The CPACF is the component which implements the MSA instructions. This is enabled by feature code 3863. This cryptographic feature code is indeed classified as armaments and so is subject to restrictions on export from the USA.
SHA-1, and SHA-2 support for SHA-224, SHA-256, SHA-384, and SHA-512 are shipped enabled on all servers and do not require the CPACF enablement feature. Note that the z9 does not have all of the above SHA support. Lennie Dymoke-Bradshaw MBCS CITP Accredited Senior I/T Specialist, System z, Security and Cryptography, IBM Software Group Mail: Lennie J Dymoke-Bradshaw/UK/IBM@IBMGB or [email protected] There are two types of people in the world; those who have been hacked, and those who will be hacked. From: Robert Ngan <[email protected]> To: [email protected], Date: 04/02/2014 18:55 Subject: Availability of SHA-1 and SHA-256 functions in KIMD/KLMD instructions? Sent by: IBM Mainframe Assembler List <[email protected]> I vaguely remember seeing references that IBM machines shipped to some countries are missing the cryptographic features due to export restrictions. Does anyone know if disablement of the cryptographic functions affects the SHA functions of the KIMD/KLMD instructions? Or can I assume that if the machine is a z9 or higher, the SHA-1 function at a minimum will be available? Basically, if we require our software to be run on z9 or later hardware, can we ship software that uses KLMD with the SHA-1 function and not have it fail due to that function not being available? And no, I really don't want to dual path the code with my own implementation of SHA-1 when I can't use KLMD. Robert Ngan CSC Financial Services Group Unless stated otherwise above: IBM United Kingdom Limited - Registered in England and Wales with number 741598. Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
