- return_code
-
Direction: Output | Type: Integer |
The return code specifies the general result of the callable
service. Appendix A. ICSF and TSS Return and Reason Codes lists the return codes.
- reason_code
-
Direction: Output | Type: Integer |
The reason code specifies the result of the callable service
that is returned to the application program. Each return code has
different reason codes that indicate specific processing problems. Appendix A. ICSF and TSS Return and Reason Codes lists the reason codes.
- exit_data_length
-
Direction: Input/Output | Type: Integer |
The length of the data that is passed to the installation
exit. The length can be from X'00000000' to X'7FFFFFFF' (2 gigabytes).
The data is identified in the exit_data parameter.
- exit_data
-
Direction: Input/Output | Type: String |
The data that is passed to the installation exit.
- rule_array_count
-
Direction: Input | Type: Integer |
The number of keywords you supplied in the rule_array parameter.
The value must be 3.
- rule_array
-
Direction: Input | Type: String |
The rule_array contains keywords that provide
control information to the callable service. The keywords must be
in contiguous storage with each of the keywords left-justified in
its own 8-byte location and padded on the right with blanks.
Table 92. Keywords for Secure Key Import2 Control InformationKeyword | Meaning |
---|
Token algorithm (One Required) |
HMAC | The target key identifier is to be
an HMAC key. |
AES | The target key identifier is to be an AES key. |
Key Form
(One Required) |
OP | Specifies the key should be enciphered under
the master key. |
IM | Specifies the key should be enciphered under
the key-encrypting key. |
Key Type
(One Required) |
CIPHER | The key type of the output token will be CIPHER.
Only valid for AES algorithm. |
EXPORTER | The key type of the output token will be EXPORTER.
Only valid for AES algorithm. |
IMPORTER | The key type of the output token will be IMPORTER.
Only valid for AES algorithm. |
MAC | MAC generation key. Only valid for HMAC algorithm. |
MACVER | MAC verify key. Only valid for HMAC algorithm. |
TOKEN | The key type will be determined from the key
token supplied in the target_key_identifier parameter. ICSF
does not check for the length of the key but uses the clear_key_bit_length parameter
to determine the length of the key. |
- clear_key_bit_length
-
Direction: Input | Type: Integer |
The length of the value supplied in the clear_key parameter
in bits. Valid lengths are 80 to 2048 for HMAC keys, and
128, 192, or 256 for AES keys.
- clear_key
-
Direction: Input | Type: String |
The value of the key to be imported. The value should be
left justified and padded on the right with zeros to a byte boundary
if the clear_key_bit_length is not a multiple of 8.
- key_name_length
-
Direction: Input | Type: Integer |
The length of the key_name parameter. Valid values
are 0 and 64.
- key_name
-
Direction: Input | Type: String |
A 64-byte key store label to be stored in the associated
data structure of the token.
- user_associated_data_length
-
Direction: Input | Type: Integer |
The length of the user-associated data. The valid
values are 0 to 255 bytes.
- user_associated_data
-
Direction: Input | Type: String |
User-associated data to be stored in the associated
data structure.
- key_encrypting_key_identifier_length
-
Direction: Input | Type: Integer |
The byte length of the key_encrypting_key_identifier parameter.
When Key Form is OP, the value must be zero. When Key Form is IM,
the value must be between the actual length of the token and 725 when key_encrypting_key_identifier is
a token. The value must be 64 when key_encrypting_key_identifier is
a label.
- key_encrypting_key_identifier
-
Direction: Input/Output | Type: String |
When the Key Form rule is OP, key_encrypting_key_identifier is
ignored. When the Key Form rule is IM, key_encrypting_key_identifier contains
an internal key token containing the AES importer key-encrypting key
or a key label.
If the token supplied was encrypted under the
old master key, the token will be returned encrypted under the current
master key.
- target_key_identifier_length
-
Direction: Input/Output | Type: Integer |
On input, the byte length of the buffer for the target_key_identifier parameter.
The buffer must be large enough to receive the target key token. The
maximum value is 900 bytes.
On output, the
parameter will hold the actual length of the target key token.
- target_key_identifier
-
Direction: Input/Output | Type: String |
The output key token. On input, this parameter
is ignored except when the Key Type keyword is TOKEN. If you specify
the TOKEN keyword, then this field contains a valid token of the key
type you want to import. On output, when Key Form is OP, this will
be an internal variable-length symmetric token. When Key Form is IM,
this will be an external variable-length symmetric token. See rule_array for
a list of valid key types.