pkcs1 12 : RSA-SHA384 : sha384WithRSAEncryption
pkcs1 13 : RSA-SHA512 : sha512WithRSAEncryption
pkcs1 14 : RSA-SHA224 : sha224WithRSAEncryption
+pkcs1 15 : RSA-SHA512/224 : sha512-224WithRSAEncryption
+pkcs1 16 : RSA-SHA512/256 : sha512-256WithRSAEncryption
pkcs 3 : pkcs3
pkcs3 1 : : dhKeyAgreement
rsadsi 2 6 : : hmacWithMD5
rsadsi 2 7 : : hmacWithSHA1
+member-body 156 10197 1 401 : SM3 : sm3
+member-body 156 10197 1 504 : RSA-SM3 : sm3WithRSAEncryption
+
# From RFC4231
rsadsi 2 8 : : hmacWithSHA224
rsadsi 2 9 : : hmacWithSHA256
id-kp 24 : sendProxiedRouter : Send Proxied Router
id-kp 25 : sendOwner : Send Owner
id-kp 26 : sendProxiedOwner : Send Proxied Owner
+id-kp 27 : cmcCA : CMC Certificate Authority
+id-kp 28 : cmcRA : CMC Registration Authority
# CMP information types
id-it 1 : id-it-caProtEncCert
id-cmc 21 : id-cmc-queryPending
id-cmc 22 : id-cmc-popLinkRandom
id-cmc 23 : id-cmc-popLinkWitness
-id-cmc 24 : id-cmc-confirmCertAcceptance
+id-cmc 24 : id-cmc-confirmCertAcceptance
# other names
id-on 1 : id-on-personalData
# Documents refer to "internet 7" as "mail". This however leads to ambiguities
# with RFC2798, Section 9.1.3, where "mail" is defined as the short name for
# rfc822Mailbox. The short name is therefore here left out for a reason.
-# Subclasses of "mail", e.g. "MIME MHS" don't consitute a problem, as
+# Subclasses of "mail", e.g. "MIME MHS" don't constitute a problem, as
# references are realized via long name "Mail" (with capital M).
internet 7 : : Mail
sigAlgs 12 : id-ecdsa-with-sha3-512 : ecdsa_with_SHA3-512
sigAlgs 13 : id-rsassa-pkcs1-v1_5-with-sha3-224 : RSA-SHA3-224
sigAlgs 14 : id-rsassa-pkcs1-v1_5-with-sha3-256 : RSA-SHA3-256
-sigAlgs 15 : id-rsassa-pkcs1-v1_5-with-sha3-384 : RSA-SHA3-284
+sigAlgs 15 : id-rsassa-pkcs1-v1_5-with-sha3-384 : RSA-SHA3-384
sigAlgs 16 : id-rsassa-pkcs1-v1_5-with-sha3-512 : RSA-SHA3-512
# Hold instruction CRL entry extension
# Definitions for Camellia cipher - ECB, CFB, OFB MODE
!Alias ntt-ds 0 3 4401 5
-!Alias camellia ntt-ds 3 1 9
+!Alias camellia ntt-ds 3 1 9
camellia 1 : CAMELLIA-128-ECB : camellia-128-ecb
!Cname camellia-128-ofb128
!Cname seed-ofb128
kisa 1 6 : SEED-OFB : seed-ofb
+
+# Definitions for SM4 cipher
+
+member-body 156 : ISO-CN : ISO CN Member Body
+ISO-CN 10197 : oscca
+oscca 1 : sm-scheme
+
+sm-scheme 104 1 : SM4-ECB : sm4-ecb
+sm-scheme 104 2 : SM4-CBC : sm4-cbc
+!Cname sm4-ofb128
+sm-scheme 104 3 : SM4-OFB : sm4-ofb
+!Cname sm4-cfb128
+sm-scheme 104 4 : SM4-CFB : sm4-cfb
+sm-scheme 104 5 : SM4-CFB1 : sm4-cfb1
+sm-scheme 104 6 : SM4-CFB8 : sm4-cfb8
+sm-scheme 104 7 : SM4-CTR : sm4-ctr
+
# There is no OID that just denotes "HMAC" oddly enough...
: HMAC : hmac
# RFC 5639 curve OIDs (see http://www.ietf.org/rfc/rfc5639.txt)
# versionOne OBJECT IDENTIFIER ::= {
-# iso(1) identifified-organization(3) teletrust(36) algorithm(3)
+# iso(1) identified-organization(3) teletrust(36) algorithm(3)
# signature-algorithm(3) ecSign(2) ecStdCurvesAndGeneration(8)
# ellipticCurve(1) 1 }
1 3 36 3 3 2 8 1 1 1 : brainpoolP160r1
1 3 36 3 3 2 8 1 1 11 : brainpoolP384r1
1 3 36 3 3 2 8 1 1 12 : brainpoolP384t1
1 3 36 3 3 2 8 1 1 13 : brainpoolP512r1
-1 3 36 3 3 2 8 1 1 14 : brainpoolP512t1
+1 3 36 3 3 2 8 1 1 14 : brainpoolP512t1
# ECDH schemes from RFC5753
!Alias x9-63-scheme 1 3 133 16 840 63 0
: Poly1305 : poly1305
# NID for SipHash
: SipHash : siphash
+
+# NIDs for RFC7919 DH parameters
+ : ffdhe2048
+ : ffdhe3072
+ : ffdhe4096
+ : ffdhe6144
+ : ffdhe8192