Parameters

The parameter definitions for CSNDT34C.

For the definitions of the return_code, reason_code, exit_data_length, and exit_data parameters, see Parameters common to all verbs.

rule_array_count
Direction Type
Input Integer
The number of keywords you supplied in the rule_array parameter. The value must be 1 - 4.
rule_array
Direction Type
Input Character
The rule_array contains keywords that provide control information to the callable service. The keywords must be 8 bytes of contiguous storage with the keyword left-justified in its 8-byte location and padded on the right with blanks.
Table 1. Keywords for TR-34 Bind-Complete

Keywords for TR-34 Bind-Complete. This table contains two columns: Keyword and Meaning, and it contains rows for Requested action (one, required) and Public key infrastructure usage (one, optional).

Keyword Meaning
Requested action (one, required).
BINDKRDC TR34 BIND CTKRD creation service. Creates the KRD credential token that is needed by the KDH to take the next step in the TR-34 BIND action.
BINDRV TR34 BIND CTKDH RECEIVE service. Receives and processes the token sent by the KDH to the KRD to accomplish the BIND action in the TR-34 protocol. This binds the KRD to the KDH for a later key distribution action.
UNBINDRV TR34 UNBIND UBTKDH RECEIVE service. Receives and processes the token sent by the KDH to the KRD to accomplish the UNBIND action in the TR-34 protocol. This frees the KRD from the currently bound KDH and causes the KRD to remove all keys received while bound to this KDH.
REBINDRV TR34 REBIND RBTKDH RECEIVE service. Receives and processes the token sent by the KDH to the KRD to accomplish the REBIND action in the TR-34 protocol. This frees the KRD from the current binding key of the KDH and binds the KRD to a new binding key from the KDH. This also causes the KRD to remove all keys received while bound to the KDH under the prior binding key.
Public key infrastructure usage (one, optional).
PKI-CHK Specifies that the X.509 certificate for the other party (KRD) is to be validated against the trust chain of the PKI hosted in the adapter. This requires that the CA credentials have been installed using the Trusted Key Entry (TKE) workstation. This is required for compliance-tagged key token export with TR-34 services.

This is the default.

Cannot be combined with BINDKRDC. There are no other-party credentials to evaluate.

PKI-NONE Specifies that the X.509 certificate for the other party (KRD) is not to be validated against the trust chain of the PKI hosted in the adapter. This is suitable if the certificate has been validated using host-based PKI services.

Cannot be combined with BINDKRDC. There are no other-party credentials to evaluate.

CRL expiration date checking (one, optional).
CRLEXPCK CRL Expiration Check - Check the expiration date of the certificate revocation list (CRL) and return an error if the CRL is expired. This is the default.
CRLEXPAL CRL Expiration Allow - Check the expiration date of the certificate revocation list (CRL) and return an informational message if the CRL is expired.
KRD certificate date checking (one, optional).
RCTEXPCK KRD Certificate Expiration Check - Check the expiration date of the key receiving device (KRD) certificate and return an error if the certificate is expired. This is the default.
RCTEXPAL KRD Certificate Expiration Allow - Check the expiration date of the key receiving device (KRD) certificate and return an informational message if the certificate is expired.
input_token_length
Direction Type
Input Integer
The length of the input_token parameter in bytes. The maximum length is 9000 bytes. When the requested action keyword is BINDKRDC, the value must be 0.
input_token
Direction Type
Input String
The DER encoded TR-34 token object. The requested action keyword defines the object.

When the input_token_length is zero, this parameter is ignored.

The requested action keyword determines the input token:
BINDRV
The BIND token received from the KDH (CTKDH).
UNBINDRV
The UNBIND token received from the KDH (UBTKDH).
REBINDRV
The REBIND token received from the KDH (RBTKDH).
cred_kdh_length
Direction Type
Input Integer
The length of the cred_kdh parameter in bytes. The maximum length is 3500 bytes. When the requested action keyword is BINDKRDC or BINDRV, the value must be 0.
cred_kdh
Direction Type
Input String
The X.509 certificate that is the credential of the KDH for the requested service. The certificate may be in DER or PEM format.

When the cred_kdh_length is zero, this parameter is ignored.

Note: This service is acting as the KDH so the cred_kdh is not expected to validate against the internal PKI of the adapter. Use the PKI-NONE keyword to override this validation.
cred_krd_length
Direction Type
Input/Output Integer
The length of the cred_krd parameter in bytes. The maximum length is 3500 bytes. When the requested action keyword is BINDRV, the value must be 0.
cred_krd
Direction Type
Input/Output String
The X.509 certificate that is the credential of the KRD for the requested service (the CredKRD). The certificate may be in DER or PEM format.

When the cred_krd_length is zero, this parameter is ignored.

Note: This service is acting as the KDH so the cred_krd is normally expected to validate against the internal PKI of the adapter. Use the PKI-NONE keyword to override this validation,
random_number_token_length
Direction Type
Input Integer
The length of the random_number_token parameter. The maximum length is 200 bytes. When the requested action keyword is BINDKRDC or BINDRV, the value must be zero.
random_number_token
Direction Type
Input String
The DER encoded random number token RTKRD that was sent to the KDH. The random_number_token is used by the KRD to validate the random number sent by the KDH in the input_token parameter.

When the random_number_token_length is zero, this parameter is ignored.

output_token_length
Direction Type
Input/Output Integer
The length of the output_token parameter in bytes. The maximum length is 3500 bytes. On input, the value is the size of the buffer to receive the output_token. On output, the value is the actual size of the data returned in the output_token parameter.

When the requested action keyword is UNBINDRV, the value must be zero.

output_token
Direction Type
Output String
The generated DER encoded TR-34 token.
BINDKRDC
The TR-34 credential token for the KRD (CTKRD).
BINDRV and REBINDRV
The TR-34 credential X.509 certificate for the KDH (CredKDH).

When the output_token_length is zero, this parameter is ignored.

reserved_data_length
Direction Type
Input/Output Integer
This parameter is reserved. The value must be zero.
reserved_data
Direction Type
Input/Output String
This parameter is ignored.