Security Protocol Out Command
August 2016 Commands 223
If the bit is set to one and there is no persistent reservation in effect for the I_T
nexus associated with the SECURITY PROTOCOL OUT command, the device
server shall terminate the command with CHECK CONDITION status and set the
sense key to ILLEGAL REQUEST and the additional sense code to INVALID
FIELD IN PARAMETER DATA.
• If the clear key on reservation loss (CKORL) bit is set to one the physical device
shall set the data encryption parameters to default values on a reservation loss.
If the bit is set to zero, a reservation loss shall not affect the data encryption
parameters.
If the CKORL bit is set to one and there is no reservation in effect for the I_T nexus
associated with the SECURITY PROTOCOL OUT command, the device server
shall terminate the command with CHECK CONDITION status and set the sense
key to ILLEGAL REQUEST and the additional sense code to INVALID FIELD IN
PARAMETER DATA.
• If the ENCRYPTION MODE field is set to ENCRYPT and the KEY LENGTH field
is set to zero.
The device server shall terminate the command with CHECK CONDITION status,
with the sense key set to ILLEGAL REQUEST, and the additional sense code set to
INVALID FIELD IN PARAMETER DATA.
• If the DECRYPTION MODE field is set to DECRYPT or MIXED and the KEY
LENGTH field is set to zero,
The device server shall terminate the command with CHECK CONDITION status,
with the sense key set to ILLEGAL REQUEST, and the additional sense code set to
INVALID FIELD IN PARAMETER DATA.
• If the device server reports that it requires key-associated data (DKAD_C) from
the application client and a Set Data Encryption page is processed that does not
include a key-associated data descriptor.
The device server shall terminate the command with CHECK CONDITION, with
the sense key set to ILLEGAL REQUEST, and the additional sense code set to
INCOMPLETE KEY-ASSOCIATED DATA SET.
• If a nonce value descriptor is included and the algorithm and the device server
supports application client generated nonce values
The value in the KEY DESCRIPTOR field shall be used as the nonce value for the
encryption process.
• If a nonce value descriptor is included and the encryption algorithm or the device
server does not support application client generated nonce values,
The device server shall terminate the command with CHECK CONDITION, with
the sense key set to ILLEGAL REQUEST, and the additional sense code set to
INVALID FIELD IN PARAMETER LIST.
The device server shall terminate the command with CHECK CONDITION, with the
sense key set to ILLEGAL REQUEST, and the additional sense code set to INVALID
FIELD IN PARAMETER LIST if an A-KAD or M-KAD is included and:
a. The encryption algorithm specified by the ALGORITHM INDEX field does not
support A-KAD or M-KAD.
To Next Page
Loading...
Need help?
General