|
Command: |
Verify a MAC and, if successful, generate a MAC on the same data with a different key. |
|
Notes: |
If the source MAC does not verify, the HSM does not return a destination MAC. The value n given for Data is the recommended maximum value; it can be increased toward 2047 (1023 for SNA-SDLC systems) with consideration for the overall buffer size compared to the size of the complete HSM command message. |
|
Field |
Length & Type |
Details |
|
COMMAND MESSAGE |
||
|
Message header |
m A |
(Subsequently returned to the Host unchanged). |
|
Command code |
2 A |
Value ME. |
|
Source TAK |
16H or 1A+32H or 1A+48H |
The source TAK encrypted under LMK pair 16-17. |
|
Destination TAK |
16H or 1A+32H or 1A+48H |
The destination key encrypted under LMK pair 16-17. |
|
MAC |
8 H |
The MAC generated with the source key. |
|
Data |
0 - n |
The data on which to verify and generate a MAC, n = 1024 (512 for SNA-SDLC systems). |
|
End message delimiter |
1 C |
Optional. Must be present if a message trailer is present. Value X’19. |
|
Message trailer |
n A |
Optional. Maximum length 32 characters. |
|
RESPONSE MESSAGE |
||
|
Message header |
n A |
Returned to the Host unchanged. |
|
Response code |
2 A |
Value MF. |
|
Error code |
2 N |
00 : No errors 01 : MAC verification failure 10 : Source TAK parity error 11 : Destination TAK parity error 12 : No keys loaded in user storage 13 : LMK error; report to supervisor 15 : Error in input data 21 : Invalid user storage index 27 : Source or Destination TAK not single length |
|
MAC |
8 H |
The MAC generated using the destination TAK. |
|
End message delimiter |
1 C |
Present only if present in the command message. Value X’19. |
|
Message trailer |
n A |
Present only if present in the command message. Maximum length 32 characters. |