IGGENC description

Programming environment

The requirements for the caller are described in Table 1.

Table 1. Requirements for the caller
Environmental	Requirement
Authorization	Problem state or supervisor state and any PSW key. Calls after the connect call must be in the same protection key or be in key 0.
Dispatchable unit mode	The connect and disconnect functions require task mode. The encrypt and decrypt functions can be called in task or SRB mode.
Cross memory mode	PASN=HASN=SASN
AMODE	24-bit, 31-bit or 64-bit. If the invocation is in 64-bit, you must precede the invocation with an invocation of the SYSSTATE macro with AMODE64=YES.
ASC mode	Primary
Interrupt Status	Enabled for I/O and external interrupts.
Locks	Holding the local lock of the home address space is optional. When the caller holds that lock during encrypt or decrypt calls, ICSF captures statistics but does not write them out until a call without the local lock or when the disconnect function is called. The system calls EXCP appendages while holding the local lock.

Programming Requirements

Encryption and RACF Security

In order to encrypt or decrypt with the key label, your program must have at least RACF read authority to the key label. There are two exceptions to this requirement for authorization to the key label:

If the system is bypassing security for your job step because the JSCBPASS bit is on. It will be on if your job step program is in the system’s program properties table (PPT) and the entry has the NOPASS attribute. The program properties table is defined by the SCHEDxx member of SYS1.PARMLIB.
If your program has APF authorization, supervisor state or system key and either of these is true:
- Your program passed a DCB to the encrypt or decrypt function and the DCB points to a DCBE with BYPASS_AUTH=YES coded or
- Your program called the IGGENC macro for the connect function with an options block that has the IGGENCBypassAuth bit on.

If the ICSF installation options specifies CHECKAUTH(YES), the caller must also have authority to the CSFSERV class with profile CSFKRR2.

Note: CHECKAUTH(NO) is the default.

Testing for Data Set Encryption

Testing Before or After Opening the Data Set

To test whether a data set is encrypted, your program can read the DSCB with the OBTAIN or CVAFDIR macro as described in this book. If the DS1ENCRP bit is on, the data set is encrypted.

If the DS1PDSE bit also is on, then the data set is a PDSE and cannot be used with EXCP. (If the DS1PDSEX bit also is on, it is an HFS data set and the data set cannot be encrypted.)
If the DS1STRP bit also is on, then the data set is extended format (possibly also compressed format) and cannot be used with EXCP.
If neither of the above two bits is on and the DS1DSORG field has the DS1DSGPS bit on or the DCBDSORG field is empty, then it means that the data set is a basic format or large format data set. If the DS1LARGE bit is on, it is a large format data set.

Testing for encryption

If your program provides a DCBE, your optional DCB open exit routine can test the DCBE to see whether the data set has the encryption attribute. You can do the same test after OPEN.

The bit to test is DCBE_DS_ENCRYPTION. It means that the data set is encrypted. The data set is a PDSE or is basic, large or extended format.

If your program is reading a sequential concatenation, then this bit is for the current data set.

The system sets this bit on or off as appropriate for each data set. If your program turns on the unlike attributes bit, DCBOFPPC, then the system will call your DCB open exit routine at the beginning of each data set. This allows your program to adjust to each data set. If you do not turn DCBOFPPC on, then the system calls your DCB open exit routine only for the first data set. In this case you might want to provide an EOV exit routine. The system will call it at the beginning of each volume, including the first volume of each data set after the first. This also allows your program to adjust to encryption differences.

Even if two data sets have the same key label, they will encrypt differently. If you pass the DCB to IGGENC for encryption and decryption, the system will take care of this difference in encryption. Instead if you call the IGGENC CONNECT function, you must disconnect it at the end of each data set and call IGGENC CONNECT for the next data set.

Testing after you open the DCB

Learning the maximum block length

For maximum compatibility with the access methods and for maximum reliability in case of a program adding or removing blocks, tracks or volumes, your encrypted basic or large format data sets should have block prefixes. Prefixes are eight bytes long.

The DS1BLKL field in the DSCB contains the maximum block length for the data set. It does not include the length of the block prefix.

Other fields that contain the maximum block size for a data set and do not include the length of the prefix are:

The JFCBLKSI field in the JFCB.
The DCBBLKSI field in the DCB for BSAM and QSAM. It is two bytes. This field is not defined in an EXCP DCB.
The DCBEBLKSI field in the DCBE for any access method. It is four bytes. Your EXCP program can use the field.
The ARAXLBKS field as mapped by the IHAARA macro as returned by the RDJFCB macro. It is eight bytes.

If you issue the DEVTYPE macro with INFO=AMCAP, it returns the maximum block size for the device. It does not take encryption into account.

Learning whether the data set is encrypted and the block prefix length

In addition to testing the DSCB, there are two ways to learn whether the data set is encrypted:

In your optional DCB open exit routine, test the DCBE_DS_ENCRYPTION bit in the DCBE. It will remain valid after the DCB is open. In a sequential concatenation, it will remain value (on or off) for each data set.
Issue the ISITMGD macro after opening the DCB. To learn whether the data set is encrypted, test the ISMENCRP bit.

To learn the length of the block prefix after the DCB is open, code VERSION=2 on the ISITMGD macro and then test the ISMBPRFX byte. For further information about ISITMGD, see z/OS DFSMS Macro Instructions for Data Sets.

Opening an encrypted data set

Opening an encrypted data set with a BSAM or QSAM DCB does not require any source code changes or reassembly. If your program issues the EXCP, EXCPVR or XDAP macro for an encrypted data set, the DCB must point to a DCBE that has the DSENCRYPT=OK option set. It also must meet either of these requirements:

The DCB has a MACRF value as required for BSAM or QSAM. The system checks the DCBE during each invocation of the EXCP or XDAP macro. (You can use the DCB as a task library but in that case it cannot be encrypted.)
The DCB has MACRF=E to identify it as a DCB that is only for EXCP, EXCPVR or XDAP. The system checks the DCBE during open.

Block prefixes with data set encryption

Statistical analysis to break encryption was discovered in World War II. Block prefixes in data sets are an important part of preventing statistical analysis.

When the system creates the data set's entry in the catalog, it stores a large random number in the catalog entry. The system concatenates that large random number with the prefix for each disk block to create what is called the tweak value to encrypt that disk block. The content of each prefix should be different. This ensures that each block encrypts differently and each copy of a data set will encrypt differently (unless the copying program bypasses the access method and copies the tracks. DFSMSdss is one such program that copies the tracks.). If you write the same record multiple times, the encrypted version of each copy differs unpredictably.

With EXCP you can choose to write some blocks without encryption where the indicator is stored in the prefix. but those blocks still require prefixes.

To learn whether the data set has prefixes, your program can issue the ISITMGD macro after opening the DCB.

Do not encrypt or decrypt the block prefixes. You do encrypt and decrypt the BDWs, block descriptor words, in variable-length blocks.

You pass the block prefixes to the IGGENC macro with the BLKIDLIST parameter.

Table 2. Contents of the block prefix for an encrypted data set as mapped by the IGGEBPFX macro
Offset	Type	Length	Name	Description
0	DSECT		EBP	Encryption block prefix in basic or large format sequential data set
	Bits	1	EBPFlag1	Flags
	1... ....		EBPEncrypted	This block is encrypted
	.xxx xxxx			Reserved, should be zero
1	Binary	2		Reserved, should be zero
3	Integer	4	EBPTTTT	Relative track number across all volumes, first is zero
7	Integer	1	EBPR	Block number on track, first is 1

Encrypted blocks without prefixes

Creating data sets without prefixes should be rare and controlled. You can create an encrypted data set without prefixes if all of these are true:

Programs used to modify the data set can be controlled and are enhanced to understand how to read and write such a data set without block prefixes.
All blocks in the data set are assumed to be encrypted.
The relative location of every physical block within the data set can NEVER change.
- Blocks can NEVER be added or deleted within a track, other than from the end.
- Tracks can NEVER be added or deleted from the data set, other than from the end of the last volume that contains data.
You understand that programs that use BSAM or QSAM will not be able to open this type of data set. An attempt to do so will result in an abend 213-99, with diagnostic information at the end of the message to identify the reason.
- Not allowing access by a BSAM or QSAM application will prevent the potential scenario where standard copying programs copy the data set to an encrypted data set. In this case, the target of the copy would then contain block prefixes.

You can set a DCBE option to inform the system that the data set does not have block prefixes and your program can support it. The DCBE option is the DCBEDSENCNP bit. The DCBE macro does not have a keyword for this. This has an effect when the first OPEN macro option is other than INPUT (thus, includes OUTPUT, OUTIN, INOUT, and UPDAT) and the DCB is for EXCP. The system will save the indicator in the ENCRYPTA portion of the encryption cell in the catalog entry for the data set. This DCBE option is required for both reading and writing with EXCP. An attempt to subsequently open a data set of this type with EXCP for reading or writing without the DCBE DCBEDSENCNP option will result in an abend 213-99, with diagnostic information at the end of the message to identify the reason.

When your program calls the IGGENC macro to encrypt or decrypt, it must create and pass the appropriate block prefixes even though they do not exist on the device.

Reading and writing encrypted data

When you call the IGGENC macro to encrypt or decrypt, you pass the prefix for each block so that IGGENC can encrypt or decrypt the blocks correctly.

You might choose for your EXCP program to read and write each block in virtual storage areas where the prefix and encrypted data are contiguous with each other or they might be non-contiguous. When you call the IGGENC macro, you still pass the prefix address list separately from the block address list.

If you choose to read and write the prefixes in areas that are not contiguous with the encrypted data, then your channel program must use one of these methods:

Data chaining in a CCW channel program.
MIDAWs in a CCW channel program.
TIDAWs in a transport mode (zHPF) channel program.

Restrictions

If your program is running in 64-bit addressing mode, the parameter list and all parameters can reside above the 2 GB bar. If your program is running in 24-bit or 31-bit mode, addresses in the parameter list are treated as 31-bit and addresses in the lists that the parameter list points to are treated as 64-bit.

Keys

Encrypted data sets cannot have hardware keys. That means that KEYLEN in the DSCB, DCB, DD statement or dynamic allocation must be 0.

Minimum length of a block

The minimum length of an encrypted block is 16 bytes.

Reading part of a block

It is valid for your program to suppress data transfer with data chaining to skip over part of a block but that technique will not work with an encrypted data set because the encryption algorithm requires data from the beginning of the block.

If you read from the beginning of a block, you can read less than the whole block but there are special restrictions to decrypt it. These principles apply both when you intentionally read less than the whole block and when the device fails to return the whole block. In both cases you might want to pass the data length to IGGENC rounded up to a multiple of 16.

This is because the XTS encryption mode always encrypts groups of 16 bytes. You can encrypt any number of bytes that is at least 16. If you pass a data length that is not a multiple of 16, the algorithm encrypts the last 16 bytes overlapped with previous bytes. Let us say that the actual block length is 80 bytes, not counting the prefix. Let us say that your channel program read only the first 50 bytes. If you pass a data length of 50 to IGGENC, the last two bytes will be returned as garbage and this will not be detected unless you have some way to test validity. This is because the algorithm will incorrectly decrypt the last two bytes. If you want to decrypt those two bytes, you must read at least 64 bytes (the next multiple of 16) and pass those 64 bytes to IGGENC.

In this example if the number of bytes that your program read is 65 to 79, you cannot decrypt the bytes after the first 64 bytes. You can pass those bytes to IGGENC for decryption but those decrypted bytes will contain garbage. In this example you should read the whole 80 bytes.

Input register information

Before issuing the IGGENC macro, you do not have to place information into any register unless you use it in register notation for a particular parameter or use it as a base register.

You do not have to point register 13 to a register save area before issuing the IGGENC macro.

Output register information

Table 3. Output register information
Register	Register Contents
0	Reason code (eight bytes even if your program is not running in 64-bit). Also returned as the third parameter.
1	Used as a work register by the system
2-13	Unchanged
14	Used as a work register by the system
15	Return code (four bytes). Also returned as the second parameter.
Interrupt Status	Enabled for I/O and external interrupts.
Locks	Holding the local lock of the home address space is optional. When the caller holds that lock during encrypt or decrypt calls, ICSF captures statistics but does not write them out until a call without the local lock or when the disconnect function is called. The system calls EXCP appendages while holding the local lock.

Syntax of IGGENC standard invocation

Table 4. Syntax of IGGENC standard invocation
Syntax	Description
Function (positional parameter)	CONNECT, ENCRYPT, DECRYPT or DISCONNECT. It can be in mixed case such as Connect.
BLKIDLIST=	`list addr`: A-type address, or register (2) - (12).
BUFCOUNT=	`count addr`: A-type address, or register (2) - (12).
BUFLENLIST=	`list addr`: A-type address, or register (2) - (12).
DCB=	`dcb addr`: A-type address, or register (2) - (12).
ENCRYPTA=	`encrypta addr`: A-type address, or register (2) - (12).
INBUFLIST=	`list addr`: A-type address, or register (2) - (12).
OPTIONS=	`area addr`: A-type address, or register (2) - (12).
OUTBUFLIST=	`list addr`: A-type address, or register (2) - (12).
RETCODE=	`return code addr`: A-type address, or register (2) - (12).
RSNCODE=	`reason code addr`: A-type address, or register (2) - (12).
TCBADDR=	`tcb addr`: A-type address, or register (2) - (12).
TOKEN=	`token area`: A-type address, or register (2) - (12).

Parameters for the standard form of the IGGENC macro

Table 5. Required and optional keywords for the IGGENC macro
Keyword	Function
Keyword	CONNECT	ENCRYPT/DECRYPT	DISCONNECT
BLKIDLIST=	-	Required	-
BUFCOUNT=	-	Required	-
BUFLENLIST=	-	Required	-
DCB=	-	Optional	-
ENCRYPTA=	Required	-	-
INBUFLIST=	-	Required	-
OPTIONS=	Required	Required	Required
OUTBUFLIST=	-	Optional	-
RETCODE=	Required	Required	Required
RSNCODE=	Required	Required	Required
TCBADDR=	Optional	-	-
TOKEN=	Required	Optional	Required

Functional (positional parameter)

Required on standard form. Must be CONNECT, ENCRYPT, DECRYPT or DISCONNECT. Mixed case is allowed.

BLKIDLIST= A-type address, or register (2) - (12).

List of addresses of block prefixes. Each address and each block prefix is eight bytes even if the program is running in 24-bit or 31-bit. See BUFCOUNT.

BUFCOUNT= A-type address, or register (2) - (12).

A halfword containing the number of entries in the input buffer list (INBUFLIST), buffer length list (BUFLENLIST), output buffer list (OUTBUFLIST) and prefix list (BLKIDLIST). The value must be 1 or greater.

BUFLENLIST= A-type address, or register (2) - (12).

List of words that contain the length of each block. See BUFCOUNT.

DCB= A-type address, or register (2) - (12).

DCB associated with the encrypted data set. Use DCB only with the ENCRYPT or DECRYPT function. The DCB or TOKEN keyword is required for the ENCRYPT and DECRYPT functions. This keyword is mutually exclusive with the TOKEN keyword.

While the DCB is open, you can pass the DCB to the ENCRYPT and DECRYPT functions under a task that is different from the task that opened the DCB.

ENCRYPTA= A-type address, or register (2) - (12).

96-byte ENCRYPTA cell from the catalog. This keyword is required for the CONNECT function. You can retrieve a copy of this area from the data set catalog by calling IGGCSI00, the catalog search interface. See z/OS DFSMS Access Method Services Commands and z/OS DFSMS Using Data Sets for more detailed information.

INBUFLIST= A-type address, or register (2) - (12).

List of addresses of the input areas. Identifies areas containing data to encrypt or decrypt. Each must be eight bytes and can point above the bar even for a 24-bit or 31-bit caller. See BUFCOUNT.

OPTIONS= A-type address, or register (2) - (12).

Specifies an area containing the eight-byte options block as mapped by the IGGENCOPTS DSECT in the IGGENCPL macro.

Table 6. An area containing the eight-byte options block as mapped by the IGGENCOPTS DSECT in the IGGENCPL macro
Offset	Type	Length	Name	Description
0	DSECT		IGGENCOpts	IGGENC options block
	Integer	1	IGGENCLength	Length of this block. Must be 8.
1	Integer	1	IGGENCFunction	Function code. Values for the function code:
			IGGENCConnect	1 – Connect
			IGGENCEncrypt	2 - Encrypt
			IGGENCDecrypt	3 - Decrypt
			IGGENCDisconnect	4 - Disconnect
2	Bits	1	IGGENCFlag1	Flags
	1... ....		IGGENCBypassAuth	Bypass security check. Valid only if connect and caller is APF auth, supervisor state or system key.
	.1.. ....		IGGENCENCRYPTA	The fifth parameter is ENCRYPTA and not an open DCB (CONNECT only). If you code the ENCRYPTA or DCB keyword on the execute form and also code the OPTIONS keyword, the macro sets or resets this bit.
	..xx xxxx			Reserved, should be zero
3		5		Reserved, should be zero
8	EQU		IGGENCOptsLen	Length of options block

OUTBUFLIST= A-type address, or register (2) - (12).

Optional list of output areas. Identifies areas to be used as the target of an encrypt or decrypt. The default is to use the input areas. Each must be eight bytes and can point above the bar even for a 24-bit or 31-bit caller. See BUFCOUNT.

RETCODE= A-type address, or register (2) - (12).

Four-byte area for the return code. The IGGENC macro also returns the return code in register 15.

RSNCODE= A-type address, or register (2) - (12).

Eight-byte area for the reason code. The IGGENC macro also returns the reason code in register 0. It is eight bytes even if your program is not running in 64-bit mode.

TCBADDR= A-type address, or register (2) - (12).

Word containing the address of a TCB, task control block. Code this only for the CONNECT function. If the word contents are non-zero, it must point to a TCB in the address space and the calling program must be in supervisor state or a system key or the job step must have APF authorization.

If the address in the parameter list is zero or the word that it points to contains zero, the connect will be for the current task. Therefore a way to denote the current task is to code TCBADDR=0 or to omit it.

TOKEN= A-type address, or register (2) - (12).

Eight-byte area for the token. This is required for the CONNECT and DISCONNECT functions. For CONNECT, the area must contain binary zeroes. It does not have to remain in the same location. You can make a copy to pass to other calls to IGGENC. The token content will remain valid until you call the DISCONNECT function or the task terminates, whichever is first. For DISCONNECT, the token must contain what the CONNECT function stored in it. The DISCONNECT function will clear the passed token to zeroes.

The ENCRYPT and DECRYPT functions require that you code either TOKEN or DCB. They are mutually exclusive. You can call the ENCRYPT and DECRYPT functions under a task that is different from the task that called the CONNECT function but the token becomes invalid when the connecting task does the disconnect or that task terminates.

IGGENC parameter list

You can use the IGGENCPL macro to map the parameter list for the IGGENC macro. There is one form of parameter list for callers in 24-bit or 31-bit and a different form for 64-bit callers. If you wish the IGGENC macro (standard, list, execute or modify form) to expand the 64-bit version, you must precede the macro call by calling the SYSSTATE macro with AMODE64=YES. That macro affects IGGENC on a line-by-line basic without regard to branching.

Three of the parameters are lists of addresses of the input and output areas and the block prefixes. These addresses always are 64-bit (eight bytes each) even if the parameter list is the 31-bit form.

The parameter list consists solely of a series of addresses. All of the addresses are either four bytes or eight bytes. The first address points to an options block. A byte in the options block specifies the purpose of the call.

Table 7. IGGENC parameter list
Function of Call	Number of addresses in parameter list
CONNECT	6
ENCRYPT	9
DECRYPT	9
DISCONNECT	4

The IGGENCPL macro supports these keywords:

DSECT={YES | NO}. Whether to generate a DSECT statement for each area. The default is YES.
PLIST={YES | NO}. Whether to map both forms of the parameter list. The default is YES.
OPTIONS={YES | NO}. Whether to map the options block. The default is YES.
CODES={YES | NO}. Whether to define the return and reason code constants. The default is YES.

Table 8. Format of the parameter list for 24-bit and 31-bit callers
Offset	Type	Length	Name	Description
0	DSECT		IGGENCParmL	IGGENC parameter list
0	Address	4	DSEP1Opt	Address of options block
4	Address	4	DSEP2RC	Address of return code (four bytes)
8	Address	4	DSEP3ReaC	Address of reason code (eight bytes)
12	Address	4	DSEP4CT	Address of connect token (eight bytes)
16	Address	4	DSEP5Enc	CONNECT: Address of 96-byte ENCRYPTA area from the catalog entry
16	Address	4	DSEP5Blk	ENCRYPT, DECRYPT: Address of list of 64-bit addresses of block prefixes. The number of addresses is pointed to by DSEP8Num.
20	Address	4	DSEP6TCBAddr	CONNECT: Address of a word containing the address of a TCB, task control block. If the word in the parameter list or the word that it points to contains zero, the token will be associated with the current task.
20	Address	4	DSEP6InB	ENCRYPT, DECRYPT: Address of list of 64-bit addresses of data areas to encrypt or decrypt. The number of addresses is pointed to by DSEP8Num.
24	Address	4	DSEP7BL	ENCRYPT, DECRYPT: Address of list of data lengths. Each is four bytes. The number of addresses is pointed to by DSEP8Num.
28	Address	4	DSEP8Num	ENCRYPT, DECRYPT: Address of a halfword that contains the number of entries in the lists of input and output (if specified) addresses and the list of area lengths. This also denotes the number of block identifiers in DSEP5Blk.
32	Address	4	DSEP9OutB	ENCRYPT, DECRYPT: Address of list of 64-bit addresses of data areas to contain the result of encryption or decryption. The number of addresses is pointed to by DSEP8Num. If this address is zero, the result of the encryption or decryption will be in the input areas.
36	EQU		DSELength	Maximum length of 31-bit parameter list

Table 9. Format of the parameter list for 64-bit callers
Offset	Type	Length	Name	Description
0	DSECT		IGGENCParmL	IGGENC parameter list
0	Address	8	DSE64P1Opt	Address of options block
8	Address	8	DSE64P2RC	Address of return code (four bytes)
16	Address	8	DSE64P3ReaC	Address of reason code (eight bytes)
24	Address	8	DSE64P4CT	Address of connect token (eight bytes)
32	Address	8	DSE64P5Enc	CONNECT: Address of 96-byte ENCRYPTA area from the catalog entry
32	Address	8	DSE64P5Blk	ENCRYPT, DECRYPT: Address of list of addresses of block prefixes. The number of addresses is pointed to by DSE64P8Num.
40	Address	8	DSE64P6TCBAddr	CONNECT: Address of a word containing the address of a TCB, task control block. If the doubleword in the parameter list or the word that it points to contains zero, the token will be associated with the current task.
40	Address	8	DSE64P6InB	ENCRYPT, DECRYPT: Address of list of addresses of data areas to encrypt or decrypt. The number of addresses is pointed to by DSE64P8Num.
48	Address	8	DSE64P7BL	ENCRYPT, DECRYPT: Address of list of data lengths. Each is four bytes. The number of addresses is pointed to by DSE64P8Num.
56	Address	8	DSE64P8Num	ENCRYPT, DECRYPT: Address of a halfword that contains the number of entries in the lists of input and output (if specified) addresses and the list of area lengths. This also denotes the number of block identifiers in DSE64P5Blk.
64	Address	8	DSE64P9OutB	ENCRYPT, DECRYPT: Address of list of addresses of data areas to contain the result of encryption or decryption. The number of addresses is pointed to by DSE64P8Num. If this address is zero, the result of the encryption or decryption will be in the input areas.
72	EQU		DSELength64	Maximum length of 64-bit parameter list

Return and reason codes for IGGENC macro

The return code is four bytes. It is returned in register 15 and in the area provided by the second parameter.

The reason code is eight bytes. It is returned in register 0 and in the area provided by the third parameter.

Table 10. *Return and reason codes for the IGGENC macro
Return Code	Reason Code (Hexadecimal)	Meaning
0	0	The call was successful.
8	00000000 0000011x 00000000 0000012x 00000000 0000013x 00000000 00xx014x 00000000 00000151 00000000 0000016`x` 00000000 `xx`000211 00000000 `xx`000221 `xxxxxxxx xx`000231 00000000 `xx`000241 00000000 `xx`000311 00000000 `xx`000334 00000000 00000411	Return code IGGENCRC8. Bad parameters passed in parameter list. The x digit identifies the function, where 1: CONNECT, 2: ENCRYPT, 3: DECRYPT and 4: DISCONNECT. IGGENCReaAddr. A required address is 0. IGGENCReaFunc. Invalid function code in options. The invalid byte is ORed into the low order byte of the reason code so the high half might not be X’2’. IGGENCReaLength. Length byte in options is less than eight. The function code is in the `x` digit. IGGENCReaToken. Bad token. Diagnostic codes for the `xx` byte: IGGENCReaTokenDiag32 X'20' Token not zero for connect IGGENCReaTokenDiag33 X'21' Token is 0 but function not connect IGGENCReaDEBErr. Invalid DEB. IGGENCReaLockErr. Local lock not held. Internal system error. Bad fields passed in ENCRYPTA area IGGENCReaType. Bad encryption type in ENCRYPTA. `xx` is the type code. IGGENCReaKLen. Bad key length code in ENCRYPTA. `xx` is the incorrect length. IGGENCReaKLab. Bad key label in ENCRYPTA. The first five bytes are the first five bytes of the incorrect key label IGGENCReaMode. Bad encryption mode in ENCRYPTA. Error when getting or freeing virtual storage. IGGENCReaGet31. Unable to get storage below the bar. The `xx` is the STORAGE macro return code. IGGENCReaFree31. Unable to free storage below the bar. The `xx` is the STORAGE macro return code. IGGENCReaNoEncCell. Encryption cell does not exist.
8 continued	00000000 0000051`x` `xxyyyyyy` 00000611 00000000 00000711 `xxyyyyyy` 0000081`xxxyyyyyy` 0000081`x` 00000000 00000911 00000000 00000A11 `xxyyyyyy` 00000B11 00000000 00000C1`x` 00000000 00`xx`0D1`x` 00000000 00`xx`0E1`x` 00000000 00`xx`0F1`x` 00000000 00`xx`101`x` 00000000 0000111x 00000000 00001211 00000000 00001310 00000000 00001411 00000000 00001511 00000000 00001521 00000000 00001531	IGGENCReaSetLock. Error obtaining local lock IGGENCReaICSFErr. Error encountered during CSNEKRR2. The return code is in the `xx` byte and its reason code is in the `yyyyyy` bytes. IGGENCReaCrypKL. Incorrect crypto key length. IGGENCReaBCFErr. Error encountered during BCFXCRYPT. The return code is in the `xx` byte and its reason code is in the `yyyyyy` bytes. IGGENCReaVerErr. Incorrect verification bytes IGGENCReaCatErr. Error occurred during Catalog call. IGGENCReaKeyAcc. Not authorized to read key label. The return code from RACROUTE REQUEST=FASTAUTH is in the `xx` byte and its reason code is in the `yyyyyy` bytes. IGGENCReaBuffCnt. Encryption Buffer Count < 1 IGGENCReaBuffCnt. Encryption Buffer Count < 1 IGGENCReaBuffAddr. Encryption Buffer Addr is zero. The number of the buffer is in the `xx` byte. IGGENCReaPfxAddr. Block ID Address is Zero. The number of the block is in the `xx` byte. IGGENCReaBuffInv. Encryption Buffer invalid. The number of the buffer is in the `xx` byte. IGGENCReaNonEncDS. Not an encrypted data set. IGGENCReaEncNotOk. EXCP caller without a DCBE that has DSENCRYPT=OK. IGGENCReaEncSysErr. Encryption service error. IGGENCReaTCBAddr. Caller unauthorized to specify TCB. IGGENCReaNpDCBE. DCBEDSENCNP bit is on, but the non-prefixed bit in the ENCRYPTA is off. IGGENCReaNpCtlg. Non-prefixed bit in the ENCRYPTA is on, but DCBEDSENCNP bit is off. IGGENCReaNpInvDCB. OPEN issued for encrypted basic/large format data set that has non-prefixed blocks but the DCB is not EXCP.

Examples of IGGENC macro

Example 1 - Standard forms


         ISITMGD DCB=SecretDCB,Version=2
         USING ISM,R1
         LTR   R15,R15             Branch if unable to determine
         JZ    EncFail               encryption status
         TM    ISMOFLG2,ISMENCRP   Branch if the data set is
         JZ    NotEncErr             not encrypted
         SR    R15,R15             Prepare for IC
         IC    R15,ISMBPRFX        Get the length of the
         STH   R15,PrefixLen          encryption prefix
         DROP  R1
         AH    R15,DCBBLKSI-IHADCB+SecretDCB  Add max block length
         GETMAIN R,LV=(R15)        Get prefix and buffer
         STG   R1,PrefixAd         Save prefix address
         AH    R1,PrefixLen        Point to place to read the block
         STG   R1,InBufList        One entry in buffer list
         LH    R15,DCBBLKSI-IHADCB+SecretDCB  Get user data length
         ST    R15,BufferLen       Set length to decrypt
        (Build channel program to read a block prefix and block.)
         EXCP  MyIOB               Read a block and its prefix
         WAIT  ECB=ECB
         IGGENC Decrypt,RetCode=MyRC,RsnCode=MyReason,              *
               BLKIDLIST=PrefixAd,INBUFLIST=InBufList,              *
               BUFLENLIST=BufferLen,BUFCOUNT=BufCount,              *
               DCB=SecretDCB
         LTR   R15,R15
         JNZ   DecryptErr
        (More code.)
R1       EQU   1           Register 1
R15      EQU   15          Register 15
SecretDCB DCB  DSORG=PS,MACRF=R,DDName=SECRET,EXLST=MyList
OptBlock DC    0XL8
         DC    AL1(L’OptBlock)  Length of options block
         DC    XL7’0’      Rest of options block
MyRC     DC    F’0’        Return code from IGGENC
MyReason DC    XL8’0’      Reason code from IGGENC (eight bytes)
PrefixAd DC    AD(0)       List of prefix addresses
InBufList DC   AD(0)       List of block addresses
BufferLen DC   F’0’        Length of block to decrypt
PrefixLen DC   H’0’        Length of prefix
BufCount DC    H’1’        Number of blocks to decrypt
        (The IOB, channel program and ECB are here.)

Before issuing the IGGENC macro to connect to encryption, this program opens the BSAM DCB. It is valid to issue EXCP with a BSAM DCB if the data set is a basic format or large format data set or is a PDS. If the data set is an encrypted basic format or large format data set, you can issue the IGGENC macro for data read or written with EXCP. The READ and WRITE macros take care of encryption and decryption. IGGENC is needed only for data read or written with EXCP, EXCPVR or XDAP.

The DD name identifies a DD statement or dynamically allocated data set that is basic format or large format and has the encrypted attribute. In this case the DD name is SECRET. The data set name, the key label and the encryption key do not matter to this program. Data set allocation, the OPEN macro and the IGGENC macro take care of them.

Before this program calls the IGGENC macro, it has initialized the IOB and channel program.

Example 2 - A call from a High Level Language

This is an assembler program that can be called by a program written in any high level language that can define the option block and lists of addresses.

Figure 1. Assembler subroutine callable from a High Level Language


IGGENC   TITLE ‘IGGENC – Subroutine callable from compiled language’
*   The calling program must build a parameter list consisting only
* of addresses and pass its address in register 1.  The IGGENC macro
* does not use a register save area so this module can use it.
         USING SaveR,R13    Addressability to caller’s save area
         ST    R14,SAVGRS14 Save the address of the caller
         IGGENC MF=(E,(1)) Call CONNECT, ENCRYPT, DECRYPT, DISCONNECT
         L     R14,SAVGRS14 Restore address of the caller
         BR    R14          Return to caller with return & reason
R13      EQU   13           Register 13
R14      EQU   14           Register 14
         IGGSAVER ,         Standard register save area
         END