Generate MAC (MAB) using ANSI X9.19 Method for a Large Message

Command:

To generate a MAB for a large message using either a TAK or a ZAK. If the key is single length use ANSI X9.9 MAC generation or if the key is double length use ANSI X9.19 MAC generation.

Notes:

The command can operate on binary data or expanded Hex. If the HSM is set for Async/ASCII operation and binary data used ensure that:

The host port has been set for 8 data bit operation by the CH (Configure Host) console command.

The data for which the MAC is to be generated does not contain either EM (X’19) or ETX(X’03).

Expanded Hex mode uses 2 hexadecimal characters for each binary byte.

If the message block is the first or a middle block it must be a multiple of 8 bytes.

Consideration to the buffer size of the HSM must be made before the value n message length is selected.

Field	Length & Type	Details
COMMAND MESSAGE
Message header	m A	(Subsequently returned to the Host unchanged).
Command Code	2 A	Value MS
Message Block Number	1 N	Message block processing number 0 - Only Block 1 - First Block 2 - A Middle Block 3 - Last Block
Key Type	1 N	Key type 0 – TAK (Terminal Authentication Key) 1 – ZAK (Zone Authentication Key)
Key Length	1 N	Key length 0 – Single Length DES Key 1 – Double Length DES Key
Message Type	1 N	Message Type 0 – Message data is binary 1 – Message data is expanded Hex
Key	16H or 1A+32H	Key, encrypted under appropriate LMK pair TAK under LMK pair 16 – 17 ZAK under LMK pair 26 – 27
IV	16H	Initialization value, present only when message block number is 2 or 3.
Message Length	4 H	Length of Message to be MACED (length of following field if message type binary, Half the length of the following field if expanded Hex).
Message Block	n B or H	The message block either in binary or as expanded Hex.
End Message Delimiter	1 C	Optional. Must be present if a message trailer is present. Value X’19.
Message Trailer	n A	Optional. Maximum length is 32 bytes.

Field	Length & Type	Details
RESPONSE MESSAGE
Message Header	m A	Returned to the Host unchanged.
Response code	2 A	Value MT
Error Code	2 N	00 : No errors 03 : Invalid Message Type Code 04 : Invalid Key Type Code 05 : Invalid Message Block Number 06 Invalid Key Length Code 10 : KEY parity error 12 : No keys loaded in user storage 13 : LMK error; report to supervisor 15 : Error in input data 21 : Invalid user storage index 27 : Invalid key length 80 : Incorrect input data length
MAB	16H	Used as IV for next block when message block number is 1 or 2 Used as message authenticator when message block is 0 or 3
End Message Delimiter	1 C	Optional. Must be present if a message trailer is present. Value X’19.
Message Trailer	n A	Optional. Maximum length is 32 bytes.