Skip to content
/ EasyICSF Public

Rexx programs and C programs to make programming of z/OS ICSF encryption APIs easier to use

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

colinpaicemq/EasyICSF

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

36 Commits
C
C
 
 
CHelpers
CHelpers
 
 
CJCL
CJCL
 
 
REXX
REXX
 
 
REXXHelpers
REXXHelpers
 
 
REXXJCL
REXXJCL
 
 
.gitignore
.gitignore
 
 
C.md
C.md
 
 
CHelper.md
CHelper.md
 
 
CJCL.md
CJCL.md
 
 
CMAIN.md
CMAIN.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
Rexx.md
Rexx.md
 
 

Repository files navigation

EasyICSF

Rexx programs and C programs to make programming of z/OS ICSF encryption APIs easier to use.

For example REXX

run the Rexx exe from TSO

%GAES -KEY REXXAES  -REPLACE

This creates an AES key with name REXXAES. The GAES exec has

/* Rexx */ 
/*********************************************************************/ 
/* High level rexx to generate an AES key                            */ 
/* Syntax GAES -KEY name <-REPLACE>                                  */ 
/*********************************************************************/ 
signal on novalue 
parse upper arg   . "-KEY" label . 
                                                                         
parse upper arg args 
if ( wordpos("-REPLACE",args) > 0) then replace="Y" 
else replace="NO" 
say " generate an AES key " 
trace e 
if ( label =  "") then 
do 
   say "syntax is  -KEY key <-Replace>          " 
   return 8 
end 
/*********************************************************************/ 
/* now the ICSF code                                                 */ 
/*********************************************************************/ 
/* Generate an AES using a skeleton                                  */ 
/*********************************************************************/ 
rc = SKELAES() 
parse var rc myrc myrs skel 
if myrc <> 0 then return rc 
                                                                             
/*********************************************************************/ 
/* Generate the key. Pass the skeleton to the create routine         */ 
/*********************************************************************/ 
rc= GENAES(label,skel) 
parse var rc myrc myrs Data 
if myrc <> 0 then return myrc 
/*********************************************************************/ 
/* Add it to the CKDS                                                */ 
/*********************************************************************/ 
rc = addckds(label,Data,replace) 
return 0

Where SKELEAS(), GENAES(), addckds() are helper rexx execs which issue the ICSF functions.

See REXX for more details

Example of C code

 rc =exportAES (pKey,pKek,&pData, &lData); 
 if (rc > 0 ) return rc; 
 rc = writeKey("dd:CERT",pData,lData);

You pass in the null terminated C string pKey, and the label of the key to be used for encryption (the Key Encryption Key). It returns a pointer to a blob of data pData, with length lData). It writes the data to the data set //CERT ....

The exportAES routine has logic to detect if the KEK is a PKI key, or an AES Exporter key, and chooses the appropriate options.

See C Documentation.

There are helper routines for example

  • ADDCKDS(pKey,pData,lData) to add blob of data to the CKDS with the given key name
  • DELCKDS(pKey) to delete a key entry from the CKDS
  • CSFGETRC(rc,rs) to get the error string for some reason codes (the ones I experienced).
  • GENDH(pPublic,pPrivate) generate a Diffie- Hellman symmetric key, passing the private and public key names.

About

Rexx programs and C programs to make programming of z/OS ICSF encryption APIs easier to use

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published