Cryptographic Token Interface Standard |
PKCS#11 |
Cipher <NAME> has a cipher-block chaining mode, "<NAME>-CBC", denoted CKM_<NAME>_CBC. It is a mechanism for single- and multiple-part encryption and decryption; key wrapping; and key unwrapping with <NAME>.
It has a parameter, an initialization vector for cipher block chaining mode. The initialization vector has the same length as <NAME>'s blocksize.
Constraints on key types and the length of data are summarized in the following table:
Table 327, General Block Cipher CBC: Key And Data Length
Function | Key type | |||
C_Encrypt | <NAME> | |||
C_Decrypt | <NAME> | |||
C_WrapKey | <NAME> | |||
C_UnwrapKey | <NAME> |
For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure may or may not be used. The CAST, CAST3, and CAST128 (CAST5) ciphers have variable key sizes, and so for these ciphers, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the supported range of key sizes, in bytes. For the DES, DES3 (triple-DES), IDEA, and CDMF ciphers, these fields are not used.