IBM Support

OA58358: NEW FUNCTION - EP11 Cryptographic services enhancements

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as new function.

Error description

  • New Function
    
    FIXCAT:
    DPFD/K
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * Users of ICSF                                                *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * Cryptographic services enhancements                          *
    * for Crypto Express7 in EP11 mode.                            *
    *                                                              *
    * Only services with explicit support are listed for each      *
    * enhancement. Services that were updated implicitly are       *
    * listed at the end.                                           *
    *                                                              *
    * Support for CRYSTALS-Dilithium:                              *
    * * PKCS 11 Generate key pair (CSFPGKP                         *
    *   and CSFPGKP6)                                              *
    *                                                              *
    * Support for protected keys:                                  *
    * * PKCS 11 Derive key (CSFPDVK and                            *
    *   CSFPDVK6)                                                  *
    * * PKCS 11 Generate key pair (CSFPGKP                         *
    *   and CSFPGKP6)                                              *
    * * PKCS 11 Generate secret key (CSFPGSK                       *
    *   and CSFPGSK6)                                              *
    * * PKCS 11 Private Key Sign (CSFPPKS and                      *
    *   CSFPPKS6)                                                  *
    * * PKCS 11 Public Key Verify (CSFPPKV                         *
    *   and CSFPPKV6)                                              *
    * * PKCS 11 Secret key decrypt (CSFPSKD                        *
    *   and CSFPSKD6)                                              *
    * * PKCS 11 Secret key encrypt (CSFPSKE                        *
    *   and CSFPSKE6)                                              *
    *                                                              *
    * Support for HMAC with SHA-3:                                 *
    * * PKCS 11 Generate Keyed MAC (CSFPHMG                        *
    *   and CSFPHMG6)                                              *
    * * PKCS 11 Verify Keyed MAC (CSFPHMV                          *
    *   and CSFPHMV6)                                              *
    *                                                              *
    * Support for ECC Ed448 and Ed25519:                           *
    * * PKCS 11 Generate key pair (CSFPGKP                         *
    *   and CSFPGKP6)                                              *
    * * PKCS 11 Private Key Sign (CSFPPKS and                      *
    *   CSFPPKS6)                                                  *
    * * PKCS 11 Public Key Verify (CSFPPKV                         *
    *   and CSFPPKV6)                                              *
    *                                                              *
    * Support for CKM_ECDH1_DERIVE:                                *
    * * PKCS 11 Derive key (CSFPDVK and                            *
    *   CSFPDVK6)                                                  *
    *                                                              *
    * Services updated implicitly (such as                         *
    * for getting or setting new attributes                        *
    * as a part of normal operation):                              *
    * * PKCS 11 Derive multiple keys (CSFPDMK                      *
    *   and CSFPDMK6)                                              *
    * * PKCS 11 Get attribute value (CSFPGAV                       *
    *   and CSFPGAV6)                                              *
    * * PKCS 11 Set Attribute Value (CSFPSAV                       *
    *   and CSFPSAV6)                                              *
    * * PKCS 11 Token Record Create (CSFPTRC                       *
    *   and CSFPTRC6)                                              *
    * * PKCS 11 Token Record List (CSFPTRL                         *
    *   and CSFPTRL6)                                              *
    * * PKCS 11 Unwrap Key (CSFPUWK                                *
    *   and CSFPUWK6)                                              *
    * * PKCS 11 Wrap Key (CSFPWPK                                  *
    *   and CSFPWPK6)                                              *
    *                                                              *
    * Hardware Keywords: D/T8561                                   *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    

Problem conclusion

  • Summary
    ----------------------------------------
    This APAR enhances the following EP11
    Cryptographic services:
    * PKCS 11 Derive key (CSFPDVK and CSFPDVK6)
    * PKCS 11 Derive multiple keys (CSFPDMK and CSFPDMK6)
    * PKCS 11 Generate Keyed MAC (CSFPHMG and CSFPHMG6)
    * PKCS 11 Generate key pair (CSFPGKP and CSFPGKP6)
    * PKCS 11 Generate secret key (CSFPGSK and CSFPGSK6)
    * PKCS 11 Get attribute value (CSFPGAV and CSFPGAV6)
    * PKCS 11 One-Way Hash, Sign, or Verify (CSFPOWH and CSFPOWH6)
    * PKCS 11 Private Key Sign (CSFPPKS and CSFPPKS6)
    * PKCS 11 Public Key Verify (CSFPPKV and CSFPPKV6)
    * PKCS 11 Secret Key Decrypt (CSFPSKD and CSFPSKD6)
    * PKCS 11 Secret Key Encrypt (CSFPSKE and CSFPSKE6)
    * PKCS 11 Secret key decrypt (CSFPSKD and CSFPSKD6)
    * PKCS 11 Secret key encrypt (CSFPSKE and CSFPSKE6)
    * PKCS 11 Set Attribute Value (CSFPSAV and CSFPSAV6)
    * PKCS 11 Token Record Create (CSFPTRC and CSFPTRC6)
    * PKCS 11 Token Record List (CSFPTRL and CSFPTRL6)
    * PKCS 11 Unwrap Key (CSFPUWK and CSFPUWK6)
    * PKCS 11 Verify Keyed MAC (CSFPHMV and CSFPHMV6)
    * PKCS 11 Wrap Key (CSFPWPK and CSFPWPK6)
    
    All of the enhancements introduced in this APAR are documented
    in the HCR77D1 and later releases of the following ICSF
    publications:
      ICSF Application Programmer's Guide  SC14-7508
      ICSF System Programmer's Guide       SC14-7507
      ICSF Writing PKCS 11 Applications    SC14-7510
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA58358

  • Reported component name

    ICSF/MVS

  • Reported component ID

    568505101

  • Reported release

    7D1

  • Status

    CLOSED UR1

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    YesSpecatt / New Function / Xsystem

  • Submitted date

    2019-09-17

  • Closed date

    2020-01-16

  • Last modified date

    2020-04-28

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UJ01860

Modules/Macros

  • CSFSMTMG CSFNCTDR CSFZTKI  CSFPLKUP CSFKSCS3 CSFKSHTM CSFKSTDL
    CSFGIBTN CSFENCFM CSFENXCP CSFINPV2 CSFKSICE CSFTCSAV CSFSMBTR
    CSFKSRDR CSFPLMRT CSFKSITE CSFSMBTM CSFCCVE  CSFSMBTF CSFTCPA4
    CSFNCPCI CSFTCPA5 CSFTCC2P CSFTCPA2 CSFSMBTI CSFTCPA3 CSFGICP2
    CSFINIT2 CSFTCPA0 CSFTCPA1 CSFSMBTD CSFNCKDU CSFNCIQF CSFTCPA6
    CSFNCCMK CSFPLKST CSFTBR44 CSFPLMWT CSFKSIPE CSFMIAKP CSFDDMRL
    CSFVCMLV CSFNCKDL CSFDTKBS CSFENCPN CSFMIAKT CSFDTKBP CSFKSCMV
    CSF@PRIM CSFNCSTC CSFTCTRC CSFGITKD CSFGICVE CSFNCRNC CSFTCTRL
    CSFTBR50 CSFGIKDS CSFKSHTB CSFGIDT2 CSFNCVMK CSFKSHKT CSFENCFG
    CSFNCPXS CSFMIDS  CSFNCSMK CSFNCSYX CSFKG100 CSFKG300 CSFVCBRC
    CSFENOSA CSFMIKYI CSFMITSM CSFMIKUT CSFDPEXP CSFNCMDW CSFDTKBC
    CSFINXKP CSFDPIMP CSFNCUKD CSFDTKB1 CSFDCU26 CSFKG400 CSFDRG26
    CSFNCKGN CSFKSROP CSFHS005 CSFHS006 CSFHS007 CSFHS008 CSFHS001
    CSFHS002 CSFHS003 CSFHS004
    

Publications Referenced
SC147508XXSC147507XXSC147510XX  

Fix information

  • Fixed component name

    ICSF/MVS

  • Fixed component ID

    568505101

Applicable component levels

  • R7D1 PSY UJ01860

       UP20/01/18 P F001

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M"},"Platform":[{"code":"PF054","label":"z Systems"}],"Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
29 April 2020