Support User Manuals

IBM 2 Computer Hardware User Manual

Open as PDF

of 508

CCA Release 2.54

The CCA DES key verification algorithm does the following:

1. Sets KKR′ = KKR exclusive-OR RN

2. Sets K1 = X'4545454545454545'

3. Sets X1 = DES encoding of KKL using key K1

4. Sets K2 = X1 exclusive-OR KKL

5. Sets X2 = DES encoding of KKR′ using key K2

6. Sets VP = X2 exclusive-OR KKR′.

where:

RN Is the random number generated or provided

KKL Is the value of the single-length key, or is the left half of the

double-length key

KKR Is XL8'00' if the key is a single-length key, or is the value of the right

half of the double-length key

VP Is the verification pattern.

Encrypt Zeros DES Key Verification Algorithm

The cryptographic engine provides a method for verifying the value of a DES

cryptographic key or key part without revealing information about the value of the

key or key part.

In this method the single-length or double-length key DEA encodes a 64-bit value

that is all zero bits. The leftmost 32 bits of the result are compared to the trial input

value or returned from the Key_Test verb.

For a single-length key, the key DEA encodes an 8-byte, all-zero-bits value.

For a double-length key, the key DEA triple-encodes an 8-byte, all-zero-bits value.

The left half (high-order half) key encodes the zero-bit value, this result is DEA

decoded by the right key half, and that result is DEA encoded by the left key half.

Modification Detection Code (MDC) Calculation Methods

The MDC calculation method defines a one-way cryptographic function. A one-way

cryptographic function is a function in which it is easy to compute the input into

output but not easy to compute the output into input. MDC uses DES encryption

only and a default key of X'5252 5252 5252 5252 2525 2525 2525 2525'.

The MDC_Generate verb supports four versions of the MDC calculation method

that you specify by using one of the keywords shown in Figure D-1. All versions

use the MDC-1 calculation.

Figure D-1. Versions of the MDC Calculation Method

Keyword Version of the MDC Calculation

MDC-2

PADMDC-2

Specifies two encipherments for each eight-byte input data block.

MDC-4

PADMDC-4

Specifies four encipherments for each eight-byte input data block.

Appendix D. Algorithms and Processes D-3

previous next