ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzajc_5.4.0.1/rzajcpinsamptxt.htm

879 lines
43 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Example: Working with PINs on your Cryptographic Coprocessor" />
<meta name="abstract" content="Change this program example to suit your needs for working with PINs on your Cryptographic Coprocessor." />
<meta name="description" content="Change this program example to suit your needs for working with PINs on your Cryptographic Coprocessor." />
<meta name="DC.Relation" scheme="URI" content="rzajcworkpin.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="pinsamptxt" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Example: Working with PINs on your Cryptographic Coprocessor</title>
</head>
<body id="pinsamptxt"><a name="pinsamptxt"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Example: Working with PINs on your Cryptographic Coprocessor</h1>
<div><p>Change this program example to suit your needs for working with
PINs on your Cryptographic Coprocessor.</p>
<div class="section"><div class="note"><span class="notetitle">Note:</span> Read the <a href="codedisclaimer.htm#codedisclaimer">Code license and disclaimer information</a> for
important legal information.<p>If you choose to use this program example,
change it to suit your specific needs. For security reasons, IBM<sup>®</sup> recommends
that you individualize these program examples rather than using the default
values provided.</p>
</div>
</div>
<div class="example"> <pre> F*************************************************************
F* PINSAMPLE
F*
F* Sample program that shows the use of the appropriate
F* CCA Security API (SAPI) verbs for generating and verifying
F* PINS
F*
F* The keys are created by first building a key token
F* and then importing key parts using Key_Part_Import.
F* Four keys are created each with a different
F* key type - PINGEN, PINVER, IPINENC, and OPINENC. The
F* PINGEN key will be used to generate a Clear PIN with the
F* Clear_PIN_Generate verb. The OPINENC key will be used
F* to encrypt the PIN with the Clear_PIN_Encrypt verb.
F* The Encrypted_PIN_Verify with verify that the PIN is good
F* using the IPINENC key (to decrypt) and the PINVER key
F* to verify the PIN.
F*
F* COPYRIGHT 5769-SS1 (C) IBM CORP. 1999
F*
F* This material contains programming source code for your
F* consideration. These example has not been thoroughly
F* tested under all conditions. IBM, therefore, cannot
F* guarantee or imply reliability, serviceability, or function
F* of these programs. All programs contained herein are
F* provided to you "AS IS". THE IMPLIED WARRANTIES OF
F* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
F* ARE EXPRESSLY DISCLAIMED. IBM provides no program services for
F* these programs and files.
F*
F*
F* Note: Input format is more fully described in Chapter 2 of
F* IBM CCA Basic Services Reference and Guide
F* (SC31-8609) publication.
F*
F* Parameters:
F* none.
F*
F* Example:
F* CALL PGM(PINSAMPLE)
F*
F* Use these commands to compile this program on the system:
F* CRTRPGMOD MODULE(PINSAMPLE) SRCFILE(SAMPLE)
F* CRTPGM PGM(PINSAMPLE) MODULE(PINSAMPLE)
F* BNDSRVPGM(QCCA/CSNBKPI QCCA/CSNBPGN +
F* QCCA/CSNBCPE QCCA/CSNBPVR)
F*
F* Note: Authority to the CSNBKPI, CSNBPGN, CSNBCPE, and
F* CSNBPVR service programs in the QCCA library is assumed.
F*
F* The Common Cryptographic Architecture (CCA) verbs used are
F* Key_Part_Import (CSNBKPI), Clear_PIN_Generate (CSNBPGN),
F* Clear_PIN_Encrypt (CSNBCPE), and Encrypted_PIN_Verify (CSNBPVR).
F*
F* Note: This program assumes the card you want to load is
F* already identifed either by defaulting to the CRP01
F* device or has been explicitly named using the
F* Cryptographic_Resource_Allocate verb. Also this
F* device must be varied on and you must be authorized
F* to use this device descrption.
F*
F**************************************************************
F* Declare parameters that are common to all of the CCA verbs
F*
F**************************************************************
DRETURNCODE S 9B 0
DREASONCODE S 9B 0
DEXITDATALEN S 9B 0
DEXITDATA S 4
DRULEARRAYCNT S 9B 0
DRULEARRAY S 16
D*
D**************************************************************
D* Declare Key tokens used by this program
D*
D**************************************************************
DIPINKEY S 64
DOPINKEY S 64
DPINGENKEY S 64
DPINVERKEY S 64
DKEYTOKEN DS
DKEYFORM 1 1
DKEYVERSION 5 5
DKEYFLAG1 7 7
DKEYVALUE 17 32
DKEYCV 33 48
DKEYTVV 61 64B 0
DTOKENPART1 1 16
DTOKENPART2 17 32
DTOKENPART3 33 48
DTOKENPART4 49 64
DKEYTVV1 1 4B 0
DKEYTVV2 5 8B 0
DKEYTVV3 9 12B 0
DKEYTVV4 13 16B 0
DKEYTVV5 17 20B 0
DKEYTVV6 21 24B 0
DKEYTVV7 25 28B 0
DKEYTVV8 29 32B 0
DKEYTVV9 33 36B 0
DKEYTVV10 37 40B 0
DKEYTVV11 41 44B 0
DKEYTVV12 45 48B 0
DKEYTVV13 49 52B 0
DKEYTVV14 53 56B 0
DKEYTVV15 57 60B 0
D*
D**************************************************************
D* Declare parameters unique to Key_Part_Import
D*
D**************************************************************
DCLEARKEY S 16
D*
D**************************************************************
D* Declare parameters unique to Clear_PIN_Generate,
D* Clear_PIN_Encrypt, and Encrypted_PIN_Verify
D**************************************************************
DPINLEN S 9B 0
DPINCKL S 9B 0
DSEQNUMBER S 9B 0
DCPIN S 16
DEPIN S 16
DPAN S 12
DDATAARRAY DS
DDECTABLE 1 16
DVALDATA 17 32
DCLRPIN 33 48
DPROFILE DS
DPINFORMAT 1 8
DFORMATCONTROL 9 16
DPADDIGIT 17 24
D*
D**************************************************************
D* Declare variables used for creating a control vector and
D* clear key.
D**************************************************************
DBLDKEY DS
DLEFTHALF 1 8
DLEFTHALFA 1 4B 0
DLEFTHALFB 5 8B 0
DRIGHTHALF 9 16
D*
D*
D**************************************************
D* Prototype for Key Part Import (CSNBKPI)
D**************************************************
DCSNBKPI PR
DRETCODE 9B 0
DRSNCODE 9B 0
DEXTDTALEN 9B 0
DEXTDTA 4
DRARRAYCT 9B 0
DRARRAY 16
DCLRKEY 16
DIMPKEY 64
D*
D**************************************************
D* Prototype for Clear PIN Generate (CSNBPGN)
D**************************************************
DCSNBPGN PR
DRETCODE 9B 0
DRSNCODE 9B 0
DEXTDTALEN 9B 0
DEXTDTA 4
DPINGEN 64
DRARRAYCT 9B 0
DRARRAY 16
DPINL 9B 0
DPINCHKLEN 9B 0
DDTAARRY 48
DRESULT 16
D*
D**************************************************
D* Prototype for Clear PIN Encrypt (CSNBCPE)
D**************************************************
DCSNBCPE PR
DRETCODE 9B 0
DRSNCODE 9B 0
DEXTDTALEN 9B 0
DEXTDTA 4
DPINENC 64
DRARRAYCT 9B 0
DRARRAY 16
DCLRPIN 16
DPINPROFILE 24
DPANDATA 12
DSEQN 9B 0
DEPINBLCK 8
D*
D**************************************************
D* Prototype for Encrypted PIN Verify (CSNBPVR)
D**************************************************
DCSNBPVR PR
DRETCODE 9B 0
DRSNCODE 9B 0
DEXTDTALEN 9B 0
DEXTDTA 4
DPINENC 64
DPINVER 64
DPINPROFILE 24
DPANDATA 12
DEPINBLCK 8
DRARRAYCT 9B 0
DRARRAY 16
DCHECKLEN 9B 0
DDTAARRAY 24
D*
D**************************************************************
D* Declares for sending messages to job log
D**************************************************************
DFAILMESSAGE S 50
DGOODMESSAGE S 50
DFAILMSG DS
DFAILMSGTEXT 1 50
DFAILRETC 41 44
DFAILRSNC 46 49
DRETSTRUCT DS
DRETCODE 1 4I 0
DSLASH 5 5 INZ('/')
DRSNCODE 6 9I 0
DFAILMSGLENGTH S 9B 0 INZ(49)
DGOODMSGLENGTH S 9B 0 INZ(29)
DMESSAGEID S 7 INZ(' ')
DMESSAGEFILE S 21 INZ(' ')
DMSGKEY S 4 INZ(' ')
DMSGTYPE S 10 INZ('*INFO ')
DSTACKENTRY S 10 INZ('* ')
DSTACKCOUNTER S 9B 0 INZ(2)
DERRCODE DS
DBYTESIN 1 4B 0 INZ(0)
DBYTESOUT 5 8B 0 INZ(0)
C EVAL FAILMESSAGE = '******* failed with return+
C /reason codes 9999/9999'
C EVAL GOODMESSAGE = 'PIN Validation was successful'
C**************************************************************
C* START OF PROGRAM *
C* *
C**************************************************************
C* Build a PINGEN key token
C*
C**************************************************************
C* Zero out the key token to start with
C*
C Z-ADD 0 KEYTVV1
C Z-ADD 0 KEYTVV2
C Z-ADD 0 KEYTVV3
C Z-ADD 0 KEYTVV4
C MOVE TOKENPART1 TOKENPART2
C MOVE TOKENPART1 TOKENPART3
C MOVE TOKENPART1 TOKENPART4
C*
C* Set the form, version, and flag byte
C*
C BITON '7' KEYFORM
C BITON '67' KEYVERSION
C BITON '1' KEYFLAG1
C*
C* The control vector for a PINGEN key that has the key part
C* flag set is (in hex):
C*
C* 00227E00 03480000 00227E00 03280000
C*
C* If each 4 byte hex part is converted to decimal you get:
C*
C* 2260480 55050240 2260480 52953088
C*
C* Build the control vector by placing the decimal number in
C* the appropriate half of the control vector field.
C**************************************************************
C Z-ADD 2260480 LEFTHALFA
C Z-ADD 55050240 LEFTHALFB
C MOVEL LEFTHALF KEYCV
C Z-ADD 2260480 LEFTHALFA
C Z-ADD 52953088 LEFTHALFB
C MOVE LEFTHALF KEYCV
C*
C* Calculate the Token Validation value by adding every 4 bytes
C* and storing the result in the last 4 bytes.
C*
C ADD KEYTVV1 KEYTVV
C ADD KEYTVV2 KEYTVV
C ADD KEYTVV3 KEYTVV
C ADD KEYTVV4 KEYTVV
C ADD KEYTVV5 KEYTVV
C ADD KEYTVV6 KEYTVV
C ADD KEYTVV7 KEYTVV
C ADD KEYTVV8 KEYTVV
C ADD KEYTVV9 KEYTVV
C ADD KEYTVV10 KEYTVV
C ADD KEYTVV11 KEYTVV
C ADD KEYTVV12 KEYTVV
C ADD KEYTVV13 KEYTVV
C ADD KEYTVV14 KEYTVV
C ADD KEYTVV15 KEYTVV
C*
C* Copy token to PINGENKEY
C*
C MOVE KEYTOKEN PINGENKEY
C*
C**************************************************************
C* Build a PINVER key token
C*
C* The control vector for a PINVER key that
C* has the key part flag set is (in hex):
C*
C* 00224200 03480000 00224200 03280000
C*
C* If each 4 byte hex part is converted to decimal you get:
C*
C* 2260480 55050240 2260480 52953088
C*
C* Build the control vector by placing the decimal number in
C* the appropriate half of the control vector field.
C Z-ADD 2245120 LEFTHALFA
C Z-ADD 55050240 LEFTHALFB
C MOVEL LEFTHALF KEYCV
C Z-ADD 2245120 LEFTHALFA
C Z-ADD 52953088 LEFTHALFB
C MOVE LEFTHALF KEYCV
C*
C* Calculate the Token Validation value by adding every 4 bytes
C* and storing the result in the last 4 bytes.
C*
C Z-ADD 0 KEYTVV
C ADD KEYTVV1 KEYTVV
C ADD KEYTVV2 KEYTVV
C ADD KEYTVV3 KEYTVV
C ADD KEYTVV4 KEYTVV
C ADD KEYTVV5 KEYTVV
C ADD KEYTVV6 KEYTVV
C ADD KEYTVV7 KEYTVV
C ADD KEYTVV8 KEYTVV
C ADD KEYTVV9 KEYTVV
C ADD KEYTVV10 KEYTVV
C ADD KEYTVV11 KEYTVV
C ADD KEYTVV12 KEYTVV
C ADD KEYTVV13 KEYTVV
C ADD KEYTVV14 KEYTVV
C ADD KEYTVV15 KEYTVV
C*
C* Copy token to PINVERKEY
C*
C MOVE KEYTOKEN PINVERKEY
C*
C*
C**************************************************************
C* Build an IPINENC key token
C*
C* The control vector for an IPINENC key that
C* has the key part flag set is (in hex):
C*
C* 00215F00 03480000 00215F00 03280000
C*
C* If each 4 byte hex part is converted to decimal you get:
C*
C* 2187008 55050240 2187008 52953088
C*
C**************************************************************
C* Build the control vector by placing the decimal number in
C* the appropriate half of the control vector field.
C**************************************************************
C Z-ADD 2187008 LEFTHALFA
C Z-ADD 55050240 LEFTHALFB
C MOVEL LEFTHALF KEYCV
C Z-ADD 2187008 LEFTHALFA
C Z-ADD 52953088 LEFTHALFB
C MOVE LEFTHALF KEYCV
C*
C* Calculate the Token Validation value by adding every 4 bytes
C* and storing the result in the last 4 bytes.
C*
C Z-ADD 0 KEYTVV
C ADD KEYTVV1 KEYTVV
C ADD KEYTVV2 KEYTVV
C ADD KEYTVV3 KEYTVV
C ADD KEYTVV4 KEYTVV
C ADD KEYTVV5 KEYTVV
C ADD KEYTVV6 KEYTVV
C ADD KEYTVV7 KEYTVV
C ADD KEYTVV8 KEYTVV
C ADD KEYTVV9 KEYTVV
C ADD KEYTVV10 KEYTVV
C ADD KEYTVV11 KEYTVV
C ADD KEYTVV12 KEYTVV
C ADD KEYTVV13 KEYTVV
C ADD KEYTVV14 KEYTVV
C ADD KEYTVV15 KEYTVV
C*
C* Copy token to IPINENC
C*
C MOVE KEYTOKEN IPINKEY
C*
C*
C**************************************************************
C* Build an OPINENC key token
C*
C* The control vector for an OPINENC key that
C* has the key part flag set is (in hex):
C*
C* 00247700 03480000 00247700 03280000
C*
C* If each 4 byte hex part is converted to decimal you get:
C*
C* 2389760 55050240 2389760 52953088
C*
C**************************************************************
C* Build the control vector by placing the decimal numbers in
C* the appropriate half of the control vector field.
C**************************************************************
C Z-ADD 2389760 LEFTHALFA
C Z-ADD 55050240 LEFTHALFB
C MOVEL LEFTHALF KEYCV
C Z-ADD 2389760 LEFTHALFA
C Z-ADD 52953088 LEFTHALFB
C MOVE LEFTHALF KEYCV
C*
C* Calculate the Token Validation value by adding every 4 bytes
C* and storing the result in the last 4 bytes.
C*
C Z-ADD 0 KEYTVV
C ADD KEYTVV1 KEYTVV
C ADD KEYTVV2 KEYTVV
C ADD KEYTVV3 KEYTVV
C ADD KEYTVV4 KEYTVV
C ADD KEYTVV5 KEYTVV
C ADD KEYTVV6 KEYTVV
C ADD KEYTVV7 KEYTVV
C ADD KEYTVV8 KEYTVV
C ADD KEYTVV9 KEYTVV
C ADD KEYTVV10 KEYTVV
C ADD KEYTVV11 KEYTVV
C ADD KEYTVV12 KEYTVV
C ADD KEYTVV13 KEYTVV
C ADD KEYTVV14 KEYTVV
C ADD KEYTVV15 KEYTVV
C*
C* Copy token to OPINENC
C*
C MOVE KEYTOKEN OPINKEY
C*
C*
C**************************************************************
C*
C* Clear key value for PINGEN/PINVER form will be:
C*
C* 01234567 01765432 01234567 01765432
C*
C* The key will be imported into two parts that get exclusived
C* OR'ed together. This program uses as key parts:
C*
C* 00224466 00775533 00224466 00775533 and
C*
C* 01010101 01010101 01010101 01010101
C*
C* Converting these to decimal results in
C*
C* 2245734 7820595 2245734 7820595 and
C*
C* 16843009 16843009 16843009 16843009
C*
C* In this example, the left half of the key is the same as
C* the right half. PIN keys in CCA are double length keys.
C* However, some implementation of DES (including Cryptographic
C* Support/400) use single length keys for PINs. If both
C* halves of a double are the same, then they produce the
C* same output as a single length key, thereby allowing you
C* to exchange data with non-CCA systems.
C**************************************************************
C* Import the PINGEN key
C*************************
C MOVEL 'FIRST ' RULEARRAY
C Z-ADD 1 RULEARRAYCNT
C**************************************************************
C* Build the next clear key part by placing the decimal numbers
C* in the appropriate half of the clear key field.
C**************************************************************
C Z-ADD 16843009 LEFTHALFA
C Z-ADD 16843009 LEFTHALFB
C MOVEL LEFTHALF CLEARKEY
C MOVE LEFTHALF CLEARKEY
C**************************************************************
C* Call Key Part Import the first time for the PINGEN key
C**************************************************************
C CALLP CSNBKPI (RETURNCODE:
C REASONCODE:
C EXITDATALEN:
C EXITDATA:
C RULEARRAYCNT:
C RULEARRAY:
C CLEARKEY:
C PINGENKEY)
C RETURNCODE IFGT 4
C MOVEL 'CSNBKPI' FAILMESSAGE
C EXSR SNDFAILMSG
C SETON LR
C ENDIF
C**************************************************************
C* Build the clear key part by placing the decimal number in
C* the appropriate half of the clear key field.
C**************************************************************
C Z-ADD 2245734 LEFTHALFA
C Z-ADD 7820595 LEFTHALFB
C MOVEL LEFTHALF CLEARKEY
C MOVE LEFTHALF CLEARKEY
C**************************************************************
C* Call Key Part Import the second time for the PINGEN key
C**************************************************************
C MOVEL 'LAST ' RULEARRAY
C CALLP CSNBKPI (RETURNCODE:
C REASONCODE:
C EXITDATALEN:
C EXITDATA:
C RULEARRAYCNT:
C RULEARRAY:
C CLEARKEY:
C PINGENKEY)
C RETURNCODE IFGT 4
C MOVEL 'CSNBKPI' FAILMESSAGE
C EXSR SNDFAILMSG
C SETON LR
C ENDIF
C**************************************************************
C* Import the PINVER key *
C*************************
C MOVEL 'FIRST ' RULEARRAY
C Z-ADD 1 RULEARRAYCNT
C Z-ADD 16843009 LEFTHALFA
C Z-ADD 16843009 LEFTHALFB
C MOVEL LEFTHALF CLEARKEY
C MOVE LEFTHALF CLEARKEY
C**************************************************************
C* Call Key Part Import the first time for the PINVER key
C**************************************************************
C CALLP CSNBKPI (RETURNCODE:
C REASONCODE:
C EXITDATALEN:
C EXITDATA:
C RULEARRAYCNT:
C RULEARRAY:
C CLEARKEY:
C PINVERKEY)
C RETURNCODE IFGT 4
C MOVEL 'CSNBKPI' FAILMESSAGE
C EXSR SNDFAILMSG
C SETON LR
C ENDIF
C**************************************************************
C* Build the clear key part by placing the decimal number in
C* the appropriate half of the clear key field.
C**************************************************************
C Z-ADD 2245734 LEFTHALFA
C Z-ADD 7820595 LEFTHALFB
C MOVEL LEFTHALF CLEARKEY
C MOVE LEFTHALF CLEARKEY
C**************************************************************
C* Call Key Part Import the second time for the PINVER key
C**************************************************************
C MOVEL 'LAST ' RULEARRAY
C CALLP CSNBKPI (RETURNCODE:
C REASONCODE:
C EXITDATALEN:
C EXITDATA:
C RULEARRAYCNT:
C RULEARRAY:
C CLEARKEY:
C PINVERKEY)
C RETURNCODE IFGT 4
C MOVEL 'CSNBKPI' FAILMESSAGE
C EXSR SNDFAILMSG
C SETON LR
C ENDIF
C**************************************************************
C* Clear key value for IPINENC/OPINENC key pair will be:
C* 012332EF 01020408 012332EF 01020408
C*
C* The key will be imported into two parts that get exclusived
C* OR'ed together. This program uses as key parts:
C*
C* 002233EE 00030509 002233EE 00030509 and
C*
C* 01010101 01010101 01010101 01010101
C*
C* Converting these to decimal results in
C*
C* 2241518 197897 2241518 197897 and
C*
C* 16843009 16843009 16843009 16843009
C**************************************************************
C* Import the PINVER key *
C*************************
C MOVEL 'FIRST ' RULEARRAY
C Z-ADD 1 RULEARRAYCNT
C**************************************************************
C* Build the clear key part by placing the decimal number in
C* the appropriate half of the clear key field.
C**************************************************************
C Z-ADD 16843009 LEFTHALFA
C Z-ADD 16843009 LEFTHALFB
C MOVEL LEFTHALF CLEARKEY
C MOVE LEFTHALF CLEARKEY
C**************************************************************
C* Call Key Part Import the first time for the IPINENC key
C**************************************************************
C CALLP CSNBKPI (RETURNCODE:
C REASONCODE:
C EXITDATALEN:
C EXITDATA:
C RULEARRAYCNT:
C RULEARRAY:
C CLEARKEY:
C IPINKEY)
C RETURNCODE IFGT 4
C MOVEL 'CSNBKPI' FAILMESSAGE
C EXSR SNDFAILMSG
C SETON LR
C ENDIF
C**************************************************************
C* Build the clear key part by placing the decimal number in
C* the appropriate half of the clear key field.
C**************************************************************
C Z-ADD 2241518 LEFTHALFA
C Z-ADD 197897 LEFTHALFB
C MOVEL LEFTHALF CLEARKEY
C MOVE LEFTHALF CLEARKEY
C**************************************************************
C* Call Key Part Import the second time for the IPINENC key
C**************************************************************
C MOVEL 'LAST ' RULEARRAY
C CALLP CSNBKPI (RETURNCODE:
C REASONCODE:
C EXITDATALEN:
C EXITDATA:
C RULEARRAYCNT:
C RULEARRAY:
C CLEARKEY:
C IPINKEY)
C RETURNCODE IFGT 4
C MOVEL 'CSNBKPI' FAILMESSAGE
C EXSR SNDFAILMSG
C SETON LR
C ENDIF
C**************************************************************
C* Import the OPINENC key *
C*************************
C MOVEL 'FIRST ' RULEARRAY
C Z-ADD 1 RULEARRAYCNT
C**************************************************************
C* Build the clear key part by placing the decimal number in
C* the appropriate half of the clear key field.
C**************************************************************
C Z-ADD 16843009 LEFTHALFA
C Z-ADD 16843009 LEFTHALFB
C MOVEL LEFTHALF CLEARKEY
C MOVE LEFTHALF CLEARKEY
C**************************************************************
C* Call Key Part Import the first time for the OPINENC key
C**************************************************************
C CALLP CSNBKPI (RETURNCODE:
C REASONCODE:
C EXITDATALEN:
C EXITDATA:
C RULEARRAYCNT:
C RULEARRAY:
C CLEARKEY:
C OPINKEY)
C RETURNCODE IFGT 4
C MOVEL 'CSNBKPI' FAILMESSAGE
C EXSR SNDFAILMSG
C SETON LR
C ENDIF
C**************************************************************
C* Build the clear key part by placing the decimal number in
C* the appropriate half of the clear key field.
C**************************************************************
C Z-ADD 2241518 LEFTHALFA
C Z-ADD 197897 LEFTHALFB
C MOVEL LEFTHALF CLEARKEY
C MOVE LEFTHALF CLEARKEY
C**************************************************************
C* Call Key Part Import the second time for the OPINENC key
C**************************************************************
C MOVEL 'LAST ' RULEARRAY
C CALLP CSNBKPI (RETURNCODE:
C REASONCODE:
C EXITDATALEN:
C EXITDATA:
C RULEARRAYCNT:
C RULEARRAY:
C CLEARKEY:
C OPINKEY)
C RETURNCODE IFGT 4
C MOVEL 'CSNBKPI' FAILMESSAGE
C EXSR SNDFAILMSG
C SETON LR
C ENDIF
C*
C**************************************************************
C* Generate a Clear PIN with CSNBPGN (Clear_PIN_Generate)
C* Rule_array_count = 1
C* Rule_array = "IBM-PIN " (Same as Crypto Support/400)
C* PIN length = 8
C* PIN Check length = 8 (But is ignored for IBM-PIN)
C* Data array:
C* Dec. table set to 0123456789123456
C* validation dta = 1111222233334444
C* clear PIN = ignored
C**************************************************************
C Z-ADD 1 RULEARRAYCNT
C MOVEL 'IBM-PIN ' RULEARRAY
C Z-ADD 8 PINLEN
C Z-ADD 8 PINCKL
C MOVEL '01234567' DECTABLE
C MOVE '89123456' DECTABLE
C MOVEL '11112222' VALDATA
C MOVE '33334444' VALDATA
C**************************************************************
C* Call Clear PIN Generate
C**************************************************************
C CALLP CSNBPGN (RETURNCODE:
C REASONCODE:
C EXITDATALEN:
C EXITDATA:
C PINGENKEY:
C RULEARRAYCNT:
C RULEARRAY:
C PINLEN:
C PINCKL:
C DATAARRAY:
C CPIN)
C RETURNCODE IFGT 4
C MOVEL 'CSNBPGN' FAILMESSAGE
C EXSR SNDFAILMSG
C SETON LR
C ENDIF
C*
C*
C**************************************************************
C* Encrypt the clear PIN using CSNBCPE (Clear_PIN_Encrypt)
C* Rule_array_count = 1
C* Rule_array = "ENCRYPT "
C* PIN Profile = "3624 NONE F"
C* PAN data is ignored
C* Sequence number is ignored but set to 99999 anyway
C**************************************************************
C Z-ADD 1 RULEARRAYCNT
C MOVEL 'ENCRYPT ' RULEARRAY
C MOVEL '3624 ' PINFORMAT
C MOVE 'NONE ' FORMATCONTROL
C MOVE ' F' PADDIGIT
C Z-ADD 99999 SEQNUMBER
C**************************************************************
C* Call Clear PIN Encrypt
C**************************************************************
C CALLP CSNBCPE (RETURNCODE:
C REASONCODE:
C EXITDATALEN:
C EXITDATA:
C OPINKEY:
C RULEARRAYCNT:
C RULEARRAY:
C CPIN:
C PROFILE:
C PAN:
C SEQNUMBER:
C EPIN)
C RETURNCODE IFGT 4
C MOVEL 'CSNBCPE' FAILMESSAGE
C EXSR SNDFAILMSG
C SETON LR
C ENDIF
C*
C*
C**************************************************************
C* Verify encrypted PIN using CSNBPVR (Encrypted_PIN_Verify)
C**************************************************************
C MOVEL 'IBM-PIN ' RULEARRAY
C
C CALLP CSNBPVR (RETURNCODE:
C REASONCODE:
C EXITDATALEN:
C EXITDATA:
C IPINKEY:
C PINVERKEY:
C PROFILE:
C PAN:
C EPIN:
C RULEARRAYCNT:
C RULEARRAY:
C PINCKL:
C DATAARRAY)
C RETURNCODE IFGT 4
C MOVEL 'CSNBPVR' FAILMESSAGE
C EXSR SNDFAILMSG
C SETON LR
C ENDIF
C*
C**************************************************************
C* Send successful completion message
C**************************************************************
C CALL 'QMHSNDPM'
C PARM MESSAGEID
C PARM MESSAGEFILE
C PARM GOODMESSAGE
C PARM GOODMSGLENGTH
C PARM MSGTYPE
C PARM STACKENTRY
C PARM STACKCOUNTER
C PARM MSGKEY
C PARM ERRCODE
C*
C SETON LR
C*
C**************************************************************
C* Subroutine to send a failure message
C**************************************************************
C SNDFAILMSG BEGSR
C MOVE FAILMESSAGE FAILMSGTEXT
C MOVE RETURNCODE FAILRETC
C MOVE REASONCODE FAILRSNC
C CALL 'QMHSNDPM'
C PARM MESSAGEID
C PARM MESSAGEFILE
C PARM FAILMSG
C PARM FAILMSGLENGTH
C PARM MSGTYPE
C PARM STACKENTRY
C PARM STACKCOUNTER
C PARM MSGKEY
C PARM ERRCODE
C ENDSR
</pre>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajcworkpin.htm" title="A financial institution uses personal identification numbers (PINs) to authorize personal financial transactions for its customers. A PIN is similar to a password except that a PIN consists of decimal digits and is normally a cryptographic function of an associated account number. You can use your Cryptographic Coprocessor to work with PINs.">Work with PINs</a></div>
</div>
</div>
</body>
</html>