The return code specifies the general result of the callable service. Appendix A. ICSF and TSS Return and Reason Codes lists the return codes.

The reason code specifies the result of the callable service that is returned to the application program. Each return code has different reason codes assigned to it that indicate specific processing problems. Appendix A. ICSF and TSS Return and Reason Codes lists the reason codes.

The length of the data that is passed to the installation exit. The length can be from X'00000000' to X'7FFFFFFF' (2 gigabytes). The data is identified in the exit_data parameter.

The data that is passed to the installation exit.

The number of keywords you are supplying in the rule_array parameter. The value must be 0, 1, or 2.

Contains an array of keywords that provide control information to the callable service. One keyword specifies the method to use to verify the RSA digital signature. Another keyword specifies the input token is a Trusted Block. A third keyword specifies the algorithm used to validate the signature. Table 225 lists the keywords. Each keyword is left-justified in an 8-byte field and padded on the right with blanks. All keywords must be in contiguous storage.

The length of the PKA_public_key_identifier parameter containing the public key token or label. The maximum size is 3500 bytes.

A token or label of the RSA or DSS public key or internal trusted block. If this parameter contains a token or the label of an Internal Trusted Block, the rule_array parameter must specify TPK-ONLY. If the signature algorithm is ECDSA, this must be a token label of an ECC public key.

The length of the hash parameter in bytes. It must be the exact length of the text that was signed. The maximum size is 512 bytes.

The application-supplied text on which the supplied signature was generated. The text must have been previously hashed and, for PKCS formatting, BER-encoded as previously described.

The length in bytes of the signature_field parameter. The maximum size is 512 bytes.

This field contains the digital signature to verify. The digital signature is in the low-order bits (right-justified) of a string whose length is the minimum number of bytes that can contain the digital signature. This string is left-justified within the signature_field.