Translating plain text into cipher text
The examples in this appendix are REXX executables that can be used to translate plain text into cipher text by using CCA and PKCS#11.
This appendix includes the following topics:
C.1 CCA ciphertext translation REXX sample
A CCA ciphertext translation REXX sample is shown in Example C-1.
Example C-1 CCA ciphertext translation from DES to AES REXX sample
/* Rexx */
/*-------------------------------------------------------------------*/
/* Translate existing ciphertext to an AES 256-bit key */
/*-------------------------------------------------------------------*/
/* expected results */
ExpRc = '00000000'x
ExpRs = '00000000'x
/*------------------------------------------------------------------*/
/* Call CSNBCTT2 to translate the existing ciphertext to AES */
/*------------------------------------------------------------------*/
CTT2_Rule_Count = '00000004'x
CTT2_rule_array = 'I-CBC '||'O-CBC '||'IKEY-DES'||'OKEY-AES';
CTT2_cipher_text_in = 'E7861BBEEA363B3C40168B3174C15D31'x ;
/* Pass either the tokens or key labels of the encryption keys. */
CTT2_key_ID_in = left('DATAENC#CTT2#DES#CIPHER',64)
CTT2_key_ID_out = left('DATAENC#CTT2#AES256#CIPHER',64) ;
Call CSNBCTT2
exit
/*-------------------------------------------------------------------*/
/* CipherText Translate2 */
/* */
/* This callable service deciphers encrypted data (ciphertext) under */
/* one cipher text translation key and reenciphers it under another */
/* cipher text translation key without having the data appear in the */
/* clear outside the cryptographic coprocessor. */
/* */
/* See the ICSF Application Programmer's Guide for more details. */
/*-------------------------------------------------------------------*/
CSNBCTT2:
CTT2_rc = 'FFFFFFFF'x ;
CTT2_rs = 'FFFFFFFF'x ;
CTT2_Exit_Len = '00000000'x ;
CTT2_Exit_Data = '' ;
CTT2_IV_in_len = '00000008'X
CTT2_IV_in = '0000000000000000'X
CTT2_cipher_text_in_len = d2c(length(CTT2_cipher_text_in),4)
CTT2_chaining_vector_len = '00000080'X
CTT2_chaining_vector = copies('00'x,128)
CTT2_IV_out_len = '00000010'X
CTT2_IV_out = '0000000000000000'X
CTT2_rsv1_len = '00000000'x
CTT2_rsv1 = ''
CTT2_rsv2_len = '00000000'x
CTT2_rsv2 = ''
CTT2_key_ID_in_len = '00000040'x
CTT2_key_ID_out_len = '00000040'x
CTT2_cipher_text_out_len = d2c(length(CTT2_cipher_text_in),4)
CTT2_cipher_text_out = copies('00'x,c2d(CTT2_cipher_text_out_len))
address linkpgm 'CSNBCTT2' ,
'CTT2_rc' 'CTT2_rs' ,
'CTT2_Exit_Len' 'CTT2_Exit_Data' ,
'CTT2_Rule_Count' 'CTT2_Rule_array' ,
'CTT2_key_ID_in_len' 'CTT2_key_ID_in' ,
'CTT2_IV_in_len' 'CTT2_IV_in' ,
'CTT2_cipher_text_in_len' 'CTT2_cipher_text_in',
'CTT2_chaining_vector_len' 'CTT2_chaining_vector',
'CTT2_key_ID_out_len' 'CTT2_key_ID_out' ,
'CTT2_IV_out_len' 'CTT2_IV_out' ,
'CTT2_cipher_text_out_len' 'CTT2_cipher_text_out',
'CTT2_rsv1_len' 'CTT2_rsv1' ,
'CTT2_rsv2_len' 'CTT2_rsv2' ;
if (CTT2_rc = ExpRc | CTT2_rs = ExpRs) then
say 'CTT2 failed: rc=' c2x(CTT2_rc) 'rs =' c2x(CTT2_rs) ;
else
say 'CTT2 successful: rc=' c2x(CTT2_rc) 'rs =' c2x(CTT2_rs) ;
return;
C.2 PKCS #11 ciphertext translation REXX sample
A PKCS #11 ciphertext translation REXX sample is shown in Example C-2.
Example C-2 PKCS #11 ciphertext translation from DES to AES REXX sample
/* rexx */
/*-------------------------------------------------------------------*/
/* Translate existing ciphertext to an AES 256-bit key */
/*-------------------------------------------------------------------*/
/* expected results */
ExpRC = '00000000'x ;
ExpRS = '00000000'x ;
SKR_Rule_Array = 'D-CBCPAD' || 'E-CBCPAD'
/*-------------------------------------------------------------------*/
/* Pass existing ciphertext and set IV according to the decryption */
/* key. For DES keys, IV length is 8. */
/*-------------------------------------------------------------------*/
SKR_dec_iv_length = '00000008'x;
SKR_dec_iv = copies('00'x,c2d(SKR_dec_iv_length) )
SKR_dec_text =,
'3AE0F4D65E911F061FED6FEB0CB84D6996A5623CADED94AEA3B8E2923F04E927'x ||,
'DADFD96CCDDB5497442F6A75C82041AFE418D930AF4DE8B732A4D86C1D3F60EC'x ||,
'530BB9336A042B2A398FE650B8E38D2451D2427B904ED7B1'x
SKR_dec_text_length = d2c(length(SKR_dec_text),4)
/*-------------------------------------------------------------------*/
/* Set encryption IV length to 16 for AES */
/*-------------------------------------------------------------------*/
SKR_enc_iv_length = '00000010'x
SKR_enc_iv = copies('00'x,c2d(SKR_enc_iv_length))
/* Secure DES3 handle */
SKR_dec_handle = 'QSAFE.TEST.TOKEN 00000001Y'
/* Secure AES 256 handle */
SKR_enc_handle = 'QSAFE.TEST.TOKEN 00000002Y'
call CSFPSKR
exit
/* --------------------------------------------------------------- */
/* PKCS #11 Secret Key Reencrypt */
/* */
/* Use the PKCS #11 Secret Key Reencrypt callable service to */
/* decrypt data and then reencrypt the data using secure secret */
/* keys. */
/* */
/* See the ICSF Application Programmer's Guide for more details. */
/* --------------------------------------------------------------- */
CSFPSKR:
SKR_rc = 'FFFFFFFF'x ;
SKR_rs = 'FFFFFFFF'x ;
SKR_Exit_Length = '00000000'x;
SKR_Exit_Data = '';
SKR_Rule_Count = '00000002'x;
SKR_chain_data_length = '00000000'x
SKR_chain_data = '';
SKR_dec_text_id = '00000000'x;
SKR_enc_text_length = D2C(1000,4);
SKR_enc_text = COPIES('00'x,C2D(SKR_enc_text_length,4));
SKR_enc_text_id = '00000000'x;
address linkpgm 'CSFPSKR' ,
'SKR_rc' 'SKR_rs' ,
'SKR_Exit_Length' 'SKR_Exit_Data' ,
'SKR_Rule_Count' 'SKR_Rule_Array',
'SKR_dec_handle' 'SKR_enc_handle',
'SKR_dec_iv_length' 'SKR_dec_iv' ,
'SKR_enc_iv_length' 'SKR_enc_iv' ,
'SKR_chain_data_length' 'SKR_chain_data',
'SKR_dec_text_length' 'SKR_dec_text' ,
'SKR_dec_text_id' ,
'SKR_enc_text_length' 'SKR_enc_text' ,
'SKR_enc_text_id' ;
if (SKR_rc = ExpRC | SKR_rs = ExpRS) then
say 'SKR failed: rc =' c2x(SKR_rc) 'rs =' c2x(SKR_rs)
else
say 'SKR successful rc =' c2x(SKR_rc) 'rs =' c2x(SKR_rs)
return;
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.