|
You install an exit for a service by installing the load
module that contains the exit into an APF-authorized library. ICSF uses
this normal search order to locate the exit:
- Job pack area
- Steplib (if one exists)
- Link pack area (LPA)
- Link list (SYS1.LINKLIB concatenation)
Define the ICSF name and the load module name as a value on the
EXIT keyword in the installation options data set. For more information
about the installation options data set, see Parameters in the installation options data set.
The EXIT keyword has this syntax:
- EXIT ( ICSF name, load module name, FAIL (options)
)
The ICSF name portion of the keyword refers
to the ICSF name for each service exit. Note that the ICSF name
for each service exit is the same as its name. Table 14 lists
the ICSF names for each of the service exits. Table 15 lists
the ICSF names for each of the compatibility service exits. The load module name is the name of the load module
that contains the exit. The name can be any valid name that your installation
chooses. The FAIL portion of the EXIT keyword
specifies the action ICSF takes if the exit cannot be loaded or
it ends abnormally. The valid FAIL options are:
- NONE
- No action is taken. The exit can be called again and will end
abnormally again.
- EXIT
- The exit is no longer available to be called again.
- SERVICE
- The service or program that called the exit is no longer available
to be called again.
- ICSF
- ICSF or the key generator utility program or the PCF conversion
program is ended, depending on the exit.
You must specify a FAIL option. If you do not, ICSF returns an
error message, ends abnormally, and generates an SVC dump when attempting
to load the exit. If the exit ends abnormally, the service call fails
regardless of the fail option you specified. Fail options apply only
to subsequent requests for the service.
Note:
In this table, CSFPKSC (PKSC interface) and CSFPCI
(PCI interface), are a part of the product-sensitive programming interface.
Table 14. Services and Their ICSF Names| Service | ICSF Name |
|---|
| ANSI X9.17 EDC Generate | CSFAEGN | | ANSI X9.17 Key Export | CSFAKEX | | ANSI X9.17 Key Import | CSFAKIM | | ANSI X9.17 Key Translate | CSFAKTR | | ANSI X9.17 Transport Key Partial
Notarize | CSFATKN | | Ciphertext Translate | CSFCTT | | Ciphertext Translate (with ALET) | CSFCTT1 | | CKDS Key Record Create | CSFKRC | | CKDS Key Record Create2 | CSFKRC2 | | CKDS Key Record Delete | CSFKRD | | CKDS Key Record Read | CSFKRR | | CKDS Key Record Read2 | CSFKRR2 | | CKDS Key Record Write | CSFKRW | | CKDS Key Record Write2 | CSFKRW2 | | Clear Key Import | CSFCKI | | Clear PIN Encrypt | CSFCPE | | Clear PIN Generate | CSFPGN | | Clear PIN Generate Alternate | CSFCPA | | Control Vector Translate | CSFCVT | | Coordinated KDS Administration | CSFCRC | | Cryptographic Variable Encipher | CSFCVE | | CVV Key Combine | CSFCKC | | Data Key Export | CSFDKX | | Data Key Import | CSFDKM | | Decipher | CSFDEC | | Decipher (with ALET) | CSFDEC1 | | Decode | CSFDCO | | Digital Signature Generate | CSFDSG | | Digital Signature Verify | CSFDSV | | Diversified Key Generate | CSFDKG | | ECC Diffie-Hellman | CSFEDH | | Encipher | CSFENC | | Encipher (with ALET) | CSFENC1 | | Encode | CSFECO | | Encrypted PIN Generate | CSFEPG | | Encrypted PIN Translate | CSFPTR | | Encrypted PIN Verify | CSFPVR | | HMAC Generate | CSFHMG | | HMAC Verify | CSFHMV | | Key Export | CSFKEX | | Key Generate | CSFKGN | | Key Generate2 | CSFKGN2 | | Key Import | CSFKIM | | Key Part Import | CSFKPI | | Key Part Import2 | CSFKPI2 | | Key Test | CSFKYT | | Key Test2 | CSFKYT2 | | Key Test Extended | CSFKYTX | | Key Translate | CSFKTR | | Key Translate2 | CSFKTR2 | | MAC Generate | CSFMGN | | MAC Generate (with ALET) | CSFMGN1 | | MAC Verify | CSFMVR | | MAC Verify (with ALET) | CSFMVR1 | | MDC Generate | CSFMDG | | MDC Generate (with ALET) | CSFMDG1 | | Multiple Clear Key Import | CSFCKM | | Multiple Secure Key Import | CSFSKM | | One Way Hash Generate | CSFOWH | | One Way Hash Generate (with ALET) | CSFOWH1 | | PCI Interface | CSFPCI | | PIN change/unblock | CSFPCU | | PKA Decrypt | CSFPKD | | PKA Encrypt | CSFPKE | | PKA Key Generate | CSFPKG | | PKA Key Import | CSFPKI | | PKA Key Translate | CSFPKT | | PKA Key Token Change | CSFPKTC | | PKA Public Key Extract | CSFPKX | | PKDS Key Record
Create | CSFPKRC | | PKDS Key Record
Delete | CSFPKRD | | PKDS Key Record
Read | CSFPKRR | | PKDS Key Record
Write | CSFPKRW | | PKSC Interface | CSFPKSC | | Prohibit Export | CSFPEX | | Prohibit Export Extended | CSFPEXX | | Random Number Generate | CSFRNG | | Random Number Generate Long | CSFRNGL | | Remote Key Export | CSFRKX | | Restrict Key Attribute | CSFRKA | | Retained Key Delete | CSFRKD | | Retained Key List | CSFRKL | | Secure Key Import | CSFSKI | | Secure Key Import2 | CSFSKI2 | | Secure Messaging for Keys | CSFSKY | | Secure Messaging for PINs | CSFSPN | | SET Block Compose | CSFSBC | | SET Block Decompose | CSFSBD | | Symmetric Key Export | CSFSYX | | Symmetric Key Generate | CSFSYG | | Symmetric Key Import | CSFSYI | | Symmetric Key Import2 | CSFSYI2 | | Symmetric MAC Generate | CSFSMG | | Symmetric MAC Generate (with ALET) | CSFSMG1 | | Symmetric MAC Verify | CSFSMV | | Symmetric MAC Verify (with ALET) | CSFSMV1 | | TR-31 Export | CSFT31X | | TR-31 Import | CSFT31I | | Transaction Validation | CSFTRV | | Transform CDMF Key | CSFTCK | | Trusted Block Create | CSFTBC | | User Derived Key | CSFUDK | | VISA CVV Service Generate | CSFCSG | | VISA CVV Service Verify | CSFCSV |
Notes:
- The alias for the ANSI X9.17 key management services is CSNAxxx.
- The aliases for the PKA services is CSNDxxx or or CSNFxxx.
- The aliases for the symmetric key services are CSNBxxx
or CSNExxx.
|
z/OS Cryptographic Services ICSF System Programmer's Guide
Copyright IBM Corporation 1990, 2014