IBM z13s - CP Assist for Cryptographic Functions; The Cryptographic Coprocessor CPACF

588 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

Chapter 6. Cryptography 207

6.4 CP Assist for Cryptographic Functions

As already mentioned, attached to every PU on an SCM in a CPC of a z13s server are two

independent engines, one for compression and one for cryptographic purposes, as shown in

Figure 6-4. This cryptographic coprocessor, called the CPACF, is not an HSM and is therefore

not suitable for handling algorithms that use secret keys. However, the coprocessor can be

used for cryptographic algorithms that use clear keys or protected keys. The CPACF is

working synchronously to the PU, which means that the owning processor is busy when its

coprocessor is busy. CPACF provides a fast device for cryptographic services.

Figure 6-4 The cryptographic coprocessor CPACF

The CPACF offers a set of symmetric cryptographic functions that enhance the encryption

and decryption performance of clear key operations. These functions are for SSL, virtual

private network (VPN), and data-storing applications that do not require FIPS 140-2 Level 4

security.

CPACF is designed to facilitate the privacy of cryptographic key material when used for data

encryption through key wrapping implementation. It ensures that key material is not visible to

applications or operating systems during encryption operations. For more information, see

6.4.2, “CPACF protected key” on page 209

The CPACF feature provides hardware acceleration for DES, Triple-DES, AES-128, AES-192,

AES-256 (all for clear and protected keys) as well as SHA-1, SHA-256, SHA-384, SHA-512,

PRNG and DRNG (only clear key) cryptographic services. It provides high-performance

hardware encryption, decryption, hashing, and random number generation support.

The following instructions support the cryptographic assist function:

KMAC Compute Message Authentic Code

KM Cipher Message

KMC Cipher Message with Chaining

KMF Cipher Message with CFB

KMCTR Cipher Message with Counter

KMO Cipher Message with OFB

KIMD Compute Intermediate Message Digest

KLMD Compute Last Message Digest

PCKMO Provide Cryptographic Key Management Operation

Table of Contents

Related product manuals

Preview: IBM i Series

IBM x3630 M3 7377

Preview: IBM System x3200 M3

IBM System x3200 M3

Preview: IBM System x3100 M4

IBM System x3100 M4

Preview: IBM System x3250 M4

IBM System x3250 M4

Preview: IBM System x3100 M3

IBM System x3100 M3

IBM System x3500 M4

Preview: IBM System x3650 M3 4255

IBM System x3650 M3 4255

Preview: IBM x3500 - System - 7977

IBM x3500 - System - 7977

Preview: IBM x3650 - System M2 - 7947

IBM x3650 - System M2 - 7947

Preview: IBM x3200 - System M3 - 7328

IBM x3200 - System M3 - 7328

Preview: IBM System x3650 M4 Type 7915

IBM System x3650 M4 Type 7915