Purpose
On z/OS, when any CSSM_CSP_CreateDeriveKeyContext operation is invoked,
a copy of the context is created. The pointer to the copy is returned on
all CSSM_GetContext calls.
This function creates a cryptographic context to derive either a symmetric
key or an asymmetric key, and returns a handle to the context. The cryptographic
context handle can be used for calling the cryptographic derive key function.
Format
CSSM_CC_HANDLE CSSMAPI CSSM_CSP_CreateDeriveKeyContext
(CSSM_CSP_HANDLE CSPHandle,
uint32 AlgorithmID,
CSSM_KEY_TYPE DeriveKeyType,
uint32 DeriveKeyLength,
uint32 IterationCount,
const CSSM_DATA_PTR Salt,
const CSSM_CRYPTO_DATA_PTR Seed,
const CSSM_CRYPTO_DATA_PTR PassPhrase)
Parameters
Input
- CSPHandle
- The handle that describes the CSP module used to perform this function.
If a NULL handle is specified, OCSF returns an error.
- AlgorithmID
- The algorithm identification number for a derived key algorithm.
- DeriveKeyType
- The type of key to derive.
- DeriveKeyLength
- The length of key to derive.
Input/optional
- IterationCount
- The number of iterations to be performed during the derivation process.
Used heavily by password-based derivation methods.
- Salt
- A salt used to generate the key.
- Seed
- A seed used to generate a random number. The caller can both pass a
seed and seed length in bytes or pass in a callback function. If NULL is
passed, the CSP will use its default seed handling mechanism.
- PassPhrase
- The passphrase is required to unlock the private key. The passphrase
structure accepts an immediate value for the passphrase or the caller can
specify a callback function the CSP can use to obtain the passphrase. The
passphrase is needed only for signature operations, not verify operations.
Return Value
Returns a cryptographic context handle. If the handle is NULL, an error
has occurred. Use CSSM_GetError to obtain the error code.
Related Information
|