0 | 4 | CCVEID |
Cryptographic Communication Vector
Table Extension ID. This field must contain the character string CCVE. |
4 | 2 | CCVEVER | Version.
The version number of
the CCVE. This field must contain the character string 04. |
6 | 2 | CCVELEN | The length of the CCVE. |
8 | 8 | | Reserved. |
16 | 4 | CCVESTAT | Status word
First status byte -
CCVESTA1
- Bit
- Meaning When Set On
- 0
- Special secure mode allowed.
- 1
- Special secure mode enabled.
- 3
- Authentication required for key retrieval.
- 4
- The hardware has gone from active to inactive.
- 5
- First start of ICSF during this IPL.
- 6
- Security Server (RACF) checking required for authorized callers.
- 7
- PCF coexistence.
Second status byte - CCVESTA2
- 0
- Dynamic CKDS updates disallowed.
- 1
- PKA callable services disabled from panel.
- 2
- Dynamic PKDS updates disabled from panel.
- 3
- Include CKT in dump of ICSF private space.
- 6
- PKA callable services disallowed.
- 7
- Authenticate the CKT when bit is one.
Third status byte - CCVESTA3
- 1
- PKDS write, create, and delete not permitted.
- 2
- SYSPLEXCKDS(YES) was specified in Install Options Data Set.
- 3
- SYSPLEXCKDS(YES,FAIL(YES)) was specified in Install Options
Data Set.
- 4
- SYSPLEXTKDS(YES) was specified in Install Options Data Set.
- 5
- SYSPLEXTKDS(YES,FAIL(YES)) was specified in Install Options
Data Set.
- 6
- TKDS refresh requested.
- 7
- TKDS empty at initialization
Fourth status byte - CCVESTA4
- Bit
- Meaning When Set On
- 0
- PKDS dataspace needs refresh.
- 1
- PKDS dataspace can't be updated.
- 2
- Reserved
- 3
- Reserved
- 4
- SYSPLEXPKDS(YES)
- 5
- SYSPLEXPKDS(YES,FAIL(YES))
- 6
- CKDS MAC record authentication
- 7
- Sysplex running in sysplex mode (not XCF-local mode)
|
20 | 4 | CCVECAMQ | Pointer to MCAMQ. |
24 | 4 | CCVEEXIT | Pointer to the installation exit
router (CSFEXIT). |
28 | 4 | CCVECLIC | Software Crypto control block |
32 | 4 | CCVE_ENQ_TIMEOUT | XCF Failure detection interval in
0.01 seconds used for Sysplex ENQ timeout interval. |
36 | 4 | CCVETRCB | Pointer to the current trace buffer.
- Bit
- Meaning When Set On
- 0
- Trace is active.
|
40 | 4 | CCVECPRM | Address of CPRM. |
44 | 4 | CCVEMGST | Address of the generic service table.
See Generic Service Table (CSFMGST) for a description of the generic service table. |
48 | 4 | CCVEENT | Address of the exit name table. |
52 | 4 | CCVETSKT | Address of task table. |
56 | 4 | CCVEMKVN | Master key version numbers.
Byte
1: Current master key version number.
Bytes 2 and 3: Reserved.
Byte
4: Cryptographic domain index. |
60 | 54 | CCVEWLDS | Dataset name of WaitList dataset. |
114 | 1 | CCVEIBMR | IBM reserved byte. |
115 | 1 | CCVEHFL2 | Hardware flags
- Bit
- Meaning When Set On
- 0
- CCA level 3.41 detected
- 1
- CCA level 4.00 detected
- 2
- Reserved
- 3
- AP-special-command facility available
- 4
- AP 4096-bit ME facility available
- 5
- AP 4096-bit CRT facility available
|
116 | 4 | CCVE_EXTRAFALGS | Status word.
- Bit
- Meaning When Set On
- 0
- The default wrapping for internal tokens is enhanced.
- 1
- The default wrapping for external tokens is enhanced.
|
120 | 4 | CCVE_NOPKA_MSGID | WTO message ID saved when PKA callable
services are not available at startup |
124 | 12 | CCVEDCTLARR | DCTL address array. |
136 | 4 | CCVESERBCPID | SERB cell pool ID |
140 | 4 | CCVEFIXS | Address of the fixed area storage
used as dynamic storage for the RISGNL routines. |
144 | 4 | CCVEFIXL | Length of the fixed area storage. |
148 | 4 | CCVECPUF | CPUF routine — used to manipulate
the control register. |
152 | 4 | CCVERFMK | RFOMK routine — used to RFOMK
keys on specific CPs. |
156 | 4 | CCVERMKV | MKV RISGNL routine — used by
MKV to validate a CP. |
160 | 4 | CCVESTHW | STHW routine — used to obtain
the current status of the hardware. |
164 | 4 | CCVEKEYM | KEYM routine — used to manipulate
keys from the key entry hardware. |
168 | 4 | CCVEDKEF | DKEF routine — used to manipulate
keys for clear key entry. |
172 | 16 | CCVE_PKA_KMMK_HP | KMMK hash pattern |
188 | 16 | CCVE_PKA_SMK_HP | SMK hash pattern |
204 | 4 | CCVELFDD | ECB for look for disabled Cryptographic
Coprocessor Feature task termination (LFD Done). |
208 | 4 | CCVELFDT | Pointer to TCB for CSFMLFDT. |
212 | 4 | CCVEENFS | ECB for Issue
ENF SIGNAL. |
216 | 4 | CVESMCA | Address of SMCA |
220 | 4 | CCVE_SUBPOOL | Subpool for storage |
224 | 4 | CCVE_SRRW_EXIT | Single read/write exit addr |
228 | 4 | CCVEMKVB | Pointer to the current Master Key
Verification Pattern (MKVP) block. See DES Master Key Verification Pattern Block (MKVB) for a description
of the MKVP block. |
232 | 32 | CCVEMKB1 | First MKVP block. |
264 | 32 | CCVEMKB2 | Second MKVP block. |
296 | 32 | CCVEMKB3 | Third MKVP block. |
328 | 4 | CCVEINPP | Pointer to installation optional
parameter. |
332 | 4 | CCVEINPL | Length of the installation optional
parameter. |
336 | 4 | CCVETRCN | Number of trace entries. |
340 | 4 | CCVEIOPB_PKDS | Address of PKDS IO subtask data. |
344 | 4 | CCVEIOST_TKDS | Address of TKDS IO subtask TCB. |
348 | 4 | CCVEIOPB_TKDS | Address of TKDS IO subtask data. |
352 | 4 | CCVEIOPB | Address of IO subtask data. |
356 | 4 | CCVECCPD | Pointer to CAJP Data. |
360 | 4 | CCVECCPV | Pointer to private CAJP Data . |
364 | 4 | CCVEWKAR | Work area for services. |
368 | 4 | CCVEMUST | Address of UDX service table. |
372 | 8 | CCVESECC | Reserved for security exit. |
380 | 4 | CCVEENTK | ENTE for security keys exit. |
384 | 4 | CCVEENTS | ENTE for security service exit. |
388 | 4 | CCVEMIQIH | Address of interrupt handler |
392 | 4 | CCVE_TKE_KEY_CACHE@ | Address of TKE key cache |
396 | 4 | CCVEDSCB | Control block for the data manager. |
400 | 12 | CCVE_CKDS_HASH_TABLES | CKDS hash tables. |
412 | 12 | CCVE_PKDS_HASH_TABLES | PKDS hash tables. |
424 | 4 |
CCVE_KEY_
STORE_POLICY
|
- Bit
- Meaning When Set On
- 0
- CKDS key store policy enabled
- 1
- CKDS control in fail mode
- 2
- CKDS control in warn mode
- 3
- CKDS default control enabled
- 4
- No duplicates in CKDS
- 8
- PKDS key store policy enabled
- 9
- PKDS control in fail mode
- 10
- PKDS control in warn mode
- 11
- PKDS default control enabled
- 12
- No duplicates in PKDS
- 16
- Granular keylabel access controls enabled in fail mode
- 17
- Granular keylabel access controls enabled in warn mode
- 18
- Enhanced export restrictions enabled for AES keys
- 19
- Enhanced export restrictions enabled for DES keys
- 24
- PKA key extensions enabled.
- 25
- PKCS #11 Token used for trusted certificate repository (SAF
keyring when this bit is 0).
- 26
- PKA key extensions in WARNONLY mode.
|
428 | 4 | CCVE_PLEX_SYSID | System sysplex token |
432 | 4 | CCVEINQKP_ECB | INQKP ECB for waking up |
436 | 4 | CCVE_KSP_PKAKE_DATA_PTR | Address of PKAKE data |
440 | 1 | CCVE_FIPS | FIPS policy flags.
- Bit
- Meaning When Set On
- 1
- FIPS startup known answer tests failed disabling PKCS#11.
- 2
- FIPSMODE(xxx,FAIL(YES)) specified
- 3
- Known answer test executed on accelerator for private key operation
- 4
- Known answer test executed on accelerator for public key operation
|
441 | 3 | | Reserved. |
444 | 8 | CCVE_ECC_MKVP | ECC MK verification pattern
This
field will contain zeros unless the ECC MK is valid. |
452 | 16 | CCVE_KMF_QUERY | Results of CPACF KMF-Query |
468 | 16 | CCVE_KMCTR_QUERY | Results of CPACF KMCTR-Query |
484 | 16 | CCVE_KMO_QUERY | Results of CPACF KMO-Query |
492 | 8 | CCVE_AES_MKVP | AES MK verification pattern. |
500 | 8 | CCVE_DES_MKVP | DES MK verification pattern |
508 | 32 | CCVE_KDS_MKVPS | MKVPs from key data sets |
540 | 4 | Ccve_MaxSys | Maximum number of systems possible in sysplex |
544 | 4 | CCVEMWT_EBC | ECB to attach CSFPLMWT |
548 | 4 | | reserved |
552 | 4 | CCVE_ABTERM_EBC | ECB to terminate ICSF |
556 | 4 | CCVE_HCHK_PTR | Pointer to Health Check blocks |
560 | 28 | | reserved |