- return_code
-
Direction: Output | Type: Integer |
The return code specifies the general result of the callable
service. Appendix A. ICSF and TSS Return and Reason Codes lists the return codes.
- reason_code
-
Direction: Output | Type: Integer |
The reason code specifies the result of the callable service
that is returned to the application program. Each return code has
different reason codes that indicate specific processing problems. Appendix A. ICSF and TSS Return and Reason Codes lists the reason codes.
- exit_data_length
-
Direction: Input/Output | Type: Integer |
The length of the data that is passed to the installation
exit. The length can be from X'00000000' to X'7FFFFFFF' (2
gigabytes). The data is identified in the exit_data parameter.
- exit_data
-
Direction: Input/Output | Type: String |
The data that is passed to the installation exit.
- key_type
-
Direction: Input | Type: Character string |
The type of key you want to reencipher under the master
key. Specify an 8-byte keyword or the keyword TOKEN. The keyword must
be left-justified and padded on the right with blanks.
If
the key type is TOKEN, ICSF determines the key type from the control
vector (CV) field in the external key token provided in the source_key_identifier parameter.
TOKEN
is never allowed when the importer_key_identifier is NOCV.
Supported key_type values are CIPHER, DATA, DATAM,
DATAMV, DATAXLAT, DECIPHER, ENCIPHER, EXPORTER, IKEYXLAT, IMPORTER,
IPINENC, MAC, MACVER, OKEXLAT, OPINENC, PINGEN and PINVER. Use key_type
TOKEN for all other key types.
For information on the meaning
of the key types, see Table 3.
We recommend using
key type of TOKEN when importing double-length MAC and MACVER keys.
- source_key_identifier
-
Direction: Input | Type: String |
The key you want to reencipher under the master key. The
parameter is a 64-byte field for the enciphered key to be imported
containing either an external key token or a null key token. If you
specify a null token, the token is all binary zeros, except for a
key in bytes 16-23 or 16-31, or in bytes 16-31 and 48-55 for triple-length
DATA keys. Refer to Table 336.
If key type is TOKEN,
this field may not specify a null token.
This service supports
the no-export function in the CV.
- importer_key_identifier
-
Direction: Input/Output | Type: String |
The importer key-encrypting key that the key is currently
encrypted under. The parameter is a 64-byte area containing either
the key label of the key in the cryptographic key data set or the
internal key token for the key. If you supply a key label that is
less than 64-bytes, it must be left-justified and padded with blanks.
Note:
If you specify a NOCV importer in the importer_key_identifier parameter,
the key to be imported must be enciphered under the importer key itself.
- target_key_identifier
-
Direction: Input/Output | Type: String |
This parameter is the generated reenciphered key. The parameter
is a 64-byte area that receives the internal key token for the imported
key.
If the imported key TYPE is IMPORTER or EXPORTER and the
token key TYPE is the same, the target_key_identifier parameter
changes direction to both input and output. If the application passes
a valid internal key token for an IMPORTER or EXPORTER key in this
parameter, the NOCV bit is propagated to the imported key token.
Note:
Propagation of the NOCV bit is performed only if the service
is processed on a Cryptographic Coprocessor Feature or on a PCIXCC, CEX2C, or CEX3C.
ICSF supports two methods of wrapping the key value
in a symmetric key token: the original ECB wrapping and an enhanced
CBC wrapping method which is ANSI X9.24 compliant. The output target_key_identifier will
use the default wrapping method unless a skeleton token is supplied
as input. If a skeleton token is supplied as input, the wrapping method
in the skeleton token will be used.