Cryptographic Token Interface Standard

PKCS#11


GOST R 34.10-2001 with GOST R 34.11-94

The GOST R 34.10-2001 with GOST R 34.11-94, denoted CKM_GOSTR3410_WITH_GOSTR3411, is a mechanism for signatures and verification for GOST R 34.10-2001. This mechanism computes the entire GOST R 34.10-2001 specification, including the hashing with GOST R 34.11-94 hash algorithm.

As a parameter this mechanism utilizes a DER-encoding of the object identifier indicating GOST R 34.11-94 data object type. A mechanism parameter may be missed then parameters are specified in object identifier of attribute CKA_GOSTR3411PARAMS must be used.

For the purposes of these mechanisms, a GOST R 34.10-2001 signature is an octet string of 64 bytes long. The signature octets correspond to the concatenation of the GOST R 34.10-2001 values s and r ', both represented as a 32 bytes octet string in big endian order with the most significant byte first [RFC 4490] section 3.2, and [RFC 4491] section 2.2.2.

The input for the mechanism is signed or should be signed message of any length. Single- and multiple-part signature operations are available.

Table 215, GOST R 34.10-2001 with GOST R 34.11-94: Key And Data Length
Function Key type
Input length
Output length
C_Sign CKK_GOSTR3410
Any
64 bytes
C_Verify CKK_GOSTR3410
Any
64 bytes

For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure are not used.


RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v230