Cryptographic Token Interface Standard

PKCS#11


General block cipher CBC

Cipher <NAME> has a cipher-block chaining mode, "<NAME>-CBC", denoted CKM_<NAME>_CBC. It is a mechanism for single- and multiple-part encryption and decryption; key wrapping; and key unwrapping with <NAME>.

It has a parameter, an initialization vector for cipher block chaining mode. The initialization vector has the same length as <NAME>'s blocksize.

Constraints on key types and the length of data are summarized in the following table:

Table 327, General Block Cipher CBC: Key And Data Length
Function Key type
Input length
Output length
Comments
C_Encrypt <NAME>
multiple of blocksize
same as input length
no final part
C_Decrypt <NAME>
multiple of blocksize
same as input length
no final part
C_WrapKey <NAME>
any
input length rounded up to multiple of blocksize
 
C_UnwrapKey <NAME>
any
determined by type of key being unwrapped or CKA_VALUE_LEN
 

For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure may or may not be used. The CAST, CAST3, and CAST128 (CAST5) ciphers have variable key sizes, and so for these ciphers, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the supported range of key sizes, in bytes. For the DES, DES3 (triple-DES), IDEA, and CDMF ciphers, these fields are not used.


RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v230