- return_code
-
Direction: Output | Type: Integer |
The return code specifies the general result of the callable
service. Appendix A. ICSF and TSS Return and Reason Codes lists the return codes.
- reason_code
-
Direction: Output | Type: Integer |
The reason code specifies the result of the callable
service that is returned to the application program. Each return code
has different reason codes assigned to it that indicate specific processing
problems. Appendix A. ICSF and TSS Return and Reason Codes lists the reason codes.
- exit_data_length
-
Direction: Input/Output | Type: Integer |
The length of the data that is passed to the installation
exit. The length can be from X'00000000' to X'7FFFFFFF' (2
gigabytes). The data is identified in the exit_data parameter.
- exit_data
-
Direction: Input/Output | Type: String |
The data that is passed to the installation exit.
- rule_array_count
-
Direction: Input | Type: Integer |
The number of keywords you are supplying in the rule_array parameter.
The value must be 0, 1, or 2.
- rule_array
-
Direction: Input | Type: String |
Contains an array of keywords that provide control information
to the callable service. One keyword specifies the method to use to
verify the RSA digital signature. Another keyword specifies the input
token is a Trusted Block. A third keyword specifies the algorithm
used to validate the signature. Table 225 lists the keywords.
Each keyword is left-justified in an 8-byte field and padded on the
right with blanks. All keywords must be in contiguous storage.
Table 225. Keywords for Digital Signature Verify Control InformationKeyword | Meaning |
---|
Digital Signature Formatting Method (optional, RSA only) |
X9.31 | Format according to the ANSI X9.31
standard. |
ISO-9796 | Calculate the digital signature on
the hash according to ISO 9796-1. Any hash method is allowed.
This is the default. |
PKCS-1.0 | Calculate the digital signature on
the BER-encoded ASN.1 value of the type DigestInfo containing
the hash according to the RSA Data Security, Inc., Public
Key Cryptography Standards #1 block type 00 and compare
to the digital signature. The text must have been hashed prior to
inputting to this service. |
PKCS-1.1 | Calculate the digital signature on
the BER-encoded ASN.1 value of the type DigestInfo containing
the hash according to the RSA Data Security, Inc., Public
Key Cryptography Standards #1 block type 01 and compare to the
digital signature. The text must have been hashed prior to inputting
to this service. |
ZERO-PAD | Format the hash by padding it on
the left with binary zeros to the length of the PKA key modulus. Any
supported hash function is allowed. |
PKA public key token type (one, optional) |
- PKA_public_key_identifier_length
-
Direction: Input | Type: Integer |
The length of the PKA_public_key_identifier parameter
containing the public key token or label. The maximum size is 3500 bytes.
- PKA_public_key_identifier
-
Direction: Input | Type: String |
A token or label of the RSA or DSS public key
or internal trusted block. If this parameter contains a token or the
label of an Internal Trusted Block, the rule_array parameter
must specify TPK-ONLY. If the signature algorithm is ECDSA,
this must be a token label of an ECC public key.
- hash_length
-
Direction: Input | Type: Integer |
The length of the hash parameter in bytes. It
must be the exact length of the text that was signed. The maximum
size is 512 bytes.
- hash
-
Direction: Input | Type: String |
The application-supplied text on which the supplied signature
was generated. The text must have been previously hashed and, for
PKCS formatting, BER-encoded as previously described.
- signature_field_length
-
Direction: Input | Type: Integer |
The length in bytes of the signature_field parameter.
The maximum size is 512 bytes.
- signature_field
-
Direction: Input | Type: String |
This field contains the digital signature to verify.
The digital signature is in the low-order bits (right-justified) of
a string whose length is the minimum number of bytes that can contain
the digital signature. This string is left-justified within the signature_field.