Crypto Hardware Part 2

Transcription

©
Crypto Hardware on z
Systems - Part 2
Greg Boyd
[email protected]
www.mainframecrypto.com
zExchange – Crypto Hardware Part 2
May 2015
©
Agenda
• Crypto Hardware - Part 1
•
•
•
•
A refresher
A little bit of history
Some hardware terminology
CPACF
• Crypto Hardware – Part 2
• A couple of refresher slides
• Crypto Express Cards
• HMC Slides
May 2015
Page 2
©
Crypto Functions
• Data Confidentiality
• Symmetric – DES/TDES, AES
• Asymmetric – RSA,Diffie-Hellman, ECC
• Data Integrity
• Modification Detection
• Message Authentication
• Non-repudiation
• Financial Functions
• Key Security & Integrity
May 2015
Page 3
©
Clear Key / Secure Key / Protected
Key
• Clear Key – key may be in the clear, at least briefly,
somewhere in the environment
• Secure Key – key value does not exist in the clear
outside of the HSM (secure, tamper-resistant
boundary of the card)
• Protected Key – key value does not exist outside of
physical hardware, although the hardware may not
be tamper-resistant
May 2015
Page 4
©
CPACF Machines
(z890/z990 & later)
• CP Assist for Cryptographic
Function (CPACF)
• Peripheral Component
Interconnect (PCI Cards)
I/O Cage
or I/O
Drawer
PCIXCC
CEC Cage
Memory
STI
MBA
CP
CPACF
CP
CPACF
CP
CP
Crypto
Expressn
Crypto
Expressn1P
CPACF CPACF
FICON
May 2015
Page 5
©
PCI Cards
• 4758 – PCICC, PCICA
• DES/TDES, RSA, RNG
• 4764 – PCIXCC, Crypto Express2
• DES/TDES, AES, RSA, SHA-1, RSA, DSA, RNG
• 4765 – Crypto Express3, Crypto Express4S
• DES/TDES, AES, RSA, SHA-1, SHA-224, SHA-512, RSA,
DSA, ECC, HMAC, RNG
• 4767 – Crypto Express5S
• Not formally announced yet
• FPE
May 2015
Page 6
©
4765 Coprocessor
Integrated/Duplicate Processors
2 boards
Reliably runs Common Crypto Arch (CCA)
CPU
FLASH
SP
SP
CPU
CPU
DRAM
CPU
Tamper
Detection
Otello
+AES
Core Functions
DRAM
Otello
+RSA
RTC
BBRAM
I/F Logic
Secure
Boundary
Core
+SHA
USB
New Interface
Serial
May 2015
PCI express
PCI x I/F
x4
Interface change to PCI-e
Page 7
©
Two-engine cards vs Single engine
cards
47??
47??
47??
PCIXCC, Crypto Expressn
Crypto Expressn-1P
4765
Crypto Express4s
May 2015
Page 8
©
Hardware Security Module (HSM)
• Tamper Detection
•
•
•
•
Removal
Temperature
Probe Penetration
Power Sequencing
• Tamper Response
• Zeroization of all keys
• Permanently inoperable
FIPS 140-2 Level 4
May 2015
Page 9
©
Crypto Express
•
•
•
•
•
•
•
•
•
Coprocessor
or
Accelerator
or
PKCS #11
Secure Key DES/TDES
Secure Key AES
Financial (PIN) Functions
Key Generate/Key Management
Random Number Generate, Generate Long, Prime
Number Generate
Protected Key Support (CEX3)
RSA & ECC Operations, including SSL Handshakes (CEX3)
Secure Key PKCS #11 (CEX4S)
Format Preserving Encryption (CEX5S)
TechDoc WP100810 – A Synopsis of System z Crypto Hardware
May 2015
Page 10
©
Crypto Card Modes
• Coprocessor
• Full CCA Function
• Requires master key to be loaded
• Supports User Defined Extension (UDX)
• Accelerator
• Only supports SSL Handshakes (Public Key Encrypt,
Public Key Decrypt, Digital Signature Verify)
• EP11 (Enterprise PKCS #11)
• Only supports PKCS #11
May 2015
Page 11
©
Enterprise PKCS #11 (aka OpenCryptoki) or
EP11 Mode
System
SSL
IPsec/
IKE
PKI
SW CPACF
Java
RACF
EF
DB2
SW CPACF SW
CCA Services
CCA Device Driver
CPACF
PKCS #11 Services
CPACF
SW Crypto
PKCS #11
Device Driver
CKDS
ICSF
TKE
PKDS
CCA
PKCS11
TKDS
Request routing
Request routing
CCA Verbs
PKCS #11 Verbs
Crypto Device Drivers
Crypto Device Drivers
CryptoExpress4S
(CEX4C)
CryptoExpress4S
(CEX4P)
Secure
Key
Material
Clear
Key
Material
EP11 enables Secure Key PKCS #11
May 2015
Page 12
12
©
Cryptographic Feature
Identification
Cryptographic Feature
Prefix for releases
prior to HCR77B0
Prefix for
HCR77B0 and
later releases
Crypto Express2 coprocessor
E
2C
Crypto Express2 accelerator
F
2A
Crypto Express3 coprocessor
G
3C
H
3A
Crypto Express4 CCA coprocessor
SC
4C
Crypto Express4 EP11 coprocessor
SP
4P
SA
4A
Crypto Express5 CCA coprocessor
N/A
5C
Crypto Express5 EP11 coprocessor
N/A
5P
N/A
5A
March 2015
zExchange – IBM z13 and Crypto
Page 13
©
Master Keys
•Stored within the secure hardware boundary of the
cryptographic coprocessor
•ICSF uses five master keys to protect operational keys
• DES Master Key (DES-MK aka SYM-MK) – 16 (or 24) byte key
• Protects DES/TDES (symmetric) application keys
• AES Master Key (AES-MK) - 256 bit key
• Protects AES (symmetric) application keys
• Asymmetric-keys master key (RSA-MK aka ASYM-MK) - 192 bit key
• Protects RSA (asymmetric) private keys
• Elliptic Curve Master Key (ECC-MK) - 256 bit key
• Protects ECC (asymmetric) private keys
• Enterprise PKCS #11 Master Key (P11-MK) - 256 bit key
• Protects PKCS #11 keys
May 2015
Page 14
©
Nonvolatile Arrays for storing Master
Keys
• Current – where the master key resides
• New – staging area for building a new master key
• Old – provides one-back support
Current
New
CKDS
DES-MK
DES-MK
PKDS
TKDS
May 2015
Old
DES-MK
Current
AES-MK
New
AES-MK
Old
AES-MK
Current
RSA-MK
New
RSA-MK
Current
ECC-MK
New
ECC-MK
Old
RSA-MK
Old
ECC-MK
Current
P11-MK
New
P11-MK
Page 15
©
Usage Domains – storage of master keys
LPAR &
Domain
LP1 UD1
LP2 UD2
DES Master
Key
RSA Master
Key
ABC
XYZ
(MKVP=E957)
(Hash=DD20)
LP2KEY
PKAMST
(MKVP=AB51)
(Hash=5D01)
AES
MK
ECC
MK
P11
MK
…
…
…
CKDS1
&24
PKDS1
&24
MKVP
E957
Hash
DD20
CKDS 2 PKDS 2
…
…
…
…
…
…
MKVP
AB51
Hash
5D01
LP3
LP24
UD24
ABC
XYZ
(MKVP=E957)
(Hash=DD20)
JKL
LP5
May 2015
DD20
(VP=
47CC)
…
LP85
UD85
TKDS5
VP
LP16KY
AKEY
(MKVP=15D7)
(MKVP=93A2)
…
…
…
CKDS
85
PKDS
85
MKVP
15D7
Hash
93A2
Page 16
©
User Defined eXtension
• Extends the functionality of IBM’s CCA (Common
Cryptographic Architecture) application program
• Customized cryptographic verb controls per customer
• UDX interfaces using HW control blocks and ICSF
control blocks, therefore if hardware platform
changes or ISCF level changes or both, then the
UDX must be updated for the new control blocks
• On System z, IBM will develop the UDX to your specs
• Must be integrated in and work with ICSF
May 2015
Page 17
©
Assigning Crypto to the LPAR
May 2015
Page 18
©
View LPAR Crypto Controls
May 2015
Page 19
©
Cryptographic Management
May 2015
Page 20
©
Crypto Configuration
May 2015
Page 21
©
View
Details
May 2015
Page 22
©
Crypto Reconfig
May 2015
Page 23
©
APIs and Hardware
HCR77B0 APIs
(from ICSF Application Programmer's Guide SC14-7508-03)
CPACF
19 11
PCI
30
ICSF Only (No Hardware)
94
April 2015
PKCS #11
Page 24
©
IBM Resources (on the web)
• Redbooks – www.redbooks.ibm.com (search on
‘crypto’)
• SG24-8260 IBM z13 Configuration Setup
• SG24-8251 IBM z13 Technical Guide
• SG24-8250 IBM z13 Technical Introduction
• ATS TechDocs Website –
www.ibm.com/support/techdocs (search on
‘crypto’)
• WP100810 – A Synopsis of System z Crypto Hardware
• IBM Manuals
• z/Architecture Principles of Operations, SA22-7832
• ICSF Application Programmer’s Guide, SC14-7508
April 2015
Page 25
©
Secure Key Crypto – Information &
Download
• Crypto Card – CryptoExpress3/ CryptoExpress4S
• ibm.com/security/cryptocards/pciecc/overview.shtml
• Programmer’s Guide
ibm.com/security/cryptocards/pciecc/library.shtml
• CCA Basic Services Reference and Guide for the IBM
4765 PCIe and IBM 4764 PCI-X Cryptographic
Coprocessors
ibm.com/security/cryptocards/pciecc/pdf/bs_latest_edition.pdf
May 2015
Page 26
©
A Couple of other things
• FIPS 140-2
• Security Requirements for Cryptographic Modules
(http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf)
• Module Validation List
(http://csrc.nist.gov/groups/STM/cmvp/validation.html)
• AES
• FIPS 197 Announcing the AES
(http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf)
• DES
• FIPS 46-3 Data Encryption Standard - Withdrawn
(http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf)
• SP800-67 Recommendation for the Triple DEA Block Cipher
(http://csrc.nist.gov/publications/nistpubs/800-67-Rev1/SP-800-67Rev1.pdf)
May 2015
Page 27
©
Questions?
May 2015
Page 28

Crypto Hardware Part 2

Transcription

Similar documents

z/VSE

IBM zSeries 890 — A multipurpose server for an on demand world