IBM PCI Cryptographic Coprocessor

Applications that perform within the 4758 Coprocessor and that employ the CP/Q++ embedded operating system have access to DES, RSA/DSS, SHA-1, and random number generation services supported by the specialized on-board cryptographic electronics.

The design of the Coprocessor enables several independent engines to operate concurrently once initialized by the on-board CPU. Once a DES key is loaded into the DES engine and the DMA controllers are initialized, DES operation is automatic without further programmed operations. Data is DMA transferred to and from a pair of FIFO buffers that supply data to, and receive data from, the DES engine. The DES engine supports both ECB and CBC modes. In the Models 002/023, the DES engine also provides triple-DES capabilities and has a SHA-1 engine connected between the FIFO buffers. Either the DES/TDES engine or the SHA-1 engine can be active between the buffers at one time. Similarly, once initialized, the large-integer modular-exponentiation engine operates without further impact on the other subsystem components. The Intel-compatible 80486-DX2 processor operates at 99MHz in the Models 002/023.

The CP/Q⁺⁺ embedded operating system supports multi-tasked, concurrent DES and RSA operations.

Performance at the CP/Q++ API

These measurements were obtained by making repeated calls to the CP/Q++ API by an application program running within segment 3 of the Coprocessor. The timings do not include communications with a host-system application.

In a test that used unique code in segment two rather than the normal CP/Q++ embedded operating system, the Coprocessor performed 213 RSA private key operations per second. The secure hardware retained the 1024-bit RSA private key while an external test program repeatedly called for ciphering with the key.