IBM PCIe Cryptographic Coprocessor Version 1

IBM sample programs for CCA API

The IBM PCIe Cryptographic Coprocessor Version 1 (PCIeCC) is a hardware security module (HSM). Together with the PCIeCC, IBM provides a Common Cryptographic Architecture (CCA). CCA includes an application programming interface (API) which is intended for systems analysts, applications analysts, and application programmers to evaluate or create programs that employ the CCA API. Users of the CCA API should refer to the IBM CCA Basic Services Reference and Guide for the IBM 4765 PCIe and IBM 4764 PCI-X Cryptographic Coprocessors. The latest edition of this manual is available on the Library page. Note: Linux on System z users should refer to the Secure Key Solution with the Common Cryptographic Architecture: Application Programmer's Guide, which is also available on the Library page.

Table 1 below provides examples for a subset of the CCA API. The following sample programs are provided as examples on how to use and code the CCA API.

Table 1. IBM sample programs for CCA API

Description of sample program Source files of sample program Where sample program was run

CCA sample source files tarball
Provides a tar archive of all the CCA sample source files to simplify downloading of samples.
(as of January 11, 2016)

IBM4765_cca_samples_source_20160111.tar

O/S: SLES 11 Service Pack 3

Compiler level: gcc 4.3.4

CCA Release: 4.4.55

makefile
Compile and link a sample program source file.
(as of January 11, 2016)
Makefile

O/S: SLES 11 Service Pack 3

Compiler level: gcc 4.3.4

CCA Release: 4.4.55

Access control system
Initialize one or more roles;
query and list defined roles.
(as of January 11, 2016)
cca_aci_init_ac.c
cca_acm_get_role.c

O/S: SLES 11 Service Pack 3

Compiler level: gcc 4.3.4

CCA Release: 4.4.55

DES encipher and decipher
Generate a random DES key and use the key to encipher and decipher some data.
(as of January 11, 2016)
cca_des_keygen_encrypt_decrypt.c
cca_des_keygen_encrypt_decrypt.h

O/S: SLES 11 Service Pack 3

Compiler level: gcc 4.3.4

CCA Release: 4.4.55

Calculate and verify MAC using HMAC key
Generate a random HMAC key, then calculate and verify a MAC on a predetermined string of data.
(as of January 11, 2016)

cca_hmac_generate_verify.c

cca_hmac_generate_verify.h

O/S: SLES 11 Service Pack 3

Compiler level: gcc 4.3.4

CCA Release: 4.4.55

Generate and verify a digital signature
Generate a random RSA public/private key pair, then use that key pair to sign and verify some sample data.
(as of January 11, 2016)

cca_rsa_keygen_sign_verify.c

cca_rsa_keygen_sign_verify.h

O/S: SLES 11 Service Pack 3

Compiler level: gcc 4.3.4

CCA Release: 4.4.55

Set up a CCA node
Set up a CCA node for use as a development and test platform using various CCA API calls.
(as of January 11, 2016)

cca_setup_adapter_as_test_platform.c

cca_setup_adapter_as_test_platform.h

O/S: SLES 11 Service Pack 3

Compiler level: gcc 4.3.4

CCA Release: 4.4.55

Use TR-31 to export and import a DES key
Export a DES key that is in a CCA key-token into a TR-31 key-token, and import that DES key from the TR-31 key-token back into a CCA key-token.
(as of January 11, 2016)

cca_tr31_key_export_import_validate.c

cca_tr31_key_export_import_validate.h

O/S: SLES 11 Service Pack 3

Compiler level: gcc 4.3.4

CCA Release: 4.4.55

PIN operations
Use weak PIN and PIN decimalization tables of PIN verbs.
(as of January 11, 2016)

cca_pin_operations.c

cca_pin_operations.h

O/S: SLES 11 Service Pack 3

Compiler level: gcc 4.3.4

CCA Release: 4.4.55

Performance
Test performance of various CCA verbs.
(as of January 11, 2016)

cca_perf.sample.c

cca_perf.sample.h

O/S: SLES 11 Service Pack 3

Compiler level: gcc 4.3.4

CCA Release: 4.4.55

News for current customers

Spotlight

New product release for IBM 4765 now available on IBM IBM-approved x86 servers and IBM AIX operating system, effective October 2015.

New product release CCA 5.0 for Linux on IBM z Systems™ now available effective July 2015. See Overview page for additional information.


As of February 19, 2013, the 4765 hardware security module (HSM) is validated to meet the MEPS (Méthode d'Évaluation des Produits Securitaire "bancaires") approval scheme used by Cartes Bancaires (CB) banking ecosystem. This standards certification allows the 4765 HSM to be used by CB member banks on their dedicated payment networks.


Add-on features are being offered for the IBM 4765 on IBM-approved x86 systems to support additional operating systems. See the IBM 4765 software updates page.


On System z, the coprocessor is available as Crypto Express3, Crypto Express4, and Crypto Express5. It is also available for Linux.