- return_code
-
Direction: Output | Type: Integer |
The return code specifies the general result of the callable
service. Appendix A, ICSF and TSS Return and Reason Codes lists the
return codes.
- reason_code
-
Direction: Output | Type: Integer |
The reason code specifies the specific results of processing.
Each return code has different reason codes that indicate specific
processing problems. Appendix A. ICSF and TSS Return and Reason Codes lists the reason
codes.
- exit_data_length
-
Direction: Input/Output | Type: Integer |
The length of the data that is passed to the installation
exit. The length can be from X'00000000' to X'7FFFFFFF' (2
gigabytes). The data is identified in the exit_data parameter.
- exit_data
-
Direction: Input/Output | Type: String |
The data that is passed to the installation exit.
- rule_array_count
-
Direction: Input | Type: Integer |
The number of keywords you are supplying in the rule_array parameter.
This number must be 1.
- rule_array
-
Direction: Input | Type: String |
Specifies a string variable containing an array of keywords.
The keywords are 8 bytes long and must be left-justified and
right padded with blanks
This table lists the rule_array keywords
for this callable service.
Table 112. Rule_array keywords for Trusted Block Create (CSNDTBC)Keyword | Meaning |
---|
Operational Keywords - One Required |
INACTIVE | Create the trusted block, but in
inactive form. The MAC key is randomly generated, encrypted with the
transport key, and inserted into the block. The ACTIVE flag is set
to False (0), and the MAC is calculated over the block and inserted
in the appropriate field. The resulting block is fully formed and
protected, but it is not usable in any other CCA services. Use of
the INACTIVE keyword is authorized by the 0x030F access control point. |
ACTIVATE | This makes the trusted block usable
in CCA services. Use of the ACTIVATE keyword is authorized by the
0x0310 access control point. |
- input_block_length
-
Direction: Input/Output | Type: String |
Specifies the number of bytes of data in the input_block_identifier
parameter. The maximum length is 3500 bytes.
- input_block_identifier
-
Direction: Input | Type: String |
Specifies a trusted block label or complete trusted block
token, which will be updated by the service and returned in trusted_block_identifier.
The length is indicated by input_block_length. Its content depends
on the rule array keywords supplied to the service.
When rule_array
is INACTIVE the block is complete but typically does not have MAC
protection. If MAC protection is present due to recycling an existing
trusted block, then the MAC key and MAC value will be overlaid by
the new MAC key and MAC value. The input_block_identifier includes
all fields of the trusted block token, but the MAC key and MAC will
be filled in by the service. The Active flag will be set to False
(0) in the block returned in trusted_block_identifier.
When
the rule_array is ACTIVATE the block is complete, including the MAC
protection which is validated during execution of the service. The
Active flag must be False (0) on input. On output, the block will
be returned in trusted_block_identifier provided the identifier is
a token, with the Active flag changed to True (1), and the MAC value
recalculated using the same MAC key. If the trusted_block_identifier
is a label, the block will be written to the PKDS.
- transport_key_identifier
-
Direction: Input | Type: String |
Specifies a key label or key token for an IMP-PKA
key that is used to protect the trusted block.
- trusted_block_length
-
Direction: Input/Output | Type: Integer |
Specifies the number of bytes of data in trusted_block_identifier
parameter. The maximum length is 3500 bytes.
- trusted_block_identifier
-
Direction: Output | Type: String |
Specifies a trusted block label or trusted block token
for the trusted block constructed by the service. On input, the trusted_block_length
contains the size of this buffer. On output, the trusted_block_length
is updated with the actual byte length of the trusted block written
to the buffer if the trusted_block_identifier is a token. The trusted
block consists of the data supplied in input_block_identifier, but
with the MAC protection and Active flag updated according to the rule
array keyword that is provided. See Table 112 for
details on the actions. If the trusted_block_identifier is a label
identifying a key record in key storage, the returned trusted block
token will be written to the PKDS.