Verify and Translate MAC

 

Command:

Verify a MAC and (if successful) generate a MAC on the same data using a different key.

Notes:

The message with which the MAC is to be verified and translated may be presented to the HSM in different formats, as indicated by the Input Format Flag field.

When Input Format Flag = 2, the input message goes through a conversion process (from EBCDIC to ASCII) when the HSM is configured as using EBCDIC.

 

Field

Length & Type

Details

COMMAND MESSAGE

Message Header

m A

Will be returned to the Host unchanged.

Command Code

2 A

Value “MY”.

Mode Flag

1 N

0 : Only block of a single-block message
1 : First block of a multi-block message
2 : Middle block of a multi-block message
3 : Final block of a multi-block message

Input Format Flag

1 N

0 : Binary
1 : Hex-Encoded Binary
2 : Text

Source MAC Algorithm

2 N

01 : ISO 9797 MAC algorithm 1 (= ANSI X9.9 when used with a single-length key)
03 : ISO 9797 MAC algorithm 3 (= ANSI X9.19 when used with a double-length key)
00, 02, 04…99 : Reserved for future use

Source Padding Method

1 N

For Source MAC Algorithm values 01 & 03:
0 : No padding. (Overall message length must be multiple of 8 bytes.)
1 : ISO 9797 Padding method 1 (i.e. pad with 0x00)
2 : ISO 9797 Padding method 2 (i.e. add 0x80 and pad with 0x00)
3..9 : Reserved for future use
 

For all other Source MAC Algorithm values:
0..9 : Reserved for future use

Source Key Type

3 H

Type of Source Key. The following Key Types are permitted:

003 : TAK
008 : ZAK

Source Key

16H
or
1A+32H
or
1A+48H
 

Source MAC Key.

Used (in conjunction with the Source IV if appropriate) to verify the Source MAC on the supplied Message.
 

Destination MAC Algorithm

2 N

01 : ISO 9797 MAC algorithm 1 (= ANSI X9.9 when used with a single-length key)
03 : ISO 9797 MAC algorithm 3 (= ANSI X9.19 when used with a double-length key)
00, 02, 04…99 : Reserved for future use
 

Destination Padding Method

1 N

For Destination MAC Algorithm values 01 & 03:
0 : No padding. (Overall message length must be multiple of 8 bytes.)
1 : ISO 9797 Padding method 1 (i.e. pad with 0x00)
2 : ISO 9797 Padding method 2 (i.e. add 0x80 and pad with 0x00)
3..9 : Reserved for future use
 

For all other Destination MAC Algorithm values:
0..9 : Reserved for future use

Destination Key Type

3 H

Type of Destination Key. The following Key Types are permitted:

003 : TAK
008 : ZAK

Destination Key

16H
or
1A+32H
or
1A+48H

Destination MAC Key.

Used (in conjunction with the Destination IV if appropriate) to generate the Destination MAC on the supplied Message.

Source IV

16 H

The intermediate IV, calculated using the Source Key.

This IV should be supplied as input when MACing the next block in the series of blocks.

 

Only present if Mode Flag = 2 or 3

Destination IV

16 H

The intermediate IV, calculated using the Destination Key.

This IV should be supplied as input when translating the MAC on the next block in the series of blocks.

 

Only present if Mode Flag = 2 or 3.

Message Length

4 H

The length of the following field, in bytes.

Message

  

The message upon which the MAC is to be verified and regenerated. The length & type of the field will depend on the value of the Mode Flag & Input Format Flag:

n B

Input Format Flag = 0 (Binary);
If Mode Flag = 1 or 2, then n = multiple of 8.

n H

Input Format Flag = 1 (Hex-encoded Binary);
If Mode Flag = 1 or 2, then n = multiple of 16.

n A

Input Format Flag = 2 (Text);
If Mode Flag = 1 or 2, then n = multiple of 8.

Source MAC

8 H

The MAC to be verified, generated using the Source Key.

Only present if Mode Flag = 0 or 3.

End Message Delimiter

1 C

Optional. Must be present if a message trailer is present. Value X'19.

Message Trailer

n A

Optional. Maximum length 32 characters.

RESPONSE MESSAGE

Message Header

m A

Will be returned to the Host unchanged.

Response Code

2 A

Value “MZ”.

Error Code

2 N

00 : No error
01 : MAC verification failed
02 : Invalid Mode Flag field
03 : Invalid Input Format Flag field
04 : Invalid Source MAC Algorithm field
05 : Invalid Source Key Type field
06 : Invalid Message Length field
07 : Invalid Destination MAC Algorithm field
08 : Invalid Destination Key Type field
09 : Invalid Source Padding Method field
10 : Source MAC Key Parity Error
11 : Destination MAC Key Parity Error
34 : Invalid Destination Padding Method field

Any standard error code.

Source IV

16 H

The intermediate IV, calculated using Source Key.

Only present if Mode Flag = 1 or 2.

Destination IV

16 H

The intermediate IV, calculated using Destination Key.

Only present if Mode Flag = 1 or 2.

Destination MAC

8 H

The MAC generated using the Destination Key.

Only present if Mode Flag = 0 or 3.

End Message Delimiter

1 C

Will only be present if present in the command message. Value X'19.

Message Trailer

n A

Will only be present if present in the command message. Maximum length 32 characters.