IBM 2 Computer Hardware User Manual

Open as PDF

of 508

CCA Release 2.54

Checking a Control Vector Before Processing a Cryptographic

Command

Before a CCA cryptographic facility processes a command that uses a

multiply-enciphered key, the facility’s logic checks the control vector associated with

the key. The control vector must indicate a valid key type for the requested

command, and any control-vector restriction (key-usage) bits must be set

appropriately for the command. If the command permits use of the control vector,

the cryptographic facility multiply-deciphers the key and uses the key to process the

command. (Alteration of the control-vector value to permit use of the key in the

command would result in recovery of a different, unpredictable key value.)

Figure 5-2 shows the flow of cryptographic command processing in a cryptographic

facility.

At the CCA API...

Verb─Call Key Token Data

───────────────── ─────────────────────────── ────────

Cryptographic Control Enciphered Data

Command Vector Key │

││││

┌───────────────│──────────────────────│──────────────│─────────────│──────┐

│Tamper │ ┌──────────┐ │ │ │ │

│Resistant │ │Control │ │ │ │ │

│Cryptographic ├────│Vector │────┤ │ │ │

│Facility │ │Checking │ │ │ │ │

│ │ └──────────┘  │ │ │

│ │ ┌─────────┐ │ │ │

│ │ Master Key────│Exclusive│ │ │ │

│ │ (or KEK) │─OR │  │ │

│ │ └────┬────┘ ┌─────────┐ │ │

│ │ └────────│Multiply │ │ │

│ │ │Decipher │ │ │

│ │ └────┬────┘ │ │

│ │   │

│ │ Clear Key ┌─────────┐ │

│ │ └───────│ Process │ │

│ └─────────────────────────────────────────────│ │ │

│ └────┬────┘ │

└───────────────────────────────────────────────────────────────────│──────┘



Result

Figure 5-2. Flow of Cryptographic Command Processing in a Cryptographic Facility

Key Types

The CCA implementation in this product defines DES key-types as shown in

Figure 5-3 on page 5-7. The key type in a control vector determines the use of

the key, which verbs can use the key, and whether the cryptographic facility

processes a key as a symmetric or “asymmetric” DES key. By differentiating keys

with a control vector, a given key-value can be multiply-enciphered with different

control vectors so as to impart different capabilities to copies of the key. This

technique creates DES keys having an asymmetric property.

 Symmetric DES keys. A symmetric DES key can be used in two related

processes. The cryptographic facility can interpret the following key types as

symmetric:

– CIPHER and DATA. A key with these key types can be used to both

encipher and decipher data.

– MAC. A key with this key type can be used to create a

message-authentication code (MAC) and to verify a trial MAC.

Chapter 5. DES Key-Management 5-5

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

IBM 2 Computer Hardware User Manual