Ctrlk

Security Operation Type

This non-TLV data structure consists of four or five bytes that describes a security operation, including the algorithms and methods to be used in that operation.

Table - Security Operation Type

Offset
Description
Typ
Req
Default

0

Operation Type

  • 0x01 = Key Agreement

  • 0x02 = Command Authorization Using Signature

  • 0x03 = Command Authorization Using MAC

  • 0x05 = Data Authentication Using MAC

  • 0x07 = Data Encryption

  • 0x10 = Data Signature

B

R

1

Operation Algorithm If Operation Type is Key Agreement type:

  • 0x01 = ECDHE

If Operation Type is a Signature type:

  • 0x01 = ECDSA (indeterministic)

If Operation Type is a MAC type:

  • 0x01 = HMAC

  • 0x02 = CBC-MAC

  • 0x03 = CMAC

If Operation Type is an Encryption type:

  • 0x01 = DEA

  • 0x02 = 2TDEA

  • 0x03 = 3TDEA

  • 0x04 = AES-128

  • 0x05 = AES-192

  • 0x06 = AES-256

B

R

2

Operation Curve/Mode/Hash/Cipher If Operation Type is a Key Agreement type, this specifies the Curve:

  • 0x01 = P192

  • 0x02 = P224

  • 0x03 = P256

  • 0x04 = P384

  • 0x05 = P521

If Operation Type is a Signature type, this specifies the Hash:

  • 0x01 = MD5

  • 0x02 = SHA-1

  • 0x03 = SHA-224

  • 0x04 = SHA-256

  • 0x05 = SHA-384

  • 0x06 = SHA-512

  • 0x07 = SHA-512/224

  • 0x08 = SHA-512/256

  • 0x09 = SHA3-224

  • 0x0A = SHA3-256

  • 0x0B = SHA3-384

  • 0x0C = SHA3-512

If Operation Type is a MAC type, this specifies the Encryption Algorithm:

  • 0x01 = DEA

  • 0x02 = 2TDEA

  • 0x03 = 3TDEA

  • 0x04 = AES-128

  • 0x05 = AES-192

  • 0x06 = AES-256

If Operation Type is an Encryption type, this specifies the Mode:

  • 0x01 = ECB (Block)

  • 0x02 = CBC (Block)

  • 0x03 = CFB (Stream)

  • 0x04 = OFB (Stream)

  • 0x05 = CTR (Stream)

B

R

3

KDF/Curve/Padding If Operation Type is a Key Agreement type, this specifies the KDF:

  • 0x01 = SP800-56A / X9.63

If Operation Type is a Signature type, this specifies the Curve:

  • 0x01 = P192

  • 0x02 = P224

  • 0x03 = P256

  • 0x04 = P384

  • 0x05 = P521

If Operation Type is a MAC type, this specifies the Padding:

  • 0x00 = None (for streaming modes)

  • 0x01 = Zeros (ISO 9797 Padding Method 1)

  • 0x02 = One and zeros (ISO 9797 Method 2)

  • 0x03 = Length + zeros (ISO 9797 Method 3)

  • 0x10 = PKCS7 (pad # = pad length)

  • 0x11 = X9.23 (random + pad length)

  • 0x20 = Random (when length is known)

If Operation Type is an Encryption type, this specifies the Padding:

  • 0x00 = None (for streaming modes)

  • 0x01 = Zeros (ISO 9797 Padding Method 1)

  • 0x02 = One and zeros (ISO 9797 Method 2)

  • 0x03 = Length + zeros (ISO 9797 Method 3)

  • 0x10 = PKCS7 (pad # = pad length)

  • 0x11 = X9.23 (random + pad length)

  • 0x20 = Random (when length is known)

B

R

4

MAC Block Size If Operation Type is a MAC type, this specifies the data to be MACed must be padded to a multiple of this many bytes. For all other Operation Types, do not include this byte.

B

O

Last updated