Crypto Hardware on System z - Part 1

Transcription

1 Crypto Hardware on System z - Part 1 Greg Boyd gregboyd@mainframecrypto.com zexchange Crypto Hardware Part 1 April 2015

2 Agenda Crypto Hardware - Part 1 Some basics Some history Some hardware terminology CP Assist for Cryptographic Function (CPACF) Crypto Hardware Part 2 Refresher PCI Cards HMC Slides Page 2

3 Crypto Functions Data Confidentiality Symmetric DES/TDES, AES Asymmetric RSA,Diffie-Hellman, ECC Data Integrity Modification Detection Message Authentication Non-repudiation Financial Functions Key Security & Integrity Page 3

4 Crypto by CEC CCF G3, G4, G5, G6, z800/z900 PCICC G5, G6, z800/z900 CPACF z890/z990, z9 EC/BC, z10 EC/BC, z196/z114, zec12/zbc12, z13 PCICA z800/z900, z890/z990 PCIXCC z890/z990 Crypto Express2 z890/z990, z9 EC/BC, z10 EC/BC Crypto Express3 z10 EC/BC, z196/z114, zec12/zbc12 Crypto Express4S zec12/zbc12 Crypto Express5S z13 Page 4

5 Clear Key / Secure Key / Protected Key Clear Key Key value is in the clear i.e. not encrypted by another key As a variable in software Stored in a dataset Secure Key Clear value only exists inside secure, tamper-resistant boundary of the card Before the key leaves the card, it is encrypted under another key Protected Key Clear key / secure key hybrid Key is stored (outside of the card) encrypted as a secure key, i.e. encrypted under the master key When key is used, it is first decrypted then re-encrypted using a wrapping key Page 5

6 Clear Key Processing Calling Application Clear Key API(clear keylabel, data ) ICSF Process Encryption Request Clear Key ABCDEF Data Key Repository Clear Key Value (ABCDEF) Visible to Intruder ABCDEF CPACF Out-Data Data Page 6

7 Secure Key Processing Calling Application Secure Key API(secure keylabel, data ) ICSF Process Encryption Request Secure Key E3#9cZ Data Key Repository Secure Key Value (E3#9cZ) E3#9cZ Master Key ABCDEF Data Crypto Express Card Visible to Intruder Out-Data Page 7

8 Protected Key Processing Calling Application Clear Key API(secure keylabel, data ) ICSF Process Encryption Request Secure Key E3#9cZ Data Key Repository E3#9cZ Master Key ABCDEF Secure Key Value (E3#9cZ) 7x!4A#v 7x!4A#v Wrapping Key Crypto Express Card Visible to Intruder 7x!4A#v ABCDEF CPACF Out-Data Data Page 8

9 CPACF Protected Key Terminology CPACF Wrapping Key Hardware generated key to encrypt clear keys used by the CPACF CPACF Wrapped Key operational key encrypted with CPACF wrapping key Two different wrapping keys AES Wrapping Key 256 bits DES Wrapping Key 192 bits Transient Generated each time an LPAR is activated or a clear reset is performed Stored in HSA Neither apps nor OS can access the wrapping keys Page 9

10 CPACF Machines (z890/z990 & later) CP Assist for Cryptographic Function (CPACF) Independent cryptographic engine Available to any processor type (CP, ziip, zaap, IFL) Peripheral Component Interconnect (PCI Cards) CEC Cage Memory MBA STI I/O Cage or I/O Drawer PCIXCC Crypto Expressn CP0 CP1 CP2 CP3 CPn Crypto Expressn-1P CPACF0 CPACF1 CPACF2 CPACF3 CPACFn FICON Page 10

11 CPACF Machines (z10, z196/z114) Two CPs share the CPACF Owning processor is busy when it s coprocessor is busy I/O Cage or I/O Drawer CEC Cage Memory MBA STI PCIXCC Crypto Expressn CP0 CP1 CP2 CP3 CPn Crypto Expressn-1P CPACF CPACF CPACFn FICON Page 11

12 zec12 HMC/SE Screens Crypto support (FC #3863) Page 12

13 MSA Message Security Assist MSA Cipher Message instruction Cipher Message with Chaining instruction Compute Intermediate Message Digest instruction Compute Last Message Digest instruction Compute Message Authentication Code instruction MSA Extension 1 added SHA-256, AES-128 and PRNG MSA Extension 2 added AES-192, AES-256, SHA-512 MSA Extension 3 added Protected Key support MSA Extension 4 Cipher Message With Cipher Feedback (CFB) instruction Cipher Message With Counter instruction Cipher Message With Output Feedback (OFB) instruction Perform Cryptographic Computation instruction Add AES Ciphertext stealing, GHASH; Enhance CMAC MSA Extension 5 Perform Pseudo Random Number instruction Page 13

14 System z CCF Hardware G5,G6, z800/z900 DES (56-, 112-, 168-bit) SHA-1 Secure Key Only TechDoc WP A Synopsis of System z Crypto Hardware Page 14

15 System z CPACF Hardware z890/z990 DES (56-, 112-, 168-bit) SHA-1 Message-Security Assist Cipher Message instruction Cipher Message with Chaining instruction Compute Intermediate Message Digest instruction Compute Last Message Digest instruction Compute Message Authentication Code instruction TechDoc WP A Synopsis of System z Crypto Hardware Page 15

16 System z CPACF Hardware z9 EC & BC DES (56-, 112-, 168-bit) AES-128 SHA-1, SHA-256 PRNG Message-Security-Assist Extension 1 added SHA-256, AES-128 and PRNG TechDoc WP A Synopsis of System z Crypto Hardware Page 16

17 System z CPACF Hardware z10 EC & BC DES (56-, 112-, 168-bit) AES-128, AES-192, AES-256 SHA-1, SHA-256, SHA-512 (SHA-2 Suite) PRNG MSA Extension 2 added AES-192, AES-256, SHA-512 TechDoc WP A Synopsis of System z Crypto Hardware Page 17

18 System z CPACF Hardware z10 EC (GA3) & BC (GA2) DES (56-, 112-, 168-bit) AES-128, AES-192, AES-256 SHA-1, SHA-256, SHA-512 (SHA-2 Suite) PRNG Protected Key MSA Extension 3 added Protected Key support TechDoc WP A Synopsis of System z Crypto Hardware Page 18

19 System z CPACF Hardware z196 (GA2)/z114 & zec12/zbc12 DES (56-, 112-, 168-bit), new chaining options AES-128, AES-192, AES-256, new chaining options SHA-1, SHA-256, SHA-512 (SHA-2 Suite) PRNG Protected Key MSA Extension 4 Cipher Message With Cipher Feedback (CFB) instruction Cipher Message With Counter instruction Cipher Message With Output Feedback (OFB) instruction Perform Cryptographic Computation Add AES Ciphertext stealing, GHASH; Enhance CMAC TechDoc WP A Synopsis of System z Crypto Hardware Page 19

20 z System CPACF Hardware z13 DES (56-, 112-, 168-bit), new chaining options AES-128, AES-192, AES-256, new chaining options SHA-1, SHA-256, SHA-512 (SHA-2 Suite) PRNG Protected Key PPNO Instruction MSA Extension 5 Perform Pseudo Random Number instruction TechDoc WP A Synopsis of System z Crypto Hardware Page 20

21 Cipher Block Chaining New Instructions KMF - Cipher Message with Cipher Feedback KMCTR - Cipher Message with Counter KMO - Cipher Message with Output Feedback Images from Wikipedia Page 21

22 CPU Measurement Facility Provides hardware instrumentation data for production systems CPU MF Counters also useful for performance analysis Data gathering controlled through z/os HIS (HW Instrumentation Services) Supplements current performance data from SMF, RMF, DB2, CICS, etc. Measure (count) CPACF Usage Recorded in SMF Type 113 Counter # Counter Counter # Counter 64 PRNG function count 72 DEA function count 65 PRNG cycle count 73 DEA cycle count 66 PRNG blocked function count 74 DEA blocked function count 67 PRNG blocked cycle count 75 DEA blocked cycle count 68 SHA function count 76 AES function count 69 SHA cycle count 77 AES cycle count 70 SHA blocked function count 78 AES blocked function count 71 SHA blocked cycle count 79 AES blocked cycle count Page 22

23 APIs and Hardware HCR77B0 APIs (from ICSF Application Programmer's Guide SC ) CPACF PCI ICSF Only (No Hardware) 94 PKCS #11 Page 23

24 IBM Resources (on the web) Redbooks (search on crypto ) SG IBM z13 Configuration Setup SG IBM z13 Technical Guide SG IBM z13 Technical Introduction ATS TechDocs Website (search on crypto ) WP A Synopsis of System z Crypto Hardware* TC CPU MF Update and WSC Experiences *Has not been updated for the z13 Page 24

25 IBM Manuals z/architecture Principles of Operations, SA ICSF Application Programmer s Guide, SC Page 25

26 Agenda Crypto Hardware - Part 1 A refresher A little bit of history Some hardware terminology CPACF Crypto Hardware Part 2 A couple of refresher slides Crypto Express Cards HMC Slides Page 26

27 Questions? Page 27