Parameters

z/OS Cryptographic Services ICSF Application Programmer's Guide

Parameters

z/OS Cryptographic Services ICSF Application Programmer's Guide
SA22-7522-16

return_code

Direction: Output

Type: Integer

The return code specifies the general result of the callable service. Appendix A. ICSF and TSS Return and Reason Codes lists the return codes.

reason_code

Direction: Output

Type: Integer

The reason code specifies the result of the callable service that is returned to the application program. Each return code has different reason codes that indicate specific processing problems. Appendix A. ICSF and TSS Return and Reason Codes lists the reason codes.

exit_data_length

Direction: Ignored

Type: Integer

This field is ignored. It is recommended to specify 0 for this parameter.

exit_data

Direction: Ignored

Type: String

This field is ignored.

rule_array_count

Direction: Input

Type: Integer

The number of keywords you supplied in the rule_array parameter. This value must be 0, 1, 2, or 3.

rule_array

Direction: Input

Type: String

Keywords that provide control information to the callable service.

Table 315. Keywords for secret key decrypt
Keyword	Meaning
Encryption Mechanism (Optional. No default. If not specified, mechanism will be taken from key type of secret key. If specified , must match key type)
AES	AES algorithm will be used.
DES	DES algorithm will be used. This is only single-key encryption.

key_handle

Direction: Input

Type: String

The 44-byte handle of secret key object. See Handles for the format of a key_handle.

initialization_vector_length

Direction: Input

Type: Integer

Length of the initialization_vector in bytes. For CBC and CBC-PAD, this must be 8 bytes for DES and BLOWFISH and 16 bytes for AES. For GCM, this must be the size of the initialization_vector field (28 bytes).

initialization_vector

Direction: Input

Type: String

This field has a varying format depending on the mechanism specified. For CBC and CBC-PAD this is the 8 or 16 byte initial chaining value. The format for GCM is shown in the following table.

Table 316. initialization_vector parameter format for GCM mechanism
Offset	Length in bytes	Direction	Description
0	4	Input	length in bytes of the initialization vector. The minimum value is 1. The maximum value is 128. 12 is recommended.
4	8	Input	64-bit address of the initialization vector. The data must reside in the caller's address space. High order word must be set to all zeros by AMODE31 callers.

chain_data_length

Direction: Input/Output

Type: Integer

The byte length of the chain_data parameter. This must be 128 bytes.

chain_data

Direction: Input/Output

Type: String

This field is a 128-byte work area. The chain data permits chaining data from one call to another. ICSF initializes the chain data on an INITIAL call, and may change it on subsequent CONTINUE calls. Your application must not change the data in this field between the sequence of INITIAL, CONTINUE, and FINAL calls for a specific message. The chain data has the following format:

Table 317. chain_data parameter format
Offset	Length	Description
0	4	Flag word Bit Meaning when set on 0 Cryptographic state object has been allocated 1-31 Reserved for IBM's use
4	44	Cryptographic state object handle

cipher_text_length

Direction: Input

Type: Integer

Length of the cipher_text parameter in bytes. Except for processing rule GCM, the length can be up to 2147483647. For processing rule GCM, the length cannot exceed 1048576 plus the length of the tag.

cipher_text