ICSF summary of interface changes

The following tables describe new and changed services for Cryptographic Support for z/OS®

Table 1. Summary of new and changed ICSF callable services (FMID HCR77B0)
Callable service	Release	Description
Field level decipher	HCR77B0	New: Decrypts payment related data base fields that have been previously encrypted using the field level encipher callable service.
Field level encipher	HCR77B0	New: Encrypts payment related data base fields, preserving the format of the fields.
FPE decipher	HCR77B0	New: Decrypts payment card data for the Visa Data Secure Platform (Visa DSP) processing.
FPE encipher	HCR77B0	New: Encrypts payment card data for the Visa Data Secure Platform (Visa DSP) processing.
FPE translate	HCR77B0	New: Translates payment data from encryption under one key to encryption under another key with a possibly different format.
ICSF Multi-Purpose Service	HCR77B0	New: Validates the keys in the active CKDS or PKDS.
ICSF Query Algorithm	HCR77B0	Changed: Usage notes have been updated.
ICSF Query Facility	HCR77B0	Changed: The returned_data parameter has been updated.
Key Data Set List	HCR77B0	New: Generates a list or count of CKDS and PKDS labels or TKDS object handles.
Key Data Set Metadata Read	HCR77B0	New: Use to obtain metadata of a CKDS, PKDS, or TKDS record.
Key Data Set Metadata Write	HCR77B0	New: Adds, deletes, or modifies metadata of a set of records in the active CKDS, PKDS, or TKDS.
PCI Interface callable service	HCR77B0	Changed: The rule_array parameter has been updated.
PKA Key Token Change	HCR77B0	Changed: Usage notes have been updated.

Table 2. Summary of new and changed ICSF callable services (FMID HCR77A0)
Callable service	Release	Description
Cipher Text Translate2 and Cipher Text Translate2 with alet	HCR77A0	New: Translates the user-supplied ciphertext from one key to another key.
Control Vector Generate	HCR77A0	Changed: Support CIPHERXI, CIPHERXL and CIPHERXO key types. Support DOUBLE-O rule_array keyword.
ECC Diffie-Hellman	HCR77A0	Changed: Support CIPHERXI, CIPHERXL and CIPHERXO key types. Support creation of DES keys with guaranteed unique key halves.
Key Export	HCR77A0	Changed: Support CIPHERXI, CIPHERXL and CIPHERXO key types.
Key Generate	HCR77A0	Changed: Support CIPHERXI, CIPHERXL and CIPHERXO key types. Support DOUBLE-O key_length.
Key Generate2	HCR77A0	Changed: Support generating AES CIPHER keys for use in Cipher Text Translate2 callable service.
Key Import	HCR77A0	Changed: Support CIPHERXI, CIPHERXL and CIPHERXO key types.
Key Token Build	HCR77A0	Changed: Support CIPHERXI, CIPHERXL and CIPHERXO key types. Support DOUBLE-O rule_array keyword .
Key Token Build2	HCR77A0	Changed: Support C-XLATE keyword for AES CIPHER key type.
Multiple Secure Key Import	HCR77A0	Changed: Support CIPHERXI, CIPHERXL and CIPHERXO key types
PKA Key Generate	HCR77A0	Changed: Support generating RSA keys that can be wrapped by AES keys.
PKA Key Import	HCR77A0	Changed: Support importing RSA keys that are wrapped by an AES key-encrypting key.
PKA Key Token Build	HCR77A0	Changed: Support building RSA-AESC and RSA-AESM skeleton tokens.
PKA Key Token Change	HCR77A0	Changed: Support reenciphering RSA keys wrapped by an ECC master key.
PKA Key Translate	HCR77A0	Changed: Support translating the object protection key (OPK) in a RSA private key token from a DES key to an AES key.
Restrict Key Attribute	HCR77A0	Changed: Support C-XLATE rule_array keyword for AES CIPHER keys. Support DOUBLE-O rule_array keyword for DES keys.
Secure Key Import	HCR77A0	Changed: Support CIPHERXI, CIPHERXL and CIPHERXO key types.
Unique Key Derive	HCR77A0	New: Use the Unique Key Derive callable service to derive a key using the Base Derivation Key and the Derivation Data . The following key types can be derived: CIPHER ENCIPHER DECIPHER MAC MACVER IPINENC OPINENC DATA token containing a PIN Key

Table 3. Summary of new and changed ICSF callable services (FMID HCR7790)
Callable service	Release	Description
Clear PIN Generate	HCR7790	Changed: Increased X9.8 PIN block security, stored PIN decimalization tables support.
Clear PIN Generate Alternate	HCR7790	Changed: Increased X9.8 PIN block security, stored PIN decimalization tables support.
Control Vector Generate	HCR7790	Changed: ANSI TR-31 key block support.
Coordinated KDS Administration	HCR7790	New: Support for a coordinated CKDS refresh or a coordinated CKDS reencipher and master key change.
CVV Key Combine	HCR7790	New: Double-length CVV key support
Digital Signature Verify	HCR7790	Changed: 4096-bit RSA clear key hardware support.
ECC Diffie-Hellman	HCR7790	New: Creation of: Symmetric key material from a pair of ECC keys using the Elliptic Curve Diffie-Hellman protocol using the Static Unified Model “Z” - The “secret” material output from D-H process
Encrypted PIN Generate	HCR7790	Changed: Increased X9.8 PIN block security, stored PIN decimalization tables support.
Encrypted PIN Verify	HCR7790	Changed: Increased X9.8 PIN block security, stored PIN decimalization tables support.
ICSF Query Algorithm	HCR7790	Changed: 4096-bit RSA clear key hardware support.
ICSF Query Facility	HCR7790	Changed: Increased X9.8 PIN block security, stored PIN decimalization tables support. ECC Diffie-Hellman (ECCDH) and ECC key wrapping support. 4096-bit RSA clear key hardware support.
Key Generate2	HCR7790	Changed: AES key type support
Key Part Import2	HCR7790	Changed: AES key type support
Key Test2	HCR7790	Changed: AES key type support ANSI TR-31 key block support.
Key Token Build	HCR7790	Changed: ANSI TR-31 key block support.
Key Token Build2	HCR7790	Changed: AES key type support
Key Translate2	HCR7790	Changed: AES key type support
PKA Decrypt	HCR7790	Changed: 4096-bit RSA clear key hardware support.
PKA Encrypt	HCR7790	Changed: 4096-bit RSA clear key hardware support.
PKA Key Generate	HCR7790	Changed: Support for External ECC Keys (ECC Keys encrypted by an AES KEK)
PKA Key Import	HCR7790	Changed: Support for External ECC Keys (ECC Keys encrypted by an AES KEK)
PKCS #11 Derive key	HCR7790	Changed: Support for hardware generated “z” value.
PKCS #11 Derive multiple keys	HCR7790	Changed: Support for hardware generated “z” value.
PKCS #11 Private key sign	HCR7790	Changed: 4096-bit RSA clear key hardware support.
PKCS #11 Public key verify	HCR7790	Changed: 4096-bit RSA clear key hardware support.
PKCS #11 Unwrap key	HCR7790	Changed: 4096-bit RSA clear key hardware support.
Restrict Key Attribute	HCR7790	Changed: AES key type support ANSI TR-31 key block support.
Secure Key Import2	HCR7790	Changed: AES key type support
Symmetric Algorithm Decipher	HCR7790	Changed: AES key type support
Symmetric Algorithm Encipher	HCR7790	Changed: AES key type support
Symmetric Key Export	HCR7790	Changed: AES key type support Support for PKCS#1 OAEP data block formatting with the SHA-256 hash method
Symmetric Key Generate	HCR7790	Changed: Support for PKCS#1 OAEP data block formatting with the SHA-256 hash method
Symmetric Key Import	HCR7790	Changed: Support for PKCS#1 OAEP data block formatting with the SHA-256 hash method
Symmetric Key Import2	HCR7790	Changed: AES key type support
TR-31 Export	HCR7790	New: ANSI TR-31 key block support.
TR-31 Import	HCR7790	New: ANSI TR-31 key block support.
TR-31 Optional Data Build	HCR7790	New: ANSI TR-31 key block support.
TR-31 Optional Data Read	HCR7790	New: ANSI TR-31 key block support.
TR-31 Parse	HCR7790	New: ANSI TR-31 key block support.
VISA CVV Service Verify	HCR7790	Changed: Double-length CVV key support
VISA CVV Service Generate	HCR7790	Changed: Double-length CVV key support

Table 4. Summary of new and changed ICSF callable services (FMID HCR7780)
Callable service	Release	Description
ANSI X9.17 EDC Generate	HCR7780	Changed: Support for invocation in AMODE(64).
ANSI X9.17 Key Export	HCR7780	Changed: Support for invocation in AMODE(64).
ANSI X9.17 Key Import	HCR7780	Changed: Support for invocation in AMODE(64).
ANSI X9.17 Key Translate	HCR7780	Changed: Support for invocation in AMODE(64).
ANSI X9.17 Transport Key Partial Notarize	HCR7780	Changed: Support for invocation in AMODE(64).
Ciphertext Translate	HCR7780	Changed: Support for invocation in AMODE(64).
Clear PIN Encrypt	HCR7780	Changed: Support for invocation in AMODE(64).
Clear PIN Generate	HCR7780	Changed: Support for invocation in AMODE(64).
Clear PIN Generate Alternate	HCR7780	Changed: Support for invocation in AMODE(64).
Control Vector Generate	HCR7780	Changed: Support for invocation in AMODE(64).
Control Vector Translate	HCR7780	Changed: Support for invocation in AMODE(64).
Cryptographic Variable Encipher	HCR7780	Changed: Support for invocation in AMODE(64).
Data Key Export	HCR7780	Changed: Support for invocation in AMODE(64).
Data Key Import	HCR7780	Changed: Support for invocation in AMODE(64).
Decipher	HCR7780	Changed: Support for invocation in AMODE(64).
Decode	HCR7780	Changed: Support for invocation in AMODE(64).
Digital Signature Generate	HCR7780	Changed: Elliptic Curve Cryptography (ECC) support.
Digital Signature Verify	HCR7780	Changed: Elliptic Curve Cryptography (ECC) support.
Diversified Key Generate	HCR7780	Changed: Support for invocation in AMODE(64). New rule array keywords to support enhanced key wrapping method.
Encipher	HCR7780	Changed: Support for invocation in AMODE(64).
Encode	HCR7780	Changed: Support for invocation in AMODE(64).
Encrypted PIN Generate	HCR7780	Changed: Support for invocation in AMODE(64).
Encrypted PIN Translate	HCR7780	Changed: Support for invocation in AMODE(64).
Encrypted PIN Verify	HCR7780	Changed: Support for invocation in AMODE(64).
HMAC Generate	HCR7780	New: Support for CCA key management of HMAC keys.
HMAC Verify	HCR7780	New: Support for CCA key management of HMAC keys.
Key Export	HCR7780	Changed: Support for invocation in AMODE(64).
Key Generate2	HCR7780	New: Support for CCA key management of HMAC keys.
Key Import	HCR7780	Changed: Support for invocation in AMODE(64).
Key Part Import	HCR7780	Changed: Support for invocation in AMODE(64). New rule array keywords to support enhanced key wrapping method.
Key Part Import2	HCR7780	New: Support for CCA key management of HMAC keys.
Key Record Create	HCR7780	Changed: Support for invocation in AMODE(64).
Key Record Create2	HCR7780	New: Support for CCA key management of HMAC keys.
Key Record Delete	HCR7780	Changed: Support for invocation in AMODE(64).
Key Record Read	HCR7780	Changed: Support for invocation in AMODE(64).
Key Record Read2	HCR7780	New: Support for CCA key management of HMAC keys.
Key Record Write	HCR7780	Changed: Support for invocation in AMODE(64).
Key Record Write2	HCR7780	New: Support for CCA key management of HMAC keys.
Key Test	HCR7780	Changed: Support for invocation in AMODE(64).
Key Test Extended	HCR7780	Changed: Support for invocation in AMODE(64).
Key Test2	HCR7780	New: Support for CCA key management of HMAC keys.
Key Token Build	HCR7780	Changed: Support for invocation in AMODE(64). New rule array keywords to support enhanced key wrapping method.
Key Token Build2	HCR7780	New: Support for CCA key management of HMAC keys.
Key Translate	HCR7780	Changed: Support for invocation in AMODE(64).
Key Translate2	HCR7780	New: Support for CCA key management of HMAC keys.
MAC Generate	HCR7780	Changed: Support for invocation in AMODE(64).
MAC Verify	HCR7780	Changed: Support for invocation in AMODE(64).
MDC Generate	HCR7780	Changed: Support for invocation in AMODE(64).
Multiple Clear Key Import	HCR7780	Changed: New rule array keywords to support enhanced key wrapping method.
Multiple Secure Key Import	HCR7780	Changed: Support for invocation in AMODE(64). New rule array keywords to support enhanced key wrapping method.
One-Way Hash Generate	HCR7780	New: Support for invocation in AMODE(64).
PIN Change/Unblock	HCR7780	Changed: Support for invocation in AMODE(64).
PKA Key Generate	HCR7780	Changed: Elliptic Curve Cryptography (ECC) support.
PKA Key Import	HCR7780	Changed: Elliptic Curve Cryptography (ECC) support.
PKA Key Token Build	HCR7780	Changed: Elliptic Curve Cryptography (ECC) support.
PKA Key Token Change	HCR7780	Changed: Elliptic Curve Cryptography (ECC) support. Support for invocation in AMODE(64).
PKA Public Key Extract	HCR7780	Changed: Elliptic Curve Cryptography (ECC) support.
PKDS Record Create	HCR7780	Changed: Elliptic Curve Cryptography (ECC) support.
PKDS Record Delete	HCR7780	Changed: Elliptic Curve Cryptography (ECC) support.
PKDS Record Read	HCR7780	Changed: Elliptic Curve Cryptography (ECC) support. Support for invocation in AMODE(64).
PKDS Record Write	HCR7780	Changed: Elliptic Curve Cryptography (ECC) support. Support for invocation in AMODE(64).
Prohibit Export	HCR7780	Changed: Support for invocation in AMODE(64).
Prohibit Export Extended	HCR7780	Changed: Support for invocation in AMODE(64).
Remote Key Export	HCR7780	Changed: Support for invocation in AMODE(64).
Restrict Key Attribute	HCR7780	New: Support for CCA key management of HMAC keys.
Secure Key Import	HCR7780	Changed: Support for invocation in AMODE(64).
Secure Key Import2	HCR7780	New: Support for CCA key management of HMAC keys.
Secure Messaging for Keys	HCR7780	Changed: Support for invocation in AMODE(64).
Secure Messaging for PINS	HCR7780	Changed: Support for invocation in AMODE(64).
SET Block Compose	HCR7780	Changed: Support for invocation in AMODE(64).
SET Block Decompose	HCR7780	Changed: Support for invocation in AMODE(64).
Symmetric Key Decipher	HCR7780	Changed: Additional modes of operation for protecting data.
Symmetric Key Encipher	HCR7780	Changed: Additional modes of operation for protecting data.
Symmetric Key Export	HCR7780	Changed: Support for CCA key management of HMAC keys.
Symmetric Key Generate	HCR7780	Changed: Support for invocation in AMODE(64). New rule array keywords to support enhanced key wrapping method.
Symmetric Key Import	HCR7780	Changed: New rule array keywords to support enhanced key wrapping method.
Symmetric Key Import2	HCR7780	New: Support for CCA key management of HMAC keys.
Transaction Validation	HCR7780	Changed: Support for invocation in AMODE(64).
Transform CDMF Key	HCR7780	Changed: Support for invocation in AMODE(64).
Trusted Block Create	HCR7780	Changed: Support for invocation in AMODE(64).
User Derived Key	HCR7780	Changed: Support for invocation in AMODE(64).
VISA CVV Service Generate	HCR7780	Changed: Support for invocation in AMODE(64).
VISA CVV Service Verify	HCR7780	Changed: Support for invocation in AMODE(64).