SCSI Commands: 43BSECURITY PROTOCOL IN
Page
187
Byte
Bits
7 6 5 4 3 2 1 0
0
ALGORITHM INDEX (00h)
1
Reserved
2
(MSB)
3
DESCRIPTOR LENGTH (14h)
(LSB)
4
AVFMV SDK_C MAC_C DED_C
DECRYPT_C
ENCRYPT_C
5
AVFCLP NONCE_C Reserved
UKAFD
AKADF
6
(MSB)
7
MAXIMUM UNAUTHENTICATED KEY-ASSOCIATED BYTES
(LSB)
8
(MSB)
9
MAXIMUM AUTHENTICATED KEY-ASSOCIATED BYTES
(LSB)
10
(MSB)
11
KEY SIZE (0020h)
(LSB)
12
Reserved RDMC_C
EAREM
13
19
Reserved
20
(MSB)
23
SECURITY ALGORITHM CODE
(00010014h)
(LSB)
3.31.6.1.1
Algorithm Descriptor Field Descriptions
Field
Bytes
Bits
Description
ALGORITHM
INDEX
0
00h = AES-256/GCM.
ENCRYPT_C 4 0-1
2 = The device server has the ability to encrypt data using
this algorithm in hardware.
DECRYPT_C 4 2-3
2 = The device server has the ability to decrypt data using
this algorithm in hardware.
DED_C 4
4
1 = The device server is capable of distinguishing encrypted
data from unencrypted data when reading it from the
medium.
MAC_C 4
5
1 = The algorithm includes a message authentication code
added to encrypted blocks.
SDK_C 4
6
0 = The device server is not capable of processing
supplemental decryption keys.
AVFMV
(Algorithm Valid For
Mounted Volume)
4 7
0 = There is no volume mounted in the device or the algorithm is
not valid for the currently mounted volume. 0 is reported for
Ultrium-3 and earlier media.
1 = There is a volume currently mounted in the device and the
encryption algorithm being described is valid for that volume.
AKADF 5
0
0 = A-KAD may be any length from 0 up to the maximum. It
is permissible not to send an A-KAD descriptor in the Set
Data Encryption page.
UKADF 5
1
0 = U-KAD may be any length from 0 up to the maximum. It
is permissible not to send a U-KAD descriptor in the Set
Data Encryption page.
NONCE_C
5
4-5
1 = The device server generates the nonce value.
Summary of Contents for LTO 4
Page 1: ......