![]() | Cryptographic Token Interface Standard |
PKCS#11 |
GOST 28147-89-MAC, denoted CKM_GOST28147_MAC, is a mechanism for data integrity and authentication based on GOST 28147-89 and key meshing algorithms [RFC 4357] section 2.3.
MACing parameters are specified in object identifier of attribute CKA_GOST28147_PARAMS.
The output bytes from this mechanism are taken from the start of the final GOST 28147-89 cipher block produced in the MACing process.
It has a parameter, a 8-byte MAC initialization vector. This parameter may be omitted then a zero initialization vector is used.
Constraints on key types and the length of data are summarized in the following table:
Table 6, GOST28147-89-MAC: Key And Data Length
Function | Key type | Data length | Signature length |
C_Sign | CKK_GOST28147 | ||
C_Verify | CKK_GOST28147 |
For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure are not used.
GOST 28147-89 keys wrapping/unwrapping with GOST 28147-89
GOST 28147-89 keys as a KEK (key encryption keys) for encryption GOST 28147-89 keys, denoted by CKM_GOST28147_KEY_WRAP, is a mechanism for key wrapping; and key unwrapping, based on GOST 28147-89. Its purpose is to encrypt and decrypt keys have been generated by key generation mechanism for GOST 28147-89.
For wrapping (C_WrapKey), the mechanism first computes MAC from the value of the CKA_VALUE attribute of the key that is wrapped and then encrypts in ECB mode the value of the CKA_VALUE attribute of the key that is wrapped. The result is 32 bytes of the key that is wrapped and 4 bytes of MAC.
For unwrapping (C_UnwrapKey), the mechanism first decrypts in ECB mode the 32 bytes of the key that was wrapped and then computes MAC from the unwrapped key. Then compared together 4 bytes MAC has computed and 4 bytes MAC of the input. If these two MACs do not match the wrapped key is disallowed. The mechanism contributes the result as the CKA_VALUE attribute of the unwrapped key.
It has a parameter, a 8-byte MAC initialization vector. This parameter may be omitted then a zero initialization vector is used.
Constraints on key types and the length of data are summarized in the following table:
Table 7, GOST 28147-89 keys as KEK: Key And Data Length
Function | Key type | Input length | Output length |
C_WrapKey | CKK_GOST28147 | ||
C_UnwrapKey | CKK_GOST28147 |
For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure are not used.
GOST R 34.11-94
GOST R 34.11-94 is a mechanism for message digesting, following the hash algorithm with 256-bit message digest defined in [GOST R 34.11-94].
This section defines the key type "CKK_GOSTR3411" for type CK_KEY_TYPE as used in the CKA_KEY_TYPE attribute of domain parameter objects.
Mechanisms:
CKM_GOSTR3411 CKM_GOSTR3411_HMAC