First, make sure VM can see them
(Q CRYPTO AP )
Make sure the guest's directory entry says "CRYPTO APVIRT"
You'll need the openCryptoki and openss-ibmca packages installed.
Turn it on with (loads the driver)
rcz90crypt start (make permanenet with chkconfig z90crypt on)
Verify module loaded with
ose-test1:~ # cat /proc/driver/z90crypt
zcrypt version: 2.1.0
Cryptographic domain: 15
Total device count: 1
PCICA count: 0
PCICC count: 0
PCIXCC MCL2 count: 0
PCIXCC MCL3 count: 0
CEX2C count: 0
CEX2A count: 1
requestq count: 0
pendingq count: 0
Total open handles: 0
Online devices: 1=PCICA 2=PCICC 3=PCIXCC(MCL2) 4=PCIXCC(MCL3) 5=CEX2C 6=CEX2A
0000000000000000 0060000000000000 0000000000000000 0000000000000000
Waiting work element counts
0000000000000000 0000000000000000 0000000000000000 0000000000000000
Per-device successfully completed request counts
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
Run a test with openssl
ose-test1:~ # openssl
OpenSSL> speed rsa512
Doing 512 bit private rsa's for 10s: 7478 512 bit private RSA's in 7.55s
Doing 512 bit public rsa's for 10s: 102811 512 bit public RSA's in 8.34s
OpenSSL 0.9.8a 11 Oct 2005
built on: Wed Apr 15 15:56:11 UTC 2009
options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) aes(partial)
blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -DB_ENDIAN -DNO_ASM -DMD32_REG_T=int -O2 -fmessage-length=0
-Wall -g -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall
-fstack-protector -fbranch-probabilities -DB_ENDIAN -DNO_ASM
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times
sign verify sign/s verify/s
rsa 512 bits 0.001010s 0.000081s 990.5 12327.5
Run a test with openssl using the crypto
OpenSSL> speed -engine ibmca rsa512
engine "ibmca" set.
Doing 512 bit private rsa's for 10s: 7121 512 bit private RSA's in 0.10s
Doing 512 bit public rsa's for 10s: 8516 512 bit public RSA's in 0.10s
OpenSSL 0.9.8a 11 Oct 2005
built on: Wed Apr 15 15:56:11 UTC 2009
options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) aes(partial)
blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -DB_ENDIAN -DNO_ASM -DMD32_REG_T=int -O2 -fmessage-length=0
-Wall -g -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall
-fstack-protector -fbranch-probabilities -DB_ENDIAN -DNO_ASM
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times
sign verify sign/s verify/s
rsa 512 bits 0.000014s 0.000012s 71210.0 85160.0
See that the counts went up:
ose-test1:~ # cat /proc/driver/z90crypt
zcrypt version: 2.1.0
Cryptographic domain: 1
Total device count: 1
PCICA count: 0
PCICC count: 0
PCIXCC MCL2 count: 0
PCIXCC MCL3 count: 0
CEX2C count: 0
CEX2A count: 1
requestq count: 0
pendingq count: 0
Total open handles: 0
Online devices: 1=PCICA 2=PCICC 3=PCIXCC(MCL2) 4=PCIXCC(MCL3) 5=CEX2C 6=CEX2A
0000000000000000 0000000060000000 0000000000000000 0000000000000000
Waiting work element counts
0000000000000000 0000000000000000 0000000000000000 0000000000000000
Per-device successfully completed request counts
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00003D17 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
To use it with Apache or IHS more setup is needed in those products.
Marcy
"This message may contain confidential and/or privileged information. If you
are not the addressee or authorized to receive this for the addressee, you must
not use, copy, disclose, or take any action based on this message or any
information herein. If you have received this message in error, please advise
the sender immediately by reply e-mail and delete this message. Thank you for
your cooperation."
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
