z/OS Cryptographic Services ICSF Application Programmer's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Parameters

z/OS Cryptographic Services ICSF Application Programmer's Guide
SA22-7522-16

return_code
Direction: OutputType: Integer

The return code specifies the general result of the callable service. Appendix A. ICSF and TSS Return and Reason Codes lists the return codes.

reason_code
Direction: OutputType: Integer

The reason code specifies the result of the callable service that is returned to the application program. Each return code has different reason codes that indicate specific processing problems. Appendix A. ICSF and TSS Return and Reason Codes lists the reason codes.

exit_data_length
Direction: Input/OutputType: Integer

The length of the data that is passed to the installation exit. The length can be from X'00000000' to X'7FFFFFFF' (2 gigabytes). The data is identified in the exit_data parameter.

exit_data
Direction: Input/OutputType: String

The data that is passed to the installation exit.

rule_array_count
Direction: InputType: Integer

The number of keywords you supplied in the rule_array parameter. The value must be 2.

rule_array
Direction: InputType: String

The rule_array contains keywords that provide control information to the callable service. The keywords must be in contiguous storage with each of the keywords left-justified in its own 8-byte location and padded on the right with blanks.

Table 36. Keywords for Key Generate2 Control Information
KeywordMeaning
Token algorithm (required)
HMACSpecifies to generate an HMAC key token.
AESSpecifies to generate an AES key token.
Key Form (required)

The first two characters refer to key_type_1. The next two characters refer to key_type_2. See the Usage Notes section for further details.

EXOne key that can be sent to another system.
EXEXA key pair; both keys to be sent elsewhere, possibly for exporting to two different systems. Both keys have the same clear value.
IMOne key that can be locally imported. The key can be imported onto this system to make it operational at another time.
IMEXA key pair to be imported; one key to be imported locally and one key to be sent elsewhere. Both keys have the same clear value.
IMIMA key pair to be imported; both keys to be imported locally at another time. Both keys have the same clear value.
OPOne operational key. The key is returned to the caller in operational form to be used locally.
OPEXA key pair; one key that is operational and one key to be sent elsewhere. Both keys have the same clear value.
OPIMA key pair; one key that is operational and one key to be imported locally at another time. Both keys have the same clear value.
OPOPA key pair; either with the same key type with different associated data or complementary key types. Both keys have the same clear value.
clear_key_bit_length
Direction: InputType: Integer

The size (in bits) of the key to be generated.

  • For the HMAC algorithm, this is a value between 80 and 2048, inclusive.
  • For the AES algorithm, this is a value of 128, 192, or 256.

When key_type_1 or key_type_2 is TOKEN, this value overrides the key length contained in generated_key_identifier_1 or generated_key_identifier_2, respectively.

key_type_1
Direction: InputType: String

Use the key_type_1 parameter for the first, or only, key that you want generated. The keyword must be left-justified and padded with blanks. Valid type combinations depend on the key form, and are documented in Table 39 and Table 40.

The 8-byte keyword for the key_type_1 parameter can be one of the following:

Table 37. Keywords and associated algorithms for key_type_1 parameter
KeywordAlgorithm
CIPHERAES
EXPORTERAES
IMPORTERAES
MACHMAC
MACVERHMAC
Specify the keyword TOKEN when supplying a key token in the generated_key_identifier_1 parameter.

If key_type_1 is TOKEN, the associated data in the generated_key_identifier_1 parameter is examined to derive the key type.

key_type_2
Direction: InputType: String

Use the key_type_2 parameter for a key pair, which is shown in Table 40. The keyword must be left-justified and padded with blanks. Valid type combinations depend on the key form.

The 8-byte keyword for the key_type_2 parameter can be one of the following:

Table 38. Keywords and associated algorithms for key_type_2 parameter
KeywordAlgorithm
CIPHERAES
EXPORTERAES
IMPORTERAES
MACHMAC
MACVERHMAC
Specify the keyword TOKEN when supplying a key token in the generated_key_identifier_2 parameter.

If key_type_2 is TOKEN, the associated data in the generated_key_identifier_2 parameter is examined to derive the key type.

When only one key is being generated, this parameter is ignored.

key_name_1_length
Direction: InputType: Integer

The length of the key_name parameter for generated_key_identifier_1. Valid values are 0 and 64 bytes.

key_name_1
Direction: InputType: String

A 64-byte key store label to be stored in the associated data structure of generated_key_identifier_1.

key_name_2_length
Direction: InputType: Integer

The length of the key_name parameter for generated_key_identifier_2. Valid values are 0 and 64 bytes.

When only one key is being generated, this parameter is ignored.

key_name_2
Direction: InputType: String

A 64-byte key store label to be stored in the associated data structure of generated_key_identifier_2.

When only one key is being generated, this parameter is ignored.

user_associated_data_1_length
Direction: InputType: Integer

The length of the user-associated data parameter for generated_key_identifier_1. The valid values are 0 to 255 bytes.

user_associated_data_1
Direction: InputType: String

User-associated data to be stored in the associated data structure for generated_key_identifier_1.

user_associated_data_2_length
Direction: InputType: Integer

The length of the user-associated data parameter for generated_key_identifier_2. The valid values are 0 to 255 bytes.

When only one key is being generated, this parameter is ignored.

user_associated_data_2
Direction: InputType: String

User associated data to be stored in the associated data structure for generated_key_identifier_2.

When only one key is being generated, this parameter is ignored.

key_encrypting_key_identifier_1_length
Direction: InputType: Integer

The length of the buffer for key_encrypting_key_identifier_1 in bytes. When the Key Form rule is OP, OPOP, OPIM, or OPEX, this length must be zero. When the Key Form rule is EX, EXEX, IM, IMEX, or IMIM, the value must be between the actual length of the token and 725 bytes when key_encrypting_key_identifier_1 is a token.

The value must be 64 bytes when key_encrypting_key_identifier_1 is a label.

key_encrypting_key_identifier_1
Direction: Input/OutputType: String

When key_encrypting_key_identifier_1_length is zero, this parameter is ignored. Otherwise, key_encrypting_key_identifier_1 contains an internal key token containing the AES importer or exporter key-encrypting key, or a key label.

If the token supplied was encrypted under the old master key, the token will be returned encrypted under the current master key.

key_encrypting_key_identifier_2_length
Direction: InputType: Integer

The length of the buffer for key_encrypting_key_identifier_2 in bytes. When the Key Form rule is OPOP, this length must be zero. When the Key Form rule is EXEX, IMEX, IMIM, OPIM, or OPEX, the value must be between the actual length of the token and 725 when key_encrypting_key_identifier_2 is a token. The value must be 64 when key_encrypting_key_identifier_2 is a label.

When only one key is being generated, this parameter is ignored.

key_encrypting_key_identifier_2
Direction: Input/OutputType: String

When key_encrypting_key_identifier_2_length is zero, this parameter is ignored. Otherwise, key_encrypting_key_identifier_2 contains an internal key token containing the AES importer or exporter key-encrypting key, or a key label.

If the token supplied was encrypted under the old master key, the token will be returned encrypted under the current master key.

When only one key is being generated, this parameter is ignored.

generated_key_identifier_1_length
Direction: Input/OutputType: Integer

On input, the length of the buffer for the generated_key_identifier_1 parameter in bytes. The maximum value is 900 bytes.

On output, the parameter will hold the actual length of the generated_key_identifier_1.

generated_key_identifier_1
Direction: Input/OutputType: String

The buffer for the first generated key token.

On input, if you specify a key_type_1 of TOKEN, then the buffer contains a valid key token of the key type you want to generate. The key token must be left justified in the buffer. See key_type_1 for a list of valid key types.

On output, the buffer contains the generated key token.

generated_key_identifier_2_length
Direction: Input/OutputType: Integer

On input, the length of the buffer for the generated_key_identifier_2 in bytes. The maximum value is 900 bytes.

On output, the parameter will hold the actual length of the generated_key_identifier_2.

When only one key is being generated, this parameter is ignored.

generated_key_identifier_2
Direction: Input/OutputType: String

The buffer for the second generated key token.

On input, if you specify a key_type_2 of TOKEN, then the buffer contains a valid key token of the key type you want to generate. The key token must be left justified in the buffer. See key_type_2 for a list of valid key types.

On output, the buffer contains the generated key token.

When only one key is being generated, this parameter is ignored.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014