Skip to main content

IBM Systems  >   z Systems  >   z/VM  >  

Description of KM

Download count: 24 this month, 249 altogether.

Downloads for KM:
VMARC archive: v-104K
zip archive: z-189K

From Dave Jones:

The KM CSL library provides routines that can be used to encrypt and decrypt data using the "cipher message" instruction set. The routines and the instructions they exploit are:

  • KM CIPHER MESSAGE xB92E
  • KMC CIPHER MESSAGE WITH CHAINING xB92F
  • KMAC COMPUTE MESSAGE AUTHENTICATION CODE xB91E
  • KMO CIPHER MESSAGE WITH OUTPUT FEEDBACK xB92B
  • KMF CIPHER MESSAGE WITH CIPHER FEEDBACK xB92A
  • KMCTR CIPHER MESSAGE WITH COUNTER xB92D
  • PCKMO PERFORM CRYPTOGRAPHIC KEY MANAGEMENT OPERATION xB928
The cryptographic algorithms supported are
  • DES
  • TDES_128
  • TDES_192
  • AES_128
  • AES_192
  • AES_256

See the z/Architecture Principles of Operation publication for more information on how these instructions operate. The PCKMO routine is only supported in the z/Architecture CMS (ZCMS) environment. This is the environment created by the IPL ZCMS command.

As examples of how to call these KMx CSL routines, the following Rexx CMS Pipeline stages are included.

  • KM REXX
  • KMC REXX
  • KMAC REXX
  • KMO REXX
  • KMOSTR REXX
  • KMF REXX
  • KMFSTR REXX
  • KMCTR REXX
  • KMCTRSTR REXX

See the comments in the files for how to use these stages in a pipeline. There is an additional Rexx pipelines stage, CIPPAD,, that pads input plain text records to an integer multiple of the key length or removes the padding bytes from an encrypted record.

These KM CSL routines can also be called from a HLL such as PL/I or C. An example of invoking the CSL from PL/I is included.

  • TESTKMP MODULE
  • TESTKMP LISTING
  • TESTKMP TEXT
  • TESTKMP PLI

Change history:

  • 2016-07-08 V1.0: Initial distribution to VM download page
  • 2016-07-20 V1.1: Add stream STR Rexx stages, fix doc nits.
  • 2016-08-19 V1.2: return output CV to caller on KMC, KMF and KMO calls
  • 2016-11-05 V1.3: support KMAC Message Authentication Code instruction