IBM CryptoCards Newsletter

Click here to sign up for the periodic IBM CryptoCards Newsletter

News for IBM cryptographic adapters

The table below contains important news about the IBM Systems cryptographic hardware products. Customers are encouraged to visit this page frequently.


Date | Product | Description

Oct. 2, 2020 | HSM 4767 / FC EJ32/EJ33 | New CCA release 5.6.9

The new IBM 4767 CCA Support Program release 5.6.9 is now available for download by all customers who use the IBM 4767-002 on Linux on x64 servers or on IBM AIX® on supported Power SystemsTM servers .

MTM CCA Release 5.6.9 is supported on the following 64-bit operating systems:

  • Red Hat Enterprise Linux (RHEL) Server 8.2
  • SUSE Linux Enterprise Server (SLES) 12.5

Feature Code EJ32/EJ33 CCA Release 5.6.9 is supported on:

  • AIX 7.2 and 7.1

Summary of enhancements for release 5.6.9:

  • TR-31 services introduces HMAC Optional Block Format support.
  • DK_PIN_Change verb introduces new script process, "SCR2020" and new script selection algorithm, "AES-CBC".
    • SCR2020 encrypts only the new PIN block and some additional data in the card_script_data field parameter rather than encrypting the entire field and returns only the encrypted portion of the card_script_data field as the output script paramter.
    • AES-CBC specifies to use CBC mode to AES encrypt the ISO-4 PIN block in the script. If SCR2020 is also specified, AES-CBC specifies to AES encrypt the ISO-4 PIN block plus additional data in the script.
  • Diversify_Directed_Key verb introduces an option to set DDK key direction variant based on function and entity type by setting x'FF' in the direction variation indicator of the Key Type Vector (KTV).

Restrictions are listed on the 4767 x64 CCA releases page.

Sept. 9, 2020 | HSM CEX7S | New product release of CCA for Linux on Z

New product release CCA 7.1 is now available for CEX7S Linux on Z customers.

CCA 7.1 for Linux on Z highlights:

• More verbs are now capable of running in PCI-HSM 2016 compliance mode. In addition to DES and TDES key tokens, AES and RSA key tokens are also supported.
• Handling of PINs contained in encrypted ISO-4 PIN block format is supported by applicable verbs.
• Beginning with Release 6.2, multiple verbs support triple-length TDES keys. For key management services, this includes triple-length TDES key-encrypting keys (KEKs).
• New Edwards elliptic curves are supported by applicable verbs: Curve25519 and Curve448.
• You can use the quantum safe CRYSTALS-Dilithium Digital Signature Algorithm for generating keys that can be used for Digital Signature Generation and Verification.
• When using verbs CSUACRA and CSUACRD, you can now dynamically allocate a cryptographic coprocessor or a domain of a cryptographic coprocessor on the fly. Also, you can use the CSUACFQ verb to obtain the number of control domains and usage domains and the total number of domains available to the system.
• With the CSUACRA verb, you can identify a cryptographic coprocessor by either its resource number or its serial number.

For additional information, please see the CEX7S / 4769 - Linux on Z software page.

June 22, 2020 | HSM 4767 | CCA Release 5.5.12 support for RHEL 7.8 and SLES 12.5

IBM has confirmed that CCA Release 5.5.12 supports Red Hat Enterprise Linux (RHEL) release 7.8 and SUSE Linux Enterprise Server (SLES) from Novell (64-bit) release 12.5. This support does not require any change to the installed host software or card firmware. Additional information about CCA 5.5.12 can be found on the 4767 - x64 releases page.

Apr. 8, 2020 | HSM CEX7S | New features in EP11

New features for CEX7P

EP11, the Enterprise PKCS#11 coprocessor mode, gained several new features with the 7th generation of the Crypto Express Card (needs bundle S14 installed). EP11 offers a Secure Key PKCS#11-like API which can be used to implement a PKCS#11 token library. With this EP11 version it is now possible to implement version 2.40 of the PKCS#11 standard.

Current PKCS#11 libraries that use EP11 include but are not limited to ICSF on z/OS, openCryptoki on Linux and grep11 in the IBM Cloud. If only a subset of the EP11 functionality is required and no PKCS#11 API is needed, the EP11 system API can also be used directly. An example for this is the IBM Blockchain offering.

Starting with CEX7P EP11 adds several new features like SHA-3 support, Edwards and Montgomery curve support, protected key import support and first post-quantum algorithm with CRYSTALS-Dilithium for experimental purposes.

EP11 provides these new functions through vendor-defined mechanisms since the new functions are not included in the current PKCS#11 standard. Once a new standard becomes available which provides named mechanisms, EP11 will strive to add corresponding support.

New digest mechanisms with SHA-3

SHA-3 is the latest Secure Hash Algorithm standardized by NIST (this links reside outside of ibm.com). CEX7S adds hardware acceleration for SHA-3 and is exploited by EP11 to provide customers with data digest and HMAC support based on SHA-3. EP11 supports the four different output units for SHA-3: 224, 256, 384 and 512. The selected output size depends on the particular use case and security requirements. More information can be found in this NIST document (PDF, 391 KB) (this links reside outside of ibm.com).

At this time SHA-3 is complementing SHA-2 since SHA-2 is still deemed to be secure. However, SHA-3 is likely to supersede SHA-2 in the future once more feasible attacks against SHA-2 are found. We recommend customers to have a first look at the SHA-3 algorithm but see no reason to force a migration yet. However, for workloads using SHA-1, a migration to SHA-2 can be skipped and SHA-3 should be considered as a viable alternative while SHA-1 is regarded as insecure (this links reside outside of ibm.com).

The IBM z15 CP Assist for Cryptographic Functions (CPACF) also provides message digest support with SHA-3 and should be preferred, as it outperforms the HSM by orders of magnitude. This is true for all operations that do not require any key material for input. Some PKCS#11 providers transparently map message digest calls to CPACF whenever possible without reducing security.

In any case, EP11 must be called for HMAC or signature operations if Secure Key functionality is required. EP11 now also provides SHA-3 for the RSA-OAEP encryption scheme as well as the standardized mask generation functions (MGFs) SHA-1 and SHA-2 (needs bundle S07 installed).

The following digest mechanisms for SHA-3 are available:

  • CKM_IBM_SHA3_224
  • CKM_IBM_SHA3_256
  • CKM_IBM_SHA3_384
  • CKM_IBM_SHA3_512

The following HMAC mechanisms for SHA-3 are available:

  • CKM_IBM_SHA3_224_HMAC
  • CKM_IBM_SHA3_256_HMAC
  • CKM_IBM_SHA3_384_HMAC
  • CKM_IBM_SHA3_512_HMAC

The following Mask Generation Functions are available with the CKM_RSA_PKCS_OAEP mechanism:

  • CKG_IBM_MGF1_SHA3_224
  • CKG_IBM_MGF1_SHA3_256
  • CKG_IBM_MGF1_SHA3_384
  • CKG_IBM_MGF1_SHA3_512

Edwards and Montgomery curves for TLSv1.3

With the CEX7S card, hardware support for selected Edwards and Montgomery elliptic curves is introduced. EP11 supports the Edwards curves Ed25519 and Ed448 for the EdDSA signature scheme and the Montgomery curves c25519 and c448 for ECDH (needs bundle S12a installed). Both the Edwards and the Montgomery curves are used in the TLSv1.3 standard.

The EdDSA signature scheme uses different hash algorithms depending on the curve: Ed25519 uses SHA-512 while Ed448 uses SHA-3. 

For key generation, the previously existing standard CKM_EC_KEYGEN mechanism is used by specifying the OID of the curve a key should be generated for. Edwards keys cannot be used for ECDH and Montgomery keys cannot be used for signature generation. Therefore, the CKA_DERIVE attribute cannot be specified for Edwards keys and CKA_SIGN (or CKA_VERIFY for the public key) cannot be specified for Montgomery keys. 

Additionally, EP11 provides vendor specific raw ECDH mechanisms which allow for creating raw symmetric keys encrypted under a key encryption key (KEK), unlike the standard CKM_ECDH1_DERIVE mechanism which always delivers the key as EP11 blob. This functionality is extended for the use with X25519 and X448 with new vendor-defined mechanisms. Note that the prefix 'X' indicates the key specific ECDH mechanism. All new ECDH mechanisms can be used with the standard mechanism parameter CK_ECDH1_DERIVE_PARAMS.

The following new sign/verify mechanisms for EdDSA are available:

  • CKM_IBM_ED25519_SHA512
  • CKM_IBM_ED448_SHA3

The following new derive mechanisms for ECDH are available:

  • CKM_IBM_EC_X25519
  • CKM_IBM_EC_X448
  • CKM_IBM_EC_X25519_RAW
  • CKM_IBM_EC_X448_RAW

Utilizing a protected key with EP11 to gain performance

For workloads not having the requirement for Secure Keys (e.g. key or WK resides on an HSM), but still do not want to have keys appear in the clear in the application’s (OS’s) memory, using a so-called protected key is a viable alternative. A protected key only resides in customer memory in encrypted form. It is encrypted by a wrapping key which resides in a protected area in the memory of the system firmware. Protected key operations are faster than their secure key counterparts, because CPACF can be used for cryptographic operations with a protected key. However, a protected key has a limitation in that it does not outlive an IML or an IPL of the VM or LPAR since the wrapping key in the protected area is not saved to a disk and is regenerated by the IPL process.

For protected-key use to become practicable, secure keys must be imported from an HSM into protected keys. 

With the CEX7P card release, EP11 gains the ability to import EP11 AES, 2DES/3DES and EC key blobs as protected keys (needs bundle S14 installed). For EC keys, both Prime and Edwards keys are supported, which are also supported by the IBM z15 hardware.

As importing protected keys is a privileged operation, the operating system must have support for the EP11 protected key import mechanism. z/OS with ICSF supports the entire set of key types that EP11 supports. [APAR]. At the time of writing this article, Linux only supports the AES protected key type for LUKS disk encryption (see the latest manual page for the zkey tool). The first distribution to make use of this support is Ubuntu 20.04.

EP11 blobs must be marked with the CKA_IBM_PROTKEY_EXTRACTABLE attribute to be exportable as protected keys. Like CKA_EXTRACTABLE, this attribute can only be set to True at the time of key creation. It also has a sibling attribute which signifies that the key was never importable as a protected key (CKA_IBM_PROTKEY_NEVER_EXTRACTABLE). The CKA_EXTRACTABLE and CKA_IBM_PROTKEY_EXTRACTABLE attributes are mutually exclusive. Given that both attributes can only be disabled during the lifetime of a key, this ensures that a key that is importable as a protected key can never be extracted into a clear key outside of the system firmware.

For further information see the operating system manuals:

The start into the post-quantum era with Dilithium

CRYSTALS-Dilithium is one of the the round 2 submissions to NIST's post-quantum project. As such it is expected to be secure against attacks facilitating a quantum computer. As the NIST project is still in the submission phase, this feature is marked as experimental and should not be used in production, but it nevertheless is useful to explore this feature to get an understanding of the implications of using post-quantum cryptography (PQC).

Dilithium keys can be generated using the CKM_IBM_DILITHIUM mechanism (needs bundle S12a installed). The key attribute template may specify an OID (CKA_IBM_PQC_PARAMS), but since currently only one OID (XCP_PQC_DILITHIUM_65_NAME) is supported, this is optional for now. At the time of writing, EP11 only supports the Dilithium 6-5 variant. The CKM_IBM_DILITHIUM mechanism, both is used for signing and verification requests sent to EP11.

More information about the NIST submission and the algorithm can be found on the PQ-Crystals website (this links reside outside of ibm.com).

Benedikt Klotz

IBM EP11 Firmware Development

Feb. 28, 2020 | HSM 4767 | Fix for CSNBKIM

Problem: KIM incorrectly interprets source key token as a single length key.

Users affected: Users of CCA host Release 5.5.12 (Linux or Windows) or prior who call the Key_Import (CSNBKIM) verb with the source key token that has a control vector in which the left half (base) key form bits indicate it is the right part of a control vector.  The source key token will be incorrectly treated as a single length key.  On output, the target key identifier will have an incorrect payload.

Problem fix: A CCA firmware fix of the IBM 4767 PCIe Cryptographic Coprocessor CCA is available:

Instructions:

  • Patching an existing IBM 4767 adapter with firmware already loaded - Use the csulclu (Linux), csunclu (Windows), csufclu (AIX) to load the CCA firmware, "reload_seg3_xip_OID2_5.5.14.clu", as documented.
  • Patching a IBM 4767 adapter with no firmware loaded - First, load the CLU files provided by the MTM installation.  Next use the csulclu (Linux), csunclu (Windows), csufclu (AIX) to load the CCA firmware, "reload_seg3_xip_OID2_5.5.14.clu", as documented.

Recommendation: All affected users should apply the applicable fix package.

Feb. 14, 2020 | HSM CEX7S / CEX6S / CES5S | EP11 3.0 update

An update for EP11 3.0 is now available for z13, z14, and z15. See the IBM CEX7S Linux on Z software page for additional information.

Jan. 17, 2020 | HSM CEX7S / CEX6S / CES5S | EP11 2.1 update

An update for EP11 2.1 is now available for z13, z14, and z15. See the IBM CEX6S Linux on Z software page for additional information.

Dec. 20, 2019 | HSM CEX7S / CEX6S / CEX5S | New EP11 release 3.0

The new EP11 Support Program release 3.0 with exploitation support for CEX7S is now available on IBM's public download site.
It can be downloaded by all customers who use the IBM z13, IBM z14, or IBM z15 (CEX5S, CEX6S, and CEX7S). The 3.0 release is available for the following 64-Bit operating systems:

  • SUSE Linux Enterprise Server (SLES) from Novell (64-bit): 11 SP4, 12, 12 SP1, 12 SP2, 12 SP3, 12 SP4, 15, 15 SP1
  • Red Hat Enterprise Linux (RHEL) Server (64-bit): 6.10, 7.5, 7.7, 8.0
  • Ubuntu (64-bit): 16.04.5, 18.04.1

This release supports new features in CEX7S:

  • initial post-quantum cryptography support with the Dilithium mechanism,
  • CPACF data key generation and protected key import,
  • ECC with curve25519/448, and
  • ECDH together with X9.63 key derivation functions.

Dec. 11, 2019 | FC EJ32/EJ33 | CCA release 5.5.12 on AIX

CCA release 5.5.12 is now available for download by all customers who use the IBM 4767 on AIX 7.1 / 7.2.

Details about CCA release 5.5.12 are available on the x64 CCA releases page.

Nov. 11, 2019 | HSM 4767 | New CCA release 5.5.12

The new IBM 4767 CCA Support Program Release 5.5.12 is now available for download by all customers who use the IBM 4767 Model 2 on Linux on x64 servers.

MTM CCA Release 5.5.12 is supported on the following 64-bit operating systems: 

  • Red Hat Enterprise Linux (RHEL) Server 7.6 and 7.7
  • SUSE Linux Enterprise Server (SLES) from Novell 12.4
  • Windows Server 2019

Summary of enhancements for Release 5.5.12 are: 
1. Optional control is added to the Encrypted_PIN_Translate2 verb for when it is used to reformat an outbound ISO Format 4 PIN block into an ISO Format 1 PIN block. This optional control includes a new required command and a new RFMT4TO1 key-usage attribute added to AES PINPROT keys. 

  • Required command PTR2 Permit ISO-4 to ISO-1 Only with RFMT4TO1 (offset X'0394') is added to the Encrypted_PIN_Translate2 verb. When reformatting an ISO-4 PIN-block to an ISO-1 PIN-block and offset X'0394' is enabled in the active role, the verb requires the outbound AES PINPROT key to have key usage of RFMT4TO1. Refer to the Required commands section of the Encrypted_PIN_Translate2 verb.
  • An AES PINPROT key in a Version X'05' variable-length symmetric key-token has a new RFMT4TO1 attribute added to its key-usage field 2 low-order byte (KUF2 LOB).
  • Keyword RFMT4TO1 is added to the Key_Token_Build2 verb for setting KUF2 HOB of an AES PINPROT key to have RFMT4TO1 key usage.
  • Support is added to the Key_Token_Parse2 verb to parse an AES PINPROT key that has RFMT4TO1 key usage.

2. For the Encrypted_PIN_Translate2 verb, an additional plaintext PAN field format option has been added for the message used to generate or verify the CMAC contained in the authentication_data variable for authenticated PAN change. In releases before Release 5.5.12, the format for the Old PAN and the New PAN contained in the message is ASCII characters, one character for each PAN digit (that is, Old PAN = input_PAN_data and New PAN = output_PAN_data). Beginning with Release 5.5.12, the verb uses the PAN format specified by ISO 9564-1 when keyword PANAUTI4 is specified in the rule array. If PANAUTI4 is specified, the format of the Old PAN and the New PAN in the message. Otherwise, the format is ASCII characters (either by default or when keyword PANAUTAS is specified in the rule array).

3. Required command Disallow ISO-1 PIN Format Usage (offset X'032F') is added to the Encrypted_PIN_Translate2 verb. When offset X'032F' is enabled in the active role, the verb cannot use an ISO-1 PIN-block.

Restrictions
Restrictions are listed on the 4767 x64 CCA releases page.

Oct. 16, 2019 | HSM CEX7S / CEX6S / CEX5S | Update to CCA 6.0 product release

An update to the CCA RPM/DEB package is now available for z13, z14 and z15. See the IBM CEX6S Linux on Z software page for additional information.

Oct. 1, 2019 | HSM CEX7S / CEX6S / CEX5S | New EP11 release 2.1

The new EP11 Support Program release 2.1 with support for CEX7S is now available, here.
It can be downloaded by all customers who use the IBM z13, IBM z14, or IBM z15 (CEX5S, CEX6S, and CEX7S).
The release 2.1 is available for the following 64-Bit operating systems:

  • SUSE Linux Enterprise Server (SLES) from Novell (64-bit): 11 SP4, 12, 12 SP1, 12 SP2, 12 SP3, 12 SP4, 15, 15 SP1
  • Red Hat Enterprise Linux (RHEL) Server (64-bit): 6.10, 7.5, 7.7, 8.0
  • Ubuntu (64-bit): 16.04.5, 18.04.1

This release adds toleration support for CEX7S, as well as documentation updates and bug fixes. Release 2.1 supersedes version 2.0.
New functionality will be shipped with an upcoming release that adds exploitation support for CEX7S.

Sept. 12, 2019 | HSM CEX7S/4769 | New IBM HSM CEX7S / 4769 for IBM Z

The new IBM CEX7S / 4769 is available on IBM Z.

The PCIeCC4 / IBM 4769 is the latest generation of IBM's HSMs. It is redesigned for improved performance and security rich services for your sensitive workloads, and to deliver high throughput for cryptographic functions. For a detailed summary of the capabilities and specifications of the PCIeCC4, refer to the IBM 4769 Data Sheet (PDF, 386 KB).

Additional information about enhancements is available on the IBM z15 announcement page.

Aug. 2, 2019 | HSM CEX6S / 4768 | EP11 Common Criteria EAL4 certification

The IBM Enterprise PKCS#11 (EP11) firmware on the IBM Crypto Express 6S (CEX6S) is now Common Criteria EAL 4 certified by the BSI (Federal Office for Information Security in Germany).

More on this certification can be found on the BSI website:

https://www.bsi.bund.de/SharedDocs/Zertifikate_CC/CC/Sonstiges/1094.html (this links reside outside of ibm.com)

July 24, 2019 | HSM CEX6S / 4768 | New CCA Release 6.3 with PCI PTS HSM certification

The IBM 4768 CCA Support Program Release 6.3 is now available for customers who use the IBM CEX6S on IBM Z. The CCA 6.3 firmware on the CEX6S adapter has achieved PCI PTS HSM certification. The is the first delta certification after CCA 6.0 on the CEX6S achieved PCI PTS HSM certification. This release adds significant function to the certified scope.

CCA 6.3 for CEX6S adds:

  • compliance tagging for AES secure key tokens and RSA private key tokens,
  • compliance-tag key support for DK functions,
  • X9 TR-34 key exchange services exploiting the Public Key Infrastructure (PKI) internal to the CEX6S, as well as compliance-tag key support, and
  • expansion of native X.509 certificate support to all public key services.

June 18, 2019 | HSM 4767 | CCA Release 5.5.6 support for SLES 12.4

CCA Release 5.5.6 has added support for SUSE Linux Enterprise Server (SLES) from Novell (64-bit) release 12.4. This support is an RPM to update the ibm4767 device driver. It is NOT a standalone package. Before installing the RPM, you MUST install the standard IBM 4767 installation package.

Instructions for updating the ibm4767 device driver are available here:
http://public.dhe.ibm.com/security/cryptocards/pciecc2/CCA/README-CCA-x86-SLES12.4-20190618.txt

May 3, 2019 | HSM 4767 | New CCA release 5.5.6

The new IBM 4767 CCA Support Program Release 5.5.6 is now available for download by all customers who use the IBM 4767 in an x86 server. CCA Release 5.5.6 is supported on the following 64-bit operating systems:

  • Red Hat Enterprise Linux (RHEL) Server (64-bit) 7.5
  • SUSE Linux Enterprise Server (SLES) from Novell (64-bit) 12.3

Summary of changes for CCA Release 5.5.6:
This release contains the first release of the new host utility Crypto Hardware Initialization and Maintenance (CHIM) for remote initialization and maintenance of IBM Cryptographic Coprocessors.
The CHIM utility is introduced as a future replacement for host utility Crypto Node Management (CNM). CHIM's superior advantage is the ability to manage multiple remote IBM Cryptographic Coprocessors.
Other Enhancements include:

1. An AES MAC key in a variable-length symmetric key-token with key usage VERIFY has a new authentication data verification key usage.

2. The Key_Test2 verb can verify the value of a master key as defined in ANS X9.24 Part 1.

3. The Unique_Key_Derive verb has two direction or initiation rule-array keyword groups added, one group for deriving MAC keys, and the other group for deriving data encryption keys.

4. The DK_PRW_Card_Number_Update2 verb has been added that updates a PIN reference value or word (PRW) with updated time-sensitive card data (and a newly generated random number), but without changing either the customer PIN, primary account number, or permanent card data for later use by other PIN processes for PIN verification.

5. The DK_Random_PIN_Generate2 verb has been added that generates a random PIN of a selected length and returns the calculated PIN reference value or word (PRW) for use by other PIN processes to verify the PIN.

6. The TR31_Key_Import verb is enhanced to import additional types of keys and key blocks.
 
For details about these additions, please see the 4767 CCA Releases page.

Mar. 21, 2019 | HSM CEX6S / 4768 | FIPS 140-2 Level 4 certification

As of March 21, 2019, the IBM CEX6S / 4768 hardware security module (HSM) is validated to FIPS PUB 140-2 Level 4. Level 4 is the highest level of certification achievable for commercial cryptographic devices. See FIPS certification number 3410 (Link resides outside ibm.com) on the Computer Security Resource Center website for the certification.

Feb. 11, 2019 | HSM 4767 | CCA Release 5.4.33 Toolkit

As of February 11, 2019, the Toolkit for CCA Release 5.4.33 is available. The following major upgrades are in this Toolkit:

  1. Updates to the skeleton sample for DSA support have been added. Please refer to the skeleton sample and y4lib code for more details.
  2. cctk/<version>/samples/toolkit/y4lib has been moved to cctk/<version>/y4lib in an effort to eliminate the need for dependencies on the "samples" directory for production level code.
  3. cctk/<version>/samples/makefiles has been moved to cctk/<version>/makefiles in an effort to eliminate the need for dependencies on the "samples" directory for production level code.
  4. Various makefiles have been updated in an effort to eliminate the need for dependencies on the "samples" directory for production level code. The general idea is that customers can now copy a sample out of the "samples" directory and get it to work without having to restructure the Toolkit. Depending on the sample, customers may need to amend some specific includes, or copy portions of other samples as some of the samples depend on each other for common processing routines.
  5. A sample demonstrating how to use the usb port on the adapter as a serial port has been added. Please refer to the samples/toolkit/usbserial sample code for more details.
  6. A new version of ICATPZX is included with this Toolkit. This update fixes several issues with the debugger.

For additional information about the Toolkit, see the PCIeCC2 / 4767 Custom Programming page.

Jan. 30, 2019 | HSM 4767 | CCA Release 5.4.33 for Windows

As of January 30, 2019, in addition to the previously announced Linux support, CCA Release 5.4.33 is also available for x86 server customers who use Windows 2016 Server.

See the Dec. 6, 2018 entry below for additional information about CCA Release 5.4.33.

Jan. 14, 2019 | HSM CEX6S | CEX6S achieves unique PCI PTS HSM certification

The IBM Crypto Express 6S (CEX6S) is IBM's fastest and most secure hardware security module (HSM) yet, and with CCA 6.0 it has achieved certification under the Payment Card Industry (PCI) PIN Transaction Security (PTS) HSM program.

For more information, please see the IBM Systems Magazine blog (this link resides outside of ibm.com).

Jan. 8, 2019 | HSM CEX6S / CEX5S | New EP11 release 2.0

The new EP11 Support Program release 2.0 is now available for download by all customers who use the IBM z13 or IBM z14 (CEX5S and CEX6S). The release 2.0 is available for the following 64-Bit operating systems:

  • SUSE Linux Enterprise Server (SLES) from Novell (64-bit): 11 SP4, 12, 12 SP1, 12 SP2, 12 SP3, 15
  • Red Hat Enterprise Linux (RHEL) Server (64-bit): 6.7, 6.10, 7.3, 7.4, 7.5
  • Ubuntu (64-bit): 16.04.05, 18.04

Summary of changes between EP11 1.3 and 2.0:

  • Adds new API for targeting cards and domains, allowing for unified target creation and target groups.
  • Extends exported user interfaces in ep11.h and ep11adm.h.
  • New EP11 TKE daemon. The daemon now implements an authentication method for the communication between TKE and daemon. The Linux user needs to be added to the ep11tke group to work on a TKE. This feature can be disabled per configuration option.
  • Adds documentation to the EP11 structure document about the EP11 Support Program.

New software requirements:

  • OpenSSL 1.0.x or 1.1.x is required for the new EP11 TKE daemon.

The EP11 1.3 release is still supported for distributions that do not support the requirements for EP11 2.0.

Dec. 6, 2018 | HSM 4767 | New CCA release 5.4.33

The new IBM 4767 CCA Support Program Release 5.4.33 is now available for download by all customers who use the IBM 4767 in an x86 server. CCA Release 5.4.33 is supported on the following 64-bit operating systems:

  • Red Hat Enterprise Linux (RHEL) Server (64-bit) 7.5
  • SUSE Linux Enterprise Server (SLES) from Novell (64-bit) 12.3

Summary of changes for CCA Release 5.4.33

  • Three-key (192-bit) Triple-DES keys are added to strengthen security for operations such as data encryption, PIN processing, and key wrapping.
  • Limited ISO Format 4 (ISO-4) AES PIN blocks as defined in the ISO 9564-1 standard.
  • Directed keys, whose objective is to generate and derive many different AES key pairs with different key usages from one key diversification key (KDK).
  • Wrapping and unwrapping DES and TDES keys using an AES Key Block Protection Key (TR-31 key block version ID, or method, “D”) according to ISO 20038.

The IBM 4767-002 is IBM's fifth generation of cryptographic coprocessor to support x86 machines. The 4767 is designed to provide security rich features and to deliver high throughput for cryptographic functions. These cryptographic processes are performed within a secure enclosure that is certified to the Federal Information Processing Standard (FIPS) 140-2 level 4, the highest level of certification achievable for commercial cryptographic devices.

Aug. 27, 2018 | FC EJ32/EJ33 | CCA Release 5.2.23 on AIX

CCA Release 5.3.23 is now available for download by all customers who use the IBM 4767 on AIX 7.1 / 7.2.

May 16, 2018 | HSM 4767 | New CCA Release 5.3.23

The new IBM 4767 CCA Support Program Release 5.3.23 is now available for download by all customers who use the IBM 4767 in an x86 server. CCA Release 5.3.23 is supported on the following 64-bit operating systems:

  • Microsoft Windows Server 2012 R2
  • Red Hat Enterprise Linux (RHEL) Server (64-bit) 7.2, 7.3, and 7.4
  • SUSE Linux Enterprise Server (SLES) from Novell (64-bit) 12.1

Summary of changes for CCA Release 5.3.23

Segment 1:
The IBM 4767-002 hardware security module (HSM) is validated to FIPS PUB 140-2 Level 4. Level 4 is the highest level of certification achievable for commercial cryptographic devices. See FIPS certification number 3164 (Link resides outside ibm.com) on the Computer Security Resource Center website for the certification.

Segment 2:
Updated with minor changes.

Segment 3: 
Updated CCA firmware version 5.3.23 meets the requirements of the German Banking Industry Committee (GBIC) and is compliant with GBIC's security requirements.

Host Code:
Potential memory leak fix.
Users affected: Users of CCA host Release 5.3.12 (Linux or Windows) or CCA host Release 5.2.23 (Linux only) who call the Symmetric_Algorithm_Decipher (CSNBSAD) verb with the Galois/countryer Mode (GCM) processing rule specified in the rule array are affected.

Users should update segments 1, 2, and 3 as well as the host library to get all enhancements and fixes.

Apr. 27, 2018 | HSM CEX6S | New CCA product release for IBM CEX6S

New product release CCA 6.0 for Linux on IBM Z now available effective April 2018. See the IBM CEX6S Linux on Z software page for additional information.

Apr. 4, 2018 | HSM 4767 / 4765 | Common Criteria EAL4 certification

As of April 4, 2018, the IBM 4767 and 4765 with IBM Enterprise PKCS#11 (EP11) firmware are Common Criteria Part 3 conformant (EAL4).

Apr. 4, 2018 | HSM 4767 | FIPS 140-2 Level 4 certification

As of April 4, 2018, the 4767 hardware security module (HSM) is validated to FIPS PUB 140-2 Level 4. Level 4 is the highest level of certification achievable for commercial cryptographic devices. See FIPS certification number 3164 (Link resides outside ibm.com) on the Computer Security Resource Center website for the certification.

Mar. 15, 2018 | HSM 4767 | GBIC certification

As of March 15, 2018, the IBM 4767-002 with CCA firmware version 5.3 meets the requirements of the German Banking Industry Committee (GBIC) and is compliant with GBIC's security requirements.

Mar. 1, 2018 | HSM 4767 | Changes to x86 server chart

Changes to the HSM 4767 on x86 chart are available. See the x86 servers page for additional information.

Feb. 1, 2018 | HSM CEX5S | Update to EP11 support for Linux on Z

Update of EP11 package available for z14. See the Linux on Z software page for additional information.

Oct. 4, 2017 | HSM CEX5S | Update to EP11 support for Linux on Z

Update of EP11 package available for z14. See the Linux on Z software page for additional information.

Sep. 8, 2017 | HSM CEX6C | CCA Releases 5.2, 5.0 for CEX6C Toleration support for Li

Update of CCA 5.2 packages available for z14, adding CEX6C-CCA toleration support. See the IBM CEX5S Linux on Z software page for additional information.

Jan. 24, 2017 | HSM 4767 | CCA - support for RHEL Server 7.3

IBM 4767 CCA Release 5.3.12 to include support on RHEL Server 7.3. See the list of x86 servers for additional information.

Nov. 18, 2016 | FC EJ32/FC EJ33 | CCA support for IBM Power Systems

As of November 2016, CCA Release 5.3.12 includes support for IBM Power Systems with any of the following operating systems installed:

  • IBM AIX (7.2, 7.1, and 6.1, 32-bit or 64-bit)
  • IBM i (7.2, Technology Refresh 5, 32-bit and 64-bit)
  • PowerLinux
    • RHEL Server 7.3 and RHEL Server 7.2, 64-bit
    • SLES 12 Service Pack 2 (little endian), 64-bit.
    • Ubuntu by Canonical, 16.04.1

Nov. 10, 2016 | HSM 4767 | Fix for memory leak

Problem: A host memory leak can occur.

Users affected: Users of CCA host Release 5.3.12 (Linux or Windows) or CCA host Release 5.2.23 (Linux only) who call the Symmetric_Algorithm_Decipher (CSNBSAD) verb with the Galois/countryer Mode (GCM) processing rule specified in the rule array are affected.

Problem fix: A fix package for the CCA host library of the IBM 4767 PCIe Cryptographic Coprocessor CCA Support Program is available:

Recommendation: All affected users should apply the applicable fix package.

Sept. 27, 2016 | HSM 4767 | New CCA release 5.3.12

An update to IBM 4767 CCA Support Program Release 5.3.12 has been released to include support on Linux. Release 5.3.12 for CCA is supported on the following 64-bit operating systems:

  • Microsoft Windows Server 2012 R2
  • Red Hat Enterprise Linux (RHEL) Server (64-bit)
  • SUSE Linux Enterprise Server (SLES) from Novell (64-bit)

Release 5.3.12 for CCA is available for download by all customers who use the IBM 4767 in an x86 server.

Attention Windows users:

There is a Windows hardware device driver (HDD) fix available for CCA Release 5.3.12. This fix addresses a potential system crash that can occur during handling of specific device errors.

Aug. 30, 2016 | HSM 4767 | New CCA Release 5.3.12 for Windows

The new IBM 4767 CCA Release 5.3.12 is now available on x86 servers on the following 64-bit operating system:

  • Microsoft Windows Server 2012 R2, 64-bit

Release 5.3.12 for CCA is available for download by all customers who use the IBM 4767 in an x86 server.

Summary of changes for Release 5.3.12

The initial release of CCA for the IBM 4767 is Release 5.2.23. Release 5.3.12 is the first release available after the initial release of the IBM 4767, and is the first release available that is supported on Microsoft Windows operating system (64-bit).

In addition to being supported on Windows, Release 5.3.12 provides support for the following enhancements:

The addition of support for the PKCS #1 v2.2 RSA Probabilistic Signature Scheme (RSA-PSS). RSA-PSS is based on the RSA cryptosystem and provides increased security assurance:

  • Digital_Signature_Generate
    • - New digital-signature hash formatting method rule-array keyword PKCS-PSS
    • - The addition of the SHA-224 hashing-method specification rule-array keyword.
  • Digital_Signature_Verify
    • - New digital-signature hash formatting method rule-array keyword PKCS-PSS.
    • - New signature checking rule rule-array keyword group, with keywords EXMATCH and NEXMATCH, and related new required command Allow Not Exact Salt Length (offset X'033B').

The addition of digital signature support to optionally process the text supplied in the data variable (formerly hash variable) as a message that is to be hashed using the specified hashing-method:

  • Digital_Signature_Generate
    • - New input type rule-array keyword group, with keywords HASH and MESSAGE.
  • Digital_Signature_Verify
    • - New input type rule-array keyword group, with keywords HASH and MESSAGE
    • - New hashing-method specification rule-array keyword group, with keywords MD5, RPMD-160, SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512.
    • - The addition of format restrictions for PKA private key tokens of type RSA-AESC (token version X'31') and RSA-AESM (X'30') to optionally restrict these private keys to a particular digital-signature hash formatting method, or not restrict them (the default). Options include ISO-9796, PKCS-1.0, PKCS-1.1, PKCS-PSS, X9.31, or ZERO-PAD.
  • PKA_Key_Token_Build and PKA_Key_Translate New rule array keyword format restriction group, including keywords FR-I9796, FR-NONE, FR-PK10, FR-PK11, FR-PSS, FR-X9.31, and FR-ZPAD.
  • Addition of key token definitions for format restriction for digital-signature hash-formatting method, offset 51, in RSA private key RSA private key sections X'30' and X'31' (4096-bit M-E format and CRT format, with AES-encrypted OPK section).

Apr. 26, 2016 | HSM 4767 | New IBM 4767 and CCA release 5.2

The new IBM 4767 and CCA Release 5.2 is available on x86 servers  on SLES and RHEL 64-bit operating systems.

The PCIeCC2 / IBM 4767 is the latest generation of IBM's HSMs. It is redesigned for improved performance and security rich services for your sensitive workloads, and to deliver high throughput for cryptographic functions. For a detailed summary of the capabilities and specifications of the PCIeCC2, refer to the IBM 4767 Data Sheet (PDF, 326 KB).

What's new:

In addition to the functions available on the HSM 4765, the PCIeCC2 has the following:

  • Increased performance.
  • Hardware accelerated Elliptic Curve Cryptography (ECC) key generation, along with digital signature generation and verification using the Elliptic Curve Digital Signature Algorithm (ECDSA).
  • Enhanced firmware load security using ECDSA signatures.
  • Support for Visa Data Secure Platform with Point to Point Encryption (VDSP with P2PE), which includes Visa Format-Preserving Encryption (FPE).
  • Access-control tracking can be performed on a role ID basis to gather information about which access control points are queried by applications. Users of the IBM 4767 have enhanced logon control capabilities, including stricter passphrase length and character requirements and the ability for users to change their own passphrases.
  • The ability to encipher and decipher data using the AES algorithm in Galois/countryer Mode (GCM).
  • The creation of symmetric key material from a pair of Elliptic Curve Cryptography (ECC) keys using the Elliptic Curve Diffie-Hellman (ECDH) protocol and the ANSI-9.63-KDF key derivation method as specified in ANSI X9.63-2011.
  • Newly selectable RSA public exponents 5, 17, and 257. This addition completes the series of the first five Fermat numbers. The first five Fermat numbers are known to be prime.

Oct. 2015 | HSM 4767 | New product release for IBM 4765

A new CCA product release for IBM 4765 is now available on IBM-approved x86 servers and IBM AIX operating system effective October 2015.

Jul. 2015 | HSM CEX5S | New product release of CCA for Linux on Z

New product release CCA 5.0 for Linux on Z now available effective July 2015. See the HSM CEX5S Overview page for additional information.

Apr. 2015 | FC EJ27 / FC EJ28 / FC EJ29 / HSM 4765 | Buffer overflow in the GNU C li

Problem: A buffer overflow vulnerability in the GNU C library (glibc) has been publicly disclosed by Qualys.

Users affected:

  • System x CCA and Toolkit users running CCA release 4.1, 4.2, 4.3, 4.4.16, or 4.4.20.
  • System p AIX CCA and Toolkit users running CCA 4.3.8 or 4.4.20.

Note: The base PCIe Cryptographic Coprocessor (CCA) is not susceptible to the two known security issues described below. Only Toolkit customers may be susceptible. However, as a consumer of the GNU C Library (glibc), IBM is making a patch available for System x 4765 and System p PCIe Cryptographic Coprocessor users. Toolkit customers should download and install the fix and contact their Toolkit provider if there are any questions.

As of April 2015, a patch is available for System x 4765 and System p PCIe Cryptographic Coprocessor users who have used a Toolkit to develop a firmware application that uses (1) the network port, or (2) the gethostbyname() or gethostbyname2() glibc functions. If you are one of these users, you may be exposed to the following reported security vulnerability:

GHOST: glibc gethostbyname buffer overflow vulnerability (CVE-2015-0235)

Description: A heap-based buffer overflow exists in the GNU C library, commonly known as glibc. The affected library component is the ss_hostname_digits_dots() function used by both gethostbyname() and gethostbyname2() glibc functions. Programs calling these functions may be vulnerable to a buffer overflow, exploitable by local, as well as remote users, to execute arbitrary code on affected systems. In-depth technical information on the vulnerability has been publicly released and includes exploit, mitigation, and patch information. While not yet publicly available, a proof-of-concept remote exploit has been developed using this vulnerability that Qualys plans on publishing.

The GNU C library is most commonly used in systems using the Linux kernel.

CVE-2015-0235 has a Base CVSS score of 6.8 (medium)

CCA and Toolkit users: The GNU C library is shipped with the 4765 base support. The base card is not susceptible to these issues because the card is not shipped with the network port enabled, and there is no auto-config script to set up a network or ethernet device. Also, the card does not use the gethostbyname() nor gethostbyname2() glibc functions. IBM is providing the fix because the 4765 coprocessor is a consumer of the GNU C library. Applying this security patch is left to your discretion. To install the patch, see the instructions below. CCA customers should contact crypto@us.ibm.com with questions.

Toolkit users only: If your firmware application for the IBM 4765 uses the affected GNU C library functions or enables the network port, apply the security patch which corrects the vulnerability. Contact your Toolkit provider with questions.

To install the patch:

System x users:

  1. System x users of CCA Release 4.1 must move up to CCA Release 4.2 or later before applying the patch.
  2. Download the file (TAR, 31.1 MB) which contains a README.txt file and CLU files that contain the the patch.
  3. Untar the downloaded file.
  4. Follow the directions provided in the README.txt file to install the patch.

System p AIX users:

 

  1. Download the file (Z, 4.8 MB) that contains an interim fix.
  2. Install the interim fix using this command: 
    emgr -X -e 4765FW4428.150326.epkg.Z
  3. Follow the directions provided in the README file: 
    /usr/lpp/csufx.4765/README.4765FW4428

Benefits:

Installing the ghost vulnerability security patch corrects the security vulnerability described above.

Mar. 14, 2014 | PCIeCC2 and PCIeCC | Government access to data

Feb. 19, 2013 | HSM 4765 | MEPS validation

As of February 19, 2013, the 4765 hardware security module (HSM) is validated to meet the MEPS (Méthode d'Évaluation des Produits Securitaire "bancaires") approval scheme used by Cartes Bancaires (CB) banking ecosystem. This standards certification allows the 4765 HSM to be used by CB member banks on their dedicated payment networks.

Mar. 2012 | HSM 4765 | Support additional operating systems

Add-on features are being offered for the IBM 4765 on IBM-approved x86 systems to support additional operating systems. See the IBM 4765 overview page for information.