- return_code
-
Direction: Output | Type: Integer |
The return code specifies the general result of the callable
service. Appendix A. ICSF and TSS Return and Reason Codes lists the return codes.
- reason_code
-
Direction: Output | Type: Integer |
The reason code specifies the result of the callable service
that is returned to the application program. Each return code has
different reason codes that are assigned to it that indicate specific
processing problems. Appendix A. ICSF and TSS Return and Reason Codes lists the reason
codes.
- exit_data_length
-
Direction: Input/Output | Type: Integer |
The length of the data that is passed to the installation
exit. The length can be from X'00000000' to X'7FFFFFFF' (2
gigabytes). The data is identified in the exit_data parameter.
- exit_data
-
Direction: Input/Output | Type: String |
The data that is passed to the installation exit.
- rule_array_count
-
Direction: Input | Type: Integer |
The number of keywords you supplied in the rule_array parameter.
The value can be 0 to 3. If you specify 0, the service does not perform
notarization or offset.
- rule_array
-
Direction: Input | Type: String |
Zero to three keywords that provide control information
to the callable service. See the list of keywords in Table 288. The keywords must be in 8 to 24 bytes of contiguous
storage. Each of the keywords must be left-justified in its own 8-byte
location and padded on the right with blanks. You must specify this
parameter even if do not specify any keywords.
Table 288. Keywords for ANSI X9.17 Key Translate Rule ArrayKeyword | Meaning |
---|
Notarization Rule (optional with no defaults) |
CPLT-NOT | Complete ANSI X9.17 notarization
using the value obtained from the outbound_KEK_count parameter.
The outbound transport key specified must be partially notarized. |
NOTARIZE | Perform notarization processing using
the values obtained from the outbound_origin_identifier,
the outbound_destination_identifier,and the outbound_KEK_count. |
Parity Rule (optional) |
ENFORCE | Stop processing if any source keys
do not have odd parity. This is the default value. |
IGNORE | Ignore the parity of the source key. |
Source Key Rule (optional) |
1-KD | Import and translate one DATA key.
This is the default parameter. |
1-KD+KK | Import and translate one DATA key
and a single-length AKEK. |
1-KD+*KK | Import and translate one DATA key
and a double-length AKEK. |
2-KD | Import and translate two DATA keys. |
- inbound_KEK_count
-
Direction: Input | Type: String |
An 8-byte area that contains an ASCII count for use in
the offset process. The count is an ASCII character string, left-justified,
and padded on the right by space characters. ICSF interprets a single
space character as a zero counter. The maximum value is 99999999.
- inbound_transport_key_identifier
-
Direction: Input/Output | Type: String |
A 64-byte area that contains either an internal token,
or a label that refers to an internal token for an AKEK.
- inbound_data_key_1
-
Direction: Input | Type: String |
A 16-byte area that contains the enciphered DATA key that
the service is importing and translating. You must specify the DATA
key as an ASCII-encoded hexadecimal string.
- inbound_data_key_2
-
Direction: Input | Type: String |
A 16-byte area that contains the second enciphered DATA
key that the service is importing and translating. This field is valid
if the rule_array parameter specifies 2-KD. You must supply
the key as an ASCII-encoded hexadecimal string. This field is ignored
if the rule_array parameter specifies other source key
rules.
- inbound_key_encrypting_key
-
Direction: Input | Type: String |
A 16- or 32-byte area that contains an enciphered AKEK
that the service is to translate. The area is 16 bytes if the rule_array parameter
specifies a source key rule of single-length AKEK. The area is 32
bytes if the source key rule specifies a double-length AKEK (1-KD+*KK).
You must supply the key as an ASCII-encoded hexadecimal string. ICSF ignores
this field if the rule_array specifies either 1-KD or
2-KD.
- outbound_origin_identifier
-
Direction: Input | Type: String |
This parameter is valid if the rule_array parameter
specifies a keyword of NOTARIZE. It specifies an area that contains
a 16-byte string that contains the origin identifier that is defined
in the ANSI X9.17 standard. The string must be ASCII characters, left-justified,
and padded on the right by space characters. The string must be a
minimum of four non-space characters. ICSF ignores this field if
the rule_array parameter specifies a keyword of CPLT-NOT.
- outbound_destination_identifier
-
Direction: Input | Type: String |
This parameter is valid if the rule_array parameter
specifies a keyword of NOTARIZE. It specifies an area that contains
a 16-byte string that contains the destination identifier that is
defined in the ANSI X9.17 standard. The string must be ASCII characters,
left-justified, and padded on the right by space characters. The string
must be a minimum of four non-space characters. This parameter is
ignored if the rule_array parameter specifies a keyword
of CPLT-NOT.
- outbound_KEK_count
-
Direction: Input | Type: String |
An 8-byte area that contains an ASCII count for use in
the notarization process. The count is an ASCII character string,
left-justified, and padded on the right by space characters. ICSF interprets
a single space character as a zero counter. The maximum value is 99999999.
- outbound_transport_key_identifier
-
Direction: Input/Output | Type: String |
A 64-byte area that contains either an internal token,
or a label that refers to an internal token for an AKEK.
- outbound_data_key_1
-
Direction: Output | Type: String |
A 16-byte area where the service returns the translated
data key 1 an ASCII-encoded hexadecimal string. The service returns
the key only if the rule_array specifies 1-KD or 2-KD. ICSF ignores
this field if the rule_array parameter specifies either
1-KD+KK or 1-KD+*KK.
- outbound_data_key_2
-
Direction: Output | Type: String |
A 16-byte area where the service returns the translated
data key 2 as an ASCII-encoded hexadecimal string. The service returns
the key only if the rule_array parameter specifies 2-KD. ICSF ignores
this field if the rule_array parameter specifies 1-KD,
1-KD+KK, or 1-KD+*KK.
- outbound_key_encrypting_key
-
Direction: Output | Type: String |
A 16- or 32-byte area that contains the enciphered, translated
AKEK. The area is 16 bytes if the rule_array parameter
specifies a single-length AKEK (1-KD+KK). The area is 32 bytes if
the rule_array parameter specifies a double-length AKEK
(1-KD+*KK). The service returns the key as an ASCII-encoded hexadecimal
string. ICSF ignores this field if the rule_array parameter
specifies either 1-KD or 2-KD.
- MAC_key_token
-
Direction: Output | Type: String |
A 64-byte area that contains an internal token for a MAC
key that is intended for use in the MAC generation or MAC verification
process. This field is the EXCLUSIVE OR of the two imported DATA keys
when the rule_array parameter specifies 2-KD for the source
key rule. If the rule_array parameter specifies 1-KD,
the service returns the imported key in this field as an ICSF internal
key token.