|
- return_code
-
Direction: Output | Type: Integer |
The return code specifies the general result of the callable
service. Appendix A. ICSF and TSS Return and Reason Codes lists the return codes.
- reason_code
-
Direction: Output | Type: Integer |
The reason code specifies the result of the callable service
that is returned to the application program. Each return code has
different reason codes that indicate specific processing problems. Appendix A. ICSF and TSS Return and Reason Codes lists the reason codes.
- exit_data_length
-
Direction: Ignored | Type: Integer |
This field is ignored. It is recommended to specify 0 for
this parameter.
- exit_data
-
Direction: Ignored | Type: String |
This field is ignored.
- rule_array_count
-
Direction: Input | Type: Integer | The number of keywords you supplied in the rule_array parameter.
This value must be 0, 1, 2, or 3.
- rule_array
-
Direction: Input | Type: String |
Keywords that provide control information to the callable
service.
Table 315. Keywords for secret key decryptKeyword | Meaning |
---|
Encryption
Mechanism (Optional. No default. If not specified, mechanism will
be taken from key type of secret key. If specified , must match key
type) | AES | AES
algorithm will be used. | DES | DES
algorithm will be used. This is only single-key encryption. |
- key_handle
-
Direction: Input | Type: String | The 44-byte handle of secret key object. See Handles for
the format of a key_handle.
- initialization_vector_length
-
Direction: Input | Type: Integer | Length of the initialization_vector in bytes. For
CBC and CBC-PAD, this must be 8 bytes for DES and BLOWFISH and 16
bytes for AES. For GCM, this must be the size of the initialization_vector field
(28 bytes).
- initialization_vector
-
Direction: Input | Type: String | This field has a varying format depending on the mechanism
specified. For CBC and CBC-PAD this is the 8 or 16 byte initial chaining
value. The format for GCM is shown in the following table.
Table 316. initialization_vector parameter format for GCM mechanismOffset | Length in bytes | Direction | Description |
---|
0 | 4 | Input | length in bytes of the initialization vector.
The minimum value is 1. The maximum value is 128. 12 is recommended. | 4 | 8 | Input | 64-bit address of the initialization vector.
The data must reside in the caller's address space. High order
word must be set to all zeros by AMODE31 callers. |
- chain_data_length
-
Direction: Input/Output | Type: Integer | The byte length of the chain_data parameter. This must be
128 bytes.
- chain_data
-
Direction: Input/Output | Type: String | This field is a 128-byte work area. The chain data permits
chaining data from one call to another. ICSF initializes the chain
data on an INITIAL call, and may change it on subsequent CONTINUE
calls. Your application must not change the data in this field between
the sequence of INITIAL, CONTINUE, and FINAL calls for a specific
message. The chain data has the following format:
Table 317. chain_data parameter formatOffset | Length | Description |
---|
0 | 4 | Flag word
- Bit
- Meaning when set on
- 0
- Cryptographic state object has been allocated
- 1-31
- Reserved for IBM's use
| 4 | 44 | Cryptographic state object handle |
- cipher_text_length
-
Direction: Input | Type: Integer | Length of the cipher_text parameter in bytes. Except
for processing rule GCM, the length can be up to 2147483647. For processing
rule GCM, the length cannot exceed 1048576 plus the length of the
tag.
- cipher_text
-
Direction: Input | Type: String | Text to be decrypted.
- cipher_text_id
-
Direction: Input | Type: Integer | The ALET identifying the space where the cipher text resides.
- clear_text_length
-
Direction: Input/Output | Type: Integer | On input, the length in bytes of the clear_text parameter.
On output, the length of the text decrypted into the clear_text parameter
- clear_text
-
Direction: Output | Type: String | Decrypted text
- clear_text_id
-
Direction: Input | Type: Integer | The ALET identifying the space where the clear text resides.
|