Filter
Top Products
CCA Release 2.54
Cryptographic_Resource_Allocate verb will fail if a cryptographic resource is
already allocated.
To determine the number of CCA Coprocessors installed in a machine, use the
Cryptographic_Facility_Query verb with the STATCARD rule-array keyword. The
verb returns the number of Coprocessors running CCA software. The count
includes any Coprocessors loaded with CCA UDX code.
When using multiple CCA Coprocessors, you must consider the implications of the
master keys in each of the Coprocessors. See “Master-Key Considerations with
Multiple CCA Coprocessors” on page 2-17. You must also consider the
implications of a logged-on session. See “Logging On and Logging Off” on
page 2-7.
When you log on to a Coprocessor, the Coprocessor creates a session key and
communicates this to the CCA host code which saves the key in a “session
context” memory area. If your processing alternates between Coprocessors, be
sure to save and restore the appropriate session context information.
Multi-Coprocessor CCA Host Implementation
The implementation in OS/400 host systems varies somewhat from that in the other
environments. The following sections describe each approach:
OS/400 multi-coprocessor implementation
AIX and Windows multi-coprocessor implementation.
OS/400 Multi-Coprocessor Support
With OS/400, the kernel-level code detects all new Coprocessors at IPL time and
assigns them a resource name in the form of CRP01, CRP02, and so forth. In
order to use a Coprocessor, a user must create a cryptographic device description
object. When creating the device description object, the user specifies the
cryptographic resource name. The name of the device description object itself is
completely arbitrary. A user can call the object “BANK1,” “CRYPTO,” “CRP01,”
or whatever. The device-description-object name has no bearing on which
resource it names. A user could create a device-description-object named CRP01
that internally names the CRP03 resource. (Unless you are intentionally renaming
a resource, such a practice would likely lead to confusion.) With the
Cryptographic_Resource_Allocate and Cryptographic_Resource_Deallocate verbs,
you specify a device-description-object name (and not an OS/400 resource name).
If no device has been allocated, the CCA code will default to use of the object
named “CRP01,” if any. If no such object exists, the verb will terminate abnormally.
Note: The scope of the Cryptographic_Resource_Allocate and the
Cryptographic_Resource_Deallocate verbs is operating-system dependent. For
OS/400, these verbs are scoped to a process.
AIX, Windows and OS/2 Multi-Coprocessor Support
With the first call to CCA from a process, the CCA host code associates
Coprocessor designators CRP01 through CRP08 with specific Coprocessors. The
host code determines the total number of Coprocessors installed through a call to
Chapter 2. CCA Node-Management and Access-Control 2-11