PKCS#11
|
| Cryptographic Token Interface Standard |
PKCS#11 |
GOST R 34.11-94 HMAC mechanism, denoted CKM_GOSTR3411_HMAC, is a mechanism for signatures and verification. It uses the HMAC construction, based on the GOST R 34.11-94 hash function [GOST R 34.11-94] and core HMAC algorithm [RFC 2104]. The keys it uses are of generic key type CKK_GENERIC_SECRET or CKK_GOST28147.
To be conformed to GOST R 34.11-94 hash algorithm [GOST R 34.11-94] the block length of core HMAC algorithm is 32 bytes long (see [RFC 2104] section 2, and [RFC 4357] section 3).
As a parameter this mechanism utilizes a DER-encoding of the object identifier. A mechanism parameter may be missed then parameters of the object identifier id-GostR3411-94-CryptoProParamSet [RFC 4357] ( section 11.2) must be used.
Signatures (MACs) produced by this mechanism are of 32 bytes long.
Constraints on the length of input and output data are summarized in the following table:
Table 210, GOST R 34.11-94 HMAC: Key And Data Length
| Function | Key type | ||
| C_Sign | CKK_GENERIC_SECRET or CKK_GOST28147 | ||
| C_Verify | CKK_GENERIC_SECRET or CKK_GOST28147 |
For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure are not used.