|
Command: |
Import an HMAC under a Zone Master Key (ZMK). |
|
Notes: |
Use of this command requires the optional User Authentication licence. Error code 67 will be returned if the command is not licenced. The HMAC Key encrypted under the ZMK must be a multiple of 8 bytes. The HSM will extract the HMAC Key from the key block, ignoring any padding. Currently, SHA-1 is the only supported hash algorithm. Transport Formats 01, 02 (PKCS#11) and 03 (ANSI X9.17) are only permitted if enabled using the Configure Security ("CS") command. If Transport Format 03 (ANSI X9.17) is used then the plaintext HMAC Key must be an exact multiple of 8 bytes. |
|
Field |
Length & Type |
Details |
|
COMMAND MESSAGE |
||
|
Message header |
m A |
(Subsequently returned to the Host unchanged) |
|
Command Code |
2 A |
Value "LU" |
|
ZMK |
16 H or 32 H or 1A+32H or 1A+48H |
Zone Master Key, encrypted under LMK pair 04-05 |
|
HMAC Key Block (ZMK) Length |
4 N |
Length (in bytes) of the next field |
|
HMAC Key Block (ZMK) |
n B |
The HMAC Key, encrypted under the ZMK |
|
Delimiter |
1 A |
Value ";" |
|
Transport Format |
2 N |
Format of plaintext HMAC Key (ZMK); see Notes above · 00 = proprietary format · 01 = PKCS#11 ECB format. · 02 = PKCS#11 CBC format. · 03 = ANSI X9.17 format. |
|
HMAC Key Block Format (LMK) |
2 N |
Defines the format of the stored key. Currently only format 00 is supported · 00 = proprietary format |
|
Hash Identifier |
2 N |
Only present if Transport Format = 01, 02 or 03 Identifier of the Hash Algorithm. Currently only SHA-1 is supported · 01 = SHA-1 |
|
HMAC Key Usage |
2 N |
Only present if Transport Format = 01, 02 or 03 · 01 = HMAC Generation · 02 = HMAC Verification · 03 = HMAC Generation and Verification |
|
HMAC Key Length |
4 N |
Only present if Transport Format = 01, 02 or 03 The number of bytes of the HMAC Key Must satisfy L/2 £ key length, where L is the size of the hash function output (so L = 20 in the case of SHA-1). |
|
End message delimiter |
1 C |
Optional. Must be present if a message trailer is present. Value X’19. |
|
Message trailer |
n A |
Optional. Maximum length 32 characters. |
|
RESPONSE MESSAGE |
||
|
Message header |
m A |
Returned to the Host unchanged. |
|
Response code |
2 A |
Value "LV" |
|
Error code |
2 N |
00 : No error 03 : Invalid Transport Format 04 : HMAC Key Length error 05 : Invalid Hash Identifier 06 : Invalid Key Usage 07 : Invalid Key Block Format 08 : HMAC Key Block error 10 : ZMK parity error 12 : No keys loaded in user storage 13 : LMK error; report to supervisor 15 : Error in input data 21 : Invalid user storage index 47 : DSP error; report to supervisor 80 : HMAC Key Block (ZMK) Length error 81 : HMAC Key Block (ZMK) Length not a multiple of 8 bytes
|
|
HMAC Key Block (LMK) Length |
4 N |
Length (in bytes) of the next field. |
|
HMAC Key Block (LMK) |
n B |
The HMAC Key, encrypted under LMK pair 34-35 variant 1 |
|
End message delimiter |
1 C |
Present only if supplied in the command message. Value X’19. |
|
Message trailer |
n A |
Present only if present in the command message. Maximum length 32 characters. |