PKA Key Import (CSNDPKI and CSNFPKI)

Use this service to import an RSA, ECC, or QSA public-private key pair. A private key must be accompanied by the associated public key. The source PKA private-key either can be in the clear or it can be enciphered.

To import a PKA public-private key pair:

Identify the external RSA, ECC, or QSA key token to be imported using the source_key_identifier parameter. Use the PKA Key Generate service to obtain the token or, if the key originates in a non-CCA system, use the PKA Key Token Build service.
Use the transport_key_identifier parameter to identify the key used to encipher the source key token:
- For an enciphered ECC key token, provide an AES key-encrypting key in a variable-length symmetric key-token.
- For an enciphered RSA key token, provide a key-encrypting key that can be used for import, either in a fixed-length DES key-token or a variable-length AES key token. The transport key must have its key usage set to allow IMPORT. A variable-length key must also allow wrapping of an RSA key.
- For a clear key token, provide a null transport key token.

If an RSA source key token that does not have an AES-enciphered Object Protection Key (OPK) contains an enciphered private key or its OPK data, the target key is protected by the RSA master-key. When an RSA private-key token contains a private-key section with a section identifier of X'30' or X'31', its AES OPK is used to encipher the private key and the ECC master key is used, in turn, to AES-encipher the OPK and its data. Likewise, if an ECC key token contains an enciphered private key, its AES OPK is used to encipher the private key and the ECC master key is used to encipher the OPK and its data.

The result is returned in an internal PKA key-token identified by the target_key_identifier parameter. The verb also updates the target_key_identifier_length variable to the length of data returned in the target_key_identifier variable.

Special note for CRT keys: ICSF always generates an RSA CRT key with p > q. If you import a CRT key from another RSA implementation with q > p, the key is usable within the coprocessor or accelerator, but your application encounters a performance degradation with each use of the key.

This service can also be used to import an active external trusted block. A trusted block does not contain a private key. Instead, it contains an encrypted confounder and triple-length MAC key. The MAC key is used to calculate an ISO 16609 CBC-mode Triple-DES MAC of the trusted block contents. In an external trusted block, the MAC key is encrypted under a DES IMP-PKA key.

To import an external trusted block so that it can be used as input by the Remote_Key_Export verb:

Identify the active external trusted block to be imported using the source_key_identifer parameter. Use the Trusted Block Create service with the ACTIVATE rule-array keyword to obtain the token.
Use the transport_key_identifier parameter to identify the operational DES IMP-PKA key used to encipher the confounder and triple-length MAC key contained within the trusted block. This is an IMPORTER key-encrypting key with only its IMPORT key-usage bit on (CV bit 21 = B'1').

The confounder and MAC key are enciphered under the RSA master key and returned along with the updated MAC value in an internal trusted block identified by the target_key_identifier parameter. The service also updates the target_key_identifier_length variable to the length of the returned token or key label.

The callable service name for AMODE(64) invocation is CSNFPKI.

Format

CALL CSNDPKI(
             return_code,
             reason_code,
             exit_data_length,
             exit_data,
             rule_array_count,
             rule_array,
             source_key_identifier_length,
             source_key_identifier,
             importer_key_identifier,
             target_key_identifier_length,
             target_key_identifier)

Parameters

return_code

Direction	Type
Output	Integer

The return code specifies the general result of the callable service. ICSF and cryptographic coprocessor return/reason codes lists the return codes.

reason_code

Direction	Type
Output	Integer

The reason code specifies the result of the callable service that is returned to the application program. Each return code has different reason codes assigned to it that indicate specific processing problems. ICSF and cryptographic coprocessor return/reason codes lists the reason codes.

exit_data_length

Direction	Type
Input/Output	Integer

The length of the data that is passed to the installation exit. The data is identified in the exit_data parameter.

exit_data

Direction	Type
Input/Output	String

The data that is passed to the installation exit.

rule_array_count

Direction	Type
Input	Integer

The number of keywords you supplied in the rule_array parameter. This may be 0, 1, or 2.

rule_array

Direction	Type
Input	Character String

The rule_array parameter is an array of keywords. The keywords must be 8 bytes of contiguous storage with the keyword left-justified in its 8-byte location and padded on the right with blanks. The rule_array keywords are:

Table 1. Keywords for PKA Key Import
Keyword	Meaning
*Token Type (optional)*
RSA	Specifies that the key token contains an RSA key. This is the default.
ECC	Specifies that the key token contains an ECC key.
QSA	Specifies that the key token contains a QSA key. Only clear keys are supported.
*Transport key type (optional)*
IKEK-AES	The importer_key_identifier is a AES key.
IKEK-DES	The importer_key_identifier is a DES key. This is the default.

source_key_identifier_length

Direction	Type
Input	Integer

The length of the source_key_identifier parameter in bytes. The maximum size is 8000 bytes.

source_key_identifier

Direction	Type
Input	String

The external key token of an ECC, RSA, or QSA private key or active external trusted block to be imported. The ECC, RSA, and QSA key token must contain both public-key and private key information. The private key can be in cleartext or it can be enciphered.

importer_key_identifier

Direction	Type
Input/Output	String

The identifier of the key-encrypting key to unwrap the source key. The key identifier is a variable-length operational key token or key block or the label of an operational token or block in key storage.

For RSA keys, this is either a DES limited authority transport key (IMP-PKA) or an AES transport key. For trusted blocks, this must be a DES limited authority transport key (IMP-PKA). For ECC keys, this must be an AES transport key. For QSA keys, this must be a null token.

This parameter contains one of the following:

64-byte null token when the source key is a QSA key.
64-byte label of a CKDS record that contains the transport key.
64-byte DES internal key token containing the transport key.
a variable-length AES internal key token containing the transport key.
a variable-length X9.143 (TR-31) key block containing the transport key: key usage K0, algorithm A or T, and mode of use D.

This parameter is ignored for clear tokens.

If the token or key block supplied was encrypted under the old master key, the token or key block will be returned encrypted under the current master key.

target_key_identifier_length

Direction	Type
Input/Output	Integer

The length of the target_key_identifier parameter in bytes. The maximum value is 8000 bytes.

On input, this is the size of the buffer to receive the output key token. If the target_key_identifier is the label of an existing record in the PKDS, the value must be 64.

On output, and if the size is of sufficient length, the parameter is updated with the actual length of the returned key token.

target_key_identifier

Direction	Type
Input/Output	String

This parameter contains the internal token or label of the imported PKA private key or a Trusted Block. If a label is specified on input, a PKDS record with this label must exist. The PKDS record with this label will be overwritten with imported key unless the existing record is a retained key. If the record is a retained key, the import will fail. A retained key record cannot be overwritten.

When the importer_key_identifier is compliant-tagged, the key is imported as a compliant-tagged key token.

Restrictions

This service imports RSA keys of up to 4096 bits. However, the hardware configuration sets the limits on the modulus size of keys for digital signatures and key management; thus, the key may be successfully imported but fail when used if the limits are exceeded.

The importer_key_identifier is a limited-authority key-encrypting key.

CRT form tokens with a private section ID of X'05' cannot be imported into ICSF.

Usage notes

SAF may be invoked to verify the caller is authorized to use this callable service, the key label, or internal secure key tokens that are stored in the CKDS or PKDS.

An RSA modulus-exponent form token imported results in a X'06' format.

This service imports keys of any modulus size up to 4096 bits. However, the hardware configuration sets the limits on the modulus size of keys for digital signatures and key management; thus, the key may be successfully imported but fail when used if the limits are exceeded.

Access control points

The PKA Key Import access control point controls the function of this service. If the source_key_token parameter points to a trusted block, the PKA Key Import - Import an external trusted block access control point must also be enabled.

To prevent the importing of key tokens which have the private key values in the clear, the PKA Key Import – Disallow clear key import must be enabled.

The Allow weak DES wrap of RSA access control allows a weaker DES key-encrypting key to wrap an RSA private key token. The Prohibit weak wrap – Transport keys access control must be enabled and this access control will override the restriction.

Required hardware

This table lists the required cryptographic hardware for each server type and describes restrictions for this callable service. The CCA releases used in the table are described in CCA release levels.

Table 2. PKA Key Import required hardware
Server	Required cryptographic hardware	Restrictions
IBM z13 IBM z13s	Crypto Express5 CCA Coprocessor	Support for RSA public exponents 5, 17, and 257 requires the October 2016 or later licensed internal code (LIC). Triple-length DES keys require the July 2019 or later licensed internal code (LIC). Compliant-tagged key tokens are not supported. CRYSTALS-Dilithium keys are not supported. Edwards curves Ed25519 and Ed448 are not supported. ECC Koblitz curve secp256k1 is not supported. CRYSTALS-Kyber, CRYSTALS-Dilithium (8,7) Round 2 or Round 3, and CRYSTALS-Dilithium (6,5) Round 3 Private keys are not supported. X9.143 key blocks are not supported.
IBM z14 IBM z14 ZR1	Crypto Express5 CCA Coprocessor	Support for RSA public exponents 5, 17, and 257 requires the October 2016 or later licensed internal code (LIC). Triple-length DES keys require the December 2018 or later licensed internal code (LIC). Compliant-tagged key tokens are not supported. CRYSTALS-Dilithium keys are not supported. Edwards curves Ed25519 and Ed448 are not supported. ECC Koblitz curve secp256k1 is not supported. CRYSTALS-Kyber, CRYSTALS-Dilithium (8,7) Round 2 or Round 3, and CRYSTALS-Dilithium (6,5) Round 3 Private keys are not supported. X9.143 key blocks are not supported.
IBM z14 IBM z14 ZR1	Crypto Express6 CCA Coprocessor	Triple-length DES keys require the December 2018 or later licensed internal code (LIC). Compliant-tagged key tokens require a CEX6C with the July 2019 or later licensed internal code (LIC). CRYSTALS-Dilithium keys are not supported. Edwards curves Ed25519 and Ed448 are not supported. ECC Koblitz curve secp256k1 is not supported. CRYSTALS-Kyber, CRYSTALS-Dilithium (8,7) Round 2 or Round 3, and CRYSTALS-Dilithium (6,5) Round 3 Private keys are not supported. X9.143 key blocks are not supported.
IBM z15 IBM z15 T02	Crypto Express5 CCA Coprocessor	Compliant-tagged key tokens are not supported. CRYSTALS-Dilithium keys are not supported. Edwards curves Ed25519 and Ed448 are not supported. ECC Koblitz curve secp256k1 is not supported. CRYSTALS-Kyber, CRYSTALS-Dilithium (8,7) Round 2 or Round 3, and CRYSTALS-Dilithium (6,5) Round 3 Private keys are not supported. X9.143 key blocks are not supported.
	Crypto Express6 CCA Coprocessor	CRYSTALS-Dilithium keys are not supported. Edwards curves Ed25519 and Ed448 are not supported. ECC Koblitz curve secp256k1 is not supported. CRYSTALS-Kyber, CRYSTALS-Dilithium (8,7) Round 2 or Round 3, and CRYSTALS-Dilithium (6,5) Round 3 Private keys are not supported. X9.143 key blocks are not supported.
	Crypto Express7 CCA Coprocessor	CRYSTALS-Dilithium key support require the June 2020 or later licensed internal code (LIC). Edwards curves Ed25519 and Ed448 require the June 2020 or later licensed internal code (LIC). ECC Koblitz curve secp256k1 requires the September 2020 or later licensed internal code (LIC). CRYSTALS-Kyber, CRYSTALS-Dilithium (8,7) Round 2 or Round 3, and CRYSTALS-Dilithium (6,5) Round 3 Private keys are not supported. X9.143 key blocks are not supported.
IBM z16 IBM z16 A02	Crypto Express6 CCA Coprocessor	CRYSTALS-Dilithium keys are not supported. Edwards curves Ed25519 and Ed448 are not supported. ECC Koblitz curve secp256k1 is not supported. X9.143 key blocks are not supported.
	Crypto Express7 CCA Coprocessor	CRYSTALS-Kyber, CRYSTALS-Dilithium (8,7) Round 2 or Round 3, and CRYSTALS-Dilithium (6,5) Round 3 Private keys are not supported. X9.143 key blocks are not supported.
	Crypto Express8 CCA Coprocessor	CRYSTALS-Kyber, CRYSTALS-Dilithium (8,7) Round 2 or Round 3, and CRYSTALS-Dilithium (6,5) Round 3 keys require CCA release 8.0 or later licensed internal code (LIC). X9.143 key blocks support requires the CCA release 8.1 or later licensed internal code (LIC).