CKM_DES3_X919_MAC

The CKM_DES3_X919_MAC is a signature generation and verification mechanism, as defined ANSI X9.19-1996 Financial Institution Retail Message Authentication annex 1 Cipher Block Chaining Procedure.

Summary

FIPS approved? No
Supported functions Sign | Verify
Functions restricted from FIPS use N/A
Minimum key length (bits) 128
Minimum key length for FIPS use (bits) N/A
Minimum legacy key length for FIPS use (bits) N/A
Maximum key length (bits) 192
Block size 8
Digest size 0
Key types DES3
Algorithms DES3
Modes MAC
Flags Extractable

NOTE   Using Luna HSM Firmware 7.7.0 and newer, 3DES keys have a usage counter attribute (CKA_BYTES_REMAINING) that limits each key instance to encrypting a maximum of 2^16 8-byte blocks of data when the HSM is in FIPS mode (HSM policy 12: Allow non-FIPS algorithms set to 0). When the counter runs out, that key can no longer be used for encryption, wrapping, deriving, or signing, but can still be used for decrypting, unwrapping, and verifying pre-existing objects.

The CKA_BYTES_REMAINING attribute is available when HSM policy 12: Allow non-FIPS algorithms is set to 0, but cannot be viewed if the policy is set to 1.

The attribute is preserved through backup/restore using a Luna Backup HSM 7; restoring the key restores the counter's setting at the time of backup.

The attribute is not preserved through backup/restore using a Luna Backup HSM G5; restoring the key resets the counter to the maximum.

Usage

The CKM_DES3_X919_MAC mechanism is used with the C_VerifyInit and C_SignInit functions. It has the following attributes:

>Only CKK_DES2 and CKK_DES3 keys are supported.

>The mechanism takes no parameter.

>Multi-part operation is supported.

>The total input data length must be at least one byte.

>The length of result is half the size of the DES block (i.e. 4 bytes).

Example

#define CKM_DES3_X919_MAC (CKM_VENDOR_DEFINED + 0x150)

CK_OBJECT_HANDLE hKey; // handle of CKK_DES2 or CKK_DES3 key
CK_MECHANISM mech = { CKM_DES3_X919_MAC , NULL, 0};
CK_CHAR inp[any length];
CK_CHAR mac[4];
CK_SIZE len;

// Single-part operation

C_SignInit(hSes, &mech, hKey);
len = sizeof mac;
C_Sign(hSes, inp, sizeof inp, mac, &len);

// Multi-part operation

C_SignInit(hSes, &mech, hKey);
C_SignUpdate(hSes, inp, sizeof inp/2);
C_SignUpdate(hSes, inp+ (sizeof inp)/2, sizeof inp/2);
len = sizeof mac;
C_SignFinal(hSes, mac, &len);

// Test vectors

static const UInt8 retailKey[16] =
{
   0x58, 0x91, 0x25, 0x86, 0x3D, 0x46, 0x10, 0x7F,
   0x46, 0x3E, 0x52, 0x3B, 0xF7, 0x46, 0x9D, 0x52
};

static const UInt8 retailInputAscii[19] =
{
   't','h','e',' ','q','u','i','c','k',' ','b','r','o','w','n',' ','f','o','x'
};

static const UInt8 retailMACAscii[4] =
{
   0x55, 0xA7, 0xBF, 0xBA
};

static const UInt8 retailInputEBCDIC[19] =
{
   // "the quick brown fox" in EBCDIC
   0xA3, 0x88, 0x85, 0x40, 0x98, 0xA4, 0x89, 0x83,
   0x92, 0x40, 0x82, 0x99, 0x96, 0xA6, 0x95, 0x40,
   0x86, 0x96, 0xA7
};

static const UInt8 retailMACEBCDIC[4] =
{
   0x60, 0xAE, 0x2C, 0xD7
};