Cryptographic Token Interface Standard

PKCS#11


GOST 28147-89-MAC

GOST 28147-89-MAC, denoted CKM_GOST28147_MAC, is a mechanism for data integrity and authentication based on GOST 28147-89 and key meshing algorithms [RFC 4357] section 2.3.

MACing parameters are specified in object identifier of attribute CKA_GOST28147_PARAMS.

The output bytes from this mechanism are taken from the start of the final GOST 28147-89 cipher block produced in the MACing process.

It has a parameter, a 8-byte MAC initialization vector. This parameter may be omitted then a zero initialization vector is used.

Constraints on key types and the length of data are summarized in the following table:

Table 6, GOST28147-89-MAC: Key And Data Length
Function Key type Data length Signature length
C_Sign CKK_GOST28147
Any
4 bytes
C_Verify CKK_GOST28147
Any
4 bytes

For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure are not used.

GOST 28147-89 keys wrapping/unwrapping with GOST 28147-89

GOST 28147-89 keys as a KEK (key encryption keys) for encryption GOST 28147-89 keys, denoted by CKM_GOST28147_KEY_WRAP, is a mechanism for key wrapping; and key unwrapping, based on GOST 28147-89. Its purpose is to encrypt and decrypt keys have been generated by key generation mechanism for GOST 28147-89.

For wrapping (C_WrapKey), the mechanism first computes MAC from the value of the CKA_VALUE attribute of the key that is wrapped and then encrypts in ECB mode the value of the CKA_VALUE attribute of the key that is wrapped. The result is 32 bytes of the key that is wrapped and 4 bytes of MAC.

For unwrapping (C_UnwrapKey), the mechanism first decrypts in ECB mode the 32 bytes of the key that was wrapped and then computes MAC from the unwrapped key. Then compared together 4 bytes MAC has computed and 4 bytes MAC of the input. If these two MACs do not match the wrapped key is disallowed. The mechanism contributes the result as the CKA_VALUE attribute of the unwrapped key.

It has a parameter, a 8-byte MAC initialization vector. This parameter may be omitted then a zero initialization vector is used.

Constraints on key types and the length of data are summarized in the following table:

Table 7, GOST 28147-89 keys as KEK: Key And Data Length
Function Key type Input length Output length
C_WrapKey CKK_GOST28147
32 bytes
36 bytes
C_UnwrapKey CKK_GOST28147
32 bytes
36 bytes

For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure are not used.

GOST R 34.11-94

GOST R 34.11-94 is a mechanism for message digesting, following the hash algorithm with 256-bit message digest defined in [GOST R 34.11-94].

This section defines the key type "CKK_GOSTR3411" for type CK_KEY_TYPE as used in the CKA_KEY_TYPE attribute of domain parameter objects.

Mechanisms:

CKM_GOSTR3411
CKM_GOSTR3411_HMAC


RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v230mechanism1