Change this program example to suit your needs for loading a new master key into your Cryptographic Coprocessor.
If you choose to use this program example, change it to suit your specific needs. For security reasons, IBM® recommends that you individualize these program examples rather than using the default values provided.
D*************************************************************
D* LOAD_KM
D*
D* Load a new master key on the card.
D*
D*
D* COPYRIGHT 5769-SS1 (C) IBM CORP. 2000, 2000
D*
D* This material contains programming source code for your
D* consideration. These example has not been thoroughly
D* tested under all conditions. IBM, therefore, cannot
D* guarantee or imply reliability, serviceability, or function
D* of these programs. All programs contained herein are
D* provided to you "AS IS". THE IMPLIED WARRANTIES OF
D* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
D* ARE EXPRESSLY DISCLAIMED. IBM provides no program services for
D* these programs and files.
D*
D*
D* Note: Input format is more fully described in Chapter 2 of
D* IBM CCA Basic Services Reference and Guide
D* (SC31-8609) publication.
D*
D* Parameters:
D* OPTION (FIRST, MIDDLE, LAST, CLEAR, SET)
D* KEYPART (24 bytes entered in hex -> X'01F7C4....')
D* Required for FIRST, MIDDLE, and LAST
D*
D* The master key is loaded in 3 or more parts. Specify FIRST
D* when loading the first part, MIDDLE when loading all parts
D* between the first and the last, and LAST when loading the final
D* part of the master key.
D*
D* As the master key parts are entered, they are Exclusively OR'ed
D* with the current contents of the master key register. After the
D* last master key, if the contents do not have odd parity in every
D* byte, a non-zero return/reason code will be returned. In order
D* to ensure that the final result has odd parity, each key part
D* should have odd parity in every byte. This is assuming that there
D* is an odd number of key parts. (If there is an even number of
D* key parts, then one of the key parts should have even parity).
D*
D* A byte has odd parity if is contains:
D* an odd parity nibble : 1, 2, 4, 7, 8, B, D, or E AND
D* an even parity nibble: 0, 3, 5, 6, 9, A, C, or F.
D*
D* For example 32, A4, 1F, and 75 are odd parity bytes because
D* they contain both an odd parity and an even parity
D* nibble.
D*
D* 05, 12, 6C, and E7 are even parity bytes because
D* they contain either two even parity nibbles or
D* two odd parity nibbles.
D*
D* The New master key register must be empty before the first part
D* of a master key can be entered. Use CLEAR to ensure that the
D* New master key register is empty before loading the master key
D* parts.
D*
D* After loading the master key, use SET to move the master key from
D* the New-master-key register to the Current-master-key register.
D* Cryptographic keys are encrypted under the master key in the
D* the Current-master-key register.
D*
D* Example:
D* CALL PGM(LOAD_KM) (CLEAR)
D*
D* CALL PGM(LOAD_KM)
D* (FIRST X'0123456789ABCDEFFEDCBA98765432100123456789ABCDEF')
D*
D* CALL PGM(LOAD_KM)
D* (MIDDLE X'1032A873458010F7EF3438373132F1F2F4F8B3CDCDCDCEF1')
D*
D* CALL PGM(LOAD_KM)
D* (LAST X'2040806789ABCDEFFEDC3434346432100123456789FEDCBA')
D*
D* CALL PGM(LOAD_KM) (SET)
D*
D*
D*
D* Use these commands to compile this program on the system:
D* CRTRPGMOD MODULE(LOAD_KM) SRCFILE(SAMPLE)
D* CRTPGM PGM(LOAD_KM) MODULE(LOAD_KM)
D* BNDSRVPGM(QCCA/CSNBMKP)
D*
D* Note: Authority to the CSNBMKP service program in the
D* QCCA library is assumed.
D*
D* The Common Cryptographic Architecture (CCA) verbs used are
D* Master_Key_Process (CSNBMKP)
D*
D**************************************************************
D*------------------------------------------------
D* Declare variables for CCA SAPI calls
D*------------------------------------------------
D* ** Return code
DRETURNCODE S 9B 0
D* ** Reason code
DREASONCODE S 9B 0
D* ** Exit data length
DEXITDATALEN S 9B 0
D* ** Exit data
DEXITDATA S 4
D* ** Rule array count
DRULEARRAYCNT S 9B 0
D* ** Rule array
DRULEARRAY S 16
D* ** Option (Rule Array Keyword)
DOPTION S 8
D* ** Master key part parameter on program
DMASTERKEYPART S 24
D* ** Master key part parameter on CSNBMKP
DKEYPART S 24 INZ(*ALLX'00')
D*
D**********************************************************
D* Prototype for Master_Key_Process (CSNBMKP)
D**********************************************************
DCSNBMKP PR
DRETCODE 9B 0
DRSNCODE 9B 0
DEXTDTALEN 9B 0
DEXTDTA 4
DRARRAYCT 9B 0
DRARRAY 16
DMSTRKEY 24 OPTIONS(*NOPASS)
D*
D*-------------------------------------------------------------
D* ** Declares for sending messages to the
D* ** job log using the QMHSNDPM API
D*-------------------------------------------------------------
DMSG S 75 DIM(2) CTDATA PERRCD(1)
DMSGLENGTH S 9B 0 INZ(75)
D DS
DMSGTEXT 1 75
DFAILRETC 41 44
DFAILRSNC 46 49
DMESSAGEID S 7 INZ(' ')
DMESSAGEFILE S 21 INZ(' ')
DMSGKEY S 4 INZ(' ')
DMSGTYPE S 10 INZ('*INFO ')
DSTACKENTRY S 10 INZ('* ')
DSTACKCOUNTER S 9B 0 INZ(2)
DERRCODE DS
DBYTESIN 1 4B 0 INZ(0)
DBYTESOUT 5 8B 0 INZ(0)
D*
C**************************************************************
C* START OF PROGRAM *
C* *
C *ENTRY PLIST
C PARM OPTION
C PARM MASTERKEYPART
C* *
C*------------------------------------------------------------*
C* Set the keyword in the rule array *
C*------------------------------------------------------------*
C MOVEL OPTION RULEARRAY
C Z-ADD 1 RULEARRAYCNT
C*
C*------------------------------------------------------------*
C* Check for FIRST, MIDDLE, or LAST *
C*------------------------------------------------------------*
C OPTION IFEQ 'FIRST'
C OPTION OREQ 'MIDDLE'
C OPTION OREQ 'LAST'
C* *------------------------*
C* * Copy keypart parameter *
C* *------------------------*
C MOVEL MASTERKEYPART KEYPART
C ENDIF
C*
C*----------------------------------------------*
C* Call Master Key Process SAPI *
C*----------------------------------------------*
C CALLP CSNBMKP (RETURNCODE:
C REASONCODE:
C EXITDATALEN:
C EXITDATA:
C RULEARRAYCNT:
C RULEARRAY:
C KEYPART)
C*-----------------------*
C* Check the return code *
C*-----------------------*
C RETURNCODE IFGT 0
C* *----------------------*
C* * Send error message *
C* *----------------------*
C MOVE MSG(1) MSGTEXT
C MOVE RETURNCODE FAILRETC
C MOVE REASONCODE FAILRSNC
C EXSR SNDMSG
C*
C ELSE
C* *----------------------*
C* * Send success message *
C* *----------------------*
C MOVE MSG(2) MSGTEXT
C EXSR SNDMSG
C*
C ENDIF
C*
C SETON LR
C*
C**************************************************************
C* Subroutine to send a message
C**************************************************************
C SNDMSG BEGSR
C CALL 'QMHSNDPM'
C PARM MESSAGEID
C PARM MESSAGEFILE
C PARM MSGTEXT
C PARM MSGLENGTH
C PARM MSGTYPE
C PARM STACKENTRY
C PARM STACKCOUNTER
C PARM MSGKEY
C PARM ERRCODE
C ENDSR
C*
**
CSNBMKP failed with return/reason codes 9999/9999
The request completed successfully