|
Command: |
Generate a MAC (MAB) for a large message. |
|
Notes: |
The command operates on binary data. If the HSM is set for Async/ASCII operation, ensure that: The Host port has been set for 8 data bit operation by the CH (Configure Host) command. The data for which the MAC is to be generated does not contain either EM (X’19) or ETX (X’03). The value n given for Data is the recommended maximum value; it can be increased toward 2047 (1023 for SNA-SDLC systems) with consideration for the overall buffer size compared to the size of the complete HSM command message. |
|
Field |
Length & Type |
Details |
|
COMMAND MESSAGE |
||
|
Message header |
m A |
(Subsequently returned to the Host unchanged). |
|
Command code |
2 A |
Value MQ. |
|
Message block number |
1 N |
0 : The only block. 1 : The first block. 2 : A middle block. 3 : The last block. |
|
ZAK |
16H or 1A+32H or 1A+48H |
ZAK encrypted under LMK pair 26-27 |
|
IV |
16 H |
Initialization value, present only when message block number is 2 or 3. |
|
Message length |
3 H |
Message length in bytes. |
|
Message block |
n B |
The clear text message block. |
|
End message delimiter |
1 C |
Optional. Must be present if a message trailer is present. Value X’19. |
|
Message trailer |
n A |
Optional. Maximum length 32 characters. |
|
Field |
Length & Type |
Details |
|
RESPONSE MESSAGE |
||
|
Message header |
n A |
Returned to the Host unchanged. |
|
Response code |
2 A |
Value MR. |
|
Error code |
2 N |
00 : No errors 02 : ZAK not single length 05 : Invalid message block number 10 : ZAK parity error 12 : No keys loaded in user storage 13 : LMK error; report to supervisor 15 : Error in input data 21 : Invalid user storage index 80 : Data length error |
|
MAB |
16 H |
Used as IV for next block when message block number is 1 or 2. Used as message authenticator when message block number is 0 or 3. |
|
End message delimiter |
1 C |
Present only if present in the command message. Value X’19. |
|
Message trailer |
n A |
Present only if present in the command message. Maximum length 32 characters. |
|
Command: |
To generate a MAB for a large message using either a TAK or a ZAK. If the key is single length use ANSI X9.9 MAC generation or if the key is double length use ANSI X9.19 MAC generation. |
|
Notes: |
The command can operate on binary data or expanded Hex. If the HSM is set for Async/ASCII operation and binary data used ensure that: The host port has been set for 8 data bit operation by the CH (Configure Host) console command. The data for which the MAC is to be generated does not contain either EM (X’19) or ETX(X’03). Expanded Hex mode uses 2 hexadecimal characters for each binary byte. If the message block is the first or a middle block it must be a multiple of 8 bytes. Consideration to the buffer size of the HSM must be made before the value n message length is selected. |
|
Field |
Length & Type |
Details | |
|
COMMAND MESSAGE |
|||
|
Message Header |
mA |
(Subsequently returned to the Host unchanged). |
|
|
Command Code |
2A |
Value MS |
|
|
Message Block Number |
1N |
Message block processing number |
|
|
Key Type |
1N |
Key type 0 – TAK (Terminal Authentication Key) 1 – ZAK (Zone Authentication Key) |
|
|
Key Length |
1N |
Key length 0 – Single Length DES Key 1 – Double Length DES Key |
|
|
Message Type |
1N |
Message Type 0 – Message data is binary 1 – Message data is expanded Hex |
|
|
Key |
16 or 32H or 1A+32H |
Key, encrypted under appropriate LMK pair TAK under LMK pair 16 – 17 ZAK under LMK pair 26 – 27 |
|
|
IV |
16H |
Initialization value, present only when message block number is 2 or 3. |
|
|
Message Length |
4H |
Length of Message to be MACED (length of following field if message type binary, Half the length of the following field if expanded Hex). |
|
|
Message Block |
nB or H |
The message block either in binary or as expanded Hex. |
|
|
End Message Delimiter |
1C |
Optional. Must be present if a message trailer is present. Value X’19. |
|
|
Message Trailer |
nA |
Optional. Maximum length is 32 bytes. |
|
|
|
|
|
|
|
Field |
Length & Type |
Details | ||
|
RESPONSE MESSAGE |
||||
|
Message Header |
mA |
Returned to the Host unchanged. |
||
|
Response code |
2A |
Value MT |
||
|
Error Code |
2N |
00 : No errors 27 : Invalid key length |
||
|
MAB |
16H |
Used as IV for next block when message block number is 1 or 2 Used as message authenticator when message block is 0 or 3 |
||
|
End Message Delimiter |
1C |
Optional. Must be present if a message trailer is present. Value X’19. |
||
|
Message Trailer |
nA |
Optional. Maximum length is 32 bytes. |
||
|
|
|
|
|
|