/* Rexx */
/* Sample: AES Clear Key Encryption Using ICSF */
/*-------------------------------------------------------------------*/
/* Description: */
/* */
/* This REXX contains samples that show the encryption process: */
/* - Generate a clear key */
/* - Store the clear key in the CKDS */
/* - Encrypt data using the clear key */
/* - Decrypt data using the clear key */
/* */
/* How To Run: */
/* - Execute this script from TSO */
/* (e.g. EX 'HLQ.MLD.LLQ(AESCLR)') */
/*-------------------------------------------------------------------*/
signal on novalue;
/* Define the key label for the encryption key */
clear_key_label = left('ICSF.SECRET.AESCLR.KEY001',64);
/* CLEANUP labels in use for this sample */
krd_label = clear_key_label;
Call CSNBKRD;
/*********************************************************************/
/* Create the symmetric encryption key */
/*********************************************************************/
/* Generate the clear key material */
rng_rule_array_count = '00000001'x;
rng_rule_array = 'ODD ';
rng_random_number_length = '00000020'x;
rng_random_number = copies('00'x, 32);
Call CSNBRNGL;
say "clear key material: " c2x(rng_random_number);
/* Build the encryption key */
ktb_key_type = 'CLRAES ';
ktb_key_value = rng_random_number;
ktb_rule_array_count = '00000003'x;
ktb_rule_array = 'INTERNAL' ||,
'AES ' ||,
'KEYLN32 ';
Call CSNBKTB;
clear_key_token = ktb_key_token;
say "encryption key: " c2x(clear_key_token);
/* Store the encryption key in the CKDS */
say 'clear_key_label: ' clear_key_label;
krc2_label = clear_key_label;
krc2_token_length = '00000040'x;
krc2_token = clear_key_token;
Call CSNBKRC2;
/*********************************************************************/
/* Perform symmetric encryption */
/*********************************************************************/
/* Call the clear key encrypt service */
sye_rule_array_count = '00000003'x;
sye_rule_array = 'AES ' ||,
'PKCS-PAD' ||,
'KEYIDENT';
sye_key_identifier_length = '00000040'x;
sye_key_identifier = clear_key_label;
sye_init_vector_length = '00000010'x;
sye_init_vector = '11111111111111111111111111111111'x;
sye_block_size = '00000010'x;
sye_clear_text_length = '0000000E'x;
sye_clear_text = 'sensitive data';
sye_cipher_text_length = '00000020'x;
sye_cipher_text = copies('00'x, 32);
Call CSNBSYE;
encrypted_text = substr(sye_cipher_text, 1, c2d(sye_cipher_text_length));
say 'clear_text: ' sye_clear_text;
say 'encrypted_text: ' c2x(encrypted_text);
/*********************************************************************/
/* Perform symmetric decryption */
/*********************************************************************/
/* Call the clear key decrypt service */
syd_rule_array_count = sye_rule_array_count;
syd_rule_array = sye_rule_array;
syd_key_identifier_length = '00000040'x;
syd_key_identifier = clear_key_label;
syd_init_vector_length = sye_init_vector_length;
syd_init_vector = sye_init_vector;
syd_block_size = sye_block_size;
syd_cipher_text_length = sye_cipher_text_length;
syd_cipher_text = sye_cipher_text;
syd_clear_text_length = '00000020'x;
syd_clear_text = copies('00'x, 32);
Call CSNBSYD;
decrypted_text = substr(syd_clear_text, 1, c2d(syd_clear_text_length));
say 'decrypted_text: ' decrypted_text;
say "-----------------------------------------------------------------"
say "End of Sample"
say "-----------------------------------------------------------------"
exit;
/* --------------------------------------------------------------- */
/* CSNBKTB - Key Token Build */
/* */
/* Builds a skeleton key token to be used as input for the key */
/* generate (CSNBKGN) or diversify key generate (CSNBDKG) callable */
/* service. */
/* */
/* See the ICSF Application Programmer's Guide for more details. */
/* --------------------------------------------------------------- */
CSNBKTB:
KTB_RC = 'FFFFFFFF'x;
KTB_RS = 'FFFFFFFF'x;
KTB_exit_data_length = '00000000'x;
KTB_exit_data = '';
KTB_key_token = copies('00'x,64)
ktb_control_vector = '';
KTB_master_key_version_num = '00000000'x
KTB_key_register_num = '00000000'x
KTB_token_data_1 = ''
KTB_initialization_vector = ''
KTB_pad_character = '00000000'x
KTB_cryptographic_period_start = '';
KTB_masterkey_verify_parm = '';
ADDRESS linkpgm "CSNBKTB",
'KTB_RC' 'KTB_RS' ,
'KTB_exit_data_length' 'KTB_exit_data' ,
'KTB_key_token' 'KTB_key_type' ,
'KTB_rule_array_count' 'KTB_rule_array' ,
'KTB_key_value' 'KTB_master_key_version_num',
'KTB_key_register_num' 'KTB_token_data_1' ,
'KTB_control_vector' 'KTB_initialization_vector',
'KTB_pad_character' 'KTB_cryptographic_period_start',
'KTB_masterkey_verify_parm';
if (KTB_RC /= '00000000'x) Then
do;
say 'KTB Failed (rc=' c2x(KTB_RC)' rs='c2x(KTB_rs)')' ;
exit;
end;
Return;
/* --------------------------------------------------------------- */
/* CSNBKRC2 - Key Record Create */
/* */
/* Adds a key record to the CKDS. */
/* */
/* See the ICSF Application Programmer's Guide for more details. */
/* --------------------------------------------------------------- */
CSNBKRC2:
krc2_rc = 'FFFFFFFF'x;
krc2_rs = 'FFFFFFFF'x;
krc2_exit_data_length = '00000000'x;
krc2_exit_data = '';
krc2_rule_array_count = '00000000'x;
krc2_rule_array = '';
ADDRESS LINKPGM "CSNBKRC2",
"krc2_rc",
"krc2_rs",
"krc2_exit_data_length",
"krc2_exit_data",
"krc2_rule_array_count",
"krc2_rule_array",
"krc2_label",
"krc2_token_length",
"krc2_token";
if (KRC2_RC /= '00000000'x) Then
do;
say 'KRC2 Failed (rc=' c2x(KRC2_RC)' rs='c2x(KRC2_rs)')' ;
exit;
end;
return;
/* --------------------------------------------------------------- */
/* CSNBKRD - Key Record Delete */
/* */
/* Deletes a key record from the CKDS. */
/* */
/* See the ICSF Application Programmer's Guide for more details. */
/* --------------------------------------------------------------- */
CSNBKRD:
krd_rc = 'FFFFFFFF'x;
krd_rs = 'FFFFFFFF'x;
krd_exit_data_length = '00000000'x;
krd_exit_data = '';
krd_rule_array_count = '00000001'x;
krd_rule_array = 'LABEL-DL';
ADDRESS LINKPGM "CSNBKRD",
"krd_rc",
"krd_rs",
"krd_exit_data_length",
"krd_exit_data",
"krd_rule_array_count",
"krd_rule_array",
"krd_label";
if (KRD_RC /= '00000000'x & KRD_RS /= '0000271C'x) Then
say 'KRD Failed (rc=' c2x(KRD_RC)' rs='c2x(KRD_rs)')' ;
return;
/* --------------------------------------------------------------- */
/* CSNBSYE - Symmetric Key Encipher */
/* */
/* Encrypts data using a clear, symmetric key */
/* */
/* See the ICSF Application Programmer's Guide for more details. */
/* --------------------------------------------------------------- */
CSNBSYE:
sye_rc = 'FFFFFFFF'x;
sye_rs = 'FFFFFFFF'x;
sye_exit_data_length = '00000000'x;
sye_exit_data = '';
sye_key_parms_length = '00000000'x;
sye_key_parms = '';
sye_chain_data_length = '00000020'x;
sye_chain_data = copies('00'x,32);
sye_optional_data_length = '00000000'x;
sye_optional_data = '';
ADDRESS linkpgm "CSNBSYE",
'SYE_RC' 'SYE_RS' ,
'SYE_exit_data_length' 'SYE_exit_data' ,
'SYE_rule_array_count' 'SYE_rule_array' ,
'SYE_key_identifier_length' 'SYE_key_identifier' ,
'SYE_key_parms_length' 'SYE_key_parms' ,
'SYE_block_size' ,
'SYE_init_vector_length' 'SYE_init_vector' ,
'SYE_chain_data_length' 'SYE_chain_data' ,
'SYE_clear_text_length' 'SYE_clear_text' ,
'SYE_cipher_text_length' 'SYE_cipher_text' ,
'SYE_optional_data_length' 'SYE_optional_data';
if (SYE_RC /= '00000000'x) Then
do;
say 'SYE Failed (rc=' c2x(SYE_RC)' rs='c2x(SYE_rs)')' ;
exit;
end;
return;
/* --------------------------------------------------------------- */
/* CSNBSYD - Symmetric Key Decipher */
/* */
/* Decrypts data using a clear, symmetric key */
/* */
/* See the ICSF Application Programmer's Guide for more details. */
/* --------------------------------------------------------------- */
CSNBSYD:
syd_rc = 'FFFFFFFF'x;
syd_rs = 'FFFFFFFF'x;
syd_exit_data_length = '00000000'x;
syd_exit_data = '';
syd_key_parms_length = '00000000'x;
syd_key_parms = '';
syd_chain_data_length = '00000020'x;
syd_chain_data = copies('00'x,32); ;
syd_optional_data_length = '00000000'x;
syd_optional_data = '';
ADDRESS linkpgm "CSNBSYD",
'SYD_RC' 'SYD_RS' ,
'SYD_exit_data_length' 'SYD_exit_data' ,
'SYD_rule_array_count' 'SYD_rule_array' ,
'SYD_key_identifier_length' 'SYD_key_identifier' ,
'SYD_key_parms_length' 'SYD_key_parms' ,
'SYD_block_size' ,
'SYD_init_vector_length' 'SYD_init_vector' ,
'SYD_chain_data_length' 'SYD_chain_data' ,
'SYD_cipher_text_length' 'SYD_cipher_text' ,
'SYD_clear_text_length' 'SYD_clear_text' ,
'SYD_optional_data_length' 'SYD_optional_data';
if (SYD_RC /= '00000000'x) Then
do;
say 'SYD Failed (rc=' c2x(SYD_RC)' rs='c2x(SYD_rs)')' ;
exit;
end;
return;
/* --------------------------------------------------------------- */
/* CSNBRNGL - Random Number Generate */
/* */
/* Generates a random number of the specified length */
/* */
/* See the ICSF Application Programmer's Guide for more details. */
/* --------------------------------------------------------------- */
CSNBRNGL:
rng_rc = 'FFFFFFFF'x;
rng_rs = 'FFFFFFFF'x;
rng_exit_data_length = '00000000'x;
rng_exit_data = '';
rng_reserved_length = '00000000'x;
rng_reserved = '';
ADDRESS linkpgm "CSNBRNGL",
'RNG_RC' 'RNG_RS' ,
'RNG_exit_data_length' 'RNG_exit_data' ,
'RNG_rule_array_count' 'RNG_rule_array' ,
'RNG_reserved_length' 'RNG_reserved' ,
'RNG_random_number_length' 'RNG_random_number';
if (RNG_RC /= '00000000'x) Then
do;
say 'RNG Failed (rc=' c2x(RNG_RC)' rs='c2x(RNG_rs)')' ;
exit;
end;
return;