CKM_DES3_X919_MAC

The CKM_DES3_X919_MAC is a signature generation and verification mechanism, as defined ANSI X9.19-1996 Financial Institution Retail Message Authentication annex 1 Cipher Block Chaining Procedure.

Summary

FIPS approved? No
Supported functions Sign | Verify
Functions restricted from FIPS use N/A
Minimum key length (bits) 128
Minimum key length for FIPS use (bits) N/A
Minimum legacy key length for FIPS use (bits) N/A
Maximum key length (bits) 192
Block size 8
Digest size 0
Key types DES3
Algorithms DES3
Modes MAC
Flags Extractable

NOTE    

Using Luna HSM Firmware 7.7.0 and newer, 3DES keys have a usage counter attribute (CKA_BYTES_REMAINING) that limits each key instance to encrypting a maximum of 2^16 8-byte blocks of data when the HSM is in FIPS approved configuration (HSM policy 12: Allow non-FIPS algorithms or partition policy 43: Allow non-FIPS algorithms set to OFF/0). When the counter runs out, that key can no longer be used for encryption, wrapping, deriving, or signing, but can still be used for decrypting, unwrapping, and verifying pre-existing objects. The CKA_BYTES_REMAINING attribute cannot be viewed if the HSM/partition is not in FIPS approved configuration.

The attribute is preserved through backup/restore using a Luna Backup HSM 7; restoring the key restores the counter's setting at the time of backup.

The attribute is not preserved through backup/restore using a Luna Backup HSM G5; restoring the key resets the counter to the maximum.

The 3DES usage counter attribute (CKA_BYTES_REMAINING) has been removed in Luna HSM Firmware 7.8.4 and newer, to comply with FIPS 140-3 requirements. This attribute is now ignored on any keys where it is already set.

Usage

The CKM_DES3_X919_MAC mechanism is used with the C_VerifyInit and C_SignInit functions. It has the following attributes:

>Only CKK_DES2 and CKK_DES3 keys are supported.

>The mechanism takes no parameter.

>Multi-part operation is supported.

>The total input data length must be at least one byte.

>The length of result is half the size of the DES block (i.e. 4 bytes).

Example

#define CKM_DES3_X919_MAC (CKM_VENDOR_DEFINED + 0x150)

CK_OBJECT_HANDLE hKey; // handle of CKK_DES2 or CKK_DES3 key
CK_MECHANISM mech = { CKM_DES3_X919_MAC , NULL, 0};
CK_CHAR inp[any length];
CK_CHAR mac[4];
CK_SIZE len;

// Single-part operation

C_SignInit(hSes, &mech, hKey);
len = sizeof mac;
C_Sign(hSes, inp, sizeof inp, mac, &len);

// Multi-part operation

C_SignInit(hSes, &mech, hKey);
C_SignUpdate(hSes, inp, sizeof inp/2);
C_SignUpdate(hSes, inp+ (sizeof inp)/2, sizeof inp/2);
len = sizeof mac;
C_SignFinal(hSes, mac, &len);

// Test vectors

static const UInt8 retailKey[16] =
{
   0x58, 0x91, 0x25, 0x86, 0x3D, 0x46, 0x10, 0x7F,
   0x46, 0x3E, 0x52, 0x3B, 0xF7, 0x46, 0x9D, 0x52
};

static const UInt8 retailInputAscii[19] =
{
   't','h','e',' ','q','u','i','c','k',' ','b','r','o','w','n',' ','f','o','x'
};

static const UInt8 retailMACAscii[4] =
{
   0x55, 0xA7, 0xBF, 0xBA
};

static const UInt8 retailInputEBCDIC[19] =
{
   // "the quick brown fox" in EBCDIC
   0xA3, 0x88, 0x85, 0x40, 0x98, 0xA4, 0x89, 0x83,
   0x92, 0x40, 0x82, 0x99, 0x96, 0xA6, 0x95, 0x40,
   0x86, 0x96, 0xA7
};

static const UInt8 retailMACEBCDIC[4] =
{
   0x60, 0xAE, 0x2C, 0xD7
};