IBM sample programs for CCA API

IBM provides a Common Cryptographic Architecture (CCA) for its hardware security modules (HSMs) that includes an application programming interface (API) which is intended for systems analysts, applications analysts, and application programmers to evaluate or create programs that employ the CCA API. Users of the CCA API should refer to the IBM CCA Basic Services Reference and Guide for the IBM 4767 and IBM 4765 PCIe Cryptographic Coprocessors. The latest edition of this manual is available on the Library page. Note: Linux® on IBM z Systems® users should refer to the Secure Key Solution with the Common Cryptographic Architecture: Application Programmer's Guide, which is also available on the Library page.

IBM sample programs for CCA API

CCA sample programs

IBM provides the following sample programs as examples of how to use and code a subset of the CCA API for the IBM 4767 and 4765 HSMs.


Description of sample program

CCA sample source files tarball

Provides a tar archive of all the CCA sample source files to simplify downloading of samples.
(as of November 09, 2016)

Source file:
ibm_cca_samples_source_20161109.tar

CCA sample source files tarball

makefile

Compile and link a sample program source file.
(as of November 09, 2016)

Source files:
Makefile
Makefile.aix
Makefile.win

makefile

Access control system

Initialize one or more roles; query and list defined roles.
(as of November 09, 2016)

Source files:
cca_aci_init_ac.c
cca_acm_get_role.c

Access control system

DES encipher and decipher

Generate a random DES key and use the key to encipher and decipher some data.
(as of November 09, 2016)

Source files:
cca_des_keygen_encrypt_decrypt.c
cca_des_keygen_encrypt_decrypt.h

DES encipher and decipher

Calculate and verify MAC using HMAC key

Generate a random HMAC key, then calculate and verify a MAC on a predetermined string of data.
(as of November 09, 2016)

Source files:
cca_hmac_generate_verify.c
cca_hmac_generate_verify.h

DESCalculate and verify MAC using HMAC key

Generate and verify a digital signature

Generate a random RSA public/private key pair, then use that key pair to sign and verify some sample data.
(as of November 09, 2016)

Source files:
cca_rsa_keygen_sign_verify.c
cca_rsa_keygen_sign_verify.h

Generate and verify a digital signature

Set up a CCA node

Set up a CCA node for use as a development and test platform using various CCA API calls.
(as of November 09, 2016)

Source files:
cca_setup_adapter_as_test_platform.c
cca_setup_adapter_as_test_platform.h

Set up a CCA node

Use TR-31 to export and import a DES key

Export a DES key that is in a CCA key-token into a TR-31 key-token and import that DES key from the TR-31 key-token back into a CCA key-token.
(as of November 09, 2016)

Source files:
cca_tr31_key_export_import_validate.c
cca_tr31_key_export_import_validate.h

Use TR-31 to export and import a DES key

PIN operations

Use weak PIN and PIN decimalization tables of PIN verbs.
(as of November 09, 2016)

Source files:
cca_pin_operations.c
cca_pin_operations.h

PIN operations

Performance

Test performance of various CCA verbs.
(as of November 09, 2016)

Source files:
cca_perf_sample.c
cca_perf_sample.h

Performance