RXS_Crypt()

This subprocedure performs cryptographic operations like hashing and encryption. Currently supported operations are:

  • MD5
  • SHA1
  • SHA256
  • SHA384
  • SHA512
  • AES128
  • AES192
  • AES256

For AES encryption, block modes ECB, CBC, and CTR are supported.

Subprocedure Prototype

D RXS_Crypt...
D                 PR                  Extproc('RXS_Crypt') Opdesc
D                                     Like(RXS_Var16Mv_t)
D                                     Rtnparm

Returns the output of the specified hashing/crytographic operation.

D  pInput                             Like(RXS_Var16Mv_t) Const
D                                     Options(*Varsize:*Omit)

Field to hold the input of the selected hashing/crytographic operation. You can pass a field smaller than 16M without any additional effort.

D  pDS                                Like(RXS_Var64K_t)
D                                     Options(*Varsize)

Holds settings which control how RXS_Crypt operates. This parm can accomodate a number of possible data structures, listed below.

Example Code

*--------------------------------------------------------------
* This example code calculates an MD5 hash from a character field.
*--------------------------------------------------------------
H DFTACTGRP(*NO) BNDDIR('RXSBND') ACTGRP(*CALLER)

 /copy QRPGLECPY,RXSCB

D HashMD5DS       DS                  LikeDS(RXS_MD5CryptDS_t)
D                                     Inz(*LikeDS)
D Data            S                   Like(RXS_Var1Kv_t)
D Hash            S                   Like(RXS_Var1Kv_t)
 /free
   Data = 'Hello World';

   RXS_ResetDS( HashMD5DS : RXS_DS_TYPE_MD5CRYPT );
   Hash = RXS_Crypt( Data : HashMD5DS );

   RXS_JobLog( 'Hash: %s' : Hash ); // Output: Hash: B10A8DB164E0754105B7A99BE72E3FE5

   *INLR = *ON;
 /end-free
*--------------------------------------------------------------
* This example code performs AES128 encryption on a string.
*--------------------------------------------------------------
H DFTACTGRP(*NO) BNDDIR('RXSBND') ACTGRP(*CALLER)

 /copy QRPGLECPY,RXSCB

D AESDS           DS                  LikeDS(RXS_AESCryptDS_t)
D Input           S                   Like(RXS_Var1Kv_t)
D Output          S                   Like(RXS_Var1Kv_t)
 /free
   Input = 'abc';

   RXS_ResetDS( AESDS : RXS_DS_TYPE_AESCRYPT );

   AESDS.PadInput = RXS_YES;
   AESDS.Algorithm = RXS_CRYPT_AES128_ALGORITHM;
   AESDS.BlockMode = RXS_CRYPT_AESBLOCKMODE_CBC;
   AESDS.EncryptDecrypt = RXS_ENCRYPT;
   AESDS.EncryptAsCcsid = RXS_CCSID_EBCDIC;
   AESDS.Key128 = x'00000000000000000000000000000000';
   AESDS.KeyFormat = RXS_CRYPT_AESKEYFORMAT_BIN;
   AESDS.OutputPadOption = RXS_CRYPT_PADOUTPUT_NONE;
   AESDS.InitializationVector = x'00000000000000000000000000000000';

   Output = RXS_Crypt( Input : AESDS );

   RXS_JobLog( 'Encrypted output: %s' : Output ); // Encrypted output: 81743865f4a9ce13349d67f5642fd971

   *INLR = *ON;
 /end-free

Data Structures

D RXS_MD5CryptDS_t...
D                 DS                  Qualified Template Inz
 
D   ReturnedErrorInfo...
D                                     LikeDS(RXS_ReturnedErrorInfoDS_t) Inz
 
D   DataStructureType...
D                                5I 0 Inz(RXS_DS_TYPE_MD5CRYPT)
 
D   OnErrorMessageType...
D                                5I 0
 
D   InputStmf                         Like(RXS_Var1Kv_t)

Optional IFS stream file to use as input data for hash operation.

D   InputCcsid                  10I 0 Inz(RXS_CCSID_JOB)

CCSID of input data. Used when the input data is of a different CCSID of the job CCSID. Not necessary if using InputStmf.

Default Value: RXS_CCSID_JOB

D   EncryptAsCcsid...
D                               10I 0 Inz(RXS_CCSID_ISO88591)

CCSID to convert the input data into before hashing. Note that this is typically going to be RXS_ISO88591 or RXS_UTF8.

Default Value: RXS_CCSID_ISO88591

D   InputPointer...
D                                 *

Internal use only

D   InputLength                 10I 0

Internal use only

D   OutputPointer...
D                                 *

Internal use only

D   OutputLength                10I 0

Internal use only

D   Reserved                  2048A

Internal use only

D RXS_SHACryptDS_t...
D                 DS                  Qualified Template Inz
 
D   ReturnedErrorInfo...
D                                     LikeDS(RXS_ReturnedErrorInfoDS_t) Inz
 
D   DataStructureType...
D                                5I 0 Inz(RXS_DS_TYPE_SHACRYPT)
 
D   OnErrorMessageType...
D                                5I 0
 
D   Algorithm                    4P 3

Determines which SHA algorithm/block size to use when hashing.

Valid Values:

  • RXS_CRYPT_SHA1_ALGORITHM
  • RXS_CRYPT_SHA256_ALGORITHM
  • RXS_CRYPT_SHA384_ALGORITHM
  • RXS_CRYPT_SHA512_ALGORITHM

D   InputStmf                         Like(RXS_Var1Kv_t)

Optional IFS stream file to use as input data for hash operation.

D   InputCcsid                  10I 0 Inz(RXS_CCSID_JOB)

CCSID of input data. Used when the input data is of a different CCSID of the job CCSID. Not necessary if using InputStmf.

Default Value: RXS_CCSID_JOB

D   EncryptAsCcsid...
D                               10I 0 Inz(RXS_CCSID_ISO88591)

CCSID to convert the input data into before hashing. Note that this is typically going to be RXS_ISO88591 or RXS_UTF8.

Default Value: RXS_CCSID_ISO88591

D   InputPointer...
D                                 *

Internal use only

D   InputLength                 10I 0

Internal use only

D   OutputPointer...
D                                 *

Internal use only

D   OutputLength                10I 0

Internal use only

D   Reserved                  2049A

Internal use only

D RXS_AESCryptDS_t...
D                 DS                  Qualified Template Inz
 
D   ReturnedErrorInfo...
D                                     LikeDS(RXS_ReturnedErrorInfoDS_t) Inz
 
D   DataStructureType...
D                                5I 0 Inz(RXS_DS_TYPE_AESCRYPT)
 
D   OnErrorMessageType...
D                                5I 0
 
D   Algorithm                    3I 0

Determines which AES algorithm to use when encrypting.

Valid Values:

  • RXS_CRYPT_AES128_ALGORITHM
  • RXS_CRYPT_AES192_ALGORITHM
  • RXS_CRYPT_AES256_ALGORITHM

D   BlockMode                    3I 0

Determines which AES block mode to use when encrypting.

Valid Values:

  • RXS_CRYPT_AESBLOCKMODE_ECB
  • RXS_CRYPT_AESBLOCKMODE_CBC
  • RXS_CRYPT_AESBLOCKMODE_CTR

D   EncryptDecrypt...
D                                 N

Specifies whether input data should be encrypted or decrypted.

Valid Values:

  • RXS_ENCRYPT
  • RXS_DECRYPT

D   PadInput                      N

AES standard requires that input data be exactly divisible into block lengths of 16 - specify this value as RXS_YES if you'd like RXS to perform this padding automatically, or to RXS_NO if you are manually padding the input data.

Valid Values:

  • RXS_YES
  • RXS_NO

D   InputPadCharacter...
D                                1A   Inz(x'00')

If PadInput is set to RXS_YES, the hex byte value in this field will be used for padding the input data.

Default Value: x'00'

D   OutputPadOption...
D                                3I 0 Inz(RXS_CRYPT_PADOUTPUT_NONE)

Specifies if output data should be padded, and which padding method to use.

Valid Values:

  • RXS_CRYPT_PADOUTPUT_NONE
  • RXS_CRYPT_PADOUTPUT_CHAR
  • RXS_CRYPT_PADOUTPUT_COUNTER

Default Value: RXS_CRYPT_PADOUTPUT_NONE

D   OutputPadCharacter...
D                                1A   Inz(x'00')

If OutputPadOption is set to RXS_CRYPT_PADOUTPUT_CHAR, the hex byte value in this field will be used for padding the output data.

Default Value: x'00'

D   KeyFormat                    3I 0 Inz(RXS_CRYPT_AESKEYFORMAT_BIN)

The data format of the encryption key. Currently only binary keys are fully supported.

Valid Values:

  • RXS_CRYPT_AESKEYFORMAT_BIN
  • RXS_CRYPT_AESKEYFORMAT_BER

Default Value: RXS_CRYPT_AESKEYFORMAT_BIN

D   Key256                      32A   Inz(*Allx'00')

The encryption key to be used for AES256. Only the Key### field matching your AES algorithm needs to be specified.

D   Key192                      24A   Overlay(Key256)

The encryption key to be used for AES192. Only the Key### field matching your AES algorithm needs to be specified.

D   Key128                      16A   Overlay(Key256)

The encryption key to be used for AES128. Only the Key### field matching your AES algorithm needs to be specified.

D   InitializationVector...
D                               16A   Inz(*Allx'00')

Initialization vector used for optional additional randomization. If this value is not null, both the encrypting party and the decrypting party need to know this value.

D   InputCcsid                  10I 0 Inz(RXS_CCSID_JOB)

CCSID of input data. Used when the input data is of a different CCSID than the job CCSID. Not necessary if using InputStmf.

Default Value: RXS_CCSID_JOB

D   EncryptAsCcsid...
D                               10I 0 Inz(RXS_CCSID_ISO88591)

When performing encryption, this field will specify the CCSID in which the data should be encrypted. If this value is different than the InputCcsid value, the data will be converted before encryption. When performing decryption, this field will specify the CCSID of the data that was encrypted.

Default Value: RXS_CCSID_ISO88591

D   KeyCcsid                    10I 0 Inz(RXS_CCSID_JOB)

Specify the CCSID of the encryption key. Used when the key is of a different CCSID than the job CCSID. If this value is different than the EncryptAsCcsid value, the data will be converted before encryption/decryption.

Default Value: RXS_CCSID_JOB

D   InputStmf                         Like(RXS_Var1Kv_t)

Optional IFS stream file to use as input data for encryption/decryption.

D   OutputStmf                        Like(RXS_Var1Kv_t)

Optional IFS stream file where encrypted/decrypted output will be written.

D   InputPointer...
D                                 *

Internal use only

D   InputLength                 10I 0

Internal use only

D   OutputPointer...
D                                 *

Internal use only

D   OutputLength                10I 0

Internal use only

D   Reserved                  2049A

Internal use only