDerivationFunction ::= AlgorithmIdentifier {{KDFAlgorithms}}

   KDFAlgorithms ALGORITHM ::= {
      kdf2 | kdf3,
      ...  -- implementations may define other methods
   }

   KeyLength ::= INTEGER (1..MAX)

   DataEncapsulationMechanism ::= AlgorithmIdentifier {{DEMAlgorithms}}

   DEMAlgorithms ALGORITHM ::= {
      X9-SymmetricKeyWrappingSchemes |
      Camellia-KeyWrappingSchemes,
      ...  -- implementations may define other methods
   }

   X9-SymmetricKeyWrappingSchemes ALGORITHM ::= {
      aes128-Wrap | aes192-Wrap | aes256-Wrap | tdes-Wrap,
      ...  -- allows for future expansion
   }

   X9-SymmetricKeyWrappingScheme ::=
               AlgorithmIdentifier {{ X9-SymmetricKeyWrappingSchemes }}









   Camellia-KeyWrappingSchemes ALGORITHM ::= {
      camellia128-Wrap | camellia192-Wrap | camellia256-Wrap,
      ... -- allows for future expansion
   }

   Camellia-KeyWrappingScheme ::=
                  AlgorithmIdentifier {{ Camellia-KeyWrappingSchemes }}

   -- Key Derivation Functions

   id-kdf-kdf2 OID ::= { x9-44-components kdf2(1) }

   -- Base arc

   x9-44 OID ::= {
      iso(1) identified-organization(3) tc68(133) country(16) x9(840)
      x9Standards(9) x9-44(44)
   }

   x9-44-components OID ::= { x9-44 components(1) }

   kdf2 ALGORITHM ::= { OID id-kdf-kdf2  PARMS KDF2-HashFunction }

   KDF2-HashFunction ::= AlgorithmIdentifier {{ KDF2-HashFunctions }}

   KDF2-HashFunctions ALGORITHM ::= {
      X9-HashFunctions,
      ...  -- implementations may define other methods
   }

   id-kdf-kdf3 OID ::= { x9-44-components kdf3(2) }

   kdf3 ALGORITHM ::= { OID id-kdf-kdf3  PARMS KDF3-HashFunction }

   KDF3-HashFunction  ::= AlgorithmIdentifier {{ KDF3-HashFunctions }}

   KDF3-HashFunctions ALGORITHM ::= {
      X9-HashFunctions,
      ...  -- implementations may define other methods
   }

   -- Hash Functions

   X9-HashFunctions ALGORITHM ::= {
      sha1 | sha224 | sha256 | sha384 | sha512,
      ...  -- allows for future expansion
   }






   id-sha1 OID ::= {
      iso(1) identified-organization(3) oiw(14) secsig(3)
      algorithms(2) sha1(26)
   }

   id-sha224 OID ::= { nistAlgorithm hashAlgs(2) sha224(4) }

   id-sha256 OID ::= { nistAlgorithm hashAlgs(2) sha256(1) }

   id-sha384 OID ::= { nistAlgorithm hashAlgs(2) sha384(2) }

   id-sha512 OID ::= { nistAlgorithm hashAlgs(2) sha512(3) }

   sha1   ALGORITHM ::= { OID id-sha1    } -- NullParms MUST be

   sha224 ALGORITHM ::= { OID id-sha224  } -- accepted for these

   sha256 ALGORITHM ::= { OID id-sha256  } -- OIDs

   sha384 ALGORITHM ::= { OID id-sha384  } -- ""

   sha512 ALGORITHM ::= { OID id-sha512  } -- ""

   -- Symmetric Key-Wrapping Schemes

   id-aes128-Wrap OID ::= { nistAlgorithm aes(1) aes128-Wrap(5)  }

   id-aes192-Wrap OID ::= { nistAlgorithm aes(1) aes192-Wrap(25) }

   id-aes256-Wrap OID ::= { nistAlgorithm aes(1) aes256-Wrap(45) }

   aes128-Wrap ALGORITHM ::= { OID id-aes128-Wrap }

   aes192-Wrap ALGORITHM ::= { OID id-aes192-Wrap }

   aes256-Wrap ALGORITHM ::= { OID id-aes256-Wrap }

   id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= {
      iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) alg(3) 6
   }

   tdes-Wrap ALGORITHM ::= { OID id-alg-CMS3DESwrap  PARMS NullParms }

   id-camellia128-Wrap OBJECT IDENTIFIER ::=
      { iso(1) member-body(2) 392 200011 61 security(1)
        algorithm(1) key-wrap-algorithm(3)
        camellia128-wrap(2) }





   id-camellia192-Wrap OBJECT IDENTIFIER ::=
      { iso(1) member-body(2) 392 200011 61 security(1)
        algorithm(1) key-wrap-algorithm(3)
        camellia192-wrap(3) }

   id-camellia256-Wrap OBJECT IDENTIFIER ::=
      { iso(1) member-body(2) 392 200011 61 security(1)
        algorithm(1) key-wrap-algorithm(3)
        camellia256-wrap(4) }

   camellia128-Wrap ALGORITHM ::= { OID id-camellia128-Wrap }

   camellia192-Wrap ALGORITHM ::= { OID id-camellia192-Wrap }

   camellia256-Wrap ALGORITHM ::= { OID id-camellia256-Wrap }

   END


