|
- return_code
-
Direction: Output | Type: Integer |
The return code specifies the general result of the callable
service. Appendix A. ICSF and TSS Return and Reason Codes lists the return codes.
- reason_code
-
Direction: Output | Type: Integer |
The reason code specifies the result of the callable service
that is returned to the application program. Each return code has
different reason codes that indicate specific processing problems. Appendix A. ICSF and TSS Return and Reason Codes lists the reason codes.
- exit_data_length
-
Direction: Ignored | Type: Integer |
This field is ignored. It is recommended to specify 0 for
this parameter.
- exit_data
-
Direction: Ignored | Type: String |
This field is ignored.
- rule_array_count
-
Direction: Input | Type: Integer | The number of keywords you supplied in the rule_array parameter.
This value must be 1.
- rule_array
-
Direction: Input | Type: String |
Keywords that provide control information to the callable
service. Each keyword is left-justified in 8-byte fields and padded
on the right with blanks. All keywords must be in contiguous storage.
Table 312. Keywords for derive multiple keysKeyword | Meaning |
---|
Mechanism
(required) | TLS-PRF | Use
the TLS Pseudo-Random Function derivation protocol as defined in the
PKCS #11 standard as mechanism CKM_TLS_PRF. This mechanism derives
deterministic random bytes from a caller supplied secret key object
and other parameters. | PRNG | Generate
pseudo-random bytes using the best source available. If a secure cryptographic
coprocessor that supports RNGL is installed and configured, it will
be used to produce true (non-deterministic) random data. Otherwise,
a pseudo (deterministic) random algorithm, consistent with ANSI X9.31,
will be utilized. If a secure cryptographic coprocessor is installed
and configured, it will be used to provide entropy in producing the
pseudo-random data. Otherwise, an IBM proprietary entropy algorithm
will be used in producing the pseudo-random data |
- handle
-
Direction: Input | Type: String | For mechanism TLS-PRF, this is the 44-byte handle of the source
secret key object. The CKA_DERIVE attribute for the secret key object
must be true. If no key is to be used, set the handle to all blanks.
For mechanism PRNG, this is the 44-byte name of the token to which
this operation is related. The first 32 bytes of the handle are meaningful.
The remaining 12 bytes are reserved and must be blanks.
See Handles for the format of a handle.
- parms_list_length
-
Direction: Input | Type: Integer | The length of the parameters supplied in the parms_list parameter
in bytes.
- parms_list
-
Direction: Input/Output | Type: String | The protocol specific parameters. This field has a varying
format depending on the mechanism specified:
Table 313. parms_list parameter format for TLS-PRF mechanismOffset | Length in bytes | Direction | Description |
---|
0 | 1 | input | PRF function code - x'00',
use combined MD5/SHA1 digest algorithm as defined in TLS 1.0/1.1,
otherwise use the following single digest algorithm as defined in
TLS 1.2: x'01' = SHA256, x'02' = SHA384, and
x'03' = SHA512 | 1 | 3 | not applicable | reserved | 4 | 4 | input | length in bytes of the label (x). where
1 <= length <= 256 | 8 | 4 | input | length in bytes of the seed (y), where 1 <=
length <= 256 | 12 | x | input | label | 12+x | y | input | seed | For the PRNG mechanism, there are no paramerters. The parms_list_length parameter
must be set to zero for this mechanism
- prf_output_length
-
Direction: Input | Type: Integer | The length in bytes of pseudo-random data to be generated
and returned in the prf_output parameter. The maximum length
is 2147483647 bytes.
- prf_output
-
Direction: Output | Type: String | The pre-allocated area in which the pseudo-random data
is returned.
|