© Copyright IBM Corp. 2021 Page 1 of 18
IBM z/OS Version 2 Release 1 Security Server RACF Signature
Verification Module
IBM z/OS Version 2 Release 2 Security Server RACF Signature
Verification Module
IBM z/OS Version 2 Release 3 Security Server RACF Signature
Verification Module
IBM z/OS Version 2 Release 4 Security Server RACF Signature
Verification Module
FIPS 140-2 Non-Proprietary Security Policy
Policy Version 1.8
IBM Systems
System z Development
Poughkeepsie, New York
March 25, 2021
This document may be reproduced only in its original entirety without revision.
© Copyright IBM Corp. 2021 Page 2 of 18
Table of Contents
MODULE DESCRIPTION .....................................................................................................................................................3
CRYPTOGRAPHIC MODULE SPECIFICATION.........................................................................................................4
SECURITY LEVEL ..............................................................................................................................................................5
CRYPTOGRAPHIC MODULE SECURITY LEVEL......................................................................................................8
PORTS AND INTERFACES.............................................................................................................................................8
ROLES, SERVICES AND AUTHENTICATION.............................................................................................................9
ROLES .............................................................................................................................................................................9
SERVICES.......................................................................................................................................................................10
OPERATIONAL ENVIRONMENT................................................................................................................................12
INSTALLATION AND INVOCATION ....................................................................................................................................12
APPROVED MODE OF OPERATION....................................................................................................................................13
MITIGATION OF OTHER ATTACKS..........................................................................................................................13
PHYSICAL SECURITY..................................................................................................................................................13
EMI/EMC.........................................................................................................................................................................16
SELF-TESTS....................................................................................................................................................................16
RACF SIGNATURE VERIFICATION MODULE ....................................................................................................................16
Startup Self-Tests......................................................................................................................................................16
Invoking FIPS 140-2 self-tests on demand .................................................................................................................17
APPLICATION PROGRAMMING INTERFACES (APIS) ..........................................................................................17
GLOSSARY .....................................................................................................................................................................18
REFERENCES.................................................................................................................................................................18
TRADEMARKS...............................................................................................................................................................18
© Copyright IBM Corp. 2021 Page 3 of 18
Scope of Document
This document describes the services that the IBM® z/OS® Version 2 Release 1 Security Server RACF® Signature
Verification Module, the IBM z/OS Version 2 Release 2 Security Server RACF Signature Verification Module, the
IBM z/OS Version 2 Release 3 Security Server RACF Signature Verification Module and the IBM z/OS Version 2
Release 4 Security Server RACF Signature Verification Module (“IRRPVERS” or “modules”) provide to crypto
officers and end users, and the policy governing access to those services. It complements official product
documentation, which concentrates on application programming interface (API) level usage and environmental
setup.
Module Description
The IBM z/OS Version 2 Release 1 Security Server RACF Signature Verification Module, the IBM z/OS Version
2 Release 2 Security Server RACF Signature Verification Module, the IBM z/OS Version 2 Release 3 Security
Server RACF Signature Verification Module and the IBM z/OS Version 2 Release 4 Security Server RACF
Signature Verification Module in its FIPS 140-2 configuration consist of:
l CP Assist for Cryptographic Function (CPACF) to provide Secure Hash Algorithm operations
l The core software component (IRRPVERS) that is utilized when verifying signed code. It is comprised of the
following set of binaries:
Binary Component
IRRPVERS
IRRRPS11
IRRRPS21
IRRRPS31
IRRRPS32
IRRRPS50
IRRRPS51
IRRRPS60
IRRRPS70
IRRRPS71
IRRRPS72
IRRRPS80
IRRRPS90
ICHSGF00
IRRRCP00
IRRPVK01
IRRBER01
IRRBER04
IRRBER05
IRRBER07
IRRJCLIC
IRRJCRTE
IRRJHASH
IRRRCOMR
IRRRCOM1
IRRERR02
© Copyright IBM Corp. 2021 Page 4 of 18
Table 1: RACF Program Signature Verification Module Software Binaries
A separate software component, IRRVERLD, which is outside the logical boundary of the module loads the
IRRPVERS component automatically during system boot without requiring operator intervention.
Cryptographic Module Specification
The IBM z/OS Version 2 Release 1 Security Server RACF Signature Verification Module, the IBM z/OS Version
2 Release 2 Security Server RACF Signature Verification Module, the IBM z/OS Version 2 Release 3 Security
Server RACF Signature Verification Module and the IBM z/OS Version 2 Release 4 Security Server RACF
Signature Verification Module are classified as multi-chip standalone software-hybrid modules for FIPS PUB 140-
2 purposes. The RACF Program Signature Verification module consists of software-based cryptographic algorithms,
as well as hashing algorithms provided by the CP Assist for Cryptographic Function (CPACF).
Figure 1: Physical and Cryptographic boundaries
RACF Program Signature Verification validation was performed using the z/OS Version 2 Release 1 operating
systems running on a IBM z13® processor with the “CP Assist for Cryptographic Functions DES/TDES
Enablement Feature 3863 (Base GPC)” enabled.
RACF Program Signature Verification validation was performed using the z/OS Version 2 Release 2 operating
systems running on a IBM z13 processor with the “CP Assist for Cryptographic Functions DES/TDES Enablement
Feature 3863 (Base GPC)” enabled.
© Copyright IBM Corp. 2021 Page 5 of 18
RACF Program Signature Verification validation was performed using the z/OS Version 2 Release 3 operating
systems running on a IBM z14® processor with the “CP Assist for Cryptographic Functions DES/TDES
Enablement Feature 3863 (Base GPC)” enabled.
RACF Program Signature Verification validation was performed using the z/OS Version 2 Release 4 operating
systems running on a IBM z14 processor with the “CP Assist for Cryptographic Functions DES/TDES Enablement
Feature 3863 (Base GPC)” enabled.
RACF Program Signature Verification validation was performed using the z/OS Version 2 Release 4 operating
systems running on a IBM z15™ processor with the “CP Assist for Cryptographic Functions DES/TDES
Enablement Feature 3863 (Base GPC)” enabled.
In addition to the configurations tested by the laboratory, vendor affirmed testing was performed using:
z/OS Version 2 Release 1 and z/OS Version 2 Release 2 on the following platforms:
l IBM zEnterprise® EC12 (zEC12) with CP Assist for Cryptographic Functions DES/TDES Enablement
Feature 3863 (Base GPC)
l IBM zEnterprise BC12 (zBC12) with CP Assist for Cryptographic Functions DES/TDES Enablement
Feature 3863 (Base GPC).
z/OS Version 2 Release 3 on the following platform:
l IBM z13 with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 (Base GPC)
z/OS Version 2 Release 4 on the following platform:
l IBM z13 with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 (Base GPC)
Note (IG G.5): the CMVP makes no statement as to the correct operation of the module or the security strengths of
the generated keys when ported and executed in an operational environment not listed on the validation certificate
Security level
This document is the security policy for the IBM z/OS Version 2 Release 1 Security Server RACF Signature
Verification Module, the IBM z/OS Version 2 Release 2 Security Server RACF Signature Verification Module, the
IBM z/OS Version 2 Release 3 Security Server RACF Signature Verification Module and the IBM z/OS Version 2
Release 4 Security Server RACF Signature Verification Module with Level 1 overall security as defined in FIPS
Pub 140-2 [1].
Type / Names Version
Software
components
RACF IRRPVERS
RACF level HRF7790
© Copyright IBM Corp. 2021 Page 6 of 18
Hardware
components
CPACF
Firmware – CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863
(aka FC3863) with System Driver Level 22H
Hardware – COP chips integrated within processor unit
Documentation z/OS V2R1 Security Server RACF Callable Services (SA23-2293)
z/OS V2R1 Security Server RACF System Programmer’s Guide (SA23-2287)
z/OS V2R1 Security Server RACF Security Administrator’s Guide (SA23-2289)
z/OS V2R1 Security Server RACF Command Language Reference (SA23-2292)
z/OS V2R1 Security Server RACF Messages and Codes (SA23-2291)
Table 2: RACF Program Signature Verification Module Components for the IBM z/OS Version 2 Release 1 Security
Server RACF Signature Verification Module
Type / Names Version
Software
components
RACF IRRPVERS
RACF level HRF77A0
Hardware
components
CPACF
Firmware – CP Assist for Cryptographic Functions DES/TDES Enablement Feature
3863 (aka FC3863) with System Driver Level 27I
Hardware – COP chips integrated within processor unit
Vendor Affirmed:
Firmware – CP Assist for Cryptographic Functions DES/TDES Enablement Feature
3863 (aka FC3863) with System Driver Level 22H
Hardware – COP chips integrated within processor unit
Documentation z/OS V2R2 Security Server RACF Callable Services (SA23-2293)
z/OS V2R2 Security Server RACF System Programmer’s Guide (SA23-2287)
z/OS V2R2 Security Server RACF Security Administrator’s Guide (SA23-2289)
z/OS V2R2 Security Server RACF Command Language Reference (SA23-2292)
z/OS V2R2 Security Server RACF Messages and Codes (SA23-2291)
Table 3: RACF Program Signature Verification Module Components for the IBM z/OS Version 2 Release 2 Security
Server RACF Signature Verification Module
Type / Names Version
Software
components
RACF IRRPVERS
RACF level HRF77B0
Hardware
components
CPACF
Firmware – CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863
(aka FC3863) with System Driver Level 32L
Hardware – COP chips integrated within processor unit
Vendor Affirmed:
Firmware – CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863
(aka FC3863) with System Driver Level 27I
Hardware – COP chips integrated within processor unit
© Copyright IBM Corp. 2021 Page 7 of 18
Documentation z/OS V2R3 Security Server RACF Callable Services (SA23-2293)
z/OS V2R3 Security Server RACF System Programmer’s Guide (SA23-2287)
z/OS V2R3 Security Server RACF Security Administrator’s Guide (SA23-2289)
z/OS V2R3 Security Server RACF Command Language Reference (SA23-2292)
z/OS V2R3 Security Server RACF Messages and Codes (SA23-2291)
Table 4: RACF Program Signature Verification Module Components for the IBM z/OS Version 2 Release 3 Security
Server RACF Signature Verification Module
Type / Names Version
Software
components
RACF IRRPVERS
RACF level HRF77C0
Hardware
components
CPACF
Firmware – CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863
(aka FC3863) with System Driver Level 32L
Hardware – COP chips integrated within processor unit
Vendor Affirmed:
Firmware – CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863
(aka FC3863) with System Driver Level 27I
Hardware – COP chips integrated within processor unit
Documentation z/OS V2R4 Security Server RACF Callable Services (SA23-2293)
z/OS V2R4 Security Server RACF System Programmer’s Guide (SA23-2287)
z/OS V2R4 Security Server RACF Security Administrator’s Guide (SA23-2289)
z/OS V2R4 Security Server RACF Command Language Reference (SA23-2292)
z/OS V2R4 Security Server RACF Messages and Codes (SA23-2291)
Table 5: RACF Program Signature Verification Module Components for the IBM z/OS Version 2 Release 4 Security
Server RACF Signature Verification Module on z14
© Copyright IBM Corp. 2021 Page 8 of 18
Type / Names Version
Software
components
RACF IRRPVERS
RACF level HRF77C0
Hardware
components
CPACF
Firmware – CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863
(aka FC3863) with System Driver Level 41C
Hardware – COP chips integrated within processor unit
Vendor Affirmed:
Firmware – CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863
(aka FC3863) with System Driver Level 27I
Hardware – COP chips integrated within processor unit
Documentation z/OS V2R4 Security Server RACF Callable Services (SA23-2293)
z/OS V2R4 Security Server RACF System Programmer’s Guide (SA23-2287)
z/OS V2R4 Security Server RACF Security Administrator’s Guide (SA23-2289)
z/OS V2R4 Security Server RACF Command Language Reference (SA23-2292)
z/OS V2R4 Security Server RACF Messages and Codes (SA23-2291)
Table 6: RACF Program Signature Verification Module Components for the IBM z/OS Version 2 Release 4 Security
Server RACF Signature Verification Module on z15
Cryptographic Module Security Level
The modules are intended to meet requirements of Security Level 1 overall, with certain categories of security
requirements not applicable (Table 7: Module Security Level Specification).
Security Requirements Section Level
Cryptographic Module Specification 1
Module Ports and Interfaces 1
Roles, Services and Authentication 1
Finite State Model 1
Physical Security 1
Operational Environment 1
Cryptographic Key Management 1
EMI/EMC 1
Self-Tests 1
Design Assurance 1
Mitigation of other attacks N/A
Overall 1
Table 7: Module Security Level Specification
Ports and Interfaces
As a multi-chip standalone module, the RACF Program Signature Verification module’s physical interfaces are the
boundaries of the host running RACF Program Signature Verification module’s code.
© Copyright IBM Corp. 2021 Page 9 of 18
Data input and data output are provided in the variables passed on the callable service invocation, generally through
user-supplied buffers. Hereafter, the callable services will be referred to as “API”.
User-induced or internal errors do not reveal any sensitive material to callers. Documentation for the API lists the
return and reason codes. A complete list of all return and reason codes returned by the APIs is specified in the z/OS
V2R1 Security Server RACF Callable Services, the z/OS V2R2 Security Server RACF Callable Services, the z/OS
V2R3 Security Server RACF Callable Services and the z/OS V2R4 Security Server RACF Callable Services manuals.
Cryptographic bypass capability is not supported by the RACF Program Signature Verification module.
Significant interconnections and data flow:
Figure 2: Data input, data output, control input and status output
FIPS Interface Physical Port Module Interface
Data input N/A API input parameters
Data output N/A N/A
Control input N/A Function code
Status output N/A API return codes, reason codes, error
and success messages
Power Input PC Power Supply Port N/A
Table 8: Data input, data output, control input and status output
Roles, Services and Authentication
Roles
The modules support the verification of signed programs, including the IRRPVERS verification module.
© Copyright IBM Corp. 2021 Page 10 of 18
There are 2 roles, crypto officer and user. All roles are implicitly assumed based upon the service invoked.
Role Purpose / Permitted Actions Type of
Authentication
Authentication
Data
Strength of
Mechanism
User Request to verify a signed program None None N/A
Crypto
officer
Configure system to make the
IRRPVERS module available to verify
signed program on behalf of user
Implicit1
N/A N/A
Table 9: Token Role Descriptions and Authentication Mechanisms
1
The Crypto officer role is not explicitly authenticated but assumed implicitly on implementation of the module’s
installation and usage sections.
Services
The module provides a program verification service. This service is requested automatically by the operating system
when it detects that a signed program is being loaded into storage. FIPS Approved Algorithms are shown in Table
10 and Services in Table 11.
Algorithm Notes Modes Approved
If yes, Cert # 1
Software
RSA Verify for module integrity
(1024 and 2048 bits) (RACF
R_PgmSignVer callable service)
PKCS #1 v1.5 using SHA-
256 (IRRPVERS)
N/A Cert. #1979 (IBM z/OS Version
2 Release 1 Security Server
RACF Signature Verification
Module)
Cert. #2283 (IBM z/OS Version
2 Release 2 Security Server
RACF Signature Verification
Module)
Cert. #C219 (IBM z/OS
Version 2 Release 3 Security
Server RACF Signature
Verification Module)
Cert. #C1634 (IBM z/OS
Version 2 Release 4 Security
Server RACF Signature
Verification Module on z14)
Cert. #C1766 (IBM z/OS
Version 2 Release 4 Security
© Copyright IBM Corp. 2021 Page 11 of 18
Algorithm Notes Modes Approved
If yes, Cert # 1
Server RACF Signature
Verification Module on z15)
CPACF
(KIMD SHA-256 and KLMD
machine instructions)
FIPS 180-4 N/A Cert. #3196 (for IBM z/OS
Version 2 Release 1 Security
Server RACF Signature
Verification Module)
Cert. #3661 (for IBM z/OS
Version 2 Release 2 Security
Server RACF Signature
Verification Module)
Cert. # C79 (for IBM z/OS
Version 2 Release 3 Security
Server RACF Signature
Verification Module)
Cert. #C79 (for IBM z/OS
Version 2 Release 4 Security
Server RACF Signature
Verification Module on z14)
Cert. #A389 (for IBM z/OS
Version 2 Release 4 Security
Server RACF Signature
Verification Module on z15)
Table 10: FIPS Approved Algorithms
1
Not all algorithms or modes listed in the certificates are used by the module.
Service Notes Roles CSPs CSPs’ access
Module Status Crypto
Officer
User Read (R), Write (W)
or Execute (EX)
Query mode Check if module is available
(message ICH448I in the
system log)
Yes Yes N/A N/A
Integrity Checks
Power up tests Automatic before first use Yes No N/A N/A
Self-tests Requires system re-boot Yes No N/A N/A
Signature Verification
Verify Program
Signature
Verify the PKCS #1 v1.5
signature of a program to be
loaded
No Yes N/A N/A
Table 11: Services and associated CSPs
© Copyright IBM Corp. 2021 Page 12 of 18
All service inputs and outputs are described in the z/OS V2R1 Security Server RACF Callable Services, the z/OS
V2R2 Security Server RACF Callable Services, z/OS V2R3 Security Server RACF Callable Services and the z/OS
V2R4 Security Server RACF Callable Services manuals and the z/Architecture Principles of Operation manual.
The configuration specifications for the Crypto Officer are specified in the z/OS V2R1 Security Server RACF
Security Administrators Guide, the z/OS V2R2 Security Server RACF Security Administrators Guide, z/OS V2R3
Security Server RACF Security Administrators Guide and the z/OS V2R4 Security Server RACF Security
Administrators Guide manuals.
Operational Environment
Installation and Invocation
RACF level HRF7790 is installed as part of the z/OS Version 2 Release 1 ServerPac using the “Installing Your
Order” documentation provided with the ServerPac (prepackaged tailored z/OS installation including RACF).
RACF level HRF77A0 is installed as part of the z/OS Version 2 Release 2 ServerPac using the “Installing Your
Order” documentation provided with the ServerPac (prepackaged tailored z/OS installation including RACF).
RACF level HRF77B0 is installed as part of the z/OS Version 2 Release 3 ServerPac using the “Installing Your
Order” documentation provided with the ServerPac (prepackaged tailored z/OS installation including RACF).
RACF level HRF77C0 is installed as part of the z/OS Version 2 Release 4 ServerPac using the “Installing Your
Order” documentation provided with the ServerPac (prepackaged tailored z/OS installation including RACF).
The RACF Signature Verification module (IRRPVERS) is shipped as part of the Security Server RACF component.
IRRPVERS is the only RACF FIPS cryptographic relevant module, the rest of the RACF component is deemed as
not being cryptographically relevant. Therefore, is not considered part of the cryptographic boundary.
The RACF Signature Verification module is written in PL/X, with certain functionality contained within assembler,
such as functions that utilize the CPACF.
The RACF Signature Verification cryptographic module is intended to operate within the z/OS Version 2 Release
1, the z/OS Version 2 Release 2, z/OS Version 2 Release 3 and the z/OS Version 2 Release 4 in a single-user mode
of operation.
Using RACF Signature Verification module in a FIPS 140-2 approved manner assumes that the following defined
criteria are followed:
• The Operating System enforces authentication method(s) to prevent unauthorized access to Module
services.
• All host system components that can contain sensitive cryptographic data (main memory, system bus,
disk storage) must be located within a secure environment.
• The RACF Signature Verification module setup procedures documented in the RACF Security
Administrators Guide.
• The CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 must be installed and
enabled.
© Copyright IBM Corp. 2021 Page 13 of 18
Approved Mode of Operation
Configuring the cryptographic module for the Approved mode of operation is a one-time setup. Once configured to
verify the signatures of signed executable modules, no additional steps are required to ensure that IRRPVERS is
executing in an approved mode of operation. Detailed setup guidance for the cryptographic module is provided in
the z/OS V2R1 Security Server RACF Security Administrators Guide, the z/OS V2R2 Security Server RACF Security
Administrators Guide, the z/OS V2R3 Security Server RACF Security Administrators Guide and the z/OS V2R4
Security Server RACF Security Administrators Guide manuals and summarized below:
• Create a key ring to use for signature verification
• Add the TRUST attribute to the code-signing CA certificate supplied with RACF
• Add the code-signing CA certificate to the key ring previously created
• Create a FACILITY class profile that specifies the name of the key ring previously created
• Control execution of the cryptographic module using a profile in the FACILITY class
• Correct setup can be confirmed at this point by executing the IRRVERLD program.
At this point the cryptographic module is configured to run in the approved mode. The module will be automatically
started each time the system is re-started Additional setup (described in the z/OS V2R1 Security Server RACF
Security Administrators Guide, the z/OS V2R2 Security Server RACF Security Administrators Guide, the z/OS V2R3
Security Server RACF Security Administrators Guide and the z/OS V2R4 Security Server RACF Security
Administrators Guide manuals) is required to identify executable programs that should have their signatures verified
prior to being allowed to execute.
Mitigation of Other Attacks
The Mitigation of Other Attacks security section of FIPS 140-2 is not applicable to the RACF Program Signature
Verification cryptographic module.
Physical Security
The RACF Program Verification module inherits the physical characteristics of the host running it, including the
physical characteristics from CPACF. The software part of the RACF Program Signature Verification has no
physical security characteristics of its own. Figure 3 illustrates an IBM z13 mainframe computer. Figure 4 illustrates
an IBM z14 mainframe computer. Figure 5 illustrates an IBM z15 mainframe computer.
The CP Assist for Cryptographic Function (CPACF) (see Figure 6 and 7) offers the full complement of the Triple-
DES algorithm, Advanced Encryption Standard (AES) algorithm and Secure Hash Algorithm (SHA). For this
module, only the SHA-256 CPACF implementation is utilized.
CPACF Physical Design: Each set of two microprocessors (cores) on the quad-core chip share a Co-Processor Unit
(CoP), which implements the crypto instructions and also provides the hardware compression function. The
compression unit is integrated with the CP Assist for Cryptographic Function (CPACF), benefiting from combining
(sharing) the use of buffers and interfaces. The CoP is located on the processor die and is connected to two cores
and to L2 cache with dedicated buses.
© Copyright IBM Corp. 2021 Page 14 of 18
Figure 3: IBM z13 Mainframe Computer
Figure 4: IBM z14 Mainframe Computer
© Copyright IBM Corp. 2021 Page 15 of 18
Figure 5: IBM z15 Mainframe Computer
Figure 6: IBM CPACF
© Copyright IBM Corp. 2021 Page 16 of 18
Figure 7: IBM z15 CPACF
EMI/EMC
EMI/EMC properties of RACF Signature Verification are not meaningful for the RACF Signature Verification
module itself. Systems utilizing the module’s services have their overall EMI/EMC ratings determined by the host
system. The validation environments meet the requirements of 47 CFR FCC PART 15, Subpart B, Class A
(Business use).
Self-Tests
RACF Signature Verification Module
The RACF Signature Verification module implements self-tests to check proper functioning of the module
including power-up self-tests. If a self-test fails the appropriate return and reason code along with an error message
is returned as documented in the z/OS V2R1 Security Server RACF Callable Services, the z/OS V2R2 Security Server
RACF Callable Services, the z/OS V2R3 Security Server RACF Callable Services and the z/OS V2R4 Security
Server RACF Callable Services manuals, and the z/OS V2R1 Security Server RACF Messages and Codes, the z/OS
V2R2 Security Server RACF Messages and Codes, the z/OS V2R3 Security Server RACF Messages and Codes and
the z/OS V2R4 Security Server RACF Messages and Codes manuals.
Startup Self-Tests
“Power-up" self-tests consist of a software integrity test. The module integrity test is automatically performed
during loading. If the test fails, the module will be returned to the uninitialized state, and a message is issued. If the
message indicates a configuration issue, the user can use RACF commands to fix the configuration error and then
execute the RACF IRRVERLD utility to retry the software integrity test.
The integrity of the module is verified by checking an RSA/SHA-256-based digital signature of the module’s binary
prior to being utilized in FIPS 140-2 compliant mode. Initialization will only succeed if the module’s signature is
verified successfully. The module signature is generated during the final phase of the build process. The integrity
verification involves loading the IRRPVERS module twice into different storage locations. The first copy verifies
the integrity of the second copy. Verification involves verifying the digital signature (RSA 2048 bits with SHA256)
inside the module with the to-be-verified data of the loaded module. Since the two module copies are identical,
© Copyright IBM Corp. 2021 Page 17 of 18
verifying the integrity of the second copy implies that the integrity of the first copy is also verified. Once verified,
the second copy is removed from memory. Any failures during the integrity check result in transition back to the
IRRPVERS uninitialized state thus preventing any cryptographic function from being performed.
Per section 9.3 of FIPS 140-2 (KAT for Algorithms used in Integrity Test Technique) it is not necessary for
IRRPVERS to perform a known answer test because its cryptographic functionality is tested by the module integrity
test.
The module tests the following cryptographic algorithms:
CPACF – SHA-256
Software – RSA Signature Verify
Invoking FIPS 140-2 self-tests on demand
If the RACF IRRPVERS integrity test has previously completed without error, a system reboot is required for the
RACF IRRPVERS module to repeat the module integrity test on demand. If the RACF IRRPVERS integrity test
has not previously completed successfully, the test can be executed on demand by executing the IRRVERLD utility.
Application Programming Interfaces (APIs)
The following Services (APIs) in Table 12: RACF Signature Verification Module Services (API) can be executed
by the user. The approved/allowed services used by the APIs are:
• RSA (1024 and 2048 bits) signature verification (SHA-256)
Verb Service Name Description
R_PgmSignVer
(IRRSPS00)
Program Sign and Verify R_PgmSignVer service provides the function
required to verify a z/OS program object signature.
Table 12: RACF Signature Verification Module Services (API)
© Copyright IBM Corp. 2021 Page 18 of 18
Glossary
API Application Programming Interface
CPACF CP Assist for Cryptographic Function DES/TDES Enablement Feature 3863, clear key on-
chip accelerator integrated into mainframe processors. CPACF functionality is restricted to
symmetric and hashing operations
CP Central Processor
COP Coprocessor unit
KAT Known Answer Test
OS Operating System
ServerPac Prepackaged version of the z/OS Operating System
References
[1] National Institute of Standards and Technology, Security Requirements for Cryptographic Modules (FIPS
140-2), 2002
Trademarks
The following terms are trademarks of the IBM Corporation in the United States or other countries or both:
• IBM
• RACF
• z13
• z14
• z15
• zEnterprise
• z/OS