| 0 | 4 | CCVEID |
Cryptographic Communication Vector
Table Extension ID. This field must contain the character string CCVE. |
| 4 | 2 | CCVEVER | Version.
The version number of
the CCVE. This field must contain the character string 04. |
| 6 | 2 | CCVELEN | The length of the CCVE. |
| 8 | 8 | | Reserved. |
| 16 | 4 | CCVESTAT | Status word
First status byte -
CCVESTA1
- Bit
- Meaning When Set On
- 0
- Special secure mode allowed.
- 1
- Special secure mode enabled.
- 3
- Authentication required for key retrieval.
- 4
- The hardware has gone from active to inactive.
- 5
- First start of ICSF during this IPL.
- 6
- Security Server (RACF) checking required for authorized callers.
- 7
- PCF coexistence.
Second status byte - CCVESTA2
- 0
- Dynamic CKDS updates disallowed.
- 1
- PKA callable services disabled from panel.
- 2
- Dynamic PKDS updates disabled from panel.
- 3
- Include CKT in dump of ICSF private space.
- 6
- PKA callable services disallowed.
- 7
- Authenticate the CKT when bit is one.
Third status byte - CCVESTA3
- 1
- PKDS write, create, and delete not permitted.
- 2
- SYSPLEXCKDS(YES) was specified in Install Options Data Set.
- 3
- SYSPLEXCKDS(YES,FAIL(YES)) was specified in Install Options
Data Set.
- 4
- SYSPLEXTKDS(YES) was specified in Install Options Data Set.
- 5
- SYSPLEXTKDS(YES,FAIL(YES)) was specified in Install Options
Data Set.
- 6
- TKDS refresh requested.
- 7
- TKDS empty at initialization
Fourth status byte - CCVESTA4
- Bit
- Meaning When Set On
- 0
- PKDS dataspace needs refresh.
- 1
- PKDS dataspace can't be updated.
- 2
- Reserved
- 3
- Reserved
- 4
- SYSPLEXPKDS(YES)
- 5
- SYSPLEXPKDS(YES,FAIL(YES))
- 6
- CKDS MAC record authentication
- 7
- Sysplex running in sysplex mode (not XCF-local mode)
|
| 20 | 4 | CCVECAMQ | Pointer to MCAMQ. |
| 24 | 4 | CCVEEXIT | Pointer to the installation exit
router (CSFEXIT). |
| 28 | 4 | CCVECLIC | Software Crypto control block |
| 32 | 4 | CCVE_ENQ_TIMEOUT | XCF Failure detection interval in
0.01 seconds used for Sysplex ENQ timeout interval. |
| 36 | 4 | CCVETRCB | Pointer to the current trace buffer.
- Bit
- Meaning When Set On
- 0
- Trace is active.
|
| 40 | 4 | CCVECPRM | Address of CPRM. |
| 44 | 4 | CCVEMGST | Address of the generic service table.
See Generic Service Table (CSFMGST) for a description of the generic service table. |
| 48 | 4 | CCVEENT | Address of the exit name table. |
| 52 | 4 | CCVETSKT | Address of task table. |
| 56 | 4 | CCVEMKVN | Master key version numbers.
Byte
1: Current master key version number.
Bytes 2 and 3: Reserved.
Byte
4: Cryptographic domain index. |
| 60 | 54 | CCVEWLDS | Dataset name of WaitList dataset. |
| 114 | 1 | CCVEIBMR | IBM reserved byte. |
| 115 | 1 | CCVEHFL2 | Hardware flags
- Bit
- Meaning When Set On
- 0
- CCA level 3.41 detected
- 1
- CCA level 4.00 detected
- 2
- Reserved
- 3
- AP-special-command facility available
- 4
- AP 4096-bit ME facility available
- 5
- AP 4096-bit CRT facility available
|
| 116 | 4 | CCVE_EXTRAFALGS | Status word.
- Bit
- Meaning When Set On
- 0
- The default wrapping for internal tokens is enhanced.
- 1
- The default wrapping for external tokens is enhanced.
|
| 120 | 4 | CCVE_NOPKA_MSGID | WTO message ID saved when PKA callable
services are not available at startup |
| 124 | 12 | CCVEDCTLARR | DCTL address array. |
| 136 | 4 | CCVESERBCPID | SERB cell pool ID |
| 140 | 4 | CCVEFIXS | Address of the fixed area storage
used as dynamic storage for the RISGNL routines. |
| 144 | 4 | CCVEFIXL | Length of the fixed area storage. |
| 148 | 4 | CCVECPUF | CPUF routine — used to manipulate
the control register. |
| 152 | 4 | CCVERFMK | RFOMK routine — used to RFOMK
keys on specific CPs. |
| 156 | 4 | CCVERMKV | MKV RISGNL routine — used by
MKV to validate a CP. |
| 160 | 4 | CCVESTHW | STHW routine — used to obtain
the current status of the hardware. |
| 164 | 4 | CCVEKEYM | KEYM routine — used to manipulate
keys from the key entry hardware. |
| 168 | 4 | CCVEDKEF | DKEF routine — used to manipulate
keys for clear key entry. |
| 172 | 16 | CCVE_PKA_KMMK_HP | KMMK hash pattern |
| 188 | 16 | CCVE_PKA_SMK_HP | SMK hash pattern |
| 204 | 4 | CCVELFDD | ECB for look for disabled Cryptographic
Coprocessor Feature task termination (LFD Done). |
| 208 | 4 | CCVELFDT | Pointer to TCB for CSFMLFDT. |
| 212 | 4 | CCVEENFS | ECB for Issue
ENF SIGNAL. |
| 216 | 4 | CVESMCA | Address of SMCA |
| 220 | 4 | CCVE_SUBPOOL | Subpool for storage |
| 224 | 4 | CCVE_SRRW_EXIT | Single read/write exit addr |
| 228 | 4 | CCVEMKVB | Pointer to the current Master Key
Verification Pattern (MKVP) block. See DES Master Key Verification Pattern Block (MKVB) for a description
of the MKVP block. |
| 232 | 32 | CCVEMKB1 | First MKVP block. |
| 264 | 32 | CCVEMKB2 | Second MKVP block. |
| 296 | 32 | CCVEMKB3 | Third MKVP block. |
| 328 | 4 | CCVEINPP | Pointer to installation optional
parameter. |
| 332 | 4 | CCVEINPL | Length of the installation optional
parameter. |
| 336 | 4 | CCVETRCN | Number of trace entries. |
| 340 | 4 | CCVEIOPB_PKDS | Address of PKDS IO subtask data. |
| 344 | 4 | CCVEIOST_TKDS | Address of TKDS IO subtask TCB. |
| 348 | 4 | CCVEIOPB_TKDS | Address of TKDS IO subtask data. |
| 352 | 4 | CCVEIOPB | Address of IO subtask data. |
| 356 | 4 | CCVECCPD | Pointer to CAJP Data. |
| 360 | 4 | CCVECCPV | Pointer to private CAJP Data . |
| 364 | 4 | CCVEWKAR | Work area for services. |
| 368 | 4 | CCVEMUST | Address of UDX service table. |
| 372 | 8 | CCVESECC | Reserved for security exit. |
| 380 | 4 | CCVEENTK | ENTE for security keys exit. |
| 384 | 4 | CCVEENTS | ENTE for security service exit. |
| 388 | 4 | CCVEMIQIH | Address of interrupt handler |
| 392 | 4 | CCVE_TKE_KEY_CACHE@ | Address of TKE key cache |
| 396 | 4 | CCVEDSCB | Control block for the data manager. |
| 400 | 12 | CCVE_CKDS_HASH_TABLES | CKDS hash tables. |
| 412 | 12 | CCVE_PKDS_HASH_TABLES | PKDS hash tables. |
| 424 | 4 |
CCVE_KEY_
STORE_POLICY
|
- Bit
- Meaning When Set On
- 0
- CKDS key store policy enabled
- 1
- CKDS control in fail mode
- 2
- CKDS control in warn mode
- 3
- CKDS default control enabled
- 4
- No duplicates in CKDS
- 8
- PKDS key store policy enabled
- 9
- PKDS control in fail mode
- 10
- PKDS control in warn mode
- 11
- PKDS default control enabled
- 12
- No duplicates in PKDS
- 16
- Granular keylabel access controls enabled in fail mode
- 17
- Granular keylabel access controls enabled in warn mode
- 18
- Enhanced export restrictions enabled for AES keys
- 19
- Enhanced export restrictions enabled for DES keys
- 24
- PKA key extensions enabled.
- 25
- PKCS #11 Token used for trusted certificate repository (SAF
keyring when this bit is 0).
- 26
- PKA key extensions in WARNONLY mode.
|
| 428 | 4 | CCVE_PLEX_SYSID | System sysplex token |
| 432 | 4 | CCVEINQKP_ECB | INQKP ECB for waking up |
| 436 | 4 | CCVE_KSP_PKAKE_DATA_PTR | Address of PKAKE data |
| 440 | 1 | CCVE_FIPS | FIPS policy flags.
- Bit
- Meaning When Set On
- 1
- FIPS startup known answer tests failed disabling PKCS#11.
- 2
- FIPSMODE(xxx,FAIL(YES)) specified
- 3
- Known answer test executed on accelerator for private key operation
- 4
- Known answer test executed on accelerator for public key operation
|
| 441 | 3 | | Reserved. |
| 444 | 8 | CCVE_ECC_MKVP | ECC MK verification pattern
This
field will contain zeros unless the ECC MK is valid. |
| 452 | 16 | CCVE_KMF_QUERY | Results of CPACF KMF-Query |
| 468 | 16 | CCVE_KMCTR_QUERY | Results of CPACF KMCTR-Query |
| 484 | 16 | CCVE_KMO_QUERY | Results of CPACF KMO-Query |
| 492 | 8 | CCVE_AES_MKVP | AES MK verification pattern. |
| 500 | 8 | CCVE_DES_MKVP | DES MK verification pattern |
| 508 | 32 | CCVE_KDS_MKVPS | MKVPs from key data sets |
| 540 | 4 | Ccve_MaxSys | Maximum number of systems possible in sysplex |
| 544 | 4 | CCVEMWT_EBC | ECB to attach CSFPLMWT |
| 548 | 4 | | reserved |
| 552 | 4 | CCVE_ABTERM_EBC | ECB to terminate ICSF |
| 556 | 4 | CCVE_HCHK_PTR | Pointer to Health Check blocks |
| 560 | 28 | | reserved |
z/OS Cryptographic Services ICSF System Programmer's Guide
Copyright IBM Corporation 1990, 2014