z/OS Cryptographic Services ICSF Application Programmer's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Parameters

z/OS Cryptographic Services ICSF Application Programmer's Guide
SA22-7522-16

return_code
Direction: OutputType: Integer

The return code specifies the general result of the callable service. Appendix A. ICSF and TSS Return and Reason Codes lists the return codes.

reason_code
Direction: OutputType: Integer

The reason code specifies the result of the callable service that is returned to the application program. Each return code has different reason codes that are assigned to it that indicate specific processing problems. Appendix A. ICSF and TSS Return and Reason Codes lists the reason codes.

exit_data_length
Direction: Input/OutputType: Integer

The length of the data that is passed to the installation exit. The length can be from X'00000000' to X'7FFFFFFF' (2 gigabytes). The data is identified in the exit_data parameter.

exit_data
Direction: Input/OutputType: String

The data that is passed to the installation exit.

rule_array_count
Direction: InputType: Integer

The number of keywords you supplied in the rule_array parameter. The value can be 0 to 3. If you specify 0, the service does not perform notarization or offset.

rule_array
Direction: InputType: String

Zero to three keywords that provide control information to the callable service. See the list of keywords in Table 288. The keywords must be in 8 to 24 bytes of contiguous storage. Each of the keywords must be left-justified in its own 8-byte location and padded on the right with blanks. You must specify this parameter even if do not specify any keywords.

Table 288. Keywords for ANSI X9.17 Key Translate Rule Array
KeywordMeaning
Notarization Rule (optional with no defaults)
CPLT-NOTComplete ANSI X9.17 notarization using the value obtained from the outbound_KEK_count parameter. The outbound transport key specified must be partially notarized.
NOTARIZEPerform notarization processing using the values obtained from the outbound_origin_identifier, the outbound_destination_identifier,and the outbound_KEK_count.
Parity Rule (optional)
ENFORCEStop processing if any source keys do not have odd parity. This is the default value.
IGNOREIgnore the parity of the source key.
Source Key Rule (optional)
1-KDImport and translate one DATA key. This is the default parameter.
1-KD+KKImport and translate one DATA key and a single-length AKEK.
1-KD+*KKImport and translate one DATA key and a double-length AKEK.
2-KDImport and translate two DATA keys.
inbound_KEK_count
Direction: InputType: String

An 8-byte area that contains an ASCII count for use in the offset process. The count is an ASCII character string, left-justified, and padded on the right by space characters. ICSF interprets a single space character as a zero counter. The maximum value is 99999999.

inbound_transport_key_identifier
Direction: Input/OutputType: String

A 64-byte area that contains either an internal token, or a label that refers to an internal token for an AKEK.

inbound_data_key_1
Direction: InputType: String

A 16-byte area that contains the enciphered DATA key that the service is importing and translating. You must specify the DATA key as an ASCII-encoded hexadecimal string.

inbound_data_key_2
Direction: InputType: String

A 16-byte area that contains the second enciphered DATA key that the service is importing and translating. This field is valid if the rule_array parameter specifies 2-KD. You must supply the key as an ASCII-encoded hexadecimal string. This field is ignored if the rule_array parameter specifies other source key rules.

inbound_key_encrypting_key
Direction: InputType: String

A 16- or 32-byte area that contains an enciphered AKEK that the service is to translate. The area is 16 bytes if the rule_array parameter specifies a source key rule of single-length AKEK. The area is 32 bytes if the source key rule specifies a double-length AKEK (1-KD+*KK). You must supply the key as an ASCII-encoded hexadecimal string. ICSF ignores this field if the rule_array specifies either 1-KD or 2-KD.

outbound_origin_identifier
Direction: InputType: String

This parameter is valid if the rule_array parameter specifies a keyword of NOTARIZE. It specifies an area that contains a 16-byte string that contains the origin identifier that is defined in the ANSI X9.17 standard. The string must be ASCII characters, left-justified, and padded on the right by space characters. The string must be a minimum of four non-space characters. ICSF ignores this field if the rule_array parameter specifies a keyword of CPLT-NOT.

outbound_destination_identifier
Direction: InputType: String

This parameter is valid if the rule_array parameter specifies a keyword of NOTARIZE. It specifies an area that contains a 16-byte string that contains the destination identifier that is defined in the ANSI X9.17 standard. The string must be ASCII characters, left-justified, and padded on the right by space characters. The string must be a minimum of four non-space characters. This parameter is ignored if the rule_array parameter specifies a keyword of CPLT-NOT.

outbound_KEK_count
Direction: InputType: String

An 8-byte area that contains an ASCII count for use in the notarization process. The count is an ASCII character string, left-justified, and padded on the right by space characters. ICSF interprets a single space character as a zero counter. The maximum value is 99999999.

outbound_transport_key_identifier
Direction: Input/OutputType: String

A 64-byte area that contains either an internal token, or a label that refers to an internal token for an AKEK.

outbound_data_key_1
Direction: OutputType: String

A 16-byte area where the service returns the translated data key 1 an ASCII-encoded hexadecimal string. The service returns the key only if the rule_array specifies 1-KD or 2-KD. ICSF ignores this field if the rule_array parameter specifies either 1-KD+KK or 1-KD+*KK.

outbound_data_key_2
Direction: OutputType: String

A 16-byte area where the service returns the translated data key 2 as an ASCII-encoded hexadecimal string. The service returns the key only if the rule_array parameter specifies 2-KD. ICSF ignores this field if the rule_array parameter specifies 1-KD, 1-KD+KK, or 1-KD+*KK.

outbound_key_encrypting_key
Direction: OutputType: String

A 16- or 32-byte area that contains the enciphered, translated AKEK. The area is 16 bytes if the rule_array parameter specifies a single-length AKEK (1-KD+KK). The area is 32 bytes if the rule_array parameter specifies a double-length AKEK (1-KD+*KK). The service returns the key as an ASCII-encoded hexadecimal string. ICSF ignores this field if the rule_array parameter specifies either 1-KD or 2-KD.

MAC_key_token
Direction: OutputType: String

A 64-byte area that contains an internal token for a MAC key that is intended for use in the MAC generation or MAC verification process. This field is the EXCLUSIVE OR of the two imported DATA keys when the rule_array parameter specifies 2-KD for the source key rule. If the rule_array parameter specifies 1-KD, the service returns the imported key in this field as an ICSF internal key token.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014