MDC_Generate CCA Release 2.54
MDC_Generate (CSNBMDG)
Platform/
Product
OS/2 AIX Win NT/
2000
OS/400
IBM 4758-2/23 X X X X
Use the MDC_Generate verb to create a 128-bit (16-byte) hash value on a data
string whose integrity you intend to confirm. After using this verb to generate an
MDC, you can compare the MDC to a known value or communicate the value to
another entity so that they may compare the MDC hash value to one that they
calculate.
The MDC_Generate verb allows you to:
Specify the two or four encipherment version of the algorithm
Segment your text into a series of verb calls.
You can also use the verb as a keyed hash algorithm. See the Related Information
at the end of this verb description.
Specifying Two or Four Encipherments: Four encipherments per round of the
algorithm will improve security; two encipherments per round of the algorithm will
improve performance. To specify the number of encipherments, use keywords
MDC-2, MDC-4, PADMDC-2, or PADMDC-4 with the rule_array parameter. Two
encipherments create results that differ from four encipherments; ensure that you
use the same number of encipherments to verify the MDC.
For a description of the MDC calculations, see “Modification Detection Code (MDC)
Calculation Methods” on page D-3.
Segmenting Text: The MDC_Generate verb lets you segment text into a series of
verb calls. If you can present all of the data to be hashed in a single invocation of
the verb, use the rule array keyword ONLY. You can segment your text and
present the segments with a series of verb calls. Use the rule array keywords
FIRST and LAST for the first and last segments. If you use more than two
segments, use the rule array keyword MIDDLE for the additional segment(s).
Between verb calls, the implementation stores unprocessed text data and
intermediate information from the partial MDC calculation in the chaining_vector
variable and the MDC key in the MDC variable. During segmented processing, the
application program must not change the data in either of these variables.
Restrictions
When padding is requested (by specifying a process rule of PADMDC-2 or
PADMDC-4 in the rule_array variable), a text length of zero is valid for any
segment-control specified in the rule_array variable FIRST, MIDDLE, LAST, or
ONLY). When LAST or ONLY is specified, the supplied text will be padded
with X'FF' bytes and a padding count in the last byte to bring the total text
length to the next multiple of 8 that is greater than or equal to 16.
When no padding is requested (by specifying a process rule of MDC-2 or
MDC-4 in the rule_array variable), the total length of text provided (over a
single or segmented calls) must be at least 16 bytes and a multiple of 8 bytes.
For segmented calls, a text length of zero is valid on any of the calls.
4-10 IBM 4758 CCA Basic Services, Release 2.54, February 2005