Hi,
with our Crypto HW we distinguish from a security dimension
- clear key crypto (keys reside in plain text in memory)
- secure key crypto (keys are wrapped by (amster) keys hidden in a
Crypto adapter aka HSM)
- protected key crypto (keys are wrapped by keys hidden in firmware not
accessible by OS)
there are both symmetrical and asymmetrical crypto algorithms for all
three dimensions.
As for HW implementation
- CPACF (instructions inside the CPU)
-- supports both symmetrical and asymmetrical (ECC) algorithms
-- supports clear key and protected key crypto
- CryptoExpress adapters (an adapter card plugged into a CEC)
-- supports both symmetrical and asymmetrical algorithms (the CCA
adapter does so for both clear and secure keys).
-- supports clear key (in accelerator and CCA mode) and secure key
(CCA and EP11 mode) crypto
As for acceleration (of clear key algorithms) it only makes sense to use
the HW acceleration inside the CPU (i.e. CPACF) to accelerate "fast"
algorithms like symmetric crypto and hashes. -- It does not make sense
to send such requests to a CryptoExpress adapter because the I/O
overhead would eat up all acceleration gains.
For expensive algorithms (like RSA or DH) it worth while to send request
to a CryptoExpress adapter (in accelerator or CCA mode) to accelerate
the computation.
Not so expensive asymmetric algorithms (ECC) could be computed both on
an Adapter and inside the CPU. Since z15 the fastest way to compute EC
crypto is to use a new CPACF function.
Reinhard
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO LINUX-390 or visit
http://www2.marist.edu/htbin/wlvindex?LINUX-390
