Filter
Top Products
CCA Release 2.54
This expression tests whether the control vectors associated with the source
key and the target key meet your criteria for the desired translation.
Encipher two copies of the mask array, each under a different
cryptographic-variable key (key type CVARENC). To encipher each copy of the
mask array, use the Cryptographic_Variable_Encipher verb. Use two different keys
so that the enciphered-array copies are unique values. When using the
Control_Vector_Translate verb, the mask_array_left parameter and the
mask_array_right parameter identify the enciphered mask arrays. The
array_key_left parameter and the array_key_right parameter identify the internal
keys for deciphering the mask arrays. The array_key_left key must have a key
type of CVARXCVL and the array_key_right key must have a key type of
CVARXCVR. The cryptographic process deciphers the arrays and compares the
results; for the verb to continue, the deciphered arrays must be equal. If the results
are not equal, the verb returns the return and reason code for data that is not valid
(8/385).
When using the Key_Generate verb to create the key pairs CVARENC-CVARXCVL
and CVARENC-CVARXCVR, the hardware requires the
Generate_Key_Set_Extended command to be enabled. Each key in the key pair
must be generated for a different node. The CVARENC keys are generated for, or
imported into, the node where the mask array will be enciphered. After enciphering
the mask array, you should destroy the enciphering key. The CVARXCVL and
CVARXCVR keys are generated for, or imported into, the node where the
Control_Vector_Translate verb will be performed.
If using the BOTH keyword to process both halves of a double-length key,
remember that bits 41, 42, 104, and 105 are different in the left and right halves of
the CCA control vector and must be ignored in your mask-array tests (that is, make
the corresponding B
2
and/or B
3
bits equal to zero).
When the control vectors pass the masking tests, the verb does the following:
Deciphers the source key. In the decipher process, the verb uses a key that is
formed by the exclusive-OR of the KEK and the control vector in the key token
variable the source_key_token parameter identifies.
Enciphers the deciphered source key. In the encipher process, the verb uses a
key that is formed by the exclusive-OR of the KEK and the control vector in the
key token variable the target_key_token parameter identifies.
Places the enciphered key in the key field in the key token variable the
target_key_token parameter identifies.
Appendix C. CCA Control-Vector Definitions and Key Encryption C-21