Filter
Top Products
CCA Release 2.54 MAC_Generate
MAC_Generate (CSNBMGN)
Platform/
Product
OS/2 AIX Win NT/
2000
OS/400
IBM 4758-2/23 X X X X
The MAC_Generate verb generates a message authentication code (MAC) for a
text string that you supply. For additional information about using the MAC
generation and verification verbs, see “Ensuring Data Integrity” on page 6-3.
Performance can be enhanced by aligning the start of the text variable on a
four-byte boundary.
You specify the message authentication code process through the choice of a
rule-array keyword. Note that there are defaults based on your use of a
single-length or double-length key.
X9.1-1
ANSI X9.9-1 procedure, by default when you supply a single-length key. This is
the same as ISO/IEC 9797-1, Algorithm 1.
X9.19OPT
ANSI X9.19 Optional Procedure, by default when you supply a double-length key.
This is the same as ISO/IEC 9797-1, Algorithm 3.
EMVMAC and EMVMACD
EMV authentication processes.
3
The verb extends the text you supply with X'80'
and the minimum number (0...7) bytes of X'00' for the extended message to be
a multiple of 8 bytes in length. The MAC is computed based on ISO/IEC 9797-1,
Algorithm 1 or 3 depending on key length. When specifying a single-length key,
use EMVMAC. When specifying a double-length key, use EMVMACD.
Note: The EMV specification permits the MAC to be 4, 5, ..., 8 bytes in length.
The MAC_Verify verb only supports MAC lengths of 4, 6, and 8 bytes.
You can specify any of these key types: DATA, DATAM, or MAC.
Restrictions
The text_length variable must be at least 8 bytes, and less than 32MB - 8 bytes, or
less than 64MB - 8 bytes in the OS/400 environment.
Support for EMVMAC and EMVMACD begins with Release 2.51.
3
See the EMV 4.0 Book 2, Annex A.1.2, for information about this form of MAC generation.
Chapter 6. Data Confidentiality and Data Integrity
6-11