![]() | Cryptographic Token Interface Standard |
PKCS#11 |
GOST 28147-89-ECB, denoted CKM_GOST28147_ECB, is a mechanism for single and multiple-part encryption and decryption; key wrapping; and key unwrapping, based on GOST 28147-89 and electronic codebook mode.
It does not have a parameter.
This mechanism can wrap and unwrap any secret key. Of course, a particular token may not be able to wrap/unwrap every secret key that it supports.
For wrapping (C_WrapKey), the mechanism encrypts the value of the CKA_VALUE attribute of the key that is wrapped, padded on the trailing end with up to block size so that the resulting length is a multiple of the block size.
For unwrapping (C_UnwrapKey), the mechanism decrypts the wrapped key, and truncates the result according to the CKA_KEY_TYPE attribute of the template and, if it has one, and the key type supports it, the CKA_VALUE_LEN attribute of the template. The mechanism contributes the result as the CKA_VALUE attribute of the new key.
Constraints on key types and the length of data are summarized in the following table:
Table 4, GOST 28147-89-ECB: Key And Data Length
Function | Key type | Input length | Output length |
C_Encrypt | CKK_GOST28147 | Same as input length | |
C_Decrypt | CKK_GOST28147 | Same as input length | |
C_WrapKey | CKK_GOST28147 | Input length rounded up to multiple of block size | |
C_UnwrapKey | CKK_GOST28147 | Determined by type of key being unwrapped |
For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure are not used.