I'm trying to implement ANSI 9.19 message authentication code
for transmitting data to another company. This is
a banking standard to create a MAC over the bytes of your
message. The target recipeint specifies a '2DES'
mechanism for doing so, and describes the algorithm.
I'm using the MACTripleDES class and AFAIK it is implementing
the same algorithm, but the answer out is not what I
expect. Having set the class type as TripleDES,
the padding mode to the correct Zero padding and with the correct
Key, I still get the wrong answer.
Has anyone used this calss to implement this
standard? Is this the same as Retail
MAC? A brief synopsis of the algorithm is:
1. Pad the data with zeros to ensure it is a multiple
of 64 bits in length.
2. Set the 4 bytes that make up the Authentication Code
part of the message to be spaces (0x20)
3. Set LeftKey to be the left 64 bits of the MAC key to
be used.
4. Set RightKey to be the right 64 bits of the MAC key
to be used.
5. Set Result to be a 64-bit buffer initially set to
all zeros.
6. For each 64 bit block (Block) in the source
data:
a. Xor Result with Block (Result^=Block)
b. Encrypt Result using LeftKey
7. Decrypt Result using RightKey
8. Encrypt Result using LeftKey
The MAC here is specfied as 4 bytes, however this is just the
first 4 bytes of the 8 byte MAC key.