IBM 2 Computer Hardware User Manual


  Open as PDF
of 508
 
Key_Test CCA Release 2.54
key_identifier
The key_identifier parameter is a pointer to a string variable containing an
internal key-token, a key label that identifies an internal key-token record in key
storage, or a clear key.
The key token contains the key or the key part used to generate or verify the
verification pattern.
When you specify the KEY-CLR keyword, the clear key or key part must be
stored in bytes 0 to 7 of the key identifier. When you specify the KEY-CLRD
keyword, the clear key or key part must be stored in bytes 0 to 15 of the key
identifier. When you specify the KEY-ENC or the KEY-ENCD keyword, the key
or key part cannot be a clear key.
random_number
The random_number parameter is a pointer to a string variable containing a
number the verb may use in the verification process. When you specify the
GENERATE keyword, the verb returns the random number. When you specify
the VERIFY keyword, you must supply the number. With the ENC-ZERO
method, the random_number variable is not used but must be specified.
verification_pattern
The verification_pattern parameter is a pointer to a string variable containing
the binary verification pattern. When you specify the GENERATE keyword, the
verb returns the verification pattern. When you specify the VERIFY keyword,
you must supply the verification pattern.
With the ENC-ZERO method, the verification data occupies the high-order four
bytes while the low-order four bytes are unspecified (the data is passed
between your application and the cryptographic engine but is otherwise
unused). See “Cryptographic Key Verification Techniques” on page D-1.
Keyword Meaning
Verification-process rule (one, optional)
ENC-ZERO Specifies use of the “encrypt zeros” method. Use only with
KEY-CLR, KEY-CLRD, KEY-ENC, or KEY-ENCD keywords.
MDC-4 Specifies use of the MDC-4 master-key-verification method.
Use only with KEY-NKM, KEY-KM, or KEY-OKM keywords.
Required Commands
The Key_Test verb requires the Compute Verification Pattern command (offset
X'001D') to be enabled in the hardware.
5-60 IBM 4758 CCA Basic Services, Release 2.54, February 2005
 previous next