/* Rexx */
/* Sample: AES Clear Key Generation Using ICSF */
/*-------------------------------------------------------------------*/
/* Description: */
/* */
/* This REXX contains samples that show how to: */
/* - Generate a clear key */
/* - Store the clear key in the CKDS */
/* */
/* How To Run: */
/* - Execute this script from TSO */
/* (e.g. EX 'HLQ.MLD.LLQ(GENAESCL)') */
/*-------------------------------------------------------------------*/
/* Define the key label for the encryption key */
clear_key_label = left('SAMPLE.CLEAR.AES256.KEY001',64)
/* CLEANUP labels in use for this sample */
krd_label = clear_key_label
Call CSNBKRD
/*********************************************************************/
/* Generate the clear key material */
/*********************************************************************/
rng_rule_array_count = '00000001'x
rng_rule_array = 'ODD '
rng_random_number_length = '00000020'x
rng_random_number = copies('00'x, 32)
Call CSNBRNGL
say "clear key material: " c2x(rng_random_number)
/*********************************************************************/
/* Build the encryption key token */
/*********************************************************************/
ktb_key_type = 'CLRAES '
ktb_key_value = rng_random_number
ktb_rule_array_count = '00000003'x
ktb_rule_array = 'INTERNAL' ||,
'AES ' ||,
'KEYLN32 '
Call CSNBKTB
/*-----------------------------------------------------------------*/
/* Create a record for the AES key in the CKDS */
/*-----------------------------------------------------------------*/
krc2_label = clear_key_label
krc2_token_length = '00000040'x
krc2_token = ktb_key_token
Call CSNBKRC2
say "-----------------------------------------------------------------"
say "End of Sample"
say "-----------------------------------------------------------------"
exit
/* --------------------------------------------------------------- */
/* CSNBKTB - Key Token Build */
/* */
/* Builds a skeleton key token to be used as input for the key */
/* generate (CSNBKGN) or diversify key generate (CSNBDKG) callable */
/* service. */
/* */
/* See the ICSF Application Programmer's Guide for more details. */
/* --------------------------------------------------------------- */
CSNBKTB:
KTB_RC = 'FFFFFFFF'x
KTB_RS = 'FFFFFFFF'x
KTB_exit_data_length = '00000000'x
KTB_exit_data = ''
KTB_key_token = copies('00'x,64)
ktb_control_vector = ''
KTB_master_key_version_num = '00000000'x
KTB_key_register_num = '00000000'x
KTB_token_data_1 = ''
KTB_initialization_vector = ''
KTB_pad_character = '00000000'x
KTB_cryptographic_period_start = ''
KTB_masterkey_verify_parm = ''
ADDRESS linkpgm "CSNBKTB",
'KTB_RC' 'KTB_RS' ,
'KTB_exit_data_length' 'KTB_exit_data' ,
'KTB_key_token' 'KTB_key_type' ,
'KTB_rule_array_count' 'KTB_rule_array' ,
'KTB_key_value' 'KTB_master_key_version_num',
'KTB_key_register_num' 'KTB_token_data_1' ,
'KTB_control_vector' 'KTB_initialization_vector',
'KTB_pad_character' 'KTB_cryptographic_period_start',
'KTB_masterkey_verify_parm'
if (KTB_RC /= '00000000'x) Then
do
say 'KTB Failed (rc=' c2x(KTB_RC)' rs='c2x(KTB_rs)')'
exit
end
Return
/* --------------------------------------------------------------- */
/* CSNBKRC2 - Key Record Create */
/* */
/* Adds a key record to the CKDS. */
/* */
/* See the ICSF Application Programmer's Guide for more details. */
/* --------------------------------------------------------------- */
CSNBKRC2:
krc2_rc = 'FFFFFFFF'x
krc2_rs = 'FFFFFFFF'x
krc2_exit_data_length = '00000000'x
krc2_exit_data = ''
krc2_rule_array_count = '00000000'x
krc2_rule_array = ''
ADDRESS LINKPGM "CSNBKRC2",
"krc2_rc",
"krc2_rs",
"krc2_exit_data_length",
"krc2_exit_data",
"krc2_rule_array_count",
"krc2_rule_array",
"krc2_label",
"krc2_token_length",
"krc2_token"
if (KRC2_RC /= '00000000'x) Then
do
say 'KRC2 Failed (rc=' c2x(KRC2_RC)' rs='c2x(KRC2_rs)')'
exit
end
return
/* --------------------------------------------------------------- */
/* CSNBKRD - Key Record Delete */
/* */
/* Deletes a key record from the CKDS. */
/* */
/* See the ICSF Application Programmer's Guide for more details. */
/* --------------------------------------------------------------- */
CSNBKRD:
krd_rc = 'FFFFFFFF'x
krd_rs = 'FFFFFFFF'x
krd_exit_data_length = '00000000'x
krd_exit_data = ''
krd_rule_array_count = '00000001'x
krd_rule_array = 'LABEL-DL'
ADDRESS LINKPGM "CSNBKRD",
"krd_rc",
"krd_rs",
"krd_exit_data_length",
"krd_exit_data",
"krd_rule_array_count",
"krd_rule_array",
"krd_label"
if (KRD_RC /= '00000000'x & KRD_RS /= '0000271C'x) Then
say 'KRD Failed (rc=' c2x(KRD_RC)' rs='c2x(KRD_rs)')'
return
/* --------------------------------------------------------------- */
/* CSNBRNGL - Random Number Generate */
/* */
/* Generates a random number of the specified length */
/* */
/* See the ICSF Application Programmer's Guide for more details. */
/* --------------------------------------------------------------- */
CSNBRNGL:
rng_rc = 'FFFFFFFF'x
rng_rs = 'FFFFFFFF'x
rng_exit_data_length = '00000000'x
rng_exit_data = ''
rng_reserved_length = '00000000'x
rng_reserved = ''
ADDRESS linkpgm "CSNBRNGL",
'RNG_RC' 'RNG_RS' ,
'RNG_exit_data_length' 'RNG_exit_data' ,
'RNG_rule_array_count' 'RNG_rule_array' ,
'RNG_reserved_length' 'RNG_reserved' ,
'RNG_random_number_length' 'RNG_random_number'
if (RNG_RC /= '00000000'x) Then
do
say 'RNG Failed (rc=' c2x(RNG_RC)' rs='c2x(RNG_rs)')'
exit
end
return