Parameters
The parameters for CSNBMVR2.
For the definitions of the return_code, reason_code, exit_data_length, and exit_data parameters, see Parameters common to all verbs.
- rule_array_count
A pointer to an integer variable containing the number of elements in the rule_array variable. This value must be 1, 2, or 3.Direction: Input Type: Integer - rule_array
The rule_array contains keywords that provide control information to the MAC Verify2 callable service. The keywords are described in Table 1.Direction: Input Type: String array Table 1. Keywords for MAC Verify2 control information Keywords for MAC Verify2 control information
Keyword Description Token algorithm (One, required) AES Specifies the use of the AES CMAC algorithm to generate a MAC. HMAC Specifies the use of the HMAC algorithm to generate a MAC. Hash method (One required for HMAC only) SHA-1 Specifies the use of the SHA-1 hash method. SHA-224 Specifies the use of the SHA-224 hash method. SHA-256 Specifies the use of the SHA-256 hash method. SHA-384 Specifies the use of the SHA-384 hash method. SHA-512 Specifies the use of the SHA-512 hash method. Segmenting Control (One optional) FIRST First call. This is the first segment of data from the application program. LAST Last call. This is the last data segment. MIDDLE Middle call. This is an intermediate data segment. ONLY Only call. Segmenting is not employed by the application program. This is the default value. - key_identifier_length
Length of the key_identifier parameter in bytes. If the key_identifier parameter contains a label, the value must be 64. Otherwise, the value must be at least the actual token length, up to 9992.Direction: Input Type: Integer - key_identifier
The identifier of the key to verify the MAC. The key identifier is an operational token or the key label of an operational token in key storage.Direction: Input/Output Type: String When using a CCA token together with the AES algorithm, the key type must be MAC, and the key usage fields must indicate GENERATE or VERIFY and must indicate CMAC.
When using a CCA token together with the HMAC algorithm, the key identifier may be a clear or secure operational key token. The key usage fields must indicate GENERATE or VERIFY and the hash method must be selected.
When using a TR-31 token together with the AES algorithm, the token must have the following attributes:
- TR-31 key usage: M6
- Algorithm: A
- TR-31 mode of key use: C or V
When using a TR-31 token together with the HMAC algorithm, the token must have the following attributes:
- TR-31 key usage: M7
- Algorithm: H
- TR-31 mode of key use: C or V
If the token supplied was encrypted under the old master key, the token is returned encrypted under the current master key.
- message_text_length
The length of the cleartext you supply in the message_text parameter. The maximum length of text is 214783647 bytes. For FIRST and MIDDLE calls, the message_text_length must be:Direction: Input Type: Integer - a multiple of 64 for the SHA-1, SHA-224, and SHA-256 hash methods,
- a multiple of 128 for the SHA-384 and SHA-512 hash methods,
- a multiple of 16 for the AES CMAC method.
- message_text
The application-supplied text for which the MAC is generated.Direction: Input Type: String - chaining_vector_length
Specifies the length in bytes of the chaining_vector parameter. The value must be 128.Direction: Input Type: Integer - chaining_vector
A pointer to a string variable containing a work area that the security server uses to carry segmented data between procedure calls. When the segmenting control is FIRST or ONLY, this value is ignored but must be declared. Important: Application programs must not alter the contents of this variable between related FIRST, MIDDLE, and LAST calls.Direction: Input/Output Type: String - mac_length
Specifies the length in bytes of the mac parameter. The value must be equal to the number of MAC bytes to be verified, up to a maximum of 64.Direction: Input Type: Integer - mac
The field that contains the MAC value you want to verify.Direction: Input Type: String