Hi all,
I was tasked to do AES 256-bit encryption using clear-text key via COBOL call to ICSF APIs, so I figured that CSNBSYE and CSNBSYD would be the correct APIs to used. My input records are fixed 43-byte long (not multiples of 16, the ideal block size for AES) so I figured I would use the chaining vectors to "link" the calls together.
According to the documentation, I would either:
1. use AES / CFB / INITIAL for each call, and move the first 16 bytes of OCV to the ICV for each call subsequent to the first; or
2. use AES / CFB / INITIAL for first call, and AES / CFB / CONTINUE for subsequent calls, and let the algorithm handle the chaining vector.
But either way, I'm not getting the correct result. For case 1, I would get garbage in the first 15-16 bytes in the decrypted records; for case 2, I would get RC=8 and Reason=2036. I spent quite some time on debugging with no clues until I ran into the following:
http://www-01.ibm.com/support/docview.wss?uid=isg1OA42606
I'm not sure if my installation has the version of ICSF including the above fix, and I would like to know how to find out.
My ICSF panel says HCR77A0 (dated September 2012), does it mean that it doesn't have the fix which was released mid-2013?
Thanks so much in advance!
Best reagards,
Alan
yakyu