Verify MAC

Command:

Verify a MAC on a message.

Notes:

The message to be MAC’d by this command may be presented to the HSM in different formats, as indicated by the Input Format Flag field.

When Input Format Flag = 2, the input message goes through a conversion process (from EBCDIC to ASCII) when the HSM is configured as using EBCDIC.

Field	Length & Type		Details
COMMAND MESSAGE
Message Header	m A	Will be returned to the Host unchanged.
Command Code	2 A	Value M8.
Mode Flag	1 N	0 : Only block of a single-block message 1 : First block of a multi-block message 2 : Middle block of a multi-block message 3 : Final block of a multi-block message
Input Format Flag	1 N	0 : Binary 1 : Hex-Encoded Binary 2 : Text
MAC Algorithm	2 N	01 : ISO 9797 MAC algorithm 1 (= ANSI X9.9 when used with a single-length key) 03 : ISO 9797 MAC algorithm 3 (= ANSI X9.19 when used with a double-length key) 00, 02, 04…99 : Reserved for future use
Padding Method	1 N	For MAC Algorithm values 01 & 03: 0 : No padding. (Overall message length must be multiple of 8 bytes.) 1 : ISO 9797 Padding method 1 (i.e. pad with 0x00) 2 : ISO 9797 Padding method 2 (i.e. add 0x80 and pad with 0x00) 3..9 : Reserved for future use For all other MAC Algorithm values: 0..9 : Reserved for future use
Key Type	3 H	Type of Key. The following Key Types are permitted: 003 : TAK 008 : ZAK
Key	16H or 1A+32H or 1A+48H	MAC Key. Used (in conjunction with the IV if appropriate) to verify the MAC on the supplied Message.
IV	16 H	The intermediate IV. When verifying the middle or final blocks of a series of blocks, this value should be the IV returned from MACing the previous block. Only present if Mode Flag = 2 or 3.
Message Length	4 H	The length of the following field, in bytes.
Message		The message upon which the MAC is to be verified. The length & type of the field will depend on the value of the Mode Flag & Input Format Flag:
	n B	Input Format Flag = 0 (Binary); If Mode Flag = 1 or 2, then n = multiple of 8.
	n H	Input Format Flag = 1 (Hex-encoded Binary); If Mode Flag = 1 or 2, then n = multiple of 16.
	n A	Input Format Flag = 2 (Text); If Mode Flag = 1 or 2, then n = multiple of 8.
MAC	8 H	The MAC to be verified. Only present if Mode Flag = 0 or 3.
End Message Delimiter	1 C	Optional. Must be present if a message trailer is present. Value X'19.
Message Trailer	n A	Optional. Maximum length 32 characters.
RESPONSE MESSAGE
Message Header	m A	Will be returned to the Host unchanged.
Response Code	2 A	Value “M9”.
Error Code	2 N	00 : No error 01 : MAC verification failed 02 : Invalid Mode Flag field 03 : Invalid Input Format Flag field 04 : Invalid MAC Algorithm field 05 : Invalid Key Type field 06 : Invalid Message Length field 09 : Invalid Padding Method field 10 : MAC Key Parity Error Any standard error code.
IV	16 H	The intermediate IV. This IV should be supplied as input when MACing the next block in the series of blocks. Only present if Mode Flag = 1 or 2.
End Message Delimiter	1 C	Will only be present if present in the command message. Value X'19.
Message Trailer	n A	Will only be present if present in the command message. Maximum length 32 characters.