GOST R 34.10 + HKDF KEM.
=> RFC 7091, GOST R 34.10-2012
=> RFC 5869, HKDF
=> RFC 6986, Streebog, GOST R 34.11-2012

    kem-gost3410-hkdf {
        {field . {map}}
        {field a {str} =gost3410-hkdf}
        {field cek {bin} >0} {# wrapped CEK}
        {field ukm {bin} len=16} {# additional keying material}
        {field pub {bin} >0} {# sender's ephemeral public key}
        {field to {with fpr} optional} {# recipient's public key}
        {field from {with fpr} optional} {# sender's public key}
    }

Recipient public key with [cm/pub/gost3410] algorithm must be used.
It should have "kem" key usage set.

GOST R 34.10-2012 VKO parameter set A/C ("gost3410-256A", "gost3410-512C")
must be used for DH operation, with UKM taken from the structure. VKO's
output is 512- or 1024-bit "BE(X)||BE(Y)" point, used in HKDF below:

    H = Streebog-512
    DH(sk, pk) = GOSTR3410-VKO(prv=sk, pub=pk, ukm=UKM)
    PRK = HKDF-Extract(H, salt="", ikm=DH(e, s))
    if {specified sender}
        PRK = HKDF-Extract(H, salt=PRK, ikm=DH(s, s))
    KEK = HKDF-Expand(H, prk=PRK, info="cm/encrypted/gost3410-hkdf" || /id)

"/kem/*/cek" is wrapped with [cm/keywrap/kexp15] mechanism.