/* Rexx */
/* Pervasive (Data Set) Encryption: Step 6 of 10 */
/*-------------------------------------------------------------------*/
/* Generate a secure AES DATA key, store the key in the CKDS and */
/* display the key label and key. If the key label already exists, */
/* return the existing key label and key. */
/*-------------------------------------------------------------------*/
/* Instructions: */
/* - Update aes_key_label with your desired key label name */
/* */
/* Note: An example key label naming scheme is */
/* DATASET.<dataset_resource>.ENCRKEY.<seqno> */
/* */
/* - EXECUTE THIS CLIST FROM TSO */
/* (E.G. EX 'HLQ.MLD.LLQ(GENKEY)') */
/*-------------------------------------------------------------------*/
signal on novalue;
aes_key_label = ,
left('DATASET.EYSHA.ICSF.ENCRYPT.ME.ENCRKEY.00000001',64);
/*-------------------------------------------------------------------*/
/* Check if the key exists in the CKDS (to prevent overwriting) */
/*-------------------------------------------------------------------*/
krr_label = aes_key_label;
krr_token = copies('00'x,64);
Call CSNBKRR; /* If key is found, print and exit */
/*-------------------------------------------------------------------*/
/* Generate a 256-bit AES DATA key */
/*-------------------------------------------------------------------*/
kgn_key_form = 'OP ';
kgn_key_length = 'KEYLN32 ';
kgn_key_type_1 = 'AESDATA ';
kgn_key_type_2 = '';
kgn_kek_identifier_1 = copies('00'x,64);
kgn_kek_identifier_2 = '';
kgn_generated_key_identifier_1 = copies('00'x,64);
kgn_generated_key_identifier_2 = '';
Call CSNBKGN;
/*-------------------------------------------------------------------*/
/* Store the key in the CKDS */
/*-------------------------------------------------------------------*/
krc2_label = aes_key_label;
krc2_token_length = '00000040'x;
krc2_token = kgn_generated_key_identifier_1;
Call CSNBKRC2;
/*-------------------------------------------------------------------*/
/* Read the key from the CKDS */
/*-------------------------------------------------------------------*/
krr_label = aes_key_label;
krr_token = copies('00'x,64);
Call CSNBKRR;
say "-----------------------------------------------------------------"
say "End of Sample"
say "-----------------------------------------------------------------"
exit;
/* --------------------------------------------------------------- */
/* CSNBKGN - Key Generate */
/* */
/* Generates either one or two DES or AES keys encrypted under a */
/* master key (internal form) or KEK (external form). */
/* */
/* See the ICSF Application Programmer's Guide for more details. */
/* --------------------------------------------------------------- */
CSNBKGN:
KGN_RC = 'FFFFFFFF'x;
KGN_RS = 'FFFFFFFF'x;
KGN_exit_data_length = '00000000'x;
KGN_exit_data = '';
ADDRESS linkpgm "CSNBKGN",
'KGN_RC' 'KGN_RS' ,
'KGN_exit_data_length' 'KGN_exit_data' ,
'KGN_key_form' 'KGN_key_length' ,
'KGN_key_type_1' 'KGN_key_type_2' ,
'KGN_kek_identifier_1' 'KGN_kek_identifier_2' ,
'KGN_generated_key_identifier_1' 'KGN_generated_key_identifier_2';
if (KGN_RC /= '00000000'x) Then
do;
say 'KGN Failed (rc=' c2x(KGN_RC)' rs='c2x(KGN_rs)')' ;
exit;
end;
Return;
/* --------------------------------------------------------------- */
/* CSNBKRC2 - Key Record Create2 */
/* */
/* Adds a key token to the CKDS. */
/* */
/* See the ICSF Application Programmer's Guide for more details. */
/* --------------------------------------------------------------- */
CSNBKRC2:
krc2_rc = 'FFFFFFFF'x;
krc2_rs = 'FFFFFFFF'x;
krc2_exit_data_length = '00000000'x;
krc2_exit_data = '';
krc2_rule_count = '00000000'x;
krc2_rule_array = '';
ADDRESS LINKPGM "CSNBKRC2",
"krc2_rc",
"krc2_rs",
"krc2_exit_data_length",
"krc2_exit_data",
"krc2_rule_count",
"krc2_rule_array",
"krc2_label",
"krc2_token_length",
"krc2_token";
if (KRC2_RC /= '00000000'x & KRC2_RS /= '00003EA4'x) then
do;
say 'KRC2 Failed (rc=' c2x(KRC2_RC)' rs='c2x(KRC2_rs)')' ;
exit;
end;
return;
/* --------------------------------------------------------------- */
/* CSNBKRD - Key Record Delete */
/* */
/* Deletes a key record from the CKDS. */
/* */
/* See the ICSF Application Programmer's Guide for more details. */
/* --------------------------------------------------------------- */
CSNBKRD:
krd_rc = 'FFFFFFFF'x;
krd_rs = 'FFFFFFFF'x;
krd_exit_data_length = '00000000'x;
krd_exit_data = '';
krd_rule_array_count = '00000001'x;
krd_rule_array = 'LABEL-DL';
ADDRESS LINKPGM "CSNBKRD",
"krd_rc",
"krd_rs",
"krd_exit_data_length",
"krd_exit_data",
"krd_rule_array_count",
"krd_rule_array",
"krd_label";
if (KRD_RC /= '00000000'x & KRD_RS /= '0000271C'x) Then
say 'KRD Failed (rc=' c2x(KRD_RC)' rs='c2x(KRD_rs)')' ;
return;
/* --------------------------------------------------------------- */
/* CSNBKRR - Key Record Read (CKDS) */
/* */
/* Reads a key token from the CKDS. */
/* */
/* See the ICSF Application Programmer's Guide for more details. */
/* --------------------------------------------------------------- */
CSNBKRR:
krr_rc = 'FFFFFFFF'x;
krr_rs = 'FFFFFFFF'x;
krr_exit_data_length = '00000000'x;
krr_exit_data = '';
krr_token = copies('00'x, 64);
ADDRESS LINKPGM "CSNBKRR",
"krr_rc",
"krr_rs",
"krr_exit_data_length",
"krr_exit_data",
"krr_label",
"krr_token";
if (KRR_RC = '00000000'x) Then
do;
say "Secure key label: " strip(aes_key_label);
say "Secure key token: ";
say c2x(substr(krr_token,1,32));
say c2x(substr(krr_token,33,32));
exit;
end;
return;
/* --------------------------------------------------------------- */
/* Debug ;-) */
/* --------------------------------------------------------------- */
NOVALUE:
Say "Condition NOVALUE was raised."
Say CONDITION("D") "variable was not initialized."
Say SOURCELINE(sigl)
Exit