CKM_DES3_X919_MAC
The CKM_DES3_X919_MAC is a signature generation and verification mechanism, as defined ANSI X9.19-1996 Financial Institution Retail Message Authentication annex 1 Cipher Block Chaining Procedure.
Summary
FIPS approved? | No |
Supported functions | Sign | Verify |
Functions restricted from FIPS use | N/A |
Minimum key length (bits) | 128 |
Minimum key length for FIPS use (bits) | N/A |
Minimum legacy key length for FIPS use (bits) | N/A |
Maximum key length (bits) | 192 |
Block size | 8 |
Digest size | 0 |
Key types | DES3 |
Algorithms | DES3 |
Modes | MAC |
Flags | Extractable |
NOTE Using Luna HSM Firmware 7.7.0 and newer, 3DES keys have a usage counter attribute (CKA_BYTES_REMAINING) that limits each key instance to encrypting a maximum of 2^16 8-byte blocks of data when the HSM is in FIPS mode (HSM policy 12: Allow non-FIPS algorithms set to 0). When the counter runs out, that key can no longer be used for encryption, wrapping, deriving, or signing, but can still be used for decrypting, unwrapping, and verifying pre-existing objects.
The CKA_BYTES_REMAINING attribute is available when HSM policy 12: Allow non-FIPS algorithms is set to 0, but cannot be viewed if the policy is set to 1.
The attribute is preserved through backup/restore using a Luna Backup HSM 7; restoring the key restores the counter's setting at the time of backup.
The attribute is not preserved through backup/restore using a Luna Backup HSM G5; restoring the key resets the counter to the maximum.
Usage
The CKM_DES3_X919_MAC mechanism is used with the C_VerifyInit and C_SignInit functions. It has the following attributes:
>Only CKK_DES2 and CKK_DES3 keys are supported.
>The mechanism takes no parameter.
>Multi-part operation is supported.
>The total input data length must be at least one byte.
>The length of result is half the size of the DES block (i.e. 4 bytes).
Example
#define CKM_DES3_X919_MAC (CKM_VENDOR_DEFINED + 0x150) CK_OBJECT_HANDLE hKey; // handle of CKK_DES2 or CKK_DES3 key CK_MECHANISM mech = { CKM_DES3_X919_MAC , NULL, 0}; CK_CHAR inp[any length]; CK_CHAR mac[4]; CK_SIZE len; // Single-part operation C_SignInit(hSes, &mech, hKey); len = sizeof mac; C_Sign(hSes, inp, sizeof inp, mac, &len); // Multi-part operation C_SignInit(hSes, &mech, hKey); C_SignUpdate(hSes, inp, sizeof inp/2); C_SignUpdate(hSes, inp+ (sizeof inp)/2, sizeof inp/2); len = sizeof mac; C_SignFinal(hSes, mac, &len); // Test vectors static const UInt8 retailKey[16] = { 0x58, 0x91, 0x25, 0x86, 0x3D, 0x46, 0x10, 0x7F, 0x46, 0x3E, 0x52, 0x3B, 0xF7, 0x46, 0x9D, 0x52 }; static const UInt8 retailInputAscii[19] = { 't','h','e',' ','q','u','i','c','k',' ','b','r','o','w','n',' ','f','o','x' }; static const UInt8 retailMACAscii[4] = { 0x55, 0xA7, 0xBF, 0xBA }; static const UInt8 retailInputEBCDIC[19] = { // "the quick brown fox" in EBCDIC 0xA3, 0x88, 0x85, 0x40, 0x98, 0xA4, 0x89, 0x83, 0x92, 0x40, 0x82, 0x99, 0x96, 0xA6, 0x95, 0x40, 0x86, 0x96, 0xA7 }; static const UInt8 retailMACEBCDIC[4] = { 0x60, 0xAE, 0x2C, 0xD7 };