- return_code
-
Direction: Output | Type: Integer |
The return code specifies the general result of the callable
service. Appendix A. ICSF and TSS Return and Reason Codes lists the return codes.
- reason_code
-
Direction: Output | Type: Integer |
The reason code specifies the result of the callable service
that is returned to the application program. Each return code has
different reason codes that indicate specific processing problems. Appendix A. ICSF and TSS Return and Reason Codes lists the reason codes.
- exit_data_length
-
Direction: Input/Output | Type: Integer |
The length of the data that is passed to the installation
exit. The length can be from X'00000000' to X'7FFFFFFF' (2
gigabytes). The data is identified in the exit_data parameter.
- exit_data
-
Direction: Input/Output | Type: String |
The data that is passed to the installation exit.
- key_type
-
Direction: Input | Type: Character string |
The parameter is an 8-byte field that contains either a
key type value or the keyword TOKEN. The keyword is left-justified
and padded on the right with blanks.
If the key type is TOKEN, ICSF determines
the key type from the control vector (CV) field in the internal key
token provided in the source_key_identifier parameter.
If the control vector is invalid on the Cryptographic Coprocessor Feature, the key export request
will be routed to the PCI Cryptographic Coprocessor.
Key type values for
the Key Export callable service are: CIPHER, DATA, DATAC, DATAM, DATAMV,
DATAXLAT, DECIPHER, ENCIPHER, EXPORTER, IKEYXLAT, IMPORTER, IPINENC,
MAC, MACD, MACVER, OKEYXLAT, OPINENC, PINGEN and PINVER. For information
on the meaning of the key types, see Table 3.
- source_key_identifier
-
Direction: Input | Type: String |
A 64-byte string of the internal key token that contains
the key to be reenciphered. This parameter must identify an internal
key token in application storage, or a label of an existing key in
the cryptographic key data set.
If you supply TOKEN for the key_type parameter, ICSF looks
at the control vector in the internal key token and determines the
key type from this information. If you supply TOKEN for the key_type parameter
and supply a label for this parameter, the label must be unique in
the cryptographic key data set.
- exporter_key_identifier
-
Direction: Input/Output | Type: String |
A 64-byte string of the internal key token or key label
that contains the exporter key-encrypting key. This parameter must
identify an internal key token in application storage, or a label
of an existing key in the cryptographic key data set.
If the
NOCV bit is on in the internal key token containing the key-encrypting
key, the key-encrypting key itself (not the key-encrypting key variant)
is used to encipher the generated key. For example, the key has been
installed in the cryptographic key data set through the key generator
utility program or the key entry hardware using the NOCV parameter;
or you are passing the key-encrypting key in the internal key token
with the NOCV bit on and your program is running in supervisor state
or in key 0-7.
Control vectors are explained in Control Vector for DES Keys and
the NOCV bit is shown in Table 333.
- target_key_identifier
-
Direction: Output | Type: String |
The 64-byte field external key token that contains the
reenciphered key. The reenciphered key can be exchanged with another
cryptographic system.
ICSF supports two methods of wrapping
the key value in a symmetric key token: the original ECB wrapping
and an enhanced CBC wrapping method which is ANSI X9.24 compliant.
The output target_key_identifier will be wrapped in the same
manner as the source_key_identifier.