IBM PCIe Cryptographic Coprocessor
- Release 4.3.5

Tab navigation

Release 4.3.5 for CCA

Release 4.3.5 is available for download, effective July 2012. It is for use by all customers who use the IBM 4765 Model 1 in an IBM System x™ server (IBM ServerProven™ model only). This is the third System x release, and replaces Release 4.2.5. It is a full standalone package, and includes new function and enhancements. See Summary of changes below. Elliptic Curve Cryptography users, please see Important special notice to Elliptic Curve Cryptography users below.

Notice to IBM PureFlex™ customers: As of September 10, 2013, CCA Release 4.3.5 is generally available for IBM PureFlex customers as a separate add-on feature on the IBM 4765 PCIe Cryptographic Coprocessor. This add-on feature can be purchased for installation on one of the following operating systems:

To purchase this add-on feature, contact the IBM Crypto Competence Center at ccc@dk.ibm.com. The Center is located in Denmark, which is in the Central European Time Zone (GMT+1).

Hardware requirement:

IBM System x™ server (IBM ServerProven™ model only)

For a list of which PureFlex systems are approved for this add-on feature, refer to this IBM ServerProven page:
www.ibm.com/systems/info/x86servers/serverproven/compat/us/flexpeu/81Y8983in8737_7863.html.

Optional hardware:

IBM offers optional smart card support in the form of a Smart Card Utility Program (SCUP) and enhanced smart card feature for CNM that can be optionally installed when CNM is installed. For detailed information on smart card support, including how to order the optional smart card hardware, see IBM 4765 PCIe Cryptographic Coprocessor Smart Card User Guide. (PDF, 2.19MB)

Operating system requirement:

SUSE Linux Enterprise Server 11 Service Pack 2 (SLES 11 SP2) from Novell (32-bit)
SUSE Linux Enterprise Server 11 Service Pack 1 (SLES 11 SP1) from Novell (32-bit)

Summary of changes:

Release 4.3.5 has significant new function and enhancements. Beginning with Release 4.3, the IBM CCA Support Program provides support for the following:

These items are summarized below.

Improved security properties for generating random numbers

The National Institute of Standards and Technology, in its Special Publication SP 800-90A (a revision of SP 800-90), Recommendation for Random Number Generation Using Deterministic Random Bit Generators (January 2012), defines acceptable methods for generating random numbers. In order to generate random numbers with these improved security properties, the cryptographic coprocessor now uses the SHA-256 based Deterministic Random Bit Generator mechanism and complies with the requirements of SP800-90A. This mechanism supersedes the ones previously defined in NIST FIPS 186-2 and ANSI X9.31. One exception to this change for backward compatiblity reasons is for the PKA_Key_Generate verb when regeneration data is used. In this case, the previous mechanism is used to generate a random number.

Controlling the wrapping of a key with a weaker key

In order to comply with cryptographic standards, including ANSI X9.24 Part 1 and Payment Card Industry (PCI) Security Standards Council Hardware Security Module (HSM) security requirements, CCA Release 4.3 provides support to prevent a key from being wrapped with a key weaker than itself.

DUKPT for encryption and MAC keys

ANSI X9.24 Part 1 defines the Derived Unique Key Per Transaction (DUKPT) algorithm. Release 4.3 adds a Unique_Key_Derive (CSNBUKD) verb that uses the DUPKT algorithm to derive encryption and MAC keys. The verb provides a method in which a separate key is used for each transaction or other message sent from a device. This method prevents an attacker who is able to discover the value of a key from being able to gain information beyond a single transaction.

Ciphertext translation

Release 4.3 adds a Cipher_Text_Translate2 (CSNBCTT2) verb that securely changes ciphertext from encryption under one key to encryption under a different, possibly stronger, key. This verb takes as input ciphertext encrypted under one key and returns this ciphertext encrypted under a different key, entirely inside the coprocessor, without exposing the intermediate plaintext.

AMEX enhanced CSC generation and PIN/Change Unblock

American Express (AMEX) requires that if PIN data is transmitted in a command, the PIN data must be enciphered for confidentiality using one of its defined processes to encipher the PIN. American Express Hardware Security Module (HSM): Function Requirements (August of 2011) defines an enhanced card security code (CSC) algorithm, CSC Version 2.0. The AMEX document describes three modes that it supports for the PIN/Change Unblock command. Release 4.3.5 supports the two modes that are used to generate PINs.

The following verbs add support for the defined processes mentioned above:

Important special notice to Elliptic Curve Cryptography users:

Issues have been discovered with Elliptic Curve Cryptography (ECC) functions prior to Release 4.3. This support could have introduced problems into your environment if either of the following occurred:

In addition, Release 4.3 protects against a recently discovered vulnerability with some Elliptic Curve Cryptosystem implementations.

The cryptographic coprocessor supports ECC key generation, along with digital signature generation and verification, using the Elliptic Curve Digital Signature Algorithm (ECDSA). Elliptic Curve Diffie-Hellman (ECDH) is also supported with the ECDH verb, CSNDEDH. The CSNDEDH verb can be used with a pair of ECC keys to create a shared symmetric key using the ANS X9.63 protocol static unified model key-agreement scheme.

Two items are issues introduced with the Elliptic Curve Cryptographic functions. The third item mitigates a vulnerability that has been identified with some implementations of Elliptic Curve Cryptosystems.

Because of these issues, we recommend that anyone who is using ECC for production purposes move to Release 4.3 or later.

For additional information, please contact crypto@us.ibm.com.