RXS_Crypt()

This subprocedure performs cryptographic operations like hashing and encryption. Currently supported operations are:

  • MD5
  • SHA1
  • SHA256
  • SHA384
  • SHA512
  • AES128
  • AES192
  • AES256

For AES encryption, block modes ECB, CBC, and CTR are supported.

Subprocedure Prototype

D RXS_Crypt...
D                 PR                  Extproc('RXS_Crypt') Opdesc
D                                     Like(RXS_Var16Mv_t)
D                                     Rtnparm

Returns the output of the specified hashing/crytographic operation.

D  pInput                             Like(RXS_Var16Mv_t) Const
D                                     Options(*Varsize:*Omit)

Field to hold the input of the selected hashing/crytographic operation. You can pass a field smaller than 16M without any additional effort.

D  pDS                                Like(RXS_Var64K_t)
D                                     Options(*Varsize)

Holds settings which control how RXS_Crypt operates. This parm can accomodate a number of possible data structures, listed below.

Example Code


**FREE // This example code calculates an MD5 hash from a character field. Ctl-Opt ActGrp(*New) BndDir('RXSBND'); /COPY QRPGLECPY,RXSCB Dcl-Ds MD5DS LikeDS(RXS_MD5CryptDS_t); Dcl-S Data Like(RXS_Var1Kv_t); Dcl-S Hash Like(RXS_Var1Kv_t); Data = 'Hello World'; RXS_ResetDS( HashMD5DS : RXS_DS_TYPE_MD5CRYPT ); Hash = RXS_Crypt( Data : HashMD5DS ); RXS_JobLog( 'Hash: %s' : Hash ); // Output: Hash: B10A8DB164E0754105B7A99BE72E3FE5 return;

**FREE // This example code performs AES128 encryption on an ISO88591 string Ctl-Opt ActGrp(*New) BndDir('RXSBND'); /COPY QRPGLECPY,RXSCB Dcl-Ds AESDS LikeDS(RXS_AESCryptDS_t); Dcl-S Input Like(RXS_Var1Kv_t); Dcl-S Output Like(RXS_Var1Kv_t); Input = 'abc'; RXS_ResetDS( AESDS : RXS_DS_TYPE_AESCRYPT ); AESDS.PadInput = RXS_YES; AESDS.Algorithm = RXS_CRYPT_AES128_ALGORITHM; AESDS.BlockMode = RXS_CRYPT_AESBLOCKMODE_CBC; AESDS.EncryptDecrypt = RXS_ENCRYPT; // We're providing the input string in our job CCSID but we want // RXS_Crypt to convert it to the ISO88591 equivalent and then // encrypt. If you plan to exchange data with non-IBM i systems // this is usually the route you'll want to go, though you may // instead need to encrypt as UTF-8 by using RXS_CCSID_UTF8. AESDS.InputCCSID = RXS_CCSID_JOB; AESDS.EncryptAsCcsid = RXS_CCSID_ISO88591; AESDS.Key128 = x'00000000000000000000000000000000'; AESDS.KeyFormat = RXS_CRYPT_AESKEYFORMAT_BIN; AESDS.OutputPadOption = RXS_CRYPT_PADOUTPUT_NONE; AESDS.InitializationVector = x'00000000000000000000000000000000'; // After encryption, the Output field will contain a binary string with the hex // value: d29999ea2b049ae79cb86ba27b1a5f55 Output = RXS_Crypt( Input : AESDS ); // RXS_JobLog will attempt to treat this as a string which will lead to // the output looking like garbage characters. RXS_JobLog( 'Encrypted output: %s' : Output ); // The easiest way to view and verify the encryption worked correctly is // to look at the value of the Output field in debug in hex mode. // Using STRDBG, you would view Output in hex mode by typing in this: // // eval Output:x 50 return;

**FREE // This example code performs AES128 decryption on an ISO88591 string Ctl-Opt ActGrp(*New) BndDir('RXSBND'); /COPY QRPGLECPY,RXSCB Dcl-Ds AESDS LikeDS(RXS_AESCryptDS_t); Dcl-S Input Like(RXS_Var1Kv_t); Dcl-S Output Like(RXS_Var1Kv_t); // We have a sequence of hex bytes and not a string to decrypt Input = x'd29999ea2b049ae79cb86ba27b1a5f55'; RXS_ResetDS( AESDS : RXS_DS_TYPE_AESCRYPT ); // Any non-IBM i system you work with isn't going to deal with data in EBCDIC so // RXS_Crypt is set up to facilitate handling conversion to/from non-EBCDIC // character sets. In this case the string is in ISO8859-1, so we indicate // that here: AESDS.InputCcsid = RXS_CCSID_ISO88591; AESDS.EncryptAsCcsid = RXS_CCSID_ISO88591; // Indicate that we're performing decryption and not encryption AESDS.EncryptDecrypt = RXS_DECRYPT; AESDS.PadInput = RXS_YES; AESDS.Algorithm = RXS_CRYPT_AES128_ALGORITHM; AESDS.BlockMode = RXS_CRYPT_AESBLOCKMODE_CBC; AESDS.Key128 = x'00000000000000000000000000000000'; AESDS.KeyFormat = RXS_CRYPT_AESKEYFORMAT_BIN; // Make sure you set the key CCSID appropriately AESDS.KeyCCSID = RXS_CCSID_JOB; // For output generally RXS_CRYPT_PADOUTPUT_CHAR is what you should use. // This will make RXS_Crypt pad the output with null bytes, which is typically // what you want. AESDS.OutputPadOption = RXS_CRYPT_PADOUTPUT_CHAR; AESDS.InitializationVector = x'00000000000000000000000000000000'; // After encryption, the Output field will contain a binary string with the hex // value: 616263 // This corresponds to the ISO88591 characters 'abc' as expected. Output = RXS_Crypt( Input : AESDS ); // RXS_JobLog will attempt to treat this as a string which will lead to // the output looking like garbage characters. RXS_JobLog( 'Decrypted output: %s' : Output ); // The easiest way to view and verify the encryption worked correctly is // to look at the value of the Output field in debug in hex mode. // Using STRDBG, you would view Output in hex mode by typing in this: // // eval Output:x 50 return;

**FREE // This example code performs AES128 encryption on an EBCDIC string Ctl-Opt ActGrp(*New) BndDir('RXSBND'); /COPY QRPGLECPY,RXSCB Dcl-Ds AESDS LikeDS(RXS_AESCryptDS_t); Dcl-S Input Like(RXS_Var1Kv_t); Dcl-S Output Like(RXS_Var1Kv_t); Input = 'abc'; RXS_ResetDS( AESDS : RXS_DS_TYPE_AESCRYPT ); AESDS.PadInput = RXS_YES; AESDS.Algorithm = RXS_CRYPT_AES128_ALGORITHM; AESDS.BlockMode = RXS_CRYPT_AESBLOCKMODE_CBC; AESDS.EncryptDecrypt = RXS_ENCRYPT; // We're providing the input as our job CCSID, and we want it encrypted // using EBCDIC CCSID 37. This is rarely something you want to do when you // will be exchanging encrypted data with other non-IBM i systems as most // other systems will expect to be working with ISO88591 or UTF-8 data. AESDS.InputCCSID = RXS_CCSID_JOB; AESDS.EncryptAsCCSID = RXS_CCSID_EBCDIC; AESDS.Key128 = x'00000000000000000000000000000000'; AESDS.KeyFormat = RXS_CRYPT_AESKEYFORMAT_BIN; AESDS.OutputPadOption = RXS_CRYPT_PADOUTPUT_NONE; AESDS.InitializationVector = x'00000000000000000000000000000000'; // After encryption, the Output field will contain a binary string with the hex // value: 81743865f4a9ce13349d67f5642fd971 Output = RXS_Crypt( Input : AESDS ); // RXS_JobLog will attempt to treat this as a string which will lead to // the output looking like garbage characters. RXS_JobLog( 'Encrypted output: %s' : Output ); // The easiest way to view and verify the encryption worked correctly is // to look at the value of the Output field in debug in hex mode. // Using STRDBG, you would view Output in hex mode by typing in this: // // eval Output:x 50 return;

Data Structures

D RXS_MD5CryptDS_t...
D                 DS                  Qualified Template Inz
 
D   ReturnedErrorInfo...
D                                     LikeDS(RXS_ReturnedErrorInfoDS_t) Inz
 
D   DataStructureType...
D                                5I 0 Inz(RXS_DS_TYPE_MD5CRYPT)
 
D   OnErrorMessageType...
D                                5I 0
 
D   InputStmf                         Like(RXS_Var1Kv_t)

Optional IFS stream file to use as input data for hash operation.

D   InputCcsid                  10I 0 Inz(RXS_CCSID_JOB)

CCSID of input data. Used when the input data is of a different CCSID of the job CCSID. Not necessary if using InputStmf.

Default Value: RXS_CCSID_JOB

D   EncryptAsCcsid...
D                               10I 0 Inz(RXS_CCSID_ISO88591)

CCSID to convert the input data into before hashing. Note that this is typically going to be RXS_ISO88591 or RXS_UTF8.

Default Value: RXS_CCSID_ISO88591

D   InputPointer...
D                                 *

Internal use only

D   InputLength                 10I 0

Internal use only

D   OutputPointer...
D                                 *

Internal use only

D   OutputLength                10I 0

Internal use only

D   Reserved                  2048A

Internal use only

D RXS_SHACryptDS_t...
D                 DS                  Qualified Template Inz
 
D   ReturnedErrorInfo...
D                                     LikeDS(RXS_ReturnedErrorInfoDS_t) Inz
 
D   DataStructureType...
D                                5I 0 Inz(RXS_DS_TYPE_SHACRYPT)
 
D   OnErrorMessageType...
D                                5I 0
 
D   Algorithm                    4P 3

Determines which SHA algorithm/block size to use when hashing.

Valid Values:

  • RXS_CRYPT_SHA1_ALGORITHM
  • RXS_CRYPT_SHA256_ALGORITHM
  • RXS_CRYPT_SHA384_ALGORITHM
  • RXS_CRYPT_SHA512_ALGORITHM

D   InputStmf                         Like(RXS_Var1Kv_t)

Optional IFS stream file to use as input data for hash operation.

D   InputCcsid                  10I 0 Inz(RXS_CCSID_JOB)

CCSID of input data. Used when the input data is of a different CCSID of the job CCSID. Not necessary if using InputStmf.

Default Value: RXS_CCSID_JOB

D   EncryptAsCcsid...
D                               10I 0 Inz(RXS_CCSID_ISO88591)

CCSID to convert the input data into before hashing. Note that this is typically going to be RXS_ISO88591 or RXS_UTF8.

Default Value: RXS_CCSID_ISO88591

D   InputPointer...
D                                 *

Internal use only

D   InputLength                 10I 0

Internal use only

D   OutputPointer...
D                                 *

Internal use only

D   OutputLength                10I 0

Internal use only

D   Reserved                  2049A

Internal use only

D RXS_AESCryptDS_t...
D                 DS                  Qualified Template Inz
 
D   ReturnedErrorInfo...
D                                     LikeDS(RXS_ReturnedErrorInfoDS_t) Inz
 
D   DataStructureType...
D                                5I 0 Inz(RXS_DS_TYPE_AESCRYPT)
 
D   OnErrorMessageType...
D                                5I 0
 
D   Algorithm                    3I 0

Determines which AES algorithm to use when encrypting.

Valid Values:

  • RXS_CRYPT_AES128_ALGORITHM
  • RXS_CRYPT_AES192_ALGORITHM
  • RXS_CRYPT_AES256_ALGORITHM

D   BlockMode                    3I 0

Determines which AES block mode to use when encrypting.

Valid Values:

  • RXS_CRYPT_AESBLOCKMODE_ECB
  • RXS_CRYPT_AESBLOCKMODE_CBC
  • RXS_CRYPT_AESBLOCKMODE_CTR

D   EncryptDecrypt...
D                                 N

Specifies whether input data should be encrypted or decrypted.

Valid Values:

  • RXS_ENCRYPT
  • RXS_DECRYPT

D   PadInput                      N

AES standard requires that input data be exactly divisible into block lengths of 16 - specify this value as RXS_YES if you'd like RXS to perform this padding automatically, or to RXS_NO if you are manually padding the input data.

Valid Values:

  • RXS_YES
  • RXS_NO

D   InputPadCharacter...
D                                1A   Inz(x'00')

If PadInput is set to RXS_YES, the hex byte value in this field will be used for padding the input data.

Default Value: x'00'

D   OutputPadOption...
D                                3I 0 Inz(RXS_CRYPT_PADOUTPUT_NONE)

Specifies if output data should be padded, and which padding method to use.

Valid Values:

  • RXS_CRYPT_PADOUTPUT_NONE
  • RXS_CRYPT_PADOUTPUT_CHAR
  • RXS_CRYPT_PADOUTPUT_COUNTER

Default Value: RXS_CRYPT_PADOUTPUT_NONE

D   OutputPadCharacter...
D                                1A   Inz(x'00')

If OutputPadOption is set to RXS_CRYPT_PADOUTPUT_CHAR, the hex byte value in this field will be used for padding the output data.

Default Value: x'00'

D   KeyFormat                    3I 0 Inz(RXS_CRYPT_AESKEYFORMAT_BIN)

The data format of the encryption key. Currently only binary keys are fully supported.

Valid Values:

  • RXS_CRYPT_AESKEYFORMAT_BIN
  • RXS_CRYPT_AESKEYFORMAT_BER

Default Value: RXS_CRYPT_AESKEYFORMAT_BIN

D   Key256                      32A   Inz(*Allx'00')

The encryption key to be used for AES256. Only the Key### field matching your AES algorithm needs to be specified.

D   Key192                      24A   Overlay(Key256)

The encryption key to be used for AES192. Only the Key### field matching your AES algorithm needs to be specified.

D   Key128                      16A   Overlay(Key256)

The encryption key to be used for AES128. Only the Key### field matching your AES algorithm needs to be specified.

D   InitializationVector...
D                               16A   Inz(*Allx'00')

Initialization vector used for optional additional randomization. If this value is not null, both the encrypting party and the decrypting party need to know this value.

D   InputCcsid                  10I 0 Inz(RXS_CCSID_JOB)

CCSID of input data. Used when the input data is of a different CCSID than the job CCSID. Not necessary if using InputStmf.

Default Value: RXS_CCSID_JOB

D   EncryptAsCcsid...
D                               10I 0 Inz(RXS_CCSID_ISO88591)

When performing encryption, this field will specify the CCSID in which the data should be encrypted. If this value is different than the InputCcsid value, the data will be converted before encryption. When performing decryption, this field will specify the CCSID of the data that was encrypted.

Default Value: RXS_CCSID_ISO88591

D   KeyCcsid                    10I 0 Inz(RXS_CCSID_JOB)

Specify the CCSID of the encryption key. Used when the key is of a different CCSID than the job CCSID. If this value is different than the EncryptAsCcsid value, the data will be converted before encryption/decryption.

Default Value: RXS_CCSID_JOB

D   InputStmf                         Like(RXS_Var1Kv_t)

Optional IFS stream file to use as input data for encryption/decryption.

D   OutputStmf                        Like(RXS_Var1Kv_t)

Optional IFS stream file where encrypted/decrypted output will be written.

D   InputPointer...
D                                 *

Internal use only

D   InputLength                 10I 0

Internal use only

D   OutputPointer...
D                                 *

Internal use only

D   OutputLength                10I 0

Internal use only

D   Reserved                  2049A

Internal use only