- return_code
-
| Direction: Output | Type: Integer |
The return code specifies the general result of the callable
service. Appendix A. ICSF and TSS Return and Reason Codes lists the return codes.
- reason_code
-
| Direction: Output | Type: Integer |
The reason code specifies the result of the callable service
that is returned to the application program. Each return code has
different reason codes that indicate specific processing problems. Appendix A. ICSF and TSS Return and Reason Codes lists the reason codes.
- exit_data_length
-
| Direction: Input/Output | Type: Integer |
The length of the data that is passed to the installation
exit. The length can be from X'00000000' to X'7FFFFFFF' (2 gigabytes).
The data is identified in the exit_data parameter.
- exit_data
-
| Direction: Input/Output | Type: String |
The data that is passed to the installation exit.
- rule_array_count
-
| Direction: Input | Type: Integer |
The number of keywords you supplied in the rule_array parameter.
The value may be 2 or 3.
- rule_array
-
| Direction: Input | Type: Integer |
The rule_array contains keywords that provide
control information to the callable service. The keywords must be
in contiguous storage with each of the keywords left-justified in
its own 8-byte location and padded on the right with blanks.
Table 49. Keywords for Key Part Import2 Control Information| Keyword | Meaning |
|---|
| Token Algorithm (Required) |
| HMAC | Specifies to import an HMAC key token. |
| AES | Specifies to import an AES key token. |
| Key Part (One required) |
| FIRST | This keyword specifies that an initial key part
is being entered. The callable service returns this key-part encrypted
by the master key in the key token that you supplied. |
| ADD-PART | This keyword specifies that additional key-part
information is provided. |
| COMPLETE | This keyword specifies that the key-part bit
shall be turned off in the control vector of the key rendering the
key fully operational. Note that no key-part information is added
to the key with this keyword. |
| Split
Knowledge (One required). Use only with FIRST keyword. |
| MIN3PART | Specifies that the key must be entered in at
least three parts. |
| MIN2PART | Specifies that the key must be entered in at
least two parts. |
| MIN1PART | Specifies that the key must be entered in at
least one part. |
- key_part_bit_length
-
| Direction: Input | Type: Integer |
The length of the clear key in bits. This indicates the
bit length of the key supplied in the key_part field. For FIRST and ADD-PART keywords, valid values are 80 to
2048 for HMAC keys or 128, 192, or 256 for AES keys. The value
must be 0 for the COMPLETE keyword.
- key_part
-
| Direction: Input | Type: String |
This parameter is the clear key value to be applied. The
key part must be left-justified. This parameter is ignored if COMPLETE
is specified.
- key_identifier_length
-
| Direction: Input/Output | Type: Integer |
On input, the length of the buffer for the key_identifier parameter.
For labels, the value is 64 bytes. The key_identifier must
be left justified in the buffer. The buffer must be large enough to
receive the updated token. The maximum value is 725 bytes. The output
token will be longer when the first key part is imported.
On
output, the actual length of the token returned to the caller. For
labels, the value will be 64.
- key_identifier
-
| Direction: Input/Output | Type: String |
The parameter containing an internal token or a 64-byte
label of an existing CKDS record. If the Key Part rule is
FIRST, the key is a skeleton token. If the Key Part
rule is ADD-PART, this is an internal token or the label of a
CKDS record of a partially combined key. Depending on the input format,
the accumulated partial or complete key is returned as an internal
token or as an updated CKDS record. The returned key_identifier will
be encrypted under the current master key.
z/OS Cryptographic Services ICSF Application Programmer's Guide
Copyright IBM Corporation 1990, 2014