 |
- return_code
-
| Direction: Output | Type: Integer |
The return code specifies the general result of the callable
service. Appendix A. ICSF and TSS Return and Reason Codes lists the return codes.
- reason_code
-
| Direction: Output | Type: Integer |
The reason code specifies the result of the callable service
that is returned to the application program. Each return code has
different reason codes that indicate specific processing problems. Appendix A. ICSF and TSS Return and Reason Codes lists the reason codes.
- exit_data_length
-
| Direction: Ignored | Type: Integer |
This field is ignored. It is recommended to specify 0 for
this parameter.
- exit_data
-
| Direction: Ignored | Type: String |
This field is ignored.
- rule_array_count
-
| Direction: Input | Type: Integer |
The number of keywords you supplied in the rule_array parameter.
This value must be 1 or 2.
- rule_array
-
| Direction: Input | Type: String |
Keywords that provide control information to the callable
service. Each keyword is left-justisfied in 8-byte fields and padded
on the right with blanks. All keywords must be in contiguous storage.
Table 308. Keywords for one-way hash generate| Keyword | Meaning |
|---|
| Hash
Method (required) | | MD2 | Hash
algorithm is MD2 algorithm. Length of hash generated is 16 bytes. | | MD5 | Hash
algorithm is MD5 algorithm. Length of hash generated is 16 bytes. | | RPMD-160 | Hash algorithm is RIPEMD-160. Length of hash
generated is 20 bytes. | | SHA-1 | Hash algorithm is SHA-1. Length of hash generated
is 20 bytes. | | SHA-224 | Hash algorithm is SHA-224. Length of hash generated
is 28 bytes. | | SHA-256 | Hash algorithm is SHA-256. Length of hash generated
is 32 bytes. | | SHA-384 | Hash algorithm is SHA-384. Length of hash generated
is 48 bytes. | | SHA-512 | Hash algorithm is SHA-512. Length of hash generated
is 64 bytes. | | DETERMIN | For use with non-chained RSA signature verifies
only. Hash algorithm is to be determined from the input signature. | | Chaining Flag (optional) | | FIRST | Specifies this is the first call in a series
of chained calls. Intermediate results are stored in the hash and chain_data fields. Cannot be specified with hash method DETERMIN. | | MIDDLE | Specifies this is a middle call in a series
of chained calls. Intermediate results are stored in the hash and chain_data fields. Cannot be specified with hash method DETERMIN. | | LAST | Specifies this is the last call in a series
of chained calls. Cannot be specified with hash method
DETERMIN. | | ONLY | Specifies this is the only call and the call
is not chained. This is the default. | | Requested Operation
(optional) | | HASH | The specified text is to be hashed only. This
is the default. Cannot be specified (either explicitly
or by default) with hash method DETERMIN. | | SIGN-RSA | The data is to be hashed then signed using RSA-PKCS
1.5 formatting. Any hash method is acceptable except RPMD-160 and DETERMIN. | | SIGN-DSA | The data is to be hashed then signed using DSA.
The hash method must be SHA-1, SHA-224, SHA-256, SHA-384,
or SHA-512. | | SIGN-EC | The data is to be hashed then signed using ECDSA.
The hash method must be SHA-1, SHA-224, SHA-256, SHA-384, or SHA-512. | | VER-RSA | The data is to be hashed then signature verified
using RSA-PKCS 1.5 formatting. Any hash method is acceptable except
RPMD-160. This operation is required for hash method
DETERMIN. | | VER-DSA | The data is to be hashed then signature verified
using DSA. The hash method must be SHA-1, SHA-224, SHA-256,
SHA-384, or SHA-512. | | VER-EC | The data is to be hashed then signature verified
using ECDSA. The hash method must be SHA-1, SHA-224, SHA-256, SHA-384,
or SHA-512. |
- text_length
-
| Direction: Input | Type: Integer |
The length of the text parameter in bytes.
If you specify
the FIRST or MIDDLE keyword, then the text length must be a multiple
of the block size of the hash method. For MD2, this is a multiple
of 16 bytes. For MD5, RPMD-160, SHA-1, SHA-224, and SHA-256, this
is a multiple of 64 bytes. For SHA-384 and SHA-512, this is a multiple
of 128 bytes. For ONLY and LAST, this service performs the required
padding according to the algorithm specified. The length can be from
0 to 2147483647.
- text
-
| Direction: Input | Type: String |
Value to be hashed
- text_id
-
| Direction: Input | Type: Integer |
The ALET identifying the space where the text resides.
- chain_data_length
-
| Direction: Input/Output | Type: Integer |
The byte length of the chain_data parameter. This
must be 128 bytes.
- chain_data
-
| Direction: Input/Output | Type: String |
This field is a 128-byte work area. The chain data permits
chaining data from one call to another. ICSF initializes the chain
data on a FIRST call and may change it on subsequent MIDDLE calls.
Your application must not change the data in this field between the
sequence of FIRST, MIDDLE, and LAST calls for a specific message.
The chain data has the following format:
Table 309. chain_data parameter format| Offset | Length | Description |
|---|
| 0 | 4 | Flag word
- Bit
- Meaning when set on
- 0
- Cryptographic state object has been allocated
- 1-31
- Reserved for IBM's use
| | 4 | 44 | Cryptographic state object handle | | 48 | 80 | Reserved for IBM's use |
- handle
-
| Direction: Input | Type: String |
For hash requests, this is the 44-byte name of the
token to which this hash operation is related. The first 32 bytes
of the handle are meaningful. The remaining 12 bytes are reserved.
See Handles for the format of a handle.
For
sign and verify requests, this is the 44-byte handle to the key object
that is to be used. For FIRST and MIDDLE chaining requests, only the
first 32 bytes of the handle are meaningful, to identify the token.
- hash_length
-
| Direction: Input/Output | Type: Integer |
The length of the supplied hash field in bytes.
For
hash requests, this field is input only. For SHA-1 and RPMD-160
this must be at least 20 bytes; for MD2 and MD5 this must be at least
16 bytes. For SHA-224 and SHA-256, this must be at least 32 bytes.
Even though the length of the SHA-224 hash is less than SHA-256, the
extra bytes are used as a work area during the generation of the hash
value. The SHA-224 value is left-justified and padded with 4 bytes
of binary zeroes. For SHA-384 and SHA-512, thus must be at least 64
bytes. Even though the length of the SHA-384 hash is less than SHA-512,
the extra bytes are used as a work area during the generation of the
hash value. The SHA-384 value is left-justified and padded with 16
bytes of binary zeroes.
For FIRST and MIDDLE sign and verify
requests, this field is ignored.
For LAST and ONLY sign requests,
this field is input/output. If the signature generation is successful,
ICSF will update this field with the length of the generated signature.
If the signature generation is unsuccessful because the supplied hash
field is too small, ICSF will update this field with the required
length.
For LAST and ONLY verify requests, this field is input
only.
- hash
-
| Direction: Input/Output | Type: String |
This field contains the hash or signature, left-justified.
The processing of the rest of the field depends on the implementation.
For
hash requests, this field is the generated hash. If you specify
the FIRST or MIDDLE keyword, this field contains the intermediate
hash value. Your application must not change the data in this field
between the sequence of FIRST, MIDDLE, and LAST calls for a specific
message.
For FIRST and MIDDLE sign and verify requests, this
field is ignored.
For LAST and ONLY sign requests, this field
is the generated signature.
For LAST and ONLY verify requests,
this field is input signature to be verified.
|
z/OS Cryptographic Services ICSF Application Programmer's Guide
Copyright IBM Corporation 1990, 2014