The callable service names for AMODE(64) invocation are CSNEOWH and CSNEOWH1.
CALL CSNBOWH(
return_code,
reason_code,
exit_data_length,
exit_data,
rule_array_count,
rule_array,
text_length,
text,
chaining_vector_length,
chaining_vector,
hash_length,
hash)
CALL CSNBOWH1(
return_code,
reason_code,
exit_data_length,
exit_data,
rule_array_count,
rule_array,
text_length,
text,
chaining_vector_length,
chaining_vector,
hash_length,
hash,
text_id_in)
Direction | Type |
---|---|
Output | Integer |
The return code specifies the general result of the callable service. ICSF and cryptographic coprocessor return and reason codes lists the return codes.
Direction | Type |
---|---|
Output | Integer |
The reason code specifies the result of the callable service that is returned to the application program. Each return code has different reason codes assigned to it that indicate specific processing problems. ICSF and cryptographic coprocessor return and reason codes lists the reason codes.
Direction | Type |
---|---|
Input/Output | Integer |
The length of the data that is passed to the installation exit. The data is identified in the exit_data parameter.
Direction | Type |
---|---|
Input/Output | String |
The data that is passed to the installation exit.
Direction | Type |
---|---|
Input | Integer |
The number of keywords you are supplying in the rule_array parameter. The value must be 1, 2 or 3.
Direction | Type |
---|---|
Input | String |
Keywords that provide control information to the callable service are listed in Table 1. The optional chaining flag keyword indicates whether calls to this service are chained together logically to overcome buffer size limitations. Each keyword is left-justified in an 8-byte field and padded on the right with blanks. All keywords must be in contiguous storage.
Keyword | Meaning |
---|---|
Hash Method (required) | |
MD5 | Hash algorithm is MD5 algorithm. Use this hash method for PKCS-1.0 and PKCS-1.1. Length of hash generated is 16 bytes. |
MD5-LG | Hash algorithm is similar to the MD5 algorithm. Use this hash method for PKCS-1.0 and PKCS-1.1. Length of hash generated is 16 bytes. Legacy hash values from release HCR7751 and lower prior to APAR OA33657 will be generated for verification purposes with previously archived hash values. |
RPMD-LG | Hash algorithm is similar to the RIPEMD-160. Length of hash generated is 20 bytes. Legacy hash values from release HCR7751 and lower prior to APAR OA33657 will be generated for verification purposes with previously archived hash values. |
RPMD-160 | Hash algorithm is RIPEMD-160. Length of hash generated is 20 bytes. |
SHA-1 | Hash algorithm is SHA-1 algorithm. Use this hash method for DSS. Length of hash generated is 20 bytes. |
SHA-224 | Hash algorithm is SHA-256 algorithm. Length of hash generated is 28 bytes. |
SHA-256 | Hash algorithm is SHA-256 algorithm. Length of hash generated is 32 bytes. |
SHA-384 | Hash algorithm is SHA-384 algorithm. Length of hash generated is 48 bytes. |
SHA-512 | Hash algorithm is SHA-512 algorithm. Length of hash generated is 64 bytes. |
SHA1LG | Hash algorithm is similar to the SHA-1 algorithm. Use only when text_length is greater than or equal to 256 megabytes (512 megabytes on IBM eServer zSeries 990, IBM eServer zSeries 890, or later hardware on HCR7770). Use this hash method for DSS (applies to One-Way Hash Generate only.) Length of hash generated is 20 bytes. Legacy hash values from release HCR7770 and higher prior to APAR OA43937 will be generated for verification purposes with previously archived hash values. |
SHA224LG | Hash algorithm is similar to the SHA-224 algorithm. Use only when text_length is greater than or equal to 256 megabytes (512 megabytes on IBM eServer zSeries 990, IBM eServer zSeries 890, or later hardware on HCR7770). Length of hash generated is 28 bytes. Legacy hash values from release HCR7770 and higher prior to APAR OA43937 will be generated for verification purposes with previously archived hash values. |
SHA256LG | Hash algorithm is similar to the SHA-256 algorithm. Use only when text_length is greater than or equal to 256 megabytes (512 megabytes on IBM eServer zSeries 990, IBM eServer zSeries 890, or later hardware on HCR7770). Length of hash generated is 32 bytes. Legacy hash values from release HCR7770 and higher prior to APAR OA43937 will be generated for verification purposes with previously archived hash values. |
SHA384LG | Hash algorithm is similar to the SHA-384 algorithm. Use only when text_length is greater than or equal to 256 megabytes (512 megabytes on IBM eServer zSeries 990, IBM eServer zSeries 890, or later hardware on HCR7770). Length of hash generated is 48 bytes. Legacy hash values from release HCR7770 and higher prior to APAR OA43937 will be generated for verification purposes with previously archived hash values. |
SHA512LG | Hash algorithm is similar to the SHA-512 algorithm. Use only when text_length is greater than or equal to 256 megabytes (512 megabytes on IBM eServer zSeries 990, IBM eServer zSeries 890, or later hardware on HCR7770). Length of hash generated is 64 bytes. Legacy hash values from release HCR7770 and higher prior to APAR OA43937 will be generated for verification purposes with previously archived hash values. |
Chaining Flag (optional) | |
FIRST | Specifies this is the first call in a series of chained calls. Intermediate results are stored in the hash field. |
LAST | Specifies this is the last call in a series of chained calls. |
MIDDLE | Specifies this is a middle call in a series of chained calls. Intermediate results are stored in the hash field. |
ONLY | Specifies this is the only call and the call is not chained. This is the default. |
Direction | Type |
---|---|
Input | Integer |
The length of the text parameter in bytes.
For ONLY and LAST, this service performs the required padding according to the algorithm specified.
Direction | Type |
---|---|
Input | String |
Direction | Type |
---|---|
Input | Integer |
The byte length of the chaining_vector parameter. This must be 128 bytes.
Direction | Type |
---|---|
Input/Output | String |
This field is a 128-byte work area. Your application must not change the data in this string. The chaining vector permits chaining data from one call to another.
Direction | Type |
---|---|
Input | Integer |
The length of the supplied hash field in bytes.
For SHA-384 and SHA-512, the length must be at least 64 bytes long. Even though the length of the SHA-384 hash is less than SHA-512, the extra bytes are used as a work area during the generation of the hash value. The SHA-384 value is left-justified and padded with zeroes.
Direction | Type |
---|---|
Input/Output | String |
This field contains the hash, left-justified. The processing of the rest of the field depends on the implementation. If you specify the FIRST or MIDDLE keyword, this field contains the intermediate hash value. Your application must not change the data in this field between the sequence of FIRST, MIDDLE, and LAST calls for a specific message.
Direction | Type |
---|---|
Input | Integer |
For CSNBOWH1 only, the ALET for the data space containing the text for which to generate the hash.
Although MD5, SHA-1 and SHA-256 allow it, bit length text is not supported for any hashing method.
If the CSF.CSFSERV.AUTH.CSFOWH.DISABLE SAF resource profile is defined in the XFACILIT SAF resource class, no SAF authorization checks will be performed against the CSFSERV class when using this service. If CSF.CSFSERV.AUTH.CSFOWH.DISABLE is not defined, the SAF authorization check will be performed. Disabling the SAF check may improve the performance of your application.
The following table lists the required cryptographic hardware for each server type and describes restrictions for this callable service.
Server | Required cryptographic hardware | Restrictions |
---|---|---|
IBM
eServer zSeries 990 IBM eServer zSeries 890 |
CP Assist for Cryptographic Functions | SHA-1 requires CPACF Keywords SHA-224, SHA-256, SHA-384 and SHA-512 are not supported. |
IBM
System z9 EC IBM System z9 BC |
CP Assist for Cryptographic Functions | Keywords SHA-384 and SHA-512 are not supported |
IBM
System z10 EC IBM System z10 BC |
CP Assist for Cryptographic Functions | |
IBM zEnterprise 196 IBM zEnterprise 114 |
CP Assist for Cryptographic Functions | |
IBM zEnterprise EC12 IBM zEnterprise BC12 |
CP Assist for Cryptographic Functions | |
IBM z13 | CP Assist for Cryptographic Functions |