/* Rexx */
/* PKCS#11 HMAC Sample */
/*-------------------------------------------------------------------*/
/* Description: */
/* */
/* This REXX contains samples that show PKCS#11 HMAC Generation */
/* - Create a PKCS #11 token */
/* - Create a secure generic secret key from existing key material */
/* - Generate a SHA-256 HMAC using the secure key */
/* */
/* How To Run: */
/* - Execute this script from TSO */
/* (e.g. EX 'HLQ.MLD.LLQ(P11HMAC2)') */
/*-------------------------------------------------------------------*/
/* PKCS#11 Constants for this sample */
CKO_SECRET_KEY = '00000004'X
CKK_GENERIC_SECRET = '00000010'X
CK_TRUE = '01'x
CKA_CLASS = '00000000'X
CKA_TOKEN = '00000001'X
CKA_VALUE = '00000011'X
CKA_KEY_TYPE = '00000100'X
CKA_SIGN = '00000108'X
CKA_IBM_SECURE = '80000006'x
/* CLEANUP tokens in use for this sample */
Token_Handle = left('SAMPLE#P11HMAC#TOKEN',44)
TRD_Handle = Token_Handle
Call CSFPTRD
/*********************************************************************/
/* Create a PKCS#11 token to contain PKCS #11 objects. */
/*********************************************************************/
TRC_rule_count = '00000001'x
TRC_rule_array = 'TOKEN '
TRC_attr_list = ,
'Manufacturer ' ||, /* 32 char Manuf ID */
'Model# _P11HMAC' ||, /* 16 char Model */
'Serial# _P11HMAC' ||, /* 16 char Serial# */
'00000000'x /* 4 char reserved */
TRC_attr_list_length = d2c(length(TRC_attr_list),4)
Call CSFPTRC
say "token handle: " trc_handle
/*********************************************************************/
/* Create a secure PKCS#11 Generic Secret key from known key */
/* material and store the key in the TKDS. */
/*********************************************************************/
key_value = '00112233445566778899AABBCCDDEEFF'x
TRC_rule_count = '00000001'x
TRC_rule_array = 'OBJECT '
TRC_attr_list = '0006'x ||,
CKA_CLASS || '0004'x || CKO_SECRET_KEY ||,
CKA_KEY_TYPE || '0004'x || CKK_GENERIC_SECRET ||,
CKA_VALUE || '0010'x || key_value ||,
CKA_SIGN || '0001'x || CK_TRUE ||, /* Allow HMAC */
CKA_IBM_SECURE || '0001'x || CK_TRUE ||, /* Secure Key */
CKA_TOKEN || '0001'x || CK_TRUE /* Store in TKDS */
TRC_attr_list_length = d2c(length(TRC_attr_list),4)
Call CSFPTRC
say "key handle: " trc_handle
/*********************************************************************/
/* Generate SHA-256 HMAC using the secure key */
/*********************************************************************/
text = "Hello World"
HMG_rule_array_count = '00000001'x
HMG_rule_array = 'SHA-256 '
HMG_text_length = d2c(length(text),4)
HMG_text = text
HMG_text_id = '00000000'x
HMG_key_handle = TRC_handle
HMG_hmac_length = '00000020'x
HMG_hmac = copies('00'x,32)
Call CSFPHMG
say 'hmac_length' c2d(HMG_hmac_length);
say 'hmac' c2x(HMG_hmac);
say "-----------------------------------------------------------------"
say "End of Sample"
say "-----------------------------------------------------------------"
exit;
/* --------------------------------------------------------------- */
/* CSFPHMG - PKCS #11 Generate HMAC */
/* */
/* Generates a hashed message authentication code (MAC). */
/* */
/* See the ICSF Application Programmer's Guide for more details. */
/* --------------------------------------------------------------- */
CSFPHMG:
HMG_rc = 'FFFFFFFF'x
HMG_rs = 'FFFFFFFF'x
HMG_exit_data_length = '00000000'x
HMG_exit_data = ''
HMG_chain_data_length = '00000080'x
HMG_chain_data = copies('00'x,128)
Address LINKPGM 'CSFPHMG',
'HMG_rc' 'HMG_rs' ,
'HMG_exit_data_length' 'HMG_exit_data' ,
'HMG_rule_array_count' 'HMG_rule_array' ,
'HMG_text_length' 'HMG_text' ,
'HMG_text_id' ,
'HMG_chain_data_length' 'HMG_chain_data' ,
'HMG_key_handle' ,
'HMG_hmac_length' 'HMG_hmac'
if (HMG_rc /= '00000000'x) then
do
say "HMG Failed: RC =" c2x(HMG_rs) "RS =" c2x(HMG_rs)
exit
end
return
/* --------------------------------------------------------------- */
/* CSFPTRC - PKCS #11 Token Record Create */
/* */
/* Initializes a PKCS #11 token, creates or copies token or */
/* session objects. */
/* */
/* See the ICSF Application Programmer's Guide for more details. */
/* --------------------------------------------------------------- */
CSFPTRC:
TRC_rc = 'FFFFFFFF'x
TRC_rs = 'FFFFFFFF'x
TRC_exit_length = '00000000'x
TRC_exit_data = ''
TRC_handle = token_handle
ADDRESS linkpgm 'CSFPTRC' ,
'TRC_rc' 'TRC_rs' ,
'TRC_exit_length' 'TRC_exit_data' ,
'TRC_handle' ,
'TRC_rule_count' 'TRC_rule_array' ,
'TRC_attr_list_length' 'TRC_attr_list'
if (TRC_rc /= '00000000'x) then
do
say "TRC Failed: RC =" c2x(TRC_rc) "RS =" c2x(TRC_rs)
exit
end
return
/* --------------------------------------------------------------- */
/* CSFPTRD - PKCS #11 Token Record Delete */
/* */
/* Deletes a PKCS #11 token, token object, session object or state */
/* object. */
/* */
/* See the ICSF Application Programmer's Guide for more details. */
/* --------------------------------------------------------------- */
CSFPTRD:
TRD_rc = 'FFFFFFFF'x
TRD_rs = 'FFFFFFFF'x
TRD_exit_length = '00000000'x
TRD_exit_data = ''
TRD_rule_count = '00000001'x
TRD_rule_array = 'TOKEN '
ADDRESS linkpgm 'CSFPTRD' ,
'TRD_rc' 'TRD_rs' ,
'TRD_exit_length' 'TRD_exit_data' ,
'TRD_handle' ,
'TRD_rule_count' 'TRD_rule_array'
if (TRD_rc /= '00000000'x) & ,
¬(TRD_rc = '00000008'x & TRD_rs = '00000BD3'x) then
say "TRD Failed: RC =" c2x(TRD_rc) "RS =" c2x(TRD_rs)
return