======================================================== -----Original Message----- From: "Paul Gilmartin" <[EMAIL PROTECTED]> Sent: 6/11/2005 10:48 AM To: "IBM-MAIN@BAMA.UA.EDU" <IBM-MAIN@BAMA.UA.EDU> Subject: Re: Encryption
In a recent note, Bruce Black said: > Date: Fri, 10 Jun 2005 10:49:53 -0400 > > The new instructions which invoke the z890/z990 cryptographic > co-processor are documented in the latest PoPs. > Ummm. The best I can find is: Linkname: CONTENTS "z/Architecture Principles of Operation" IBM Library Server URL: http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/DZ9ZR003 Title: z/Architecture Principles of Operation Document Number: SA22-7832-03 Build Date: 05/04/04 12:13:20 Build Version: 1.3.1 of BUILD/VM Version: UG03935 DropDate: Thursday August 8, 2003 Book Path: /home/webapps/epubs/htdocs/book/dz9zr003.boo with: # 2.3.7 "z/Architecture Principles of Operation" ___________________________________________________________________ 2.3.7 Cryptographic Facility Depending on the model, an integrated cryptographic facility may be provided as an extension of the CPU. When the cryptographic facility is provided on a CPU, it functions as an integral part of that CPU. A summary of the benefits of the cryptographic facility is given on page 1.3; the facility is otherwise not described. And, irritatingly the "Hardware" link on: Linkname: IBM: z/OS Internet Library - Technical documentation and literature for the z/OS platform URL: http://www-1.ibm.com/servers/eserver/zseries/zos/bkserv/ ... takes me to S/390 hardware. -- gil -- StorageTek INFORMATION made POWERFUL ======================================================== The original encryption instructions for the ICRF were supervisor state only. They provided single cipher, chained cipher, and various PIN and message authentication verification. IBM chose not to document the instructions for various reasons, including reserving the freedom to change the specifications. Only the software ICSF used the machine instructions, so changing the ICRF specifications would only affect the software in the ICSF. I wrote ICRF emulation code for the Amdahl 5990 using the IBM internal documentation (TIDA) that Amdahl had to buy from IBM. The entire ICRF hardware is somewhat daunting with very complex algorithms. The ciphering instructions have been copied to new opcodes and made available for problem state. The original opcodes for the supervisor state instructions will likely go away after a time and the opcodes will be recycled for something else. Opcode real estate is still very valuable, so it will make sense to reuse the obsolete undocumented opcodes for newer features. btw: The original chained ciphering was the first instruction that I noticed that had the "come up for air" condition code that ends the operation early. It was condition code 2. Now, IBM seems to have standardized on using condition code 3 for "come up for air" early end. Much better IMHO. Jeffrey D. Smith Farsight Systems Corporation 24 BURLINGTON DR LONGMONT, CO 80501 303-774-9381 http://www.farsight-systems.com ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html