2 z990 cryptographic processors, 1 cp assist for cryptographic function (cpacf) – IBM 990 User Manual
Page 134
122
IBM
^
zSeries 990 Technical Guide
More information can be found in the publication IBM
^
zSeries CCA User Defined
Extensions Reference and Guide, available on the cryptocards Web site:
The Web site will direct the customer's request to an IBM Global Services (IGS) location
appropriate for the customer's geographic location. A special contract will be negotiated
between IGS and the customer, covering development of the UDX by IGS per the customer's
specifications, as well as an agreed-upon level of the UDX.
Under a special contract with IBM, PCIX Cryptographic Coprocessor customers will gain the
flexibility to define and load custom cryptographic functions themselves. This service offering
can be requested via the IBM Cryptocards Web site by selecting the Custom
Programming
option.
5.2 z990 Cryptographic processors
Three types of cryptographic hardware features are available on z990. The cryptographic
features are usable only when explicitly enabled through IBM.
CP Assist for Cryptographic Function (CPACF)
The CP Assist for Cryptographic Function feature provides hardware acceleration for DES,
TDES, MAC, and SHA-1 cryptographic services. Cryptographic keys must be protected by
the application system.
PCIX Cryptographic Coprocessor (PCIXCC)
The PCIX Cryptographic Coprocessor provides a replacement for both the PCICC and the
CMOS Cryptographic Coprocessor Facility (CCF). The PCIXCC on z990 provides
equivalent PCICC functions at higher performance. It also includes functions that were
implemented in the CCF. The PCIXCC supports highly secure cryptographic functions,
use of secure encrypted key values, and user-defined extensions.
PCI Cryptographic Accelerator (PCICA)
Secure Web transactions frequently employ the secure Socket Layer (SSL) protocol. The
IBM e-business PCI Cryptographic Accelerator offloads your server from
compute-intensive public-key cryptographic operations employed in the protocol. This
cost-effective solution often enables significantly greater server throughput
5.2.1 CP Assist for Cryptographic Function (CPACF)
Each CP has an assist processor on the chip in support of cryptography. The CP Assist for
Cryptographic Function (CPACF) provides high performance hardware encryption and
decryption support. To that end, the following five new instructions are introduced with the
cryptographic assist function:
KMAC; Compute Message Authentic Code
KM: Cipher Message
KMC: Cipher message with chaining
KIMD: Compute Intermediate Message Digest
KLMD: Compute Last Message Digest
The CP Assist for Cryptographic Function provides high performance hardware encryption
and decryption support.
The CP Assist for Cryptographic Function offers a set of symmetric cryptographic functions
that enhance the encryption and decryption performance of clear key operations for SSL,