Parameters

return_code

Direction	Type
Output	Integer

The return code specifies the general result of the callable service. ICSF and cryptographic coprocessor return and reason codes lists the return codes.

reason_code

Direction	Type
Output	Integer

The reason code specifies the result of the callable service that is returned to the application program. Each return code has different reason codes that indicate specific processing problems. ICSF and cryptographic coprocessor return and reason codes lists the reason codes.

exit_data_length

Direction	Type
Ignored	Integer

This field is ignored. It is recommended to specify 0 for this parameter.

exit_data

Direction	Type
Ignored	String

This field is ignored.

rule_array_count

Direction	Type
Input	Integer

The number of keywords you supplied in the rule_array parameter. This value must be 1 or 2.

rule_array

Direction	Type
Input	String

Keywords that provide control information to the callable service. Each keyword is left-justisfied in 8-byte fields and padded on the right with blanks. All keywords must be in contiguous storage.

Table 1. Keywords for generate HMAC
Keyword	Meaning
Mechanism (required)
MD5	Generate an HMAC. Use MD5 hashing. Output returned in the hmac parameter is 16 bytes in length.
SHA-1	Generate an HMAC. Use SHA-1 hashing. Output returned in the hmac parameter is 20 bytes in length.
SHA-224	Generate an HMAC. Use SHA-224 hashing. Output returned in the hmac parameter is 28 bytes in length.
SHA-256	Generate an HMAC. Use SHA-256 hashing. Output returned in the hmac parameter is 32 bytes in length.
SHA-384	Generate an HMAC. Use SHA-384 hashing. Output returned in the hmac parameter is 48 bytes in length.
SHA-512	Generate an HMAC. Use SHA-512 hashing. Output returned in the hmac parameter is 64 bytes in length.
SSL3-MD5	Generate a MAC according to the SSL v3 protocol. Use MD5 hashing. Output returned in the hmac parameter is 16 bytes in length.
SSL3-SHA	Generate a MAC according to the SSL v3 protocol. Use SHA1 hashing. Output returned in the hmac parameter is 20 bytes in length.
Chaining Selection (Optional)
FIRST	Specifies this is the first call in a series of chained calls. Intermediate results are stored in the hash field.
MIDDLE	Specifies this is a middle call in a series of chained calls. Intermediate results are stored in the hash field.
LAST	Specifies this is the last call in a series of chained calls.
ONLY	Specifies this is the only call and the call is not chained. This is the default.

text_length

Direction	Type
Input	Integer

Length of the text parameter in bytes. The length can be from 0 to 2147483647.

text

Direction	Type
Input	String

Value for which an HMAC will be generated.

text_id

Direction	Type
Input	Integer

The ALET identifying the space where the text resides.

chain_data_length

Direction	Type
Input/Output	Integer

The byte length of the chain_data parameter. This must be 128 bytes.

chain_data

Direction	Type
Input/Output	String

This field is a 128-byte work area. The chain data permits chaining data from one call to another. ICSF initializes the chain data on a FIRST call and may change it on subsequent MIDDLE and LAST calls. Your application must not change the data in this field between the sequence of FIRST, MIDDLE, and LAST calls for a specific message. The chain data has the following format:

Table 2. chain_data parameter format
Offset	Length	Description
0	4	Flag word Bit Meaning when set on 0 Cryptographic state object has been allocated 1-31 Reserved for IBM’s use
4	44	Cryptographic state object handle
48	80	Reserved for IBM’s use

key_handle

Direction	Type
Input	String

The 44-byte handle of a generic secret key object. This parameter is ignored for MIDDLE and LAST chaining requests. See Handles for the format of a key_handle.

hmac_length

Direction	Type
Ignored	Integer

Reserved field

hmac

Direction	Type
Output	String

Upon successful completion of an ONLY or LAST request, this field contains the generated HMAC value, left justified. The caller must provide an area large enough to hold the generated HMAC as defined by the mechanism specified. This field is ignored for FIRST and MIDDLE requests.