MessageAuthenticationCode Support

Because the HSM has no flow control, the application programmer is responsible for ensuring that the input buffer is not exceeded. The HSM input buffer is 2047 bytes in length for all models except the SNA-SDLC interface devices, in which it is 1023 bytes. The length of the input buffer limits the amount of data over which a MAC can be calculated in a single call to the HSM. To be sure that there is no overflow, limit the amount of data to 1024 bytes, or 512 bytes if using SNA-SDLC.

The HSM normally calculates a MAC by converting the characters to ASCII (if they are received as EBCDIC (shown in the table), and filling the last 64-bit block with binary zeroes (if necessary). For this, the HSM must be configured for EBCDIC (and not ASCII) by the CH (Configure Host) console command. The HSM performs no other editing of the data.

The HSM provides commands to generate and verify MACs on short messages of up to 32Kbytes (16Kbytes for SNA-SDLC). For longer messages the Generate MAC (MAB) for Large Message (MQ) command divides the message data into blocks. It creates a MAB or IV (Initialisation Vector) for the first block, the last block and one or more blocks in between. The response message for the last data block includes the MAC for the whole message. The MAC is the first four bytes (eight characters) of the last MAB.

The MQ command handles the data in 8-bit binary form. It does not convert EBCDIC data to ASCII; it calculates the MAC on the data as presented to the HSM. Therefore, any necessary character conversion must be performed by the Host system.

The command used for large messages provides the Host with all the information needed for MAC generation, MAC verification and continuation IVs when chaining MACs.

EBCDIC Hex	Cha	ASCII Hex	EBCDIC Hex	Cha	ASCII Hex	EBCDIC Hex	Cha	ASCII Hex	EBCDIC Hex	Cha	ASCII Hex
00	NUL	00	40	SP	20	80			C0	{	7B
01	SOH	01	41			81	a	61	C1	A	41
02	STX	02	42			82	b	62	C2	B	42
03	ETX	03	43			83	c	63	C3	C	43
04			44			84	d	64	C4	D	44
05	HT	09	45			85	e	65	C5	E	45
06			46			86	f	66	C6	F	46
07	DEL	7F	47			87	g	67	C7	G	47
08			48			88	h	68	C8	H	48
09			49			89	i	69	C9	I	49
0A			4A			8A			CA
0B	VT	0B	4B	.	2E	8B	{	7B	CB
0C	FF	0C	4C	<	3C	8C			CC
0D	CR	0D	4D	(	28	8D			CD
0E	SO	0E	4E	+	2B	8E			CE
0F	SI	0F	4F	\|	7C	8F			CF
10	DLE	10	50	&	26	90			D0	}	7D
11	DC1	11	51			91	j	6A	D1	J	4A
12	DC2	12	52			92	k	6B	D2	K	4B
13	DC3	13	53			93	l	6C	D3	L	4C
14			54			94	m	6D	D4	M	4D
15			55			95	n	6E	D5	N	4E
16	BS	08	56			96	o	6F	D6	O	4F
17			57			97	p	70	D7	P	50
18	CAN	18	58			98	q	71	D8	Q	51
19	EM	19	59			99	r	72	D9	R	52
1A			5A	!	21	9A			DA
1B			5B	$	24	9B	}	7D	DB
1C		1 C	5C	*	2 A	9C			DC
1D		1D	5D	)	29	9D			DD
1E		1E	5E	;	3B	9E			DE
1F		1F	5F		5F	9F			DF
20			60	-	2D	A0			E0	\	5C
21			61	/		A1	~	7E	E1
22	FS	1 C	62			A2	s	73	E2	S	53
23			63			A3	t	74	E3	T	54
24			64			A4	u	75	E4	U	55
25	LF	0A	65			A5	v	76	E5	V	56
26	ETB	17	66			A6	w	77	E6	W	57
27	ESC	1B	67			A7	x	78	E7	X	58
28			68			A8	y	79	E8	Y	59
29			69			A9	z	7A	E9	Z	5A
2A			6A	\|	7C	AA			EA
2B			6B	,	2C	AB			EB
2C			6C	%		AC			EC
2D	ENQ	05	6D		5F	AD	[	5B	ED
2E	ACK	06	6E	>	3E	AE			EE
2F	BEL	07	6F	?	3F	AF			EF
30			70			B0			F0	0	30
31			71			B1			F1	1	31
32	SYN	16	72			B2			F2	2	32
33			73			B3			F3	3	33
34			74			B4			F4	4	34
35			75			B5			F5	5	35
36			76			B6			F6	6	36
37	EOT	04	77			B7			F7	7	37
38			78			B8			F8	8	38
39			79	‘	60	B9			F9	9	39
3A			7A	:	3A	BA			FA
3B			7B	#	23	BB			FB
3C	DC4	14	7C	@	40	BC			FC
3D	NAK	15	7D	’	27	BD	]	5D	FD
3E			7E	=	3D	BE			FE
3F	SUB	1A	7F	n	22	BF			FF

Message Authentication Code Support