GOST R 34.10+HKDF KEM.

include [schemas/kem-gost3410-hkdf.tcl]

GOST R 34.10-2012 VKO parameter set A/C ("gost3410-256A", "gost3410-512C")
must be used for DH operation, with UKM taken from the structure. VKO's
output is 512- or 1024-bit "BE(X)||BE(Y)" point, used in HKDF below:

    H = Streebog-512
    DH(sk, pk) = GOSTR3410-VKO(prv=sk, pub=pk, ukm=UKM)
    PRK = HKDF-Extract(H, salt="", ikm=DH(e, s))
    if specified(sender):
        PRK = HKDF-Extract(H, salt=PRK, ikm=DH(s, s))
    KEK = HKDF-Expand(H, prk=PRK, info="cm/encrypted/gost3410-hkdf" || /id)

"/kem/*/cek" is wrapped with [cm/keywrap/kexp15] mechanism.

=> https://datatracker.ietf.org/doc/html/rfc5869.html RFC 5869, HKDF
=> https://datatracker.ietf.org/doc/html/rfc6986.html RFC 6986, Streebog, GOST R 34.11-2012 hashing algorithm
=> https://datatracker.ietf.org/doc/html/rfc7091.html RFC 7091, GOST R 34.10-2012 is signing/key-aggreement algorithm