minor M6 command problem

Mar 24, 2011 at 5:45 AM

The M6 command as implemented currently requires an IV no matter what the mode flag. The IV should not be required if the mode flag is 0 or 1 as per the Thales Command Reference Manual

Mar 24, 2011 at 7:37 AM

You're right, the same error was also present in the M8 command. Both are fixed. You may download the latest dev build here. Please let me know if this fixes the problem.

Mar 24, 2011 at 9:38 AM

There's a further issue. Perhaps you've corrected it as well?

When the MAC data is an even multiple of 8 binary bytes (or 16 hexadecimal in my case), and padding type "1" is selected, the string is padded to an extra 8 bytes, which changes the result. In the event that the MAC data is an even 8 bytes, no padding should be added.

Mar 24, 2011 at 9:55 AM

I'd be happy to look into it. Can you please provide:

  • The command you're sending to the simulator.
  • The result you receive.
  • The result you expected.

As far as I remember, the padding method you're referring to is based on ISO 9797. Doesn't that specify that an extra 8 bytes are added if the data to pad is aligned to an 8-byte boundary?

Mar 24, 2011 at 5:15 PM

I may be jumping to conclusions. The manual indeed does reference ISO 9797 but I do not know the text of that standard. The application I'm using uses command MS which references ANSI X9.17. MS is not implemented and so I made a proxy service that translates MS commands to M6 before it hits the HSM. (I know it would probably have been faster to implement MS myself and recompile, but my development environment is Borland, and it would take me quite some time to set up a VB environment).

Since M6 supersedes MS (legacy command), I expected equivalent results, which may have been a bad assumption.

I have access to Thales RG7100s and RG8000s, so I will check the behavior of the genuine HSMs and post again to clarify.

Mar 24, 2011 at 7:25 PM

Super, let me know if you need anything else.

Aug 25, 2011 at 3:32 PM

I want to fill a mac field, based on IFSF Specifications, with 8 bytes.
The command M6 generates a mac with length 8 Hexadecimal digits for a message, this means a byte array of 4 bytes.
Is there any way to have a mac generated of 8 bytes?

Aug 25, 2011 at 8:52 PM

Hi Eirini,

MS is a legacy command (not implemented in this simulator) that gives back 16 digits but is your best option if you're using real HSM for your production setup. MQ is implemented and also gives back 16 digits, but it is only for ANSI X9.9 MACing, not the more common ANSI X9.19.

If you're using MAC Algorithm '01' (ANSI X9.9), you can still probably use M6 by setting the mode flag to '1' to falsely indicate that this is the first of multiple blocks of data, then take the IV in the result as your MAC value, but I haven't actually tried that so no promises. This trick will not work if you're using MAC Algorithm '03'.

If you're stuck with ANSI X9.19 (Pseudo-3DES), which is likely, you will either need to use MS on a real Thales HSM, or perform the MAC calculation manually through 3 separate commands and the ugly procedure following: (note, I haven't actually tried this but it should work)

- break your plaintext key into two halves, left and right.

- load the left side into the HSM as a single-length "ZEK"

- load the right side into the HSM as a single-length "ZEK"

- Pad your data so that it is an even multiple of 8 bytes.

- use command M0 (encrypt data) to encrypt the data you want to MAC using the left side ZEK with "CBC" mode flag 

- use command M2 (decrypt data), using the right side ZEK, and only the last 8 bytes from the encrypted data result of the M0 command

- use command M0 again with the left side ZEK to encrypt the 8-byte result of the M2 command. The 8 byte encrypted result of this command is your MAC value;

Aug 26, 2011 at 9:07 AM

Indeed, I want to use the ANSI X9.19 MACing.
So, it seems that the MS is the appropriate command for me.
What can I do in case of verification of mac for a mac of 16 digits?
Is there any corresponding command that I can use having as parameter a 16 digit mac?

Aug 26, 2011 at 11:51 AM

I can see that this is getting to be a sticky point so I'll try to address this. I can implement the MS command if there is a way to obtain the ANSI X9.19 spec along with some examples of input and expected output.

Sep 29, 2011 at 10:35 PM

Thanks to babtras I was able to create an implementation of the MS command. You can download it from the latest dev build. Please have a go at it Eirini and let us know if it works for you.