CSNBXEA uses a default translation table that probably doesn't match the
code page that your REXX exec is encoded in.
If you SAY "ASCII in hex: "||C2D(text_ASCII), I suspect you will not see
the same values as I pasted.
For my testing, I used something like:
Const.ASCII =,
'202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F'X||,
'404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F'X||,
'606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E'X;
Const.EBCDIC =,
' !"#$%&''()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^'||,
'_`abcdefghijklmnopqrstuvwxyz{|}~'
text_EBCDIC = 'ABCabcABCabcABC12345678901234567' ;
text_ASCII = TRANSLATE(text_EBCDIC,Const.ASCII,Const.EBCDIC);
CSNBXEA is very limited. z/OS provides real conversion APIs where you
provide the source and destination code pages.
Eric Rossman, CISSPĀ®
ICSF Cryptographic Security Development
z/OS Enabling Technologies
[email protected]
Tieline: 295-6882 or (845) 435-6882
"IBM Mainframe Discussion List" <[email protected]> wrote on
09/16/2021 02:40:57 PM:
> From: "Isabel" <[email protected]>
> To: [email protected]
> Date: 09/16/2021 02:41 PM
> Subject: [EXTERNAL] Re: ICSF Hash with a certain seed (Key)
> Sent by: "IBM Mainframe Discussion List" <[email protected]>
>
> Hello again and thanks Eric and the others for all the answers, but we
> still have problems. :(
>
> Here is what we did in REXX.
>
> First we imported the "secret key" and then we calculated the HMAC.
> We converted the secret key to ASCII ( "
ABCabcABCabcABC12345678901234567")
> The text to ASCII ("Hola Mundo")
> and also the output to ASCII
>
> but we still get different results. In this case we expected
> 1e8f4f6cba07b91e3e2ad9853a2965ba7d85d126a8e77950d8caa4bbea6d833e as a
result
>
> Thanks agian, and we appreciate any help.
> Regards
>
> /* rexx */
> signal on novalue;
> /*---------------------------------------------------*/
> /* CSNBSKI2 */
> /*---------------------------------------------------*/
> SKI2_rc = 'FFFFFFFF'x ;
> SKI2_rs = 'FFFFFFFF'x ;
> SKI2_exit_data_length = '00000000'x ;
> SKI2_exit_data = '';
> SKI2_rule_array_count = '00000003'x ;
> SKI2_rule_array = 'HMAC ' ||,
> 'OP ' ||,
> 'MAC ';
> SKI2_ckey_bit_len = '00000080'x ;
> text_EBCDIC = 'ABCabcABCabcABC12345678901234567' ;
> text_EBCDIC_len = '00000020'x ;
> call EBCDIC_to_ASCII ;
> SKI2_ckey_val = text_ASCII;
> SKI2_key_name_length = '00000000'x ;
> SKI2_key_name = '' ;
> SKI2_associated_data_length = '00000000'x ;
> SKI2_associated_data = '' ;
> SKI2_encrypting_key_identifier_length = '00000000'x ;
> SKI2_encrypting_key_identifier = '' ;
> SKI2_key_ident_len = '00000080'x ;
> SKI2_key_ident = copies('00'x,c2d(SKI2_key_ident_len)) ;
> /* call CSNBSKI2 */
> ADDRESS LINKPGM 'CSNBSKI2' ,
> 'SKI2_rc' ,
> 'SKI2_rs' ,
> 'SKI2_exit_data_length' ,
> 'SKI2_exit_data' ,
> 'SKI2_rule_array_count' ,
> 'SKI2_rule_array' ,
> 'SKI2_ckey_bit_len' ,
> 'SKI2_ckey_val' ,
> 'SKI2_key_name_length' ,
> 'SKI2_key_name' ,
> 'SKI2_associated_data_length',
> 'SKI2_associated_data',
> 'SKI2_encrypting_key_identifier_length',
> 'SKI2_encrypting_key_identifier',
> 'SKI2_key_ident_len',
> 'SKI2_key_ident';
> IF (SKI2_rc /= '00000000'x) THEN
> DO ;
> SAY 'SKI2 failed: rc =' c2x(SKI2_rc) 'rs =' c2x(SKI2_rs) ;
> EXIT ;
> END ;
> ELSE
> DO ;
> SAY 'SKI2: rc =' c2x(SKI2_rc) 'rs =' c2x(SKI2_rs) ;
> clear_key = substr(SKI2_key_ident,1,c2d(SKI2_key_ident_len));
> END ;
> /*CSNBHMG--------------------------------------------*/
> hmg_rc = 'FFFFFFFF'x ;
> hmg_rs = 'FFFFFFFF'x ;
> hmg_exit_length = '00000000'x;
> hmg_exit_data = '';
> hmg_rule_count = '00000003'x;
> hmg_rule_array = 'HMAC ' ||,
> 'SHA-256 ' ||,
> 'ONLY ';
> hmg_key_id_len = SKI2_key_ident_len ;
> hmg_key_id = SKI2_key_ident ;
> hmg_text_length = '0000000A'x;
> text_EBCDIC = 'Hola Mundo' ;
> text_EBCDIC_len = hmg_text_length ;
> hmg_text = text_ASCII ;
> hmg_chain_vector_length = '00000080'x;
> hmg_chain_vector = copies('00'x,128);
> hmg_hmac_length = '00000020'x;
> hmg_hmac = copies('00'x,c2d(hmg_hmac_Length));
> address linkpgm 'CSNBHMG',
> 'hmg_rc' 'hmg_rs' ,
> 'hmg_exit_length' 'hmg_exit_data' ,
> 'hmg_rule_count' 'hmg_rule_array' ,
> 'hmg_key_id_len' 'hmg_key_id' ,
> 'hmg_text_length' 'hmg_text' ,
> 'hmg_chain_vector_length' 'hmg_chain_vector' ,
> 'hmg_hmac_length' 'hmg_hmac' ;
> if (hmg_rc /= '00000000'x) Then
> do;
> say 'HMG Failed (rc=' c2x(hmg_rc)' rs='c2x(hmg_rs)')' ;
> signal ExitScript;
> end;
> say "HMAC : " hmg_hmac
> sqy "HMAC hexa: " c2x(hmg_hmac);
> /*---------------------------------------------------*/
> /* CSNBXEA */
> /*---------------------------------------------------*/
> /* EBCDIC to ASCII */
> EBCDIC_to_ASCII:
> xea_return_code = '00000000'x ;
> xea_reason_code = '00000000'x ;
> xea_exit_data_length = '00000000'x ;
> xea_exit_data = '';
> xea_text_length = text_EBCDIC_len ;
> xea_source_text = text_EBCDIC ;
> xea_target_text = copies('00'x,c2d(text_EBCDIC_len));
> xea_code_table = '';
> ADDRESS LINKPGM 'CSNBXEA' ,
> 'xea_return_code',
> 'xea_reason_code',
> 'xea_exit_data_length',
> 'xea_exit_data',
> 'xea_text_length',
> 'xea_source_text',
> 'xea_target_text',
> 'xea_code_table' ;
> text_ASCII = xea_target_text ;
> return;
> Exit;
>
> On Wed, Sep 15, 2021 at 3:24 PM Eric D Rossman <[email protected]>
wrote:
>
> > Confirmed. When I treat both as ASCII, I get the same answer:
> >
> > /* "ABCabcAB12345678" */
> > Key =,
> > '41424361626341423132333435363738'X;
> >
> > /* "Hola Mundo" */
> > Msg =,
> > '486f6c61204d756e646f'X;
> >
> > expected_Mac =,
> > '7483f0f47d20c89256805b69936ebdc31e62d99a40f6640b334c6b5a8d83df5e'X;
> >
> > Eric Rossman, CISSPĀ®
> > ICSF Cryptographic Security Development
> > z/OS Enabling Technologies
> > [email protected]
> >
> > "IBM Mainframe Discussion List" <[email protected]> wrote on
> > 09/15/2021 02:18:25 PM:
> >
> > > From: "Charles Mills" <[email protected]>
> > > To: [email protected]
> > > Date: 09/15/2021 02:18 PM
> > > Subject: [EXTERNAL] Re: ICSF Hash with a certain seed (Key)
> > > Sent by: "IBM Mainframe Discussion List" <[email protected]>
> > >
> > > Actually, as I think more, perhaps the Web site is computing the
> > > hash on the ASCII value of ABCabcAB12345678 which would be
> > > X'41424361626341423132333435363738' while the mainframe tool is
> > > perhaps taking ABCabcAB12345678 as hex? Try taking the mainframe
> > > hash of the hex string above and see if it is the same as what the
> > > Web site gives you.
> > >
> > > Charles
> >
> >
> > ----------------------------------------------------------------------
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to [email protected] with the message: INFO IBM-MAIN
> >
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
