• No results found

MAC Generation

In document Safenet Programmers Guid (Page 181-187)

MAC_GEN_UPDATE

PHW D

SHP D

PSO/PSG D

SHP Toolkit MK2 D

Card Issuance (SHP Toolkit EMV) D

Request Content Length Attribute Description

EE0700 3 h Function Code FM 1 h Function Modifier = 00

Alg 1 h Algorithm Qualifier Specifies details of the MACing algorithm. The left nibble

specifies the padding and the right nibble specifies the algorithm:

Left nibble:

= 0: pad with zeroes.

= 1: pad with a single one bit and subsequent zeroes Right nibble:

For single length MPK – this nibble must be zero

For double length MPK:

= 0 ISO 9807 method

= 1 triple-DES CBC method ICD 8 h Input Chaining Data

MPK-Spec Var K-Spec Key Specifier for MPK

(Formats: 0 - 3, 10, 11, 13, 20, 50, 51, 90)

Data Var h Data to be MACed Response Content Length Attribute Description

EE0700 3 h Function Code rc 1 h Return Code OCD 8 h Output Chaining Data

This function is provided for long message MAC generation and verification, whereby a message authentication Block (OCD) is generated for the supplied DATA, using the supplied MAC Protect Key (MPK), in accordance with AS2805.4 1985. The long message support is integrated whereby the OCD is passed back to the function as the ICD after each cycle that the function performs. On the final Block of data the function MAC-GEN-FINAL (EE0701) should be called.

This function is also used during long message MAC verification, whereby the OCD is passed back as the ICD until the last data Block. To finalize the MAC verification, the function MAC-VER-FINAL (EE0702) should be called.

FM = 00. Must be set to zero.

Alg Specifies the MACing algorithm to use.

Mark II Programmers Guide Chapter 14 MAC Management Functions

Left nibble:

= 0: pad with zeroes.

= 1: pad with a single one bit and subsequent zeroes Right nibble:

For single length MPK – this nibble must be zero For double length MPK:

= 0: ISO 9807 method

= 1: triple-DES CBC method

e.g. Pad with zeroes and double-length MPK using triple-DES CBC method 0x01

ICD Input Chaining Data, used for long message feedback.

MPK-Spec A key specifier incorporating an encrypted MAC Protect Key.

OCD Output Chaining Data, used for long message feedback.

SHP Toolkit MK2

int EFT_EE0700_MACGenerate_Update(

IN UCHAR FM,

IN UCHAR algorithm,

IN UCHAR icd[8],

IN KEYSPEC *MPK,

IN EFTBUFFER *data,

OUT UCHAR ocd[8]);

Mark II Programmers Guide Chapter 14 MAC Management Functions

MAC_GEN_FINAL

PHW D

SHP D

PSO/PSG D

SHP Toolkit MK2 D

Card Issuance (SHP Toolkit EMV) D

Request Content Length Attribute Description

EE0701 3 h Function Code FM 1 h Function Modifier = 00

Alg 1 h Algorithm Qualifier Specifies details of the MACing algorithm. The left nibble

specifies the padding and the right nibble specifies the algorithm:

Left nibble:

= 0: pad with zeroes.

= 1: pad with a single one bit and subsequent zeroes Right nibble:

For single length MPK – this nibble must be zero

For double length MPK:

= 0 ISO 9807 method

= 1 triple-DES CBC method MAClength 1 h DES = 01 - 08 Bytes

HMAC-SHA-1 = 04 - 20 bytes ICD 8 h Input Chaining Data

MPK-Spec Var K-Spec Key Specifier for MPK (Formats: 0 -

3,10,11,13,18,20,50,51,90) Data Var h Data to be MACed

Response Content Length Attribute Description

EE0701 3 h Function Code rc 1 h Return Code

MAC Var h Message Authentication Code

This function is provided for MAC generation, using the supplied MAC Protect Key (MPK), in accordance with AS2805.4 1985. The long message support is integrated whereby the OCD from MAC-UPDATE is passed as the ICD.

When the MPK is a HSM stored HMAC-SHA-1 MPK, the HMAC-SHA-1 MAC algorithm will be used for message authentication. For HMAC-SHA-1 algorithm, valid range for requested MAC length is 4 to 20 bytes. A format 18 key specifier (embedded binary secure key Block) containing a host stored HMAC-SHA-1 MPK key may also be used for HMAC-SHA-1 message authentication.

HMAC-SHA-1 MPK key length can be 128, 160 or 192 bits.

Mark II Programmers Guide Chapter 14 MAC Management Functions

FM = 00. Must be set to zero.

Alg Specifies the MACing algorithm to use.

Left nibble:

= 0: pad with zeroes.

= 1: pad with a single one bit and subsequent zeroes Right nibble:

For single length MPK – this nibble must be zero For double length MPK:

= 0: ISO 9807 method

= 1: triple-DES CBC method

eg. Pad with zeroes and double-length MPK using triple-DES CBC method 0x01

MAClength Specifies the length of the output MAC

ICD Input Chaining Data, used for long message feedback.

MPK-Spec A key specifier incorporating an encrypted MAC Protect Key.

NOTES

• This function supercedes functions 70, 71,72.

SHP Toolkit MK2

int EFT_EE0701_MACGenerate_Final(

IN UCHAR FM,

IN UCHAR algorithm,

IN UCHAR MacLen,

IN UCHAR icd[8],

IN KEYSPEC *MPK,

IN EFTBUFFER *data,

OUT EFTBUFFER *mac);

Mark II Programmers Guide Chapter 14 MAC Management Functions

MAC_VER_FINAL

PHW D

SHP D

PSO/PSG D

SHP Toolkit MK2 D

Card Issuance (SHP Toolkit EMV) D

Request Content Length Attribute Description

EE0702 3 h Function Code FM 1 h Function Modifier = 00

Alg 1 h Algorithm Qualifier. Specifies details of the MACing algorithm.

Left nibble (Padding):

= 0: pad with zeroes.

= 1: pad with a single one bit and subsequent zeroes Right nibble (Algorithm):

For single length MPK must be zero.

For double length MPK:

= 0 ISO 9807 method

= 1 triple-DES CBC method ICD 8 h Input Chaining Data

MPK-Spec Var K-Spec Key Specifier for MPK (Formats: 0 -

3,10,11,13,18,20,50,51,90) MAC Var h Message Authentication Code

Data Var h Data to be MACed Response Content Length Attribute Description

EE0702 3 h Function Code rc 1 h Return Code

This function verifies that the MAC is valid for the supplied DATA using the supplied MAC Protect Key (MPK), in accordance with AS2805.4 1985.

When the MPK is a HSM stored HMAC-SHA-1 MPK, the HMAC-SHA-1 MAC algorithm will be used for message authentication. For HMAC-SHA-1 algorithm, valid length range for requested MAC verification is 4 to 20 bytes. A format 18 key specifier (embedded binary secure key Block) containing a host stored HMAC-SHA-1 MPK key may also be used for HMAC-SHA-1 message authentication. HMAC-SHA-1 MPK key length can be 128, 160 or 192 bits.

The MAC-VER-FINAL function returns no response data. An Error Code of 00 indicates successful verification, while 08 indicates a verification failure.

Mark II Programmers Guide Chapter 14 MAC Management Functions

FM = 00. Must be set to zero.

Alg Specifies the MACing algorithm to use.

Left nibble:

= 0: pad with zeroes.

= 1: pad with a single one bit and subsequent zeroes Right nibble:

For single length MPK – this nibble must be zero For double length MPK:

= 0: ISO 9807 method

=1: triple-DES CBC method

ICD Input Chaining Data, used for long message feedback.

MPK-Spec A key specifier incorporating an encrypted MAC Protect Key.

SHP Toolkit MK2

int EFT_EE0702_MACVerify_Final(

IN UCHAR FM,

IN UCHAR algorithm,

IN UCHAR icd[8],

IN KEYSPEC *MPK,

IN EFTBUFFER *mac,

IN EFTBUFFER *data);

Mark II Programmers Guide Chapter 14 MAC Management Functions

In document Safenet Programmers Guid (Page 181-187)
Download now "Safenet Programmers Guid"

Outline

Related documents