z/OS Cryptographic Services ICSF Application Programmer's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Parameters

z/OS Cryptographic Services ICSF Application Programmer's Guide
SA22-7522-16

return_code
Direction: OutputType: Integer

The return code specifies the general result of the callable service. Appendix A. ICSF and TSS Return and Reason Codes lists the return codes.

reason_code
Direction: OutputType: Integer

The reason code specifies the result of the callable service that is returned to the application program. Each return code has different reason codes that indicate specific processing problems. Appendix A. ICSF and TSS Return and Reason Codes lists the reason codes.

exit_data_length
Direction: IgnoredType: Integer

This field is ignored. It is recommended to specify 0 for this parameter.

exit_data
Direction: IgnoredType: String

This field is ignored.

rule_array_count
Direction: InputType: Integer
The number of keywords you supplied in the rule_array parameter. This value must be 1.
rule_array
Direction: InputType: String

Keywords that provide control information to the callable service. Each keyword is left-justified in 8-byte fields and padded on the right with blanks. All keywords must be in contiguous storage.

Table 312. Keywords for derive multiple keys
KeywordMeaning
Mechanism (required)
TLS-PRFUse the TLS Pseudo-Random Function derivation protocol as defined in the PKCS #11 standard as mechanism CKM_TLS_PRF. This mechanism derives deterministic random bytes from a caller supplied secret key object and other parameters.
PRNGGenerate pseudo-random bytes using the best source available. If a secure cryptographic coprocessor that supports RNGL is installed and configured, it will be used to produce true (non-deterministic) random data. Otherwise, a pseudo (deterministic) random algorithm, consistent with ANSI X9.31, will be utilized. If a secure cryptographic coprocessor is installed and configured, it will be used to provide entropy in producing the pseudo-random data. Otherwise, an IBM proprietary entropy algorithm will be used in producing the pseudo-random data
handle
Direction: InputType: String
For mechanism TLS-PRF, this is the 44-byte handle of the source secret key object. The CKA_DERIVE attribute for the secret key object must be true. If no key is to be used, set the handle to all blanks.

For mechanism PRNG, this is the 44-byte name of the token to which this operation is related. The first 32 bytes of the handle are meaningful. The remaining 12 bytes are reserved and must be blanks.

See Handles for the format of a handle.

parms_list_length
Direction: InputType: Integer
The length of the parameters supplied in the parms_list parameter in bytes.
parms_list
Direction: Input/OutputType: String
The protocol specific parameters. This field has a varying format depending on the mechanism specified:
Table 313. parms_list parameter format for TLS-PRF mechanism
OffsetLength in bytesDirectionDescription
01inputPRF function code - x'00', use combined MD5/SHA1 digest algorithm as defined in TLS 1.0/1.1, otherwise use the following single digest algorithm as defined in TLS 1.2: x'01' = SHA256, x'02' = SHA384, and x'03' = SHA512
13not applicablereserved
44inputlength in bytes of the label (x). where 1 <= length <= 256
84inputlength in bytes of the seed (y), where 1 <= length <= 256
12xinputlabel
12+xyinputseed
For the PRNG mechanism, there are no paramerters. The parms_list_length parameter must be set to zero for this mechanism
prf_output_length
Direction: InputType: Integer
The length in bytes of pseudo-random data to be generated and returned in the prf_output parameter. The maximum length is 2147483647 bytes.
prf_output
Direction: OutputType: String
The pre-allocated area in which the pseudo-random data is returned.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014