Parameters

The parameters for CSNBKYT.

For the definitions of the return_code, reason_code, exit_data_length, and exit_data parameters, see Parameters common to all verbs.

rule_array_count
Direction: Input
Type: Integer
A pointer to an integer variable containing the number of elements in the rule_array variable. This value must be 2, 3, 4, or 5.
rule_array
Direction: Input
Type: String array
Two to five keywords provide control information to the verb. The keywords must be in contiguous storage with each of the keywords left-aligned in its own 8-byte location and padded on the right with blanks. The rule_array keywords are described in Table 1 .
Table 1. Keywords for Key Test control information

Keywords for Key Test control information

Keyword Description
Key rule (One, required)
KEY-CLR Specifies the key supplied in key_identifier is a single-length clear key.
KEY-CLRD Specifies the key supplied in key_identifier is a double-length clear key.
KEY-CLRT Process a triple-length Triple-DES clear key or clear key-part.
KEY-ENC Specifies the key supplied in key_identifier is a single-length encrypted key.
KEY-ENCD Specifies the key supplied in key_identifier is a double-length encrypted key.
KEY-ENCT Process a triple-length Triple-DES enciphered key or enciphered key-part supplied in a key token.
KEY-KM Specifies that the target is the master key register.
KEY-NKM Specifies that the target is the new master-key register.
KEY-OKM Specifies that the target is the old master-key register.
CLR-A128 Process a 128-bit AES clear-key or clear-key part.
CLR-A192 Process a 192-bit AES clear-key or clear-key part.
CLR-A256 Process a 256-bit AES clear-key or clear-key part.
TOKEN Process an AES clear or encrypted key contained in an AES key-token.
Master-key selector (One, optional). Use only with KEY-KM, KEY-NKM, or KEY-OKM keywords.
AES-MK Process one of the AES master-key registers.
APKA-MK Process one of the APKA master-key registers.
ASYM-MK Specifies use of only the asymmetric master-key registers.
SYM-MK Specifies use of only the symmetric master-key registers.
Process rule (One, required)
GENERATE Generate a verification pattern for the key supplied in key_identifier.
VERIFY Verify a verification pattern for the key supplied in key_identifier.
Parity adjustment (One, optional)
ADJUST Adjust the parity of test key to odd before generating or verifying the verification pattern. The key_identifier field itself is not adjusted.
NOADJUST Do not adjust the parity of test key to odd before generating or verifying the verification pattern. This is the default.
Verification process rule (One, optional). See Cryptographic key-verification techniques.
ENC-ZERO Specifies use of the "encrypted zeros" method. Use only with KEY-CLR, KEY-CLRD, KEY-ENC, or KEY-ENCD keywords.

The optional ENC-ZERO algorithm can be used with any key. A 4-byte verification pattern is generated for non-compliant-tagged tokens. A 3-byte verification pattern is generated for compliant-tagged tokens.

MDC-4 Specifies use of the MDC-4 master key verification method. Use only with the KEY-KM, KEY-NKM, or KEY-OKM keywords. You must specify one master-key selector keyword to use this keyword.
SHA-1 Specifies use of the SHA-1 master-key-verification method. Use only with KEY-KM, KEY-NKM, or KEY-OKM keywords. You must specify one master-key selector keyword to use this keyword.
SHA-256 Specifies use of the SHA-256 master-key-verification method.
No keyword, and first and third parts of the master key have different values. Defaults to the use of the SHA-1 master-key verification method when the ASYM-MK or SYM-MK master-key selector keyword is specified.
No keyword, and first and third parts of the master key have the same value. Defaults to the use of the IBM® z/OS-based master-key verification method when the ASYM-MK or SYM-MK master-key selector keyword is specified.
key_identifier
Direction: Input/Output
Type: String
The key for which to generate or verify the verification pattern. The parameter is a 64-byte string of an internal token, key label, or a clear key value left-aligned.
Note: If you supply a key label for this parameter, it must be unique in the key storage file.
value_1
Direction: Input/Output
Type: String
A pointer to a string variable. See Table 2 for how this variable is used. For process rule GENERATE this parameter is output only, and for process rule VERIFY it is input only. This variable must be specified, even if it is not used. With the ENC-ZERO method, this parameter is not used.
value_2
Direction: Input/Output
Type: String
A pointer to a string variable. See Table 2 for how this variable is used. For process rule GENERATE this parameter is output only, and for process rule VERIFY it is input only. This variable must be specified, even if it is not used. With the ENC-ZERO method, the high-order four bytes contain the verification data. For more detail, see Cryptographic key-verification techniques.