Edition November 2023, CCA Support Program Release 8.1

With CCA Release 8.1, the following enhancements are provided:

• Updates for TR-31 key block support:
  • Support was added to build, send, receive, and use TR-31 key blocks directly in most of the CCA services that utilize symmetric keys.
  • A new verb was added to build TR-31 key blocks: TR31 Key Create (CSNBT31C).
  • TR-31 tokens can be stored in the newly created CMB key storage.
• A new combined key storage (CMB) is available:
  • The combined key storage was designed to support all key types: AES, HMAC, DES, and PKA (ECC, RSA, and QSA, that is, CRYSTALS-Dilithium and CRYSTALS-Kyber keys).
  • Additionally, the CMB key storage supports both CCA and TR-31 key token formats.
  • Keys can be added to the CMB key storage by creating them directly in the CMB or by migrating existing AES, HMAC, DES, and PKA keys into the CMB from their respective type-specific key stores.
• SHA-3 support has been added:
  • CCA can now perform the SHA-3 hashing algorithm, specifically for the CSNBOWH, CSNDDSG, and CSNDDSV verbs.
  • In addition, on IBM z14® or later systems, SHA-3 requests can be forwarded to the CPACF for processing.
• Support for OAEP 2.1 has been added:
  • CCA now offers the ability to utilize OAEP version 2.1 in the verbs CSNDPKE and CSNDPKD.
  • This update enables the usage of three additional SHA algorithms with OAEP: SHA-224, SHA-384, and SHA-512.

The CCA API includes the following new verbs:

The following verbs provide new or updated keywords or other updated information: