From nobody Sun Jan 25 10:13:58 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1769168748; cv=none; d=zohomail.com; s=zohoarc; b=Tv8bxpDI+KQjsus35mrpBhSIf5muA1P0X0GJpnmRf3S7bxyLBa46x+I2JzN1U8JuZ4uKuiILxeF+TKQ5/NayRzCow2foCUvEtUSdisGxWVnHxwoLfd1NG2iy3CwGkcypGyTiDdzgx+mqZMHvG+5dI3LD/JPMR9Omg6P4Vyeec0g= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1769168748; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=1E0j/ZGTg4KACLHVTPGEeHVAmQMEpLs0JPqT6lzOOL8=; b=QLOWPsAikRu3lhvNkg8jNJ+z3K/+Q8wsnXc2JmMzJEGy88glUiRLugqyiBovVqVSUGcr3KqvDuaprAkOs9ZzI4hmczJTSbsoFqjzRRXLhohGQhcE2hDyUfKGq/Ts2zgd2ylcSkZJ+cY7j0Dk8ZeutdHJ6BETDNoyzu1Rm5EIrcw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1769168748215152.81538324843257; Fri, 23 Jan 2026 03:45:48 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vjFae-0005f0-M6; Fri, 23 Jan 2026 06:44:36 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjFZV-00050v-5a; Fri, 23 Jan 2026 06:43:32 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjFZN-0006xT-VK; Fri, 23 Jan 2026 06:43:24 -0500 Received: from pps.filterd (m0353729.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 60N1IehX006240; Fri, 23 Jan 2026 11:43:14 GMT Received: from ppma22.wdc07v.mail.ibm.com (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4br23sfqs0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jan 2026 11:43:14 +0000 (GMT) Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1]) by ppma22.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 60N9GwIO016611; Fri, 23 Jan 2026 11:43:13 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4brn4ygxuu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jan 2026 11:43:12 +0000 Received: from smtpav03.fra02v.mail.ibm.com (smtpav03.fra02v.mail.ibm.com [10.20.54.102]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 60NBh8A855968192 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 23 Jan 2026 11:43:08 GMT Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CB35A20043; Fri, 23 Jan 2026 11:43:08 +0000 (GMT) Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B3C9B2004D; Fri, 23 Jan 2026 11:43:08 +0000 (GMT) Received: from funtu2.ibm.com (unknown [9.111.163.22]) by smtpav03.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 23 Jan 2026 11:43:08 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=1E0j/ZGTg4KACLHVT PGEeHVAmQMEpLs0JPqT6lzOOL8=; b=Pn/IHWysY46whJsE/7tby6iLW6Zqv0eOt mkDBqdWz6yUGjN37D+yojEKL2wWflvTjClNHCLrAZ6rfWQ9YOyJKw2rtEYRfxQqQ HFvpi0ciO/cN0hTOkV9Ao2PzPsJXu6K0QMLvxgcVbq5xfL5qefE1zrN/9lBiYOnH 4i3+h/gj75Igbil/wh4Nm8YCQm/GYzYvlROEmytg8GtAMk9VYrA0QsL6gKspEQvg m7E4EcxWy1W2G1iLktxzuCTyiOXTzXeMPlWyAHwxkcYbZsR95bE+6kCFDbkbiubz 9wsYt2UArPcnNH/q54t27OTC7SwWfrS1DROLxLgT5y1XWCNQ9D5SA== From: Harald Freudenberger To: pbonzini@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, borntraeger@linux.ibm.com, frankja@linux.ibm.com Subject: [PATCH v3 01/14] target/s390x: Rework s390 cpacf implementations Date: Fri, 23 Jan 2026 12:42:55 +0100 Message-ID: <20260123114308.19401-2-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260123114308.19401-1-freude@linux.ibm.com> References: <20260123114308.19401-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 6bkq1Oz93m63RiRmDeCeKcZFPF_TZjRk X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMTIzMDA5MiBTYWx0ZWRfX4T8REFGlPu/w cr5jL+04MH6KLYgJtrcTXb/UzAX036dy6O1J77SKB2iTySCdygyPuri3yUvzWp+Q1HUGAnVMKGM dbD3qCpUnciEWDhKZ8plvMzBbhYCRFjIi3q91isHeOum/xcXp/fWu/SSF4htIloYVQYyEWZzIt+ nlde3OKQTEUv3ALj6OFgvQ2Tgc4dEKjDc/UYURsejXVHn6PUqyADrwrJYquYFZEQIixWspBsle4 zyBTA1YFSlrGfk5LKhZ4tg154JaTR7oaR8dQVgOrciml8/DyPGE86Y5tB82ntrIIti76100Nm7e iWRB+o2i3JGHOu3R9wsnrUfTHmvl3g5aPoWYuU+SCtuXndO75bJRK/S5Y+Hpl/DYt3quJAhP77K mtUPTB8OW+e3W92/ERBtfGezpqzENz77EhXSNcdtwgR+dnhG7dr5hoEiefxak3E5rsYls5HIm86 pyhBGNMDNzqQUQSfpGQ== X-Authority-Analysis: v=2.4 cv=J9SnLQnS c=1 sm=1 tr=0 ts=69735ed2 cx=c_pps a=5BHTudwdYE3Te8bg5FgnPg==:117 a=5BHTudwdYE3Te8bg5FgnPg==:17 a=vUbySO9Y5rIA:10 a=VkNPw1HP01LnGYTKEx00:22 a=VnNF1IyMAAAA:8 a=n0GLcnPdRiOQeUnuI50A:9 X-Proofpoint-ORIG-GUID: 6bkq1Oz93m63RiRmDeCeKcZFPF_TZjRk X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.20,FMLib:17.12.100.49 definitions=2026-01-23_02,2026-01-22_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 impostorscore=0 adultscore=0 suspectscore=0 spamscore=0 lowpriorityscore=0 malwarescore=0 clxscore=1015 bulkscore=0 phishscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2601150000 definitions=main-2601230092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=freude@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1769168750857154100 Content-Type: text/plain; charset="utf-8" Fix missing parts for MSA 9 kdsa and rework the cpacf handling code so that further extensions can be made in a clean and structured way. Signed-off-by: Harald Freudenberger --- target/s390x/tcg/crypto_helper.c | 85 ++++++++++++++++++++++++++------ target/s390x/tcg/insn-data.h.inc | 1 + target/s390x/tcg/translate.c | 7 +++ 3 files changed, 79 insertions(+), 14 deletions(-) diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 4447bb66ee..0b00d8ba5b 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -268,6 +268,57 @@ static void fill_buf_random(CPUS390XState *env, uintpt= r_t ra, } } =20 +static int cpacf_kimd(CPUS390XState *env, const uintptr_t ra, + uint32_t r1, uint32_t r2, uint32_t r3, uint8_t fc) +{ + int rc =3D 0; + + switch (fc) { + case 0x03: /* CPACF_KIMD_SHA_512 */ + rc =3D cpacf_sha512(env, ra, env->regs[1], &env->regs[r2], + &env->regs[r2 + 1], S390_FEAT_TYPE_KIMD); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + +static int cpacf_klmd(CPUS390XState *env, const uintptr_t ra, + uint32_t r1, uint32_t r2, uint32_t r3, uint8_t fc) +{ + int rc =3D 0; + + switch (fc) { + case 0x03: /* CPACF_KLMD_SHA_512 */ + rc =3D cpacf_sha512(env, ra, env->regs[1], &env->regs[r2], + &env->regs[r2 + 1], S390_FEAT_TYPE_KLMD); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + +static int cpacf_ppno(CPUS390XState *env, uintptr_t ra, + uint32_t r1, uint32_t r2, uint32_t r3, uint8_t fc) +{ + int rc =3D 0; + + switch (fc) { + case 0x72: /* CPACF_PRNO_TRNG */ + fill_buf_random(env, ra, &env->regs[r1], &env->regs[r1 + 1]); + fill_buf_random(env, ra, &env->regs[r2], &env->regs[r2 + 1]); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, uint32_t r2, uint32_= t r3, uint32_t type) { @@ -276,14 +327,15 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1,= uint32_t r2, uint32_t r3, const uint8_t fc =3D env->regs[0] & 0x7fULL; uint8_t subfunc[16] =3D { 0 }; uint64_t param_addr; - int i; + int i, rc =3D 0; =20 switch (type) { - case S390_FEAT_TYPE_KMAC: + case S390_FEAT_TYPE_KDSA: case S390_FEAT_TYPE_KIMD: case S390_FEAT_TYPE_KLMD: - case S390_FEAT_TYPE_PCKMO: + case S390_FEAT_TYPE_KMAC: case S390_FEAT_TYPE_PCC: + case S390_FEAT_TYPE_PCKMO: if (mod) { tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); } @@ -295,24 +347,29 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1,= uint32_t r2, uint32_t r3, tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); } =20 - switch (fc) { - case 0: /* query subfunction */ - for (i =3D 0; i < 16; i++) { + /* handle query subfunction */ + if (fc =3D=3D 0) { + for (i =3D 0; i < sizeof(subfunc); i++) { param_addr =3D wrap_address(env, env->regs[1] + i); cpu_stb_data_ra(env, param_addr, subfunc[i], ra); } + goto out; + } + + switch (type) { + case S390_FEAT_TYPE_KIMD: + rc =3D cpacf_kimd(env, ra, r1, r2, r3, fc); break; - case 3: /* CPACF_*_SHA_512 */ - return cpacf_sha512(env, ra, env->regs[1], &env->regs[r2], - &env->regs[r2 + 1], type); - case 114: /* CPACF_PRNO_TRNG */ - fill_buf_random(env, ra, &env->regs[r1], &env->regs[r1 + 1]); - fill_buf_random(env, ra, &env->regs[r2], &env->regs[r2 + 1]); + case S390_FEAT_TYPE_KLMD: + rc =3D cpacf_klmd(env, ra, r1, r2, r3, fc); + break; + case S390_FEAT_TYPE_PPNO: + rc =3D cpacf_ppno(env, ra, r1, r2, r3, fc); break; default: - /* we don't implement any other subfunction yet */ g_assert_not_reached(); } =20 - return 0; +out: + return rc; } diff --git a/target/s390x/tcg/insn-data.h.inc b/target/s390x/tcg/insn-data.= h.inc index ec730ee091..b6095711f2 100644 --- a/target/s390x/tcg/insn-data.h.inc +++ b/target/s390x/tcg/insn-data.h.inc @@ -1012,6 +1012,7 @@ D(0xb92e, KM, RRE, MSA, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_KM) D(0xb92f, KMC, RRE, MSA, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_KMC) D(0xb929, KMA, RRF_b, MSA8, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_KMA) + D(0xb93a, KDSA, RRE, MSA9, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_KDS= A) E(0xb93c, PPNO, RRE, MSA5, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_PPN= O, IF_IO) D(0xb93e, KIMD, RRE, MSA, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_KIM= D) D(0xb93f, KLMD, RRE, MSA, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_KLM= D) diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c index 4d2b8c5e2b..a5fdc05d37 100644 --- a/target/s390x/tcg/translate.c +++ b/target/s390x/tcg/translate.c @@ -2565,6 +2565,12 @@ static DisasJumpType op_msa(DisasContext *s, DisasOp= s *o) case S390_FEAT_TYPE_PCKMO: case S390_FEAT_TYPE_PCC: break; + case S390_FEAT_TYPE_KDSA: + if (r1) { + gen_program_exception(s, PGM_SPECIFICATION); + return DISAS_NORETURN; + } + break; default: g_assert_not_reached(); }; @@ -6018,6 +6024,7 @@ enum DisasInsnEnum { #define FAC_MSA4 S390_FEAT_MSA_EXT_4 /* msa-extension-4 facility */ #define FAC_MSA5 S390_FEAT_MSA_EXT_5 /* msa-extension-5 facility */ #define FAC_MSA8 S390_FEAT_MSA_EXT_8 /* msa-extension-8 facility */ +#define FAC_MSA9 S390_FEAT_MSA_EXT_9 /* msa-extension-9 facility */ #define FAC_ECT S390_FEAT_EXTRACT_CPU_TIME #define FAC_PCI S390_FEAT_ZPCI /* z/PCI facility */ #define FAC_AIS S390_FEAT_ADAPTER_INT_SUPPRESSION --=20 2.43.0 From nobody Sun Jan 25 10:13:58 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1769168756; cv=none; d=zohomail.com; s=zohoarc; b=OoR1U0J4ulyxWKRBboHSkd/HPzpr3qlUI3H6vOJgUZCq8k1FN0ZphFb9feZ79V8N0hgm57FFO1pTg9tMAGo63zDNRYArUJfoyAKfwJBtfMHcW0Sm8pAOjHzlTHJ8/di1bYh0u56yuylU/r4rAaPfFNiG77czdVn/qobS+0/qiYc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1769168756; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=BVWOsHW2glTWavO1WazXYDTaVZJayK1vevs38h74Zk4=; b=ApG4hDJNuipbBoki8BBmijIB+GimJKuVYA3Z+4yoQn5GuDTpMx5z07g/8TcRBz5Lher4R6lq037JZYjRJWJmU/0v4uhT4jlCZnydovFtpeUvXTY2vlCTEBUOqC5oZ+kN0EqKjZ9wffpSsugcmUCqHyQIZdn2UiNrom3t59vaekI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1769168756102249.21782284512233; Fri, 23 Jan 2026 03:45:56 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vjFaa-0005Zn-T2; Fri, 23 Jan 2026 06:44:32 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjFZV-00050w-5i; Fri, 23 Jan 2026 06:43:32 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjFZN-0006xR-U1; Fri, 23 Jan 2026 06:43:23 -0500 Received: from pps.filterd (m0353729.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 60N2PrGo006450; Fri, 23 Jan 2026 11:43:14 GMT Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4br23sfqs2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jan 2026 11:43:14 +0000 (GMT) Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 60N9oRM5024575; Fri, 23 Jan 2026 11:43:13 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 4brxas74ck-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jan 2026 11:43:13 +0000 Received: from smtpav03.fra02v.mail.ibm.com (smtpav03.fra02v.mail.ibm.com [10.20.54.102]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 60NBh9NE29557498 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 23 Jan 2026 11:43:09 GMT Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 04F7A20040; Fri, 23 Jan 2026 11:43:09 +0000 (GMT) Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CF1C12004E; Fri, 23 Jan 2026 11:43:08 +0000 (GMT) Received: from funtu2.ibm.com (unknown [9.111.163.22]) by smtpav03.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 23 Jan 2026 11:43:08 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=BVWOsHW2glTWavO1W azXYDTaVZJayK1vevs38h74Zk4=; b=T3SJjuOXLiu3eskY4FbKysV/fj4IMjBPE y9FbNhhyvHPkubTxvKNwMiBh19ByXBTeJv1brkYW3WJddxHDYss2Ch4Fcsj32QcA +7RY61c+26XS8FbCTw/ISUBDwlBGE8mozpcqeptk9DqfN5RP8G5vvldTNRAnF9Xg BQ3vFZHyAGt5PtvLs51/UQ8wSY9l7TXGNDL2CYhcZ8TXgVQUOmZ+W1EPn9Z6HiKp lXJM+vkAyx0zVph6af2Z+oQUpOUxsJNqdh8i86de6IaHlotvPT30qpJRrTE3U2Jr k+X1Wo0yrpJZtw5Z8J7nZ2MsrTPib0XJfvWr0N1/PE6jmfr418a2Q== From: Harald Freudenberger To: pbonzini@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, borntraeger@linux.ibm.com, frankja@linux.ibm.com Subject: [PATCH v3 02/14] target/s390x: Move cpacf sha512 code into a new file Date: Fri, 23 Jan 2026 12:42:56 +0100 Message-ID: <20260123114308.19401-3-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260123114308.19401-1-freude@linux.ibm.com> References: <20260123114308.19401-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: BQeTc9PnFx6moCyJHGpbuf-8yCcZTTMI X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMTIzMDA5MiBTYWx0ZWRfX/IXCzdFBJ6uI YEaVHhmsmHmT06Ug7jgpS7XxAx3STGDWqIhGTAcEeAOZZ2TSnl6rii4BGLdt4q6hHjgpwRBd786 zccQZSPiRukx5ROwjt5/DfwH3cXfSKCL8D4QtsDuRu2cOOwbYXa7OFua1GLOsNIm+Ea39m/7C9/ e5TftW0fVYSYNXXARaKWMKwNHxhvBHjzIipgmFcq7uxmo551B7k8MSrBYrVQtdmR+bKE2AtaeRQ 4WcYPg14ETik02an+YDyrXv7R36k7+oYGkuicDsLTQs+qjFYV4HlnJ4myoxjcgCP67TJUtqIypZ gDoaPVGxSTdr9jJwNK4gTdUgk8BVBpd36ePzM0nknG2PzxLfmDH85ouhgh4ubx6SROlVHkdq1T5 TLh6Q26b+hQ+bgDs7dPvIMeyR9h9bBeTzE/0jQ/0GpA2ilIgu9RZoV6sxrGu9tkQOX25laX3I0g 2pOtxFglR7vwfSKjWLw== X-Authority-Analysis: v=2.4 cv=J9SnLQnS c=1 sm=1 tr=0 ts=69735ed2 cx=c_pps a=bLidbwmWQ0KltjZqbj+ezA==:117 a=bLidbwmWQ0KltjZqbj+ezA==:17 a=vUbySO9Y5rIA:10 a=VkNPw1HP01LnGYTKEx00:22 a=VnNF1IyMAAAA:8 a=UGG5zPGqAAAA:8 a=AX_EWL0yeIb428kAMdMA:9 a=17ibUXfGiVyGqR_YBevW:22 X-Proofpoint-ORIG-GUID: BQeTc9PnFx6moCyJHGpbuf-8yCcZTTMI X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.20,FMLib:17.12.100.49 definitions=2026-01-23_02,2026-01-22_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 impostorscore=0 adultscore=0 suspectscore=0 spamscore=0 lowpriorityscore=0 malwarescore=0 clxscore=1015 bulkscore=0 phishscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2601150000 definitions=main-2601230092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=freude@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1769168758898154100 Content-Type: text/plain; charset="utf-8" Move the cpacf sha512 implementation into a new file cpacf_sha512.c. Add this new file to the build and add a new header file cpacf.h containing the prototypes for the s390 cpacf stuff. Signed-off-by: Harald Freudenberger --- target/s390x/tcg/cpacf.h | 15 ++ target/s390x/tcg/cpacf_sha512.c | 241 +++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 225 +---------------------------- target/s390x/tcg/meson.build | 1 + 4 files changed, 258 insertions(+), 224 deletions(-) create mode 100644 target/s390x/tcg/cpacf.h create mode 100644 target/s390x/tcg/cpacf_sha512.c diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h new file mode 100644 index 0000000000..99b8a11232 --- /dev/null +++ b/target/s390x/tcg/cpacf.h @@ -0,0 +1,15 @@ +/* + * s390x cpacf + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ + +#ifndef S390X_CPACF_H +#define S390X_CPACF_H + +/* from crypto_sha512.c */ +int cpacf_sha512(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *message_reg, uint64_t *len_reg, uint32_t type); + +#endif diff --git a/target/s390x/tcg/cpacf_sha512.c b/target/s390x/tcg/cpacf_sha51= 2.c new file mode 100644 index 0000000000..5df55c3c50 --- /dev/null +++ b/target/s390x/tcg/cpacf_sha512.c @@ -0,0 +1,241 @@ +/* + * s390 cpacf sha512 + * + * Copyright (C) 2022 Jason A. Donenfeld . All Rights Re= served. + * + * Authors: + * Jason A. Donenfeld + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" +#include "s390x-internal.h" +#include "tcg_s390x.h" +#include "accel/tcg/cpu-ldst.h" +#include "cpacf.h" + +static uint64_t R(uint64_t x, int c) +{ + return (x >> c) | (x << (64 - c)); +} +static uint64_t Ch(uint64_t x, uint64_t y, uint64_t z) +{ + return (x & y) ^ (~x & z); +} +static uint64_t Maj(uint64_t x, uint64_t y, uint64_t z) +{ + return (x & y) ^ (x & z) ^ (y & z); +} +static uint64_t Sigma0(uint64_t x) +{ + return R(x, 28) ^ R(x, 34) ^ R(x, 39); +} +static uint64_t Sigma1(uint64_t x) +{ + return R(x, 14) ^ R(x, 18) ^ R(x, 41); +} +static uint64_t sigma0(uint64_t x) +{ + return R(x, 1) ^ R(x, 8) ^ (x >> 7); +} +static uint64_t sigma1(uint64_t x) +{ + return R(x, 19) ^ R(x, 61) ^ (x >> 6); +} + +static const uint64_t K[80] =3D { + 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, + 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, + 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL, + 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, + 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL, + 0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, + 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL, + 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, + 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL, + 0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, + 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL, + 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, + 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL, + 0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, + 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL, + 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, + 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL, + 0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, + 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL, + 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, + 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL, + 0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, + 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL, + 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, + 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL, + 0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, + 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL +}; + +/* a is icv/ocv, w is a single message block. w will get reused internally= . */ +static void sha512_bda(uint64_t a[8], uint64_t w[16]) +{ + uint64_t t, z[8], b[8]; + int i, j; + + memcpy(z, a, sizeof(z)); + for (i =3D 0; i < 80; i++) { + memcpy(b, a, sizeof(b)); + + t =3D a[7] + Sigma1(a[4]) + Ch(a[4], a[5], a[6]) + K[i] + w[i % 16= ]; + b[7] =3D t + Sigma0(a[0]) + Maj(a[0], a[1], a[2]); + b[3] +=3D t; + for (j =3D 0; j < 8; ++j) { + a[(j + 1) % 8] =3D b[j]; + } + if (i % 16 =3D=3D 15) { + for (j =3D 0; j < 16; ++j) { + w[j] +=3D w[(j + 9) % 16] + sigma0(w[(j + 1) % 16]) + + sigma1(w[(j + 14) % 16]); + } + } + } + + for (i =3D 0; i < 8; i++) { + a[i] +=3D z[i]; + } +} + +/* a is icv/ocv, w is a single message block that needs be64 conversion. */ +static void sha512_bda_be64(uint64_t a[8], uint64_t w[16]) +{ + uint64_t t[16]; + int i; + + for (i =3D 0; i < 16; i++) { + t[i] =3D be64_to_cpu(w[i]); + } + sha512_bda(a, t); +} + +static void sha512_read_icv(CPUS390XState *env, uint64_t addr, + uint64_t a[8], uintptr_t ra) +{ + int i; + + for (i =3D 0; i < 8; i++, addr +=3D 8) { + addr =3D wrap_address(env, addr); + a[i] =3D cpu_ldq_be_data_ra(env, addr, ra); + } +} + +static void sha512_write_ocv(CPUS390XState *env, uint64_t addr, + uint64_t a[8], uintptr_t ra) +{ + int i; + + for (i =3D 0; i < 8; i++, addr +=3D 8) { + addr =3D wrap_address(env, addr); + cpu_stq_be_data_ra(env, addr, a[i], ra); + } +} + +static void sha512_read_block(CPUS390XState *env, uint64_t addr, + uint64_t a[16], uintptr_t ra) +{ + int i; + + for (i =3D 0; i < 16; i++, addr +=3D 8) { + addr =3D wrap_address(env, addr); + a[i] =3D cpu_ldq_be_data_ra(env, addr, ra); + } +} + +static void sha512_read_mbl_be64(CPUS390XState *env, uint64_t addr, + uint8_t a[16], uintptr_t ra) +{ + int i; + + for (i =3D 0; i < 16; i++, addr +=3D 1) { + addr =3D wrap_address(env, addr); + a[i] =3D cpu_ldub_data_ra(env, addr, ra); + } +} + +int cpacf_sha512(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *message_reg, uint64_t *len_reg, uint32_t type) +{ + enum { MAX_BLOCKS_PER_RUN =3D 64 }; /* Arbitrary: keep interactivity. = */ + uint64_t len =3D *len_reg, a[8], processed =3D 0; + int i, message_reg_len =3D 64; + + g_assert(type =3D=3D S390_FEAT_TYPE_KIMD || type =3D=3D S390_FEAT_TYPE= _KLMD); + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + message_reg_len =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* KIMD: length has to be properly aligned. */ + if (type =3D=3D S390_FEAT_TYPE_KIMD && !QEMU_IS_ALIGNED(len, 128)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + sha512_read_icv(env, param_addr, a, ra); + + /* Process full blocks first. */ + for (; len >=3D 128; len -=3D 128, processed +=3D 128) { + uint64_t w[16]; + + if (processed >=3D MAX_BLOCKS_PER_RUN * 128) { + break; + } + + sha512_read_block(env, *message_reg + processed, w, ra); + sha512_bda(a, w); + } + + /* KLMD: Process partial/empty block last. */ + if (type =3D=3D S390_FEAT_TYPE_KLMD && len < 128) { + uint8_t x[128]; + + /* Read the remainder of the message byte-per-byte. */ + for (i =3D 0; i < len; i++) { + uint64_t addr =3D wrap_address(env, *message_reg + processed += i); + + x[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + /* Pad the remainder with zero and set the top bit. */ + memset(x + len, 0, 128 - len); + x[len] =3D 128; + + /* + * Place the MBL either into this block (if there is space left), + * or use an additional one. + */ + if (len < 112) { + sha512_read_mbl_be64(env, param_addr + 64, x + 112, ra); + } + sha512_bda_be64(a, (uint64_t *)x); + + if (len >=3D 112) { + memset(x, 0, 112); + sha512_read_mbl_be64(env, param_addr + 64, x + 112, ra); + sha512_bda_be64(a, (uint64_t *)x); + } + + processed +=3D len; + len =3D 0; + } + + /* + * Modify memory after we read all inputs and modify registers only af= ter + * writing memory succeeded. + * + * TODO: if writing fails halfway through (e.g., when crossing page + * boundaries), we're in trouble. We'd need something like access_prep= are(). + */ + sha512_write_ocv(env, param_addr, a, ra); + *message_reg =3D deposit64(*message_reg, 0, message_reg_len, + *message_reg + processed); + *len_reg -=3D processed; + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 0b00d8ba5b..2d1c0290b5 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -18,230 +18,7 @@ #include "tcg_s390x.h" #include "exec/helper-proto.h" #include "accel/tcg/cpu-ldst.h" - -static uint64_t R(uint64_t x, int c) -{ - return (x >> c) | (x << (64 - c)); -} -static uint64_t Ch(uint64_t x, uint64_t y, uint64_t z) -{ - return (x & y) ^ (~x & z); -} -static uint64_t Maj(uint64_t x, uint64_t y, uint64_t z) -{ - return (x & y) ^ (x & z) ^ (y & z); -} -static uint64_t Sigma0(uint64_t x) -{ - return R(x, 28) ^ R(x, 34) ^ R(x, 39); -} -static uint64_t Sigma1(uint64_t x) -{ - return R(x, 14) ^ R(x, 18) ^ R(x, 41); -} -static uint64_t sigma0(uint64_t x) -{ - return R(x, 1) ^ R(x, 8) ^ (x >> 7); -} -static uint64_t sigma1(uint64_t x) -{ - return R(x, 19) ^ R(x, 61) ^ (x >> 6); -} - -static const uint64_t K[80] =3D { - 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, - 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, - 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL, - 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, - 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL, - 0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, - 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL, - 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, - 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL, - 0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, - 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL, - 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, - 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL, - 0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, - 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL, - 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, - 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL, - 0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, - 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL, - 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, - 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL, - 0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, - 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL, - 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, - 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL, - 0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, - 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL -}; - -/* a is icv/ocv, w is a single message block. w will get reused internally= . */ -static void sha512_bda(uint64_t a[8], uint64_t w[16]) -{ - uint64_t t, z[8], b[8]; - int i, j; - - memcpy(z, a, sizeof(z)); - for (i =3D 0; i < 80; i++) { - memcpy(b, a, sizeof(b)); - - t =3D a[7] + Sigma1(a[4]) + Ch(a[4], a[5], a[6]) + K[i] + w[i % 16= ]; - b[7] =3D t + Sigma0(a[0]) + Maj(a[0], a[1], a[2]); - b[3] +=3D t; - for (j =3D 0; j < 8; ++j) { - a[(j + 1) % 8] =3D b[j]; - } - if (i % 16 =3D=3D 15) { - for (j =3D 0; j < 16; ++j) { - w[j] +=3D w[(j + 9) % 16] + sigma0(w[(j + 1) % 16]) + - sigma1(w[(j + 14) % 16]); - } - } - } - - for (i =3D 0; i < 8; i++) { - a[i] +=3D z[i]; - } -} - -/* a is icv/ocv, w is a single message block that needs be64 conversion. */ -static void sha512_bda_be64(uint64_t a[8], uint64_t w[16]) -{ - uint64_t t[16]; - int i; - - for (i =3D 0; i < 16; i++) { - t[i] =3D be64_to_cpu(w[i]); - } - sha512_bda(a, t); -} - -static void sha512_read_icv(CPUS390XState *env, uint64_t addr, - uint64_t a[8], uintptr_t ra) -{ - int i; - - for (i =3D 0; i < 8; i++, addr +=3D 8) { - addr =3D wrap_address(env, addr); - a[i] =3D cpu_ldq_be_data_ra(env, addr, ra); - } -} - -static void sha512_write_ocv(CPUS390XState *env, uint64_t addr, - uint64_t a[8], uintptr_t ra) -{ - int i; - - for (i =3D 0; i < 8; i++, addr +=3D 8) { - addr =3D wrap_address(env, addr); - cpu_stq_be_data_ra(env, addr, a[i], ra); - } -} - -static void sha512_read_block(CPUS390XState *env, uint64_t addr, - uint64_t a[16], uintptr_t ra) -{ - int i; - - for (i =3D 0; i < 16; i++, addr +=3D 8) { - addr =3D wrap_address(env, addr); - a[i] =3D cpu_ldq_be_data_ra(env, addr, ra); - } -} - -static void sha512_read_mbl_be64(CPUS390XState *env, uint64_t addr, - uint8_t a[16], uintptr_t ra) -{ - int i; - - for (i =3D 0; i < 16; i++, addr +=3D 1) { - addr =3D wrap_address(env, addr); - a[i] =3D cpu_ldub_data_ra(env, addr, ra); - } -} - -static int cpacf_sha512(CPUS390XState *env, uintptr_t ra, uint64_t param_a= ddr, - uint64_t *message_reg, uint64_t *len_reg, uint32_t t= ype) -{ - enum { MAX_BLOCKS_PER_RUN =3D 64 }; /* Arbitrary: keep interactivity. = */ - uint64_t len =3D *len_reg, a[8], processed =3D 0; - int i, message_reg_len =3D 64; - - g_assert(type =3D=3D S390_FEAT_TYPE_KIMD || type =3D=3D S390_FEAT_TYPE= _KLMD); - - if (!(env->psw.mask & PSW_MASK_64)) { - len =3D (uint32_t)len; - message_reg_len =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; - } - - /* KIMD: length has to be properly aligned. */ - if (type =3D=3D S390_FEAT_TYPE_KIMD && !QEMU_IS_ALIGNED(len, 128)) { - tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); - } - - sha512_read_icv(env, param_addr, a, ra); - - /* Process full blocks first. */ - for (; len >=3D 128; len -=3D 128, processed +=3D 128) { - uint64_t w[16]; - - if (processed >=3D MAX_BLOCKS_PER_RUN * 128) { - break; - } - - sha512_read_block(env, *message_reg + processed, w, ra); - sha512_bda(a, w); - } - - /* KLMD: Process partial/empty block last. */ - if (type =3D=3D S390_FEAT_TYPE_KLMD && len < 128) { - uint8_t x[128]; - - /* Read the remainder of the message byte-per-byte. */ - for (i =3D 0; i < len; i++) { - uint64_t addr =3D wrap_address(env, *message_reg + processed += i); - - x[i] =3D cpu_ldub_data_ra(env, addr, ra); - } - /* Pad the remainder with zero and set the top bit. */ - memset(x + len, 0, 128 - len); - x[len] =3D 128; - - /* - * Place the MBL either into this block (if there is space left), - * or use an additional one. - */ - if (len < 112) { - sha512_read_mbl_be64(env, param_addr + 64, x + 112, ra); - } - sha512_bda_be64(a, (uint64_t *)x); - - if (len >=3D 112) { - memset(x, 0, 112); - sha512_read_mbl_be64(env, param_addr + 64, x + 112, ra); - sha512_bda_be64(a, (uint64_t *)x); - } - - processed +=3D len; - len =3D 0; - } - - /* - * Modify memory after we read all inputs and modify registers only af= ter - * writing memory succeeded. - * - * TODO: if writing fails halfway through (e.g., when crossing page - * boundaries), we're in trouble. We'd need something like access_prep= are(). - */ - sha512_write_ocv(env, param_addr, a, ra); - *message_reg =3D deposit64(*message_reg, 0, message_reg_len, - *message_reg + processed); - *len_reg -=3D processed; - return !len ? 0 : 3; -} +#include "cpacf.h" =20 static void fill_buf_random(CPUS390XState *env, uintptr_t ra, uint64_t *buf_reg, uint64_t *len_reg) diff --git a/target/s390x/tcg/meson.build b/target/s390x/tcg/meson.build index ee4e8fec77..6dbc7ead65 100644 --- a/target/s390x/tcg/meson.build +++ b/target/s390x/tcg/meson.build @@ -1,5 +1,6 @@ s390x_ss.add(when: 'CONFIG_TCG', if_true: files( 'cc_helper.c', + 'cpacf_sha512.c', 'crypto_helper.c', 'excp_helper.c', 'fpu_helper.c', --=20 2.43.0 From nobody Sun Jan 25 10:13:58 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1769168764; cv=none; d=zohomail.com; s=zohoarc; b=i55viSuXUMK+KLbMqvMb0etotMg+Tn1/0suG3JOa2ZumnxHHLZ7uvnZmy4ZCEiUhPTSyONIrsz4vp4EoZKpLPG0UlwsdTS02TR3trGoT5G/LXroX7pwjADZ4oSYy8YQUdOA10j48GxZEHurpTA4ehR2TZPDkrmHZs+pbB9LWrRs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1769168764; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=TPtTFa5A7vAcwUioP3AQbn1Eo/AiGOxSBWapYPyYyAA=; b=X2fBhorp01hdTsTA/POprY5c0AH9st2Krhn6fYSP4vh8p9fvKQjpXOrozoFqFf3OjOXacXzb4F61L9gcTJ7QwxRDqGM/ONpCHhg95EbtZp0UqEnpL7w0zUD7TfONe5qD2APKeHx+7OvKxsbMzLyG4YyJW17aHfgonfamDDKm7Tk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1769168764370338.7308753152321; Fri, 23 Jan 2026 03:46:04 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vjFag-0005fq-72; Fri, 23 Jan 2026 06:44:38 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjFZV-00050z-7Z; Fri, 23 Jan 2026 06:43:32 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjFZN-0006xP-VK; Fri, 23 Jan 2026 06:43:24 -0500 Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 60N0I8Rd021306; Fri, 23 Jan 2026 11:43:14 GMT Received: from ppma22.wdc07v.mail.ibm.com (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4bt612j8tp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jan 2026 11:43:14 +0000 (GMT) Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1]) by ppma22.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 60N9q5ps016636; Fri, 23 Jan 2026 11:43:13 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4brn4ygxuw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jan 2026 11:43:13 +0000 Received: from smtpav03.fra02v.mail.ibm.com (smtpav03.fra02v.mail.ibm.com [10.20.54.102]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 60NBh96Q14680564 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 23 Jan 2026 11:43:09 GMT Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2C8BD2004B; Fri, 23 Jan 2026 11:43:09 +0000 (GMT) Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 096E020043; Fri, 23 Jan 2026 11:43:09 +0000 (GMT) Received: from funtu2.ibm.com (unknown [9.111.163.22]) by smtpav03.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 23 Jan 2026 11:43:08 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=TPtTFa5A7vAcwUioP 3AQbn1Eo/AiGOxSBWapYPyYyAA=; b=gUMq/aUpDnCFzkqKaMcmlVqcmb4ANv4yt AUYOc+rXMk4n/71yOQTo9VGVqnXWzUH1Tll8R+vGMYqjiM/ncyBjjGxrP6Cz8g28 G9LJ+z6j8YJjPZzlD5RKHO7ynyuPLjO19Rqr9kGwwMZ1cmH7YKxobAvbpnaM3/7j hyrq3w4Zy4KQL8aNT8Ezj8WEA4sDKc6A6lWhTEi9D3/dfmN4K2DaheUeLvyLTWWw Ot5S2Gc2ZPmW0gjebM86XQc19tBhjq3hDOo8vq2lkiVwXU1NEEFmOHjBGXBU4SKJ 71ul5tg80BUNttODKYSXQeWZcku/s5O6ipi1e60UqVR8gK98UhsWQ== From: Harald Freudenberger To: pbonzini@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, borntraeger@linux.ibm.com, frankja@linux.ibm.com Subject: [PATCH v3 03/14] target/s390x: Support cpacf sha256 Date: Fri, 23 Jan 2026 12:42:57 +0100 Message-ID: <20260123114308.19401-4-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260123114308.19401-1-freude@linux.ibm.com> References: <20260123114308.19401-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: yQwjXf_Ee2ks1tfXywvey433BCsUcWN9 X-Authority-Analysis: v=2.4 cv=LaIxKzfi c=1 sm=1 tr=0 ts=69735ed2 cx=c_pps a=5BHTudwdYE3Te8bg5FgnPg==:117 a=5BHTudwdYE3Te8bg5FgnPg==:17 a=vUbySO9Y5rIA:10 a=VkNPw1HP01LnGYTKEx00:22 a=VnNF1IyMAAAA:8 a=Oku5TADFz1XGWIWXx1gA:9 X-Proofpoint-ORIG-GUID: yQwjXf_Ee2ks1tfXywvey433BCsUcWN9 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMTIzMDA5MiBTYWx0ZWRfX/VqwmhHi+PXL bPe1PPgk2eKIzkd9u2VV2QjJY97dWAIILFrmY9yr1BvwHVXokrC8qqwIQPmNJoz6YQBDKrVDB6t tIzYqp1m334CbjMPUrHFL+z3HET7mJhV6bTSZK5zJpLTbgYBtlhqHP3dBbw5P/xh7XvwZ+b61gV YDdPtBzbndPMnbWW28PhNRfVkGKizJYG/toPs7gl5VtF2Qr+H1cetOgb8qGkXIxojyFGjbRiyoC kvGiSDQbzBdCtcFt2NxyFLjYu5U7Z7buqzQi60em9taa6DvunaHs1bScqZtO74moLWXmCjvN1at WlZVpdK8mYpqkooffN7ZLdSLQ74PZF1riSfNWeF0Db1whzqZdC4/wl+KzgHM2013TG2QlthRhGa sgjEmy3L6ADEE62pARiPDmbX2tifjC8KHy1hF8kXberv76rHgVi0ybz7jfCB4PBlRlPqW3o5SeS EQvU4ke6g0axqxYLe1A== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.20,FMLib:17.12.100.49 definitions=2026-01-23_02,2026-01-22_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 adultscore=0 phishscore=0 priorityscore=1501 lowpriorityscore=0 suspectscore=0 clxscore=1011 impostorscore=0 spamscore=0 malwarescore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2601150000 definitions=main-2601230092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1769168765058158500 Content-Type: text/plain; charset="utf-8" Add a new file cpacf_sha256.c which implements sha256. Add support for the sha256 subfuction for CPACF kimd and klmd. Signed-off-by: Harald Freudenberger --- target/s390x/gen-features.c | 2 + target/s390x/tcg/cpacf.h | 4 + target/s390x/tcg/cpacf_sha256.c | 229 +++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 8 ++ target/s390x/tcg/meson.build | 1 + 5 files changed, 244 insertions(+) create mode 100644 target/s390x/tcg/cpacf_sha256.c diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 8218e6470e..5cf5b92c37 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -916,7 +916,9 @@ static uint16_t qemu_V7_1[] =3D { */ static uint16_t qemu_MAX[] =3D { S390_FEAT_MSA_EXT_5, + S390_FEAT_KIMD_SHA_256, S390_FEAT_KIMD_SHA_512, + S390_FEAT_KLMD_SHA_256, S390_FEAT_KLMD_SHA_512, S390_FEAT_PRNO_TRNG, }; diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 99b8a11232..79f05e1e14 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -8,6 +8,10 @@ #ifndef S390X_CPACF_H #define S390X_CPACF_H =20 +/* from crypto_sha256.c */ +int cpacf_sha256(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *message_reg, uint64_t *len_reg, uint32_t type); + /* from crypto_sha512.c */ int cpacf_sha512(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, uint64_t *message_reg, uint64_t *len_reg, uint32_t type); diff --git a/target/s390x/tcg/cpacf_sha256.c b/target/s390x/tcg/cpacf_sha25= 6.c new file mode 100644 index 0000000000..5190aef6fa --- /dev/null +++ b/target/s390x/tcg/cpacf_sha256.c @@ -0,0 +1,229 @@ +/* + * s390 cpacf sha256 + * + * Authors: + * Harald Freudenberger + * + * The sha256 implementation here is more or less a copy-and-paste + * from Jason A. Donenfeld's implementation of sha 512 with adaptions + * for sha 256. + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" +#include "s390x-internal.h" +#include "tcg_s390x.h" +#include "accel/tcg/cpu-ldst.h" +#include "cpacf.h" + +static uint32_t R(uint32_t x, int c) +{ + return (x >> c) | (x << (32 - c)); +} +static uint32_t Ch(uint32_t x, uint32_t y, uint32_t z) +{ + return (x & y) ^ (~x & z); +} +static uint32_t Maj(uint32_t x, uint32_t y, uint32_t z) +{ + return (x & y) ^ (x & z) ^ (y & z); +} +static uint32_t Sigma0(uint32_t x) +{ + return R(x, 2) ^ R(x, 13) ^ R(x, 22); +} +static uint32_t Sigma1(uint32_t x) +{ + return R(x, 6) ^ R(x, 11) ^ R(x, 25); +} +static uint32_t sigma0(uint32_t x) +{ + return R(x, 7) ^ R(x, 18) ^ (x >> 3); +} +static uint32_t sigma1(uint32_t x) +{ + return R(x, 17) ^ R(x, 19) ^ (x >> 10); +} + +static const uint32_t K[64] =3D { + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, + 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, + 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, + 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, + 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, + 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2, +}; + +/* a is icv/ocv, w is a single message block. w will get reused internally= . */ +static void sha256_bda(uint32_t a[8], uint32_t w[16]) +{ + uint32_t t, z[8], b[8]; + int i, j; + + memcpy(z, a, sizeof(z)); + for (i =3D 0; i < 64; i++) { + memcpy(b, a, sizeof(b)); + + t =3D a[7] + Sigma1(a[4]) + Ch(a[4], a[5], a[6]) + K[i] + w[i % 16= ]; + b[7] =3D t + Sigma0(a[0]) + Maj(a[0], a[1], a[2]); + b[3] +=3D t; + for (j =3D 0; j < 8; ++j) { + a[(j + 1) % 8] =3D b[j]; + } + if (i % 16 =3D=3D 15) { + for (j =3D 0; j < 16; ++j) { + w[j] +=3D w[(j + 9) % 16] + sigma0(w[(j + 1) % 16]) + + sigma1(w[(j + 14) % 16]); + } + } + } + + for (i =3D 0; i < 8; i++) { + a[i] +=3D z[i]; + } +} + +/* a is icv/ocv, w is a single message block that needs be32 conversion. */ +static void sha256_bda_be32(uint32_t a[8], uint32_t w[16]) +{ + uint32_t t[16]; + int i; + + for (i =3D 0; i < 16; i++) { + t[i] =3D be32_to_cpu(w[i]); + } + sha256_bda(a, t); +} + +static void sha256_read_icv(CPUS390XState *env, uint64_t addr, + uint32_t a[8], uintptr_t ra) +{ + int i; + + for (i =3D 0; i < 8; i++, addr +=3D 4) { + addr =3D wrap_address(env, addr); + a[i] =3D cpu_ldl_be_data_ra(env, addr, ra); + } +} + +static void sha256_write_ocv(CPUS390XState *env, uint64_t addr, + uint32_t a[8], uintptr_t ra) +{ + int i; + + for (i =3D 0; i < 8; i++, addr +=3D 4) { + addr =3D wrap_address(env, addr); + cpu_stl_be_data_ra(env, addr, a[i], ra); + } +} + +static void sha256_read_block(CPUS390XState *env, uint64_t addr, + uint32_t a[16], uintptr_t ra) +{ + int i; + + for (i =3D 0; i < 16; i++, addr +=3D 4) { + addr =3D wrap_address(env, addr); + a[i] =3D cpu_ldl_be_data_ra(env, addr, ra); + } +} + +static void sha256_read_mbl(CPUS390XState *env, uint64_t addr, + uint8_t a[8], uintptr_t ra) +{ + int i; + + for (i =3D 0; i < 8; i++, addr +=3D 1) { + addr =3D wrap_address(env, addr); + a[i] =3D cpu_ldub_data_ra(env, addr, ra); + } +} + +int cpacf_sha256(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *message_reg, uint64_t *len_reg, uint32_t type) +{ + enum { MAX_BLOCKS_PER_RUN =3D 128 }; /* 128 * 64 =3D 8K */ + uint64_t len =3D *len_reg, processed =3D 0; + int i, message_reg_len =3D 64; + uint32_t a[8]; + + g_assert(type =3D=3D S390_FEAT_TYPE_KIMD || type =3D=3D S390_FEAT_TYPE= _KLMD); + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + message_reg_len =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* KIMD: length has to be properly aligned. */ + if (type =3D=3D S390_FEAT_TYPE_KIMD && !QEMU_IS_ALIGNED(len, 64)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + sha256_read_icv(env, param_addr, a, ra); + + /* Process full blocks first. */ + for (; len >=3D 64; len -=3D 64, processed +=3D 64) { + uint32_t w[16]; + + if (processed >=3D MAX_BLOCKS_PER_RUN * 64) { + break; + } + + sha256_read_block(env, *message_reg + processed, w, ra); + sha256_bda(a, w); + } + + /* KLMD: Process partial/empty block last. */ + if (type =3D=3D S390_FEAT_TYPE_KLMD && len < 64) { + uint8_t x[64]; + + /* Read the remainder of the message byte-per-byte. */ + for (i =3D 0; i < len; i++) { + uint64_t addr =3D wrap_address(env, *message_reg + processed += i); + + x[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + /* Pad the remainder with zero and set the top bit. */ + memset(x + len, 0, 64 - len); + x[len] =3D 0x80; + + /* + * Place the MBL either into this block (if there is space left), + * or use an additional one. + */ + if (len < 56) { + sha256_read_mbl(env, param_addr + 32, x + 56, ra); + } + sha256_bda_be32(a, (uint32_t *)x); + + if (len >=3D 56) { + memset(x, 0, 56); + sha256_read_mbl(env, param_addr + 32, x + 56, ra); + sha256_bda_be32(a, (uint32_t *)x); + } + + processed +=3D len; + len =3D 0; + } + + /* + * Modify memory after we read all inputs and modify registers only af= ter + * writing memory succeeded. + * + * TODO: if writing fails halfway through (e.g., when crossing page + * boundaries), we're in trouble. We'd need something like access_prep= are(). + */ + sha256_write_ocv(env, param_addr, a, ra); + *message_reg =3D deposit64(*message_reg, 0, message_reg_len, + *message_reg + processed); + *len_reg -=3D processed; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 2d1c0290b5..b69dbb61a6 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -51,6 +51,10 @@ static int cpacf_kimd(CPUS390XState *env, const uintptr_= t ra, int rc =3D 0; =20 switch (fc) { + case 0x02: /* CPACF_KIMD_SHA_256 */ + rc =3D cpacf_sha256(env, ra, env->regs[1], &env->regs[r2], + &env->regs[r2 + 1], S390_FEAT_TYPE_KIMD); + break; case 0x03: /* CPACF_KIMD_SHA_512 */ rc =3D cpacf_sha512(env, ra, env->regs[1], &env->regs[r2], &env->regs[r2 + 1], S390_FEAT_TYPE_KIMD); @@ -68,6 +72,10 @@ static int cpacf_klmd(CPUS390XState *env, const uintptr_= t ra, int rc =3D 0; =20 switch (fc) { + case 0x02: /* CPACF_KLMD_SHA_256 */ + rc =3D cpacf_sha256(env, ra, env->regs[1], &env->regs[r2], + &env->regs[r2 + 1], S390_FEAT_TYPE_KLMD); + break; case 0x03: /* CPACF_KLMD_SHA_512 */ rc =3D cpacf_sha512(env, ra, env->regs[1], &env->regs[r2], &env->regs[r2 + 1], S390_FEAT_TYPE_KLMD); diff --git a/target/s390x/tcg/meson.build b/target/s390x/tcg/meson.build index 6dbc7ead65..4115f4c704 100644 --- a/target/s390x/tcg/meson.build +++ b/target/s390x/tcg/meson.build @@ -1,5 +1,6 @@ s390x_ss.add(when: 'CONFIG_TCG', if_true: files( 'cc_helper.c', + 'cpacf_sha256.c', 'cpacf_sha512.c', 'crypto_helper.c', 'excp_helper.c', --=20 2.43.0 From nobody Sun Jan 25 10:13:58 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1769168883; cv=none; d=zohomail.com; s=zohoarc; b=OhjfV3NPVwIuvOsx4gGpHMAcHOl/4uGiBS0wf/ZtU2Ip9Z3Jtq14MriSZ2XC2pNO+wdADjc1k+Sa7P0n9TLsXiXud40N1aSfenlsV6Ul4GeBFIGDT8wG4GsTTtCFAQgF3f/V5g4yOc9DEvXa/ikrhwAg/Byc9M64vH1jSrEQljI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1769168883; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=I6s6euSKtjv3qriJFeYyiM2bE1vBTsywb6iIQZFRvUA=; b=I8GhIpnalMBL8p8dgoycwVMN5KqiCkRdO1WljaYMFfDSPjjM37btC/lFgis29K7Mmhbvgcl5hza2p2gGUtks0SFJB3JjTAX8sbvIsqSG5k/p5XdmQb3v4MGX6Pt9pvj2lcLIl1EIW8gVFns8tJ0rpQfEZPs6DrUA+Bu5XrxUT18= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1769168883881754.6180835881293; Fri, 23 Jan 2026 03:48:03 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vjFad-0005dh-Ad; Fri, 23 Jan 2026 06:44:35 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjFZS-00050O-0R; Fri, 23 Jan 2026 06:43:24 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjFZN-0006xO-SB; Fri, 23 Jan 2026 06:43:21 -0500 Received: from pps.filterd (m0353729.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 60N2qUEK006209; Fri, 23 Jan 2026 11:43:14 GMT Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4br23sfqs1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jan 2026 11:43:14 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 60N8QP2Z006399; Fri, 23 Jan 2026 11:43:13 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 4brqf20gcw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jan 2026 11:43:13 +0000 Received: from smtpav03.fra02v.mail.ibm.com (smtpav03.fra02v.mail.ibm.com [10.20.54.102]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 60NBh9oQ29557500 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 23 Jan 2026 11:43:09 GMT Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 485CA20040; Fri, 23 Jan 2026 11:43:09 +0000 (GMT) Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2ECBD2004D; Fri, 23 Jan 2026 11:43:09 +0000 (GMT) Received: from funtu2.ibm.com (unknown [9.111.163.22]) by smtpav03.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 23 Jan 2026 11:43:09 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=I6s6euSKtjv3qriJF eYyiM2bE1vBTsywb6iIQZFRvUA=; b=knZy9HFkrxL3hfaJmMDAAOXgPc1IesWO0 kHMSz28w1d9Uq7sEBNJ+WH9WwtZbvSoKvjKpKPOyN6kGPR7YxWJqngGNNT+OU7Qx cdNmihAApeKIEtFGyx8dtTPs3VQX2ECQ6HWrPQ7HQz29+EzMVTblW0zdvudTslVF DnECu22wzfdTrKJSLy9gEPLi0xuSG4XBW8CP0HZb7D5fIuRxDMALVKdMLUI9wRaJ K3weS/Y+EVUWnday2ZNkMX7cAGbh40XsMXLP8bHbRRYGQRrwjaBcIVvpFYDh+Nfd R6I6H0g/Y+9fGFLKcxSD0X0xKzJIhv0O6pWf30Bf44I5fx0YdOMwg== From: Harald Freudenberger To: pbonzini@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, borntraeger@linux.ibm.com, frankja@linux.ibm.com Subject: [PATCH v3 04/14] target/s390x: Support AES ECB for cpacf km instruction Date: Fri, 23 Jan 2026 12:42:58 +0100 Message-ID: <20260123114308.19401-5-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260123114308.19401-1-freude@linux.ibm.com> References: <20260123114308.19401-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: sao7lPK0zXx8CHzs8tqZEJzgDjWp33WR X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMTIzMDA5MiBTYWx0ZWRfX5Brmw5EqN4xp TMSyCLfJkCFdDyhL73pz50gV12mZe1wXeGPJfQQrz9BWzIv3n6beZR0tvsgAPV0dNu7/Pvnw/0l CZEPs6U+xZrF5Klbw/Cv8fxkdqO/Hg3CGZUeZeYpnv553iIZNan+sMS00SDbfgRwNDfthWQ3KQB 4UVxJ0305UHnSbvzKbeLhbIVa/i/y37DBx/Zs6Vw7phMGBnzfb3IWJAa0v4ZlJ52VyN3B6L6QsV ajMM+bAUKkn8HigJGJ3FM6pLK56leyUNTgZoGEHoM3UzlJE7QA3lqzU3i9QFGlN+HkeuhB3nSwc KMhoHF72Zd06hBmxzlGGAxodsPlERArbyYgYj0lFmo5WSWf6/e9GybxHw480McmQIeu1K2VGo2D Skeqd4+7U9RI6xKHm8eErYXJB7xPizKBqevSuMUpaHmd+nejj09R7Az0pH62cYe0U2/OOP35Hnz sYKQH34ihrgCczBB5dw== X-Authority-Analysis: v=2.4 cv=J9SnLQnS c=1 sm=1 tr=0 ts=69735ed2 cx=c_pps a=aDMHemPKRhS1OARIsFnwRA==:117 a=aDMHemPKRhS1OARIsFnwRA==:17 a=vUbySO9Y5rIA:10 a=VkNPw1HP01LnGYTKEx00:22 a=VnNF1IyMAAAA:8 a=2jo1MQRKDEzzzhCldZQA:9 X-Proofpoint-ORIG-GUID: sao7lPK0zXx8CHzs8tqZEJzgDjWp33WR X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.20,FMLib:17.12.100.49 definitions=2026-01-23_02,2026-01-22_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 impostorscore=0 adultscore=0 suspectscore=0 spamscore=0 lowpriorityscore=0 malwarescore=0 clxscore=1011 bulkscore=0 phishscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2601150000 definitions=main-2601230092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=freude@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1769168884769154100 Content-Type: text/plain; charset="utf-8" Support the subfunctions CPACF_KM_AES_128, CPACF_KM_AES_192 and CPACF_KM_AES_256 for the cpacf km instruction. Signed-off-by: Harald Freudenberger --- target/s390x/gen-features.c | 3 + target/s390x/tcg/cpacf.h | 5 ++ target/s390x/tcg/cpacf_aes.c | 108 +++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 24 +++++++ target/s390x/tcg/meson.build | 1 + 5 files changed, 141 insertions(+) create mode 100644 target/s390x/tcg/cpacf_aes.c diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 5cf5b92c37..a35d1fd2f9 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -921,6 +921,9 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KLMD_SHA_256, S390_FEAT_KLMD_SHA_512, S390_FEAT_PRNO_TRNG, + S390_FEAT_KM_AES_128, + S390_FEAT_KM_AES_192, + S390_FEAT_KM_AES_256, }; =20 /****** END FEATURE DEFS ******/ diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 79f05e1e14..06423abc00 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -16,4 +16,9 @@ int cpacf_sha256(CPUS390XState *env, uintptr_t ra, uint64= _t param_addr, int cpacf_sha512(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, uint64_t *message_reg, uint64_t *len_reg, uint32_t type); =20 +/* from crypto_aes.c */ +int cpacf_aes_ecb(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr, uint64_t *src_ptr, uint64_t *src_len, + uint32_t type, uint8_t fc, uint8_t mod); + #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c new file mode 100644 index 0000000000..6d234d8ce9 --- /dev/null +++ b/target/s390x/tcg/cpacf_aes.c @@ -0,0 +1,108 @@ +/* + * s390 cpacf aes + * + * Authors: + * Harald Freudenberger + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" +#include "s390x-internal.h" +#include "tcg_s390x.h" +#include "accel/tcg/cpu-ldst.h" +#include "crypto/aes.h" +#include "cpacf.h" + +static void aes_read_block(CPUS390XState *env, uint64_t addr, + uint8_t *a, uintptr_t ra) +{ + uint64_t _addr; + int i; + + for (i =3D 0; i < AES_BLOCK_SIZE; i++, addr +=3D 1) { + _addr =3D wrap_address(env, addr); + a[i] =3D cpu_ldub_data_ra(env, _addr, ra); + } +} + +static void aes_write_block(CPUS390XState *env, uint64_t addr, + uint8_t *a, uintptr_t ra) +{ + uint64_t _addr; + int i; + + for (i =3D 0; i < AES_BLOCK_SIZE; i++, addr +=3D 1) { + _addr =3D wrap_address(env, addr); + cpu_stb_data_ra(env, _addr, a[i], ra); + } +} + +int cpacf_aes_ecb(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr, uint64_t *src_ptr, uint64_t *src_len, + uint32_t type, uint8_t fc, uint8_t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; + uint64_t addr, len =3D *src_len, processed =3D 0; + int i, keysize, data_reg_len =3D 64; + uint8_t key[32]; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KM); + switch (fc) { + case 0x12: /* CPACF_KM_AES_128 */ + keysize =3D 16; + break; + case 0x13: /* CPACF_KM_AES_192 */ + keysize =3D 24; + break; + case 0x14: /* CPACF_KM_AES_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + data_reg_len =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + + /* expand key */ + if (mod) { + AES_set_decrypt_key(key, keysize * 8, &exkey); + } else { + AES_set_encrypt_key(key, keysize * 8, &exkey); + } + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + aes_read_block(env, *src_ptr + processed, in, ra); + if (mod) { + AES_decrypt(in, out, &exkey); + } else { + AES_encrypt(in, out, &exkey); + } + aes_write_block(env, *dst_ptr + processed, out, ra); + len -=3D AES_BLOCK_SIZE, processed +=3D AES_BLOCK_SIZE; + } + + *src_ptr =3D deposit64(*src_ptr, 0, data_reg_len, *src_ptr + processed= ); + *dst_ptr =3D deposit64(*dst_ptr, 0, data_reg_len, *dst_ptr + processed= ); + *src_len -=3D processed; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index b69dbb61a6..dff119176e 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -87,6 +87,27 @@ static int cpacf_klmd(CPUS390XState *env, const uintptr_= t ra, return rc; } =20 + +static int cpacf_km(CPUS390XState *env, uintptr_t ra, uint32_t r1, + uint32_t r2, uint32_t r3, uint8_t fc, uint8_t mod) +{ + int rc =3D 0; + + switch (fc) { + case 0x12: /* CPACF_KM_AES_128 */ + case 0x13: /* CPACF_KM_AES_192 */ + case 0x14: /* CPACF_KM_AES_256 */ + rc =3D cpacf_aes_ecb(env, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], + S390_FEAT_TYPE_KM, fc, mod); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + static int cpacf_ppno(CPUS390XState *env, uintptr_t ra, uint32_t r1, uint32_t r2, uint32_t r3, uint8_t fc) { @@ -151,6 +172,9 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, u= int32_t r2, uint32_t r3, case S390_FEAT_TYPE_PPNO: rc =3D cpacf_ppno(env, ra, r1, r2, r3, fc); break; + case S390_FEAT_TYPE_KM: + rc =3D cpacf_km(env, ra, r1, r2, r3, fc, mod); + break; default: g_assert_not_reached(); } diff --git a/target/s390x/tcg/meson.build b/target/s390x/tcg/meson.build index 4115f4c704..da948471ea 100644 --- a/target/s390x/tcg/meson.build +++ b/target/s390x/tcg/meson.build @@ -1,5 +1,6 @@ s390x_ss.add(when: 'CONFIG_TCG', if_true: files( 'cc_helper.c', + 'cpacf_aes.c', 'cpacf_sha256.c', 'cpacf_sha512.c', 'crypto_helper.c', --=20 2.43.0 From nobody Sun Jan 25 10:13:58 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1769168836; cv=none; d=zohomail.com; s=zohoarc; b=D4Tc68jKPhQtF/vzScFEQhtrCZKfiNq/Tx2yQxi76szoO2Q2k4XjfD5GvjUAtS3pD6N2vCzQ8Do8Gy8chaikFRhNExgKVK8So8B9nBqfUtsEsMtkYJePguzpGt/kFShuyI5EtAUFuX6GDxxzfM0smGQQ2m5oQRPBbDtsB9zpYkI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1769168836; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Rc6DRb4C70g2aMPi41fz64z+Nb/F63fgQsTUDFWgGpM=; b=B0IFaU/OP3TJp0zHoF8oOtGMNmePABRadG0VZAT9L3nUla+WKxYTNnZpXKdYIrmMp3/AfwhV3XG97WwzDGATIW0VzrDzd70Gw2QyZ/14jZbwKwq553sc5e2ENFWQk/YZek6ECClOThw2JPCm/UePVClPj5NKpb59VSqruM8qVaU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1769168836253323.39847371363874; Fri, 23 Jan 2026 03:47:16 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vjFaa-0005YR-4g; Fri, 23 Jan 2026 06:44:32 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjFZS-00050N-0E; Fri, 23 Jan 2026 06:43:24 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjFZN-0006xQ-Rs; Fri, 23 Jan 2026 06:43:21 -0500 Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 60N76AXT005967; Fri, 23 Jan 2026 11:43:14 GMT Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4bus1puxvw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jan 2026 11:43:14 +0000 (GMT) Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 60NB6Nwx027293; Fri, 23 Jan 2026 11:43:13 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4brnrngsx0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jan 2026 11:43:13 +0000 Received: from smtpav03.fra02v.mail.ibm.com (smtpav03.fra02v.mail.ibm.com [10.20.54.102]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 60NBh9wT27918964 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 23 Jan 2026 11:43:09 GMT Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 576192004E; Fri, 23 Jan 2026 11:43:09 +0000 (GMT) Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 49DE520043; Fri, 23 Jan 2026 11:43:09 +0000 (GMT) Received: from funtu2.ibm.com (unknown [9.111.163.22]) by smtpav03.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 23 Jan 2026 11:43:09 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=Rc6DRb4C70g2aMPi4 1fz64z+Nb/F63fgQsTUDFWgGpM=; b=IDFuMuarDezB3L7e6JO9tLAWXloZ58zck bIIpDFlqZton/vLymsvfC39sGc3BifkZmJeqoJOJxvXbaSf78oDFdb3oTr17p1vY YgIhltIsiIEjQczc+KahVh7aTyvfEnxHU3t8yrdghpwURca6pf2C+uJFq4W6QG24 KRW6DMCaI4jPxdYZLE0YgFVcTR64bAyf/jW1a+4ee+hLsk1mG9Pnfe4DdrGIC/Ky ZRtoGFoJrgkENYgH8zuKShsT5eLDWZ1yQ4hG4Sc7WqvRAwgWwMZibieCslHRwZW+ YtOKhuPGk+pslhljDC+mOEHdA2bwzoe/IN8NRdlyPUFugdOqSDfYQ== From: Harald Freudenberger To: pbonzini@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, borntraeger@linux.ibm.com, frankja@linux.ibm.com Subject: [PATCH v3 05/14] target/s390x: Support AES CBC for cpacf kmc instruction Date: Fri, 23 Jan 2026 12:42:59 +0100 Message-ID: <20260123114308.19401-6-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260123114308.19401-1-freude@linux.ibm.com> References: <20260123114308.19401-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: 6dLNSyBOgrgDBPl10pBeudls0sq8KZyu X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMTIzMDA5MiBTYWx0ZWRfX+VrdPU/rt7Ej jJNowNnZiphrUDdzQ4F06adrpO37kQ2HXyaq/3pV0KICwlarxCwL8QsNeHulZmvuT2u17jj8nKU wqcvkq/oRyxzbo8lwTjtXHtuQykwAovUyy4i72ahpDdQ60eh/cuOwJnMscFJygrNWQfyr3Qtxna qiBfaF01yRGfIMA0d5oaW6aoY6/EeelFoggx+NPVY3Sf2LbSIpy/NESeFwvvUFlPp0sF9kn4yEo +AkltaEaETFzoKUQf2v210mfWE+4eZw+izguTGJRpyagARwBn94zi6fJhQoZ43UcmRgVnlT79Wx apBCIyaRyiCvkXxZhXO/jylWRcG3a4j6vsRrCCOZMyTzGDROdaicrm/Tx0a+QK1kBP/X4KqptJD cvCk4c+SaVMPwmL9W6whj9oyeWPvMdTtyB799c23NCAOFbwRNz4HBDMl2Fjb8pH0LhFGxOa9sCv jS0uQcmCLTFT1iy1doA== X-Proofpoint-GUID: 6dLNSyBOgrgDBPl10pBeudls0sq8KZyu X-Authority-Analysis: v=2.4 cv=GY8aXAXL c=1 sm=1 tr=0 ts=69735ed2 cx=c_pps a=GFwsV6G8L6GxiO2Y/PsHdQ==:117 a=GFwsV6G8L6GxiO2Y/PsHdQ==:17 a=vUbySO9Y5rIA:10 a=VkNPw1HP01LnGYTKEx00:22 a=VnNF1IyMAAAA:8 a=4s_zGP7M7QCs5o7xjogA:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.20,FMLib:17.12.100.49 definitions=2026-01-23_02,2026-01-22_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 impostorscore=0 phishscore=0 lowpriorityscore=0 spamscore=0 malwarescore=0 priorityscore=1501 bulkscore=0 adultscore=0 clxscore=1011 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2601150000 definitions=main-2601230092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1769168837391158500 Content-Type: text/plain; charset="utf-8" Support the subfunctions CPACF_KMC_AES_128, CPACF_KMC_AES_192 and CPACF_KMC_AES_256 for the cpacf kmc instruction. Signed-off-by: Harald Freudenberger --- target/s390x/gen-features.c | 3 + target/s390x/tcg/cpacf.h | 3 + target/s390x/tcg/cpacf_aes.c | 100 +++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 23 +++++++ 4 files changed, 129 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index a35d1fd2f9..9c0c0b229f 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -924,6 +924,9 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KM_AES_128, S390_FEAT_KM_AES_192, S390_FEAT_KM_AES_256, + S390_FEAT_KMC_AES_128, + S390_FEAT_KMC_AES_192, + S390_FEAT_KMC_AES_256, }; =20 /****** END FEATURE DEFS ******/ diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 06423abc00..18686991f7 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -20,5 +20,8 @@ int cpacf_sha512(CPUS390XState *env, uintptr_t ra, uint64= _t param_addr, int cpacf_aes_ecb(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, uint64_t *dst_ptr, uint64_t *src_ptr, uint64_t *src_len, uint32_t type, uint8_t fc, uint8_t mod); +int cpacf_aes_cbc(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr, uint64_t *src_ptr, uint64_t *src_len, + uint32_t type, uint8_t fc, uint8_t mod); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index 6d234d8ce9..df3d05db41 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -106,3 +106,103 @@ int cpacf_aes_ecb(CPUS390XState *env, uintptr_t ra, u= int64_t param_addr, =20 return !len ? 0 : 3; } + +static void aes_xor(const uint8_t *src1, const uint8_t *src2, uint8_t *dst) +{ + int i; + + for (i =3D 0; i < AES_BLOCK_SIZE / sizeof(uint32_t); i++) { + ((uint32_t *)dst)[i] =3D ((uint32_t *)src1)[i] ^ ((uint32_t *)src2= )[i]; + } +} + +int cpacf_aes_cbc(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr, uint64_t *src_ptr, uint64_t *src_len, + uint32_t type, uint8_t fc, uint8_t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + uint64_t addr, len =3D *src_len, processed =3D 0; + int i, keysize, data_reg_len =3D 64; + uint8_t key[32], iv[AES_BLOCK_SIZE]; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KMC); + + switch (fc) { + case 0x12: /* CPACF_KMC_AES_128 */ + keysize =3D 16; + break; + case 0x13: /* CPACF_KMC_AES_192 */ + keysize =3D 24; + break; + case 0x14: /* CPACF_KMC_AES_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + data_reg_len =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch iv from param blick */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + i); + iv[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + + /* fetch key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + AES_BLOCK_SIZE + i); + key[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + + /* expand key */ + if (mod) { + AES_set_decrypt_key(key, keysize * 8, &exkey); + } else { + AES_set_encrypt_key(key, keysize * 8, &exkey); + } + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + aes_read_block(env, *src_ptr + processed, in, ra); + if (mod) { + /* decrypt in =3D> buf */ + AES_decrypt(in, buf, &exkey); + /* buf xor iv =3D> out */ + aes_xor(buf, iv, out); + /* prep iv for next round */ + memcpy(iv, in, AES_BLOCK_SIZE); + } else { + /* in xor iv =3D> buf */ + aes_xor(in, iv, buf); + /* encrypt buf =3D> out */ + AES_encrypt(buf, out, &exkey); + /* prep iv for next round */ + memcpy(iv, out, AES_BLOCK_SIZE); + } + aes_write_block(env, *dst_ptr + processed, out, ra); + len -=3D AES_BLOCK_SIZE, processed +=3D AES_BLOCK_SIZE; + } + + /* update iv in param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + i); + cpu_stb_data_ra(env, addr, iv[i], ra); + } + + *src_ptr =3D deposit64(*src_ptr, 0, data_reg_len, *src_ptr + processed= ); + *dst_ptr =3D deposit64(*dst_ptr, 0, data_reg_len, *dst_ptr + processed= ); + *src_len -=3D processed; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index dff119176e..df01c1c54e 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -108,6 +108,26 @@ static int cpacf_km(CPUS390XState *env, uintptr_t ra, = uint32_t r1, return rc; } =20 +static int cpacf_kmc(CPUS390XState *env, uintptr_t ra, uint32_t r1, + uint32_t r2, uint32_t r3, uint8_t fc, uint8_t mod) +{ + int rc =3D 0; + + switch (fc) { + case 0x12: /* CPACF_KMC_AES_128 */ + case 0x13: /* CPACF_KMC_AES_192 */ + case 0x14: /* CPACF_KMC_AES_256 */ + rc =3D cpacf_aes_cbc(env, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], + S390_FEAT_TYPE_KMC, fc, mod); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + static int cpacf_ppno(CPUS390XState *env, uintptr_t ra, uint32_t r1, uint32_t r2, uint32_t r3, uint8_t fc) { @@ -175,6 +195,9 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, u= int32_t r2, uint32_t r3, case S390_FEAT_TYPE_KM: rc =3D cpacf_km(env, ra, r1, r2, r3, fc, mod); break; + case S390_FEAT_TYPE_KMC: + rc =3D cpacf_kmc(env, ra, r1, r2, r3, fc, mod); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Sun Jan 25 10:13:58 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1769168712; cv=none; d=zohomail.com; s=zohoarc; b=mrTASqeK26JXGPPNGwk5MSK9Dvt+1VTLXLV9Ri09EoAKV2pX0m49S6NeuY6SdKuVpiMifL75NIfmBHqkYRquYOfWHAErgzZXQ+CpLPL2/4B5MnsJJnOpu62vpjxtAfIawZfojNg7DvTKuTObwg7BhJ1FHzPVxxEfw+Y6ZV95PQU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1769168712; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=4OgBkdDKW53MbGVR1ADm1TxvOXsXtqMpSiaLDfT61kk=; b=iT9JUkUHVKQsHIPaogEBR724apLsDErBdgkvqASxFsmAEPNHz1aLsWqc63HhcVJW81pENKLXBXXIVqQrzk/xjbpRmKj7SZUIgSUy2aGacgrDvpO1gIxsTkUwtWxTSvTkQowNlJNG8IPVD2DHmNkm6ML5rYPBepEahFPIvuY+fmk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1769168712907595.3956095634475; Fri, 23 Jan 2026 03:45:12 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vjFaZ-0005Xc-I5; Fri, 23 Jan 2026 06:44:31 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjFZQ-0004zy-2t; Fri, 23 Jan 2026 06:43:21 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjFZN-0006xc-NE; Fri, 23 Jan 2026 06:43:19 -0500 Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 60N0bnfV007813; Fri, 23 Jan 2026 11:43:14 GMT Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4bqyukp396-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jan 2026 11:43:14 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 60NB7kJB009295; Fri, 23 Jan 2026 11:43:13 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4brp8krrjm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jan 2026 11:43:13 +0000 Received: from smtpav03.fra02v.mail.ibm.com (smtpav03.fra02v.mail.ibm.com [10.20.54.102]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 60NBh9GM14680568 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 23 Jan 2026 11:43:09 GMT Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 723852004B; Fri, 23 Jan 2026 11:43:09 +0000 (GMT) Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 64FA62004D; Fri, 23 Jan 2026 11:43:09 +0000 (GMT) Received: from funtu2.ibm.com (unknown [9.111.163.22]) by smtpav03.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 23 Jan 2026 11:43:09 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=4OgBkdDKW53MbGVR1 ADm1TxvOXsXtqMpSiaLDfT61kk=; b=ZZwoB+UDa6T5jlllLbJNp6Khv8OBhk9r0 l75etDPUs5Y54Nx8JRel0TVwktAWHE+jrpSmskNvWE77xSYwtDNK+lwrBGw57og9 f9bVFpgyWsi+q+I+lPnVHitoeYHnv8o80Dvc7ktv7lr1IPONPUgz7FYSLiZ1PTL1 AZpayM54EMYq8hKYdTLjYXfq9sYlpI52gMkA/Jsqsf1MqP1sa/O/lxCSJsx0V+dv GVwSVMK45S5dqyCS+6xdeF1j0Hf2JQUQ47nOgD1/Lja2exYz1uDeHv/atFFEGLy3 p9v4B7ruRK7aKTtjpD+cZUlb6glQqR08/jgZlGL55Dluco2drHCjg== From: Harald Freudenberger To: pbonzini@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, borntraeger@linux.ibm.com, frankja@linux.ibm.com Subject: [PATCH v3 06/14] target/s390x: Support AES CTR for cpacf kmctr instruction Date: Fri, 23 Jan 2026 12:43:00 +0100 Message-ID: <20260123114308.19401-7-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260123114308.19401-1-freude@linux.ibm.com> References: <20260123114308.19401-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMTIzMDA5MiBTYWx0ZWRfX7T/ME56Bx0El GAxPEULuzlXJq+HJAdfbgxeJNF7MWYgsEtvSmkYgKRSCL8EcSbmZOf3TARzAgRzw0P4Sg99PGDK mikJS2C/cDX6x42ud/kxK4U3aPDSx+XmiD5n98jiR1E3APU/benAoXUg1pdBRx3UhEL7E/f8c/j SGKmBI3TOJ5U6vkZ1ozDmovVaHoN9aBs61mp6rAGUXdjmTiAxGgp03LUXuNCgotQx4YZZQX1wZL 2jObJiMWz2pKbRVfElLwrMF1JJb5Q3NW+noqFuhn7Pxpx9lLivpPIiAOzl2sozOFJt6AV/0Dz/4 mws0nhiaJwhhbKDXmbvSi6g9bZ1FJdux/s6fENO0Ive7yZI+KFXfskEfL6EKRkMP0Zvt7LTgpvK 62RhDQ5LErHro/A+WOxP9hRX+hppUEWzMkLYYRthVvheDUYa+o9MKi2War9Vmqt8kSbeDBcKz5u YWHvyIB39az7tIiVpPw== X-Authority-Analysis: v=2.4 cv=bsBBxUai c=1 sm=1 tr=0 ts=69735ed2 cx=c_pps a=3Bg1Hr4SwmMryq2xdFQyZA==:117 a=3Bg1Hr4SwmMryq2xdFQyZA==:17 a=vUbySO9Y5rIA:10 a=VkNPw1HP01LnGYTKEx00:22 a=VnNF1IyMAAAA:8 a=FtH1yQ7YNcEQcFzwLPgA:9 X-Proofpoint-ORIG-GUID: 3pvW9YFa_dHc0HPM_iAktB_VBZeDgxJ6 X-Proofpoint-GUID: 3pvW9YFa_dHc0HPM_iAktB_VBZeDgxJ6 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.20,FMLib:17.12.100.49 definitions=2026-01-23_02,2026-01-22_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 suspectscore=0 phishscore=0 lowpriorityscore=0 bulkscore=0 impostorscore=0 malwarescore=0 clxscore=1011 adultscore=0 spamscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2601150000 definitions=main-2601230092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1769168714243154100 Content-Type: text/plain; charset="utf-8" Support the subfunctions CPACF_KMCTR_AES_128, CPACF_KMCTR_AES_192 and CPACF_KMCTR_AES_256 for the cpacf kmctr instruction. Signed-off-by: Harald Freudenberger --- target/s390x/gen-features.c | 3 ++ target/s390x/tcg/cpacf.h | 3 ++ target/s390x/tcg/cpacf_aes.c | 70 ++++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 23 +++++++++++ 4 files changed, 99 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 9c0c0b229f..59c2a47539 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -927,6 +927,9 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KMC_AES_128, S390_FEAT_KMC_AES_192, S390_FEAT_KMC_AES_256, + S390_FEAT_KMCTR_AES_128, + S390_FEAT_KMCTR_AES_192, + S390_FEAT_KMCTR_AES_256, }; =20 /****** END FEATURE DEFS ******/ diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 18686991f7..21fe2e4690 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -23,5 +23,8 @@ int cpacf_aes_ecb(CPUS390XState *env, uintptr_t ra, uint6= 4_t param_addr, int cpacf_aes_cbc(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, uint64_t *dst_ptr, uint64_t *src_ptr, uint64_t *src_len, uint32_t type, uint8_t fc, uint8_t mod); +int cpacf_aes_ctr(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr, uint64_t *src_ptr, uint64_t *src_len, + uint64_t *ctr_ptr, uint32_t type, uint8_t fc, uint8_t mo= d); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index df3d05db41..750de42f21 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -206,3 +206,73 @@ int cpacf_aes_cbc(CPUS390XState *env, uintptr_t ra, ui= nt64_t param_addr, =20 return !len ? 0 : 3; } + +int cpacf_aes_ctr(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr, uint64_t *src_ptr, uint64_t *src_len, + uint64_t *ctr_ptr, uint32_t type, uint8_t fc, uint8_t mo= d) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + uint8_t ctr[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; + uint64_t addr, len =3D *src_len, processed =3D 0; + int i, keysize, data_reg_len =3D 64; + uint8_t key[32]; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KMCTR); + + switch (fc) { + case 0x12: /* CPACF_KMCTR_AES_128 */ + keysize =3D 16; + break; + case 0x13: /* CPACF_KMCTR_AES_192 */ + keysize =3D 24; + break; + case 0x14: /* CPACF_KMCTR_AES_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + data_reg_len =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + + /* expand key */ + AES_set_encrypt_key(key, keysize * 8, &exkey); + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + /* read in nonce/ctr =3D> ctr */ + aes_read_block(env, *ctr_ptr + processed, ctr, ra); + /* encrypt ctr =3D> buf */ + AES_encrypt(ctr, buf, &exkey); + /* read in one block of input data =3D> in */ + aes_read_block(env, *src_ptr + processed, in, ra); + /* exor input data with encrypted ctr =3D> out */ + aes_xor(in, buf, out); + /* write out the processed block */ + aes_write_block(env, *dst_ptr + processed, out, ra); + len -=3D AES_BLOCK_SIZE, processed +=3D AES_BLOCK_SIZE; + } + + *src_ptr =3D deposit64(*src_ptr, 0, data_reg_len, *src_ptr + processed= ); + *dst_ptr =3D deposit64(*dst_ptr, 0, data_reg_len, *dst_ptr + processed= ); + *ctr_ptr =3D deposit64(*ctr_ptr, 0, data_reg_len, *ctr_ptr + processed= ); + *src_len -=3D processed; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index df01c1c54e..c1c79daf19 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -128,6 +128,26 @@ static int cpacf_kmc(CPUS390XState *env, uintptr_t ra,= uint32_t r1, return rc; } =20 +static int cpacf_kmctr(CPUS390XState *env, uintptr_t ra, uint32_t r1, + uint32_t r2, uint32_t r3, uint8_t fc, uint8_t mod) +{ + int rc =3D 0; + + switch (fc) { + case 0x12: /* CPACF_KMCTR_AES_128 */ + case 0x13: /* CPACF_KMCTR_AES_192 */ + case 0x14: /* CPACF_KMCTR_AES_256 */ + rc =3D cpacf_aes_ctr(env, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], + &env->regs[r3], S390_FEAT_TYPE_KMCTR, fc, mod); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + static int cpacf_ppno(CPUS390XState *env, uintptr_t ra, uint32_t r1, uint32_t r2, uint32_t r3, uint8_t fc) { @@ -198,6 +218,9 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, u= int32_t r2, uint32_t r3, case S390_FEAT_TYPE_KMC: rc =3D cpacf_kmc(env, ra, r1, r2, r3, fc, mod); break; + case S390_FEAT_TYPE_KMCTR: + rc =3D cpacf_kmctr(env, ra, r1, r2, r3, fc, mod); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Sun Jan 25 10:13:58 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1769168807; cv=none; d=zohomail.com; s=zohoarc; b=AoYrF5UsI7JWD4vhHcRCWXLTrMsnVwvXXTa4eGvJwFo8AP4Pk4Hj9BzdDQV9v+s63qjBtmgB+pARnRDpkQ/f46aDPiYhR5cwNKrprWvng6sroeXJ0QlCi450xX0bzJAVSehkR8aFWFmeNWk1DURNJvdUGOz6HQG8vuZ1agoKOiA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1769168807; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=7Ju4lyk4BRJZK0w41IZBY8y6Ixl7MX7K4eG5fOiz91Y=; b=ZezNQx5mWNUwVWoH8Skal/EBOZps97JL0A9RZkS1txaGOuPG+lQ4J5MsRaRy9KE9dFe1fQSpVrYejOlM4I+acjs6kPr9UF/oqcc4WmxWfdEyRkFswplC3Fi1odFnJNog9tali5Y8dGR7hW03jFdtAZTxibhr4U7I6czROR2d6HU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1769168807542788.3610412490195; Fri, 23 Jan 2026 03:46:47 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vjFad-0005dW-8p; Fri, 23 Jan 2026 06:44:35 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjFZS-00050R-0h; Fri, 23 Jan 2026 06:43:28 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjFZN-0006xa-SG; Fri, 23 Jan 2026 06:43:21 -0500 Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 60N0DXW2014261; Fri, 23 Jan 2026 11:43:14 GMT Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4bqyukp395-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jan 2026 11:43:14 +0000 (GMT) Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 60NAMffU024614; Fri, 23 Jan 2026 11:43:13 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 4brxas74cn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jan 2026 11:43:13 +0000 Received: from smtpav03.fra02v.mail.ibm.com (smtpav03.fra02v.mail.ibm.com [10.20.54.102]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 60NBh90m14680570 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 23 Jan 2026 11:43:09 GMT Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9772E20043; Fri, 23 Jan 2026 11:43:09 +0000 (GMT) Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 808F020040; Fri, 23 Jan 2026 11:43:09 +0000 (GMT) Received: from funtu2.ibm.com (unknown [9.111.163.22]) by smtpav03.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 23 Jan 2026 11:43:09 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=7Ju4lyk4BRJZK0w41 IZBY8y6Ixl7MX7K4eG5fOiz91Y=; b=BAhsrfecwHc+J77ogl4zaYEKjtCZYZvX6 Xwt2LcS4qkkw0CBXUQ0z6tiUXBFzrlkV0CvKWui8bIiuq8xsIq2g+8Do/xGB/odd BMhQbvg29GvivOX8LVmFFA5Fl/YVfTiKhgFvdZEziRHRUcnPGHb/dJgHVZwQ9sAF KgVShu46DdNCTSxfou8ulbkBEDhK9CGol8VeSWHvhEzBDjJ+WkzoQfWlBop9j1L6 DrdFOTQbm8EDllfOvSJ9myBVA5FFgGvtxjGN1U8SXzHSAG5tilMhMEnGp8QTdqBK StLkFyU9e/VjnBkG/IjceIi173GQA4ybI14pvQ1Y99dZqkVU4xbGQ== From: Harald Freudenberger To: pbonzini@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, borntraeger@linux.ibm.com, frankja@linux.ibm.com Subject: [PATCH v3 07/14] target/s390x: Minimal AES XTS support for cpacf pcc instruction Date: Fri, 23 Jan 2026 12:43:01 +0100 Message-ID: <20260123114308.19401-8-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260123114308.19401-1-freude@linux.ibm.com> References: <20260123114308.19401-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMTIzMDA5MiBTYWx0ZWRfXzNBAQ4KYtLjL I3ThYpzT9lp/wSi607FGjkKDbkjzYN5c+aYVcGR9OCKKhxuQWqQuZ4ph7Fxe28gesiONW742AWX GI31ACHysMQdHsQtb+GA/nhIR4oEZUqa0+faFDnHVMdUaolBjKLER7G7q00srmDg3+ZNAbWY3y1 neEGGVYqZvFGi48fWnN6csnWHp4KIZ50waH3p+7cTXiiz9qkthyG6EKP7If6R6cw3HwlTRLF8he 3GmvD/RFKODCzagFBmn1N57ZfQUauZCbsa6MzVYedG2RdQoaj1HiYiY/qLn4IAIwlLvaQXRgqcm V0A89w/2Ie71OYeOZIiC+fWzhjGj2xpIFAs5o/7sSmPbkscuknCfIvv1hpBYNjxGUnS65JlpOiL dSFI8Spj3+RjKG7JMJSGxC3fyYV11gUjPUTaW5Bwnij7nLKhgT8WjYnMkYXBvgl7zF7JJO2vWKc cUiYDdi1db3lgyoCHTg== X-Authority-Analysis: v=2.4 cv=bsBBxUai c=1 sm=1 tr=0 ts=69735ed2 cx=c_pps a=bLidbwmWQ0KltjZqbj+ezA==:117 a=bLidbwmWQ0KltjZqbj+ezA==:17 a=vUbySO9Y5rIA:10 a=VkNPw1HP01LnGYTKEx00:22 a=VnNF1IyMAAAA:8 a=gr50lgQh3SlUKNVXMSoA:9 X-Proofpoint-ORIG-GUID: tc7Uh7Bu6kccLGsjQLUBcjQB2StkWGcV X-Proofpoint-GUID: tc7Uh7Bu6kccLGsjQLUBcjQB2StkWGcV X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.20,FMLib:17.12.100.49 definitions=2026-01-23_02,2026-01-22_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 suspectscore=0 phishscore=0 lowpriorityscore=0 bulkscore=0 impostorscore=0 malwarescore=0 clxscore=1015 adultscore=0 spamscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2601150000 definitions=main-2601230092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1769168809696154100 Content-Type: text/plain; charset="utf-8" Support CPACF pcc subfunctions PCC-Compute-XTS-Parameter-AES-128 and PCC-Compute-XTS-Parameter-AES-128 but only for the special case block sequential number is 0. However, this covers the s390 AES XTS implementation in the Linux kernel and Libica and thus also Opencryptoki clear key via Libica. Signed-off-by: Harald Freudenberger --- target/s390x/gen-features.c | 2 + target/s390x/tcg/cpacf.h | 2 + target/s390x/tcg/cpacf_aes.c | 70 ++++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 19 +++++++++ 4 files changed, 93 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 59c2a47539..1b6a874b90 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -930,6 +930,8 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KMCTR_AES_128, S390_FEAT_KMCTR_AES_192, S390_FEAT_KMCTR_AES_256, + S390_FEAT_PCC_XTS_AES_128, + S390_FEAT_PCC_XTS_AES_256, }; =20 /****** END FEATURE DEFS ******/ diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 21fe2e4690..aa39a3c85a 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -26,5 +26,7 @@ int cpacf_aes_cbc(CPUS390XState *env, uintptr_t ra, uint6= 4_t param_addr, int cpacf_aes_ctr(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, uint64_t *dst_ptr, uint64_t *src_ptr, uint64_t *src_len, uint64_t *ctr_ptr, uint32_t type, uint8_t fc, uint8_t mo= d); +int cpacf_aes_pcc(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint8_t fc); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index 750de42f21..1076322e30 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -15,6 +15,13 @@ #include "crypto/aes.h" #include "cpacf.h" =20 +/* #define DEBUG_HELPER */ +#ifdef DEBUG_HELPER +#define HELPER_LOG(x...) qemu_log(x) +#else +#define HELPER_LOG(x...) +#endif + static void aes_read_block(CPUS390XState *env, uint64_t addr, uint8_t *a, uintptr_t ra) { @@ -276,3 +283,66 @@ int cpacf_aes_ctr(CPUS390XState *env, uintptr_t ra, ui= nt64_t param_addr, =20 return !len ? 0 : 3; } + +int cpacf_aes_pcc(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint8_t fc) +{ + uint8_t key[32], tweak[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + int keysize, i; + uint64_t addr; + AES_KEY exkey; + + switch (fc) { + case 0x32: /* CPACF_PCC compute XTS param AES-128 */ + keysize =3D 16; + break; + case 0x34: /* CPACF PCC compute XTS param AES-256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + /* fetch block sequence nr from param block into buf */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + AES_BLOCK_SIZE += i); + buf[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + + /* is the block sequence nr 0 ? */ + for (i =3D 0; i < AES_BLOCK_SIZE && !buf[i]; i++) { + ; + } + if (i < AES_BLOCK_SIZE) { + /* no, sorry handling of non zero block sequence is not implemente= d */ + cpu_abort(env_cpu(env), + "PCC-compute-XTS-param with non zero block sequence is n= ot implemented\n"); + return 1; + } + + /* fetch key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + + /* fetch tweak from param block into tweak */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + tweak[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + + /* expand key */ + AES_set_encrypt_key(key, keysize * 8, &exkey); + + /* encrypt tweak */ + AES_encrypt(tweak, buf, &exkey); + + /* store encrypted tweak into xts parameter field of the param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + 3 * AES_BLOCK_SI= ZE + i); + cpu_stb_data_ra(env, addr, buf[i], ra); + } + + return 0; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index c1c79daf19..a7f4e135e1 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -165,6 +165,22 @@ static int cpacf_ppno(CPUS390XState *env, uintptr_t ra, return rc; } =20 +static int cpacf_pcc(CPUS390XState *env, uintptr_t ra, uint8_t fc) +{ + int rc =3D 0; + + switch (fc) { + case 0x32: /* CPACF_PCC compute XTS param AES-128 */ + case 0x34: /* CPACF PCC compute XTS param AES-256 */ + rc =3D cpacf_aes_pcc(env, ra, env->regs[1], fc); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, uint32_t r2, uint32_= t r3, uint32_t type) { @@ -221,6 +237,9 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, u= int32_t r2, uint32_t r3, case S390_FEAT_TYPE_KMCTR: rc =3D cpacf_kmctr(env, ra, r1, r2, r3, fc, mod); break; + case S390_FEAT_TYPE_PCC: + rc =3D cpacf_pcc(env, ra, fc); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Sun Jan 25 10:13:58 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1769168680; cv=none; d=zohomail.com; s=zohoarc; b=S7tBnzGv+pGvHAO35upZuzhnScNeXDdS7bKgcyzMslmtBVMxdUdcl6gyJccPlHiFHkKqXkxb5PfUDEk9Bj2KS04fAEzWagvGs3l6Y9wIoGVw8I/XwUOQojoGueoTAUG41ofySZZYE/vmMUo21ZOjC7k5mfoJK2j8+ZIh9k9qRJE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1769168680; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=6LLlKKEkrlolekgnS3DulKNFF8OxjxXDxrp+IIFSFkI=; b=KlwJvN0moYlXM2Yxweskato0vy1lv7wVS4l2aBOYPzgvewjAAzNTZ2S07m5jwbyIfLBHbaCUh2A1TKcwLkmTspceXfY2RDAYX58O8NvitXXhENDz0Y1cmn+dzrl0oFXkmC5paUoEvV2ooIjCyQka879ayV0CTdHfdNG0A4wrPA8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1769168680544469.07525360154807; Fri, 23 Jan 2026 03:44:40 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vjFaU-0005PY-Gt; Fri, 23 Jan 2026 06:44:27 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjFZS-00050P-1I; Fri, 23 Jan 2026 06:43:28 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjFZN-0006xg-Sq; Fri, 23 Jan 2026 06:43:21 -0500 Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 60NB4xpV009004; Fri, 23 Jan 2026 11:43:14 GMT Received: from ppma22.wdc07v.mail.ibm.com (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4bqyukp398-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jan 2026 11:43:14 +0000 (GMT) Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1]) by ppma22.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 60N9lSxt016668; Fri, 23 Jan 2026 11:43:14 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4brn4ygxuy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jan 2026 11:43:13 +0000 Received: from smtpav03.fra02v.mail.ibm.com (smtpav03.fra02v.mail.ibm.com [10.20.54.102]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 60NBh92m29033098 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 23 Jan 2026 11:43:09 GMT Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B2C2820040; Fri, 23 Jan 2026 11:43:09 +0000 (GMT) Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9B6B12004D; Fri, 23 Jan 2026 11:43:09 +0000 (GMT) Received: from funtu2.ibm.com (unknown [9.111.163.22]) by smtpav03.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 23 Jan 2026 11:43:09 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=6LLlKKEkrlolekgnS 3DulKNFF8OxjxXDxrp+IIFSFkI=; b=YH4FwjdYhrEQBHqGENHphIG9gGuqCgf8o qUCVrpl/KRuLyxquaq4rEzoXVO2mp5BSsc94n14FIWKo4mVXqQQ76PbK58HsKld8 ajguKhvHz0mHakMjThz/Bh8CGo56VAnucA4EHNprPECCJw9E/g30SnTrCCEFf9Mh ytnE8Ys/zCp4DWWCiplcM//FcKLw/379YEJ9ofH9M7/tsW/1pD1+VZQ3E3g/UZpK iAp5I2xoTBRONZkN33OD054V3Du1Fq639Rvh/FPgnirYTTANSyeGvAlI0tJYJHSK YTaoeX/Q1LZ7FWW0EasYx07CRKoazOsEiHNcvz4RB0SeN2k0omlDw== From: Harald Freudenberger To: pbonzini@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, borntraeger@linux.ibm.com, frankja@linux.ibm.com Subject: [PATCH v3 08/14] target/s390x: Support AES XTS for cpacf km instruction Date: Fri, 23 Jan 2026 12:43:02 +0100 Message-ID: <20260123114308.19401-9-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260123114308.19401-1-freude@linux.ibm.com> References: <20260123114308.19401-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMTIzMDA5MiBTYWx0ZWRfX1RMh/RK0AlrA 7dYmnqM1KY/MdYG3sIieDXXSZXfT43iuxxsNYawO1pKi3FlMNpH1pQWNnyxBytCLAqQ4PkA+H5c b5jy2pEpobfQKYo10mYonUniAHPIgt+LZlAdkk2sNsH8orxkzXN7tBVGYf2TFIyGneakzolV78X kR6wIkQuh1t/NFeQsvsaaz70bRqgR+SYMLaUo1yUOnS+cnxxk7lB2LPEXGwp82T8Rh3YmRE0yby E2z7724qD+18T9Nhk0M1NSopSG7sqFtWgcvNscuqQfrvh2n7AanFPbosCQ1xWKw2MrXGG46OSQL lyvzQIzbYC2zPyjRXzH8UYqcgTZTNzKCoTwgX3H97yqlSzwq8nc7TE+DFumnSRdMrglc4enaGvt IQs9hc493rDjqjLmItIlQsYlv542q+iMhodvmYZ9xSFBNisH7xr2h/HFiaWDxcSob+Eg21nkxkC qqaFdj133py54w/O2Gw== X-Authority-Analysis: v=2.4 cv=bsBBxUai c=1 sm=1 tr=0 ts=69735ed2 cx=c_pps a=5BHTudwdYE3Te8bg5FgnPg==:117 a=5BHTudwdYE3Te8bg5FgnPg==:17 a=vUbySO9Y5rIA:10 a=VkNPw1HP01LnGYTKEx00:22 a=VnNF1IyMAAAA:8 a=x50AcNjeOBEj4zU0MaUA:9 X-Proofpoint-ORIG-GUID: A8h5aA3B7rDZLOTKmzNX4WK7NxkXgaNY X-Proofpoint-GUID: A8h5aA3B7rDZLOTKmzNX4WK7NxkXgaNY X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.20,FMLib:17.12.100.49 definitions=2026-01-23_02,2026-01-22_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 suspectscore=0 phishscore=0 lowpriorityscore=0 bulkscore=0 impostorscore=0 malwarescore=0 clxscore=1015 adultscore=0 spamscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2601150000 definitions=main-2601230092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1769168682014154100 Content-Type: text/plain; charset="utf-8" Support the subfunctions XTS-AES-128 and XTS-AES-256 for the cpacf km instruction. Signed-off-by: Harald Freudenberger --- target/s390x/gen-features.c | 2 + target/s390x/tcg/cpacf.h | 3 + target/s390x/tcg/cpacf_aes.c | 103 +++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 6 ++ 4 files changed, 114 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 1b6a874b90..f9b1a40c7c 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -924,6 +924,8 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KM_AES_128, S390_FEAT_KM_AES_192, S390_FEAT_KM_AES_256, + S390_FEAT_KM_XTS_AES_128, + S390_FEAT_KM_XTS_AES_256, S390_FEAT_KMC_AES_128, S390_FEAT_KMC_AES_192, S390_FEAT_KMC_AES_256, diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index aa39a3c85a..8c1dbee67f 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -28,5 +28,8 @@ int cpacf_aes_ctr(CPUS390XState *env, uintptr_t ra, uint6= 4_t param_addr, uint64_t *ctr_ptr, uint32_t type, uint8_t fc, uint8_t mo= d); int cpacf_aes_pcc(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, uint8_t fc); +int cpacf_aes_xts(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr, uint64_t *src_ptr, uint64_t *src_len, + uint32_t type, uint8_t fc, uint8_t mod); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index 1076322e30..f067939f25 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -346,3 +346,106 @@ int cpacf_aes_pcc(CPUS390XState *env, uintptr_t ra, u= int64_t param_addr, =20 return 0; } + +static void aes_xts_prep_next_tweak(uint8_t tweak[AES_BLOCK_SIZE]) +{ + uint8_t carry; + int i; + + carry =3D tweak[AES_BLOCK_SIZE - 1] >> 7; + + for (i =3D AES_BLOCK_SIZE - 1; i > 0; i--) { + tweak[i] =3D (uint8_t)((tweak[i] << 1) | (tweak[i - 1] >> 7)); + } + + tweak[i] =3D (uint8_t)(tweak[i] << 1); + tweak[i] ^=3D (uint8_t)(0x87 & (uint8_t)(-(int8_t)carry)); +} + +int cpacf_aes_xts(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr, uint64_t *src_ptr, uint64_t *src_len, + uint32_t type, uint8_t fc, uint8_t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + uint8_t buf1[AES_BLOCK_SIZE], buf2[AES_BLOCK_SIZE]; + uint64_t addr, len =3D *src_len, processed =3D 0; + uint8_t key[32], tweak[AES_BLOCK_SIZE]; + int i, keysize, data_reg_len =3D 64; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KM); + + switch (fc) { + case 0x32: /* CPACF_KM_XTS_128 */ + keysize =3D 16; + break; + case 0x34: /* CPACF_KM_XTS_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + data_reg_len =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + + /* expand key */ + if (mod) { + AES_set_decrypt_key(key, keysize * 8, &exkey); + } else { + AES_set_encrypt_key(key, keysize * 8, &exkey); + } + + /* fetch tweak from param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + tweak[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + /* fetch one AES block into buf1 */ + aes_read_block(env, *src_ptr + processed, buf1, ra); + /* buf1 xor tweak =3D> buf2 */ + aes_xor(buf1, tweak, buf2); + if (mod) { + /* decrypt buf2 =3D> buf1 */ + AES_decrypt(buf2, buf1, &exkey); + } else { + /* encrypt buf2 =3D> buf1 */ + AES_encrypt(buf2, buf1, &exkey); + } + /* buf1 xor tweak =3D> buf2 */ + aes_xor(buf1, tweak, buf2); + /* prep tweak for next round */ + aes_xts_prep_next_tweak(tweak); + /* write out this processed block from buf2 */ + aes_write_block(env, *dst_ptr + processed, buf2, ra); + len -=3D AES_BLOCK_SIZE, processed +=3D AES_BLOCK_SIZE; + } + + /* update tweak in param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + cpu_stb_data_ra(env, addr, tweak[i], ra); + } + + *src_ptr =3D deposit64(*src_ptr, 0, data_reg_len, *src_ptr + processed= ); + *dst_ptr =3D deposit64(*dst_ptr, 0, data_reg_len, *dst_ptr + processed= ); + *src_len -=3D processed; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index a7f4e135e1..7129b38703 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -101,6 +101,12 @@ static int cpacf_km(CPUS390XState *env, uintptr_t ra, = uint32_t r1, &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], S390_FEAT_TYPE_KM, fc, mod); break; + case 0x32: /* CPACF_KM_XTS_128 */ + case 0x34: /* CPACF_KM_XTS_256 */ + rc =3D cpacf_aes_xts(env, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], + S390_FEAT_TYPE_KM, fc, mod); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Sun Jan 25 10:13:58 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1769168687; cv=none; d=zohomail.com; s=zohoarc; b=bnQFV4SKOaVk9X8J0otaB5Z6VBiPCB02Irjf3FruCImtGiiPjN527ksLJMrQKAOOvLooCBmWIsG2yZ+Sh90X6zUJpCa4S28otyLdWNUG+RWLpdTUkNMXljMxeodtKTtEGbZaORkhP431B5Z4bg0o6Br/IMTCgRPlGP87BIuVBl4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1769168687; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=+45PfIQxU+yA/A4fKk21huq2ZUvMzyEEFJMyqcnn25M=; b=L//bC75oJsP1/BKgR3VYuhu7OaC669gtfZC4Q0s653LyuAgKheY0/PjJBYMLv6L6Fd8IrthwBOEJ9GRAj/zpjtfvBSFHyrg2eDDVv1RDX7HvpYbetPOJ3t3NJPk9Hhc0J/yBUuVj32qZ8GdWoK8+43nc7Ic809hTx3+R9RpslWE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1769168687722309.40463283086024; Fri, 23 Jan 2026 03:44:47 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vjFaX-0005VU-TB; Fri, 23 Jan 2026 06:44:30 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjFZQ-000500-35; Fri, 23 Jan 2026 06:43:21 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjFZN-0006xs-Ns; Fri, 23 Jan 2026 06:43:19 -0500 Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 60MNkBr2022334; Fri, 23 Jan 2026 11:43:15 GMT Received: from ppma22.wdc07v.mail.ibm.com (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4bt612j8ts-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jan 2026 11:43:14 +0000 (GMT) Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1]) by ppma22.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 60NA5KuC016600; Fri, 23 Jan 2026 11:43:14 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4brn4ygxv0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jan 2026 11:43:14 +0000 Received: from smtpav03.fra02v.mail.ibm.com (smtpav03.fra02v.mail.ibm.com [10.20.54.102]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 60NBh9Iu14680574 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 23 Jan 2026 11:43:10 GMT Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C5C942004E; Fri, 23 Jan 2026 11:43:09 +0000 (GMT) Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B6FCB2004B; Fri, 23 Jan 2026 11:43:09 +0000 (GMT) Received: from funtu2.ibm.com (unknown [9.111.163.22]) by smtpav03.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 23 Jan 2026 11:43:09 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=+45PfIQxU+yA/A4fK k21huq2ZUvMzyEEFJMyqcnn25M=; b=a7j4ShTwJoXSbE6VzYvfP5sBxY8uAZeQY nhyZSfVKrRqmWdRRrP/zlGSZlyCAx7msuLXRy3v0mjY6aRdl/s/U1etf/CeZdejB Uln7CyTbR8RpTt9LRdn07sPdV6VPO1jIq+pfVnNH6INWDhCq606xkK3hSfqhCiCX hGQelzqKYXaDXloXqaBTgxrpRkDOY8vPDL5CGCaYQrdr1TyLiLhdJ3QW1pM5aNcm 546o4sVgrKZlOgVrpa1LzaiekwDek34p3Utg6gzGAddHOsy79cJO9wDY8H5PvYvI w1yZm1hsWVp6h0ctcTwSu9uIJfLvRCA04GhQ+xr1Bjzg0KPihR3gA== From: Harald Freudenberger To: pbonzini@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, borntraeger@linux.ibm.com, frankja@linux.ibm.com Subject: [PATCH v3 09/14] target/s390x: Support pckmo encrypt AES subfunctions Date: Fri, 23 Jan 2026 12:43:03 +0100 Message-ID: <20260123114308.19401-10-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260123114308.19401-1-freude@linux.ibm.com> References: <20260123114308.19401-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: K9rJwT6rDVChHi3DZKddXOK1RkCn99RK X-Authority-Analysis: v=2.4 cv=LaIxKzfi c=1 sm=1 tr=0 ts=69735ed2 cx=c_pps a=5BHTudwdYE3Te8bg5FgnPg==:117 a=5BHTudwdYE3Te8bg5FgnPg==:17 a=vUbySO9Y5rIA:10 a=VkNPw1HP01LnGYTKEx00:22 a=VnNF1IyMAAAA:8 a=Z4AAViVgUL_E5abT2tgA:9 X-Proofpoint-ORIG-GUID: K9rJwT6rDVChHi3DZKddXOK1RkCn99RK X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMTIzMDA5MiBTYWx0ZWRfX+Q6HKzYm+aak uD0LQZewp8ACHLtO5ekA9jgDW+nj0PUKg1b9PwjOLx2EKL62GArI4AtoViAtx1C9PPJIYJg2kFr 4mzi24VSDUdCsWyE7knC6dar5lblX0avplbj9yzw+Z5jYQ6b1gaT2kJNfpylCBUizjL3kiWmto3 Iw94EjMpLprHeZ1FF85rZixDYaY0OEHPlr8i3WOrQOcjtFlFwexf0KgBarWZOfFnyG6mFMv7xbc W5VbH6bm8CZHiOnMh5DiSYv+a4HnRHM+g7IxTIT8g1wfiuyn0E+OcsStxaDFA3uFlo8GzrLDWcK 5N6JX27SH/E85pP4nxubAfNmG2OICu3sLub77W+gWeoJfq8eIMotdv/tLZsJfLbuGXKTO2xZd3y GWnU6FtJ7tqOFS5xPOZyRwdVRUTKD5MRuD/aFop8BY15yiCndPzuLWmSU79l9nR0T/005c3mVKt Sx79MnGKJIeep/GgAkg== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.20,FMLib:17.12.100.49 definitions=2026-01-23_02,2026-01-22_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 adultscore=0 phishscore=0 priorityscore=1501 lowpriorityscore=0 suspectscore=0 clxscore=1015 impostorscore=0 spamscore=0 malwarescore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2601150000 definitions=main-2601230092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1769168689964154100 Content-Type: text/plain; charset="utf-8" Support the subfuctions PCKMO-Encrypt-AES-128-Key, PCKMO-Encrypt-AES-192-Key and PCKMO-Encrypt-AES-256-Key. These subfunctions derive a protected key from an AES clear key by encrypting it with an internal AES wrapping key. More details can be found in the "z/Architecture Prinziples of Operation" document. The qemu version provided here is only a fake indented to make protected key available for developing and testing purpose: * The protected key is 'derived' from the clear key by xoring the fixed pattern 0xAAAA... onto the key value. * The AES Wrapping Key Verification Pattern is a fixed value of 32 bytes 0xFACEFACE... Signed-off-by: Harald Freudenberger --- target/s390x/gen-features.c | 3 ++ target/s390x/tcg/cpacf.h | 2 + target/s390x/tcg/cpacf_aes.c | 65 ++++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 20 ++++++++++ 4 files changed, 90 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index f9b1a40c7c..d3e69aaca6 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -934,6 +934,9 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KMCTR_AES_256, S390_FEAT_PCC_XTS_AES_128, S390_FEAT_PCC_XTS_AES_256, + S390_FEAT_PCKMO_AES_128, + S390_FEAT_PCKMO_AES_192, + S390_FEAT_PCKMO_AES_256, }; =20 /****** END FEATURE DEFS ******/ diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 8c1dbee67f..2617cbed80 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -31,5 +31,7 @@ int cpacf_aes_pcc(CPUS390XState *env, uintptr_t ra, uint6= 4_t param_addr, int cpacf_aes_xts(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, uint64_t *dst_ptr, uint64_t *src_ptr, uint64_t *src_len, uint32_t type, uint8_t fc, uint8_t mod); +int cpacf_aes_pckmo(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint8_t fc); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index f067939f25..a53ef93635 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -449,3 +449,68 @@ int cpacf_aes_xts(CPUS390XState *env, uintptr_t ra, ui= nt64_t param_addr, =20 return !len ? 0 : 3; } + +/* + * Hard coded pattern xored with the AES clear key + * to 'produce' the protected key. + */ +static const uint8_t protkey_xor_pattern[32] =3D { + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA }; + +/* + * Hard coded wkvp ("Wrapping Key Verification Pattern") + */ +static const uint8_t protkey_wkvp[32] =3D { + 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E, + 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E, + 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E, + 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E }; + +int cpacf_aes_pckmo(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint8_t fc) +{ + uint8_t key[32]; + int keysize, i; + uint64_t addr; + + switch (fc) { + case 0x12: /* CPACF_PCKMO_ENC_AES_128_KEY */ + keysize =3D 16; + break; + case 0x13: /* CPACF_PCKMO_ENC_AES_192_KEY */ + keysize =3D 24; + break; + case 0x14: /* CPACF_PCKMO_ENC_AES_256_KEY */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + /* fetch key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + + /* 'derive' the protected key */ + for (i =3D 0; i < keysize; i++) { + key[i] ^=3D protkey_xor_pattern[i]; + } + + /* store the protected key into param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + cpu_stb_data_ra(env, addr, key[i], ra); + } + /* followed by the fake wkvp */ + for (i =3D 0; i < sizeof(protkey_wkvp); i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + cpu_stb_data_ra(env, addr, protkey_wkvp[i], ra); + } + + return 0; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 7129b38703..8d1070ec89 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -187,6 +187,23 @@ static int cpacf_pcc(CPUS390XState *env, uintptr_t ra,= uint8_t fc) return rc; } =20 +static int cpacf_pckmo(CPUS390XState *env, uintptr_t ra, uint8_t fc) +{ + int rc =3D 0; + + switch (fc) { + case 0x12: /* CPACF_PCKMO_ENC_AES_128_KEY */ + case 0x13: /* CPACF_PCKMO_ENC_AES_192_KEY */ + case 0x14: /* CPACF_PCKMO_ENC_AES_256_KEY */ + rc =3D cpacf_aes_pckmo(env, ra, env->regs[1], fc); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, uint32_t r2, uint32_= t r3, uint32_t type) { @@ -246,6 +263,9 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, u= int32_t r2, uint32_t r3, case S390_FEAT_TYPE_PCC: rc =3D cpacf_pcc(env, ra, fc); break; + case S390_FEAT_TYPE_PCKMO: + rc =3D cpacf_pckmo(env, ra, fc); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Sun Jan 25 10:13:58 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1769168694; cv=none; d=zohomail.com; s=zohoarc; b=KdW5s0bAjDxUtBacSuZDOJkw6WXCgK68Y0XZ97KQ4nyNCxRR2kZ1y5aOJ0LEeFZLpAJ28G5nRtRtkVEEji2cUF5c1OjD5FWKCWsnpqqcZrzbHxPwukjFzRN9mphc9k36msEELxyveqfMfVvX5OksRol3AdP79Xy0LbxX6MfNb/s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1769168694; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=EDP61jLmK1jNqZRzEgQ2zLehGOZdosVN9H0FTuCW5EY=; b=j1CKhs56q5F41VLeUjI8OVXZLu7a7ffjiLbkl5UCJ01mZXpEe8GNiF6mS//RpjaL+gRjKTOOFgWHbUUn1Xtgun1o/G0uoDj/t0Zyhg/rweYiuX6frZKZpmtRg5zcHp9cniH4aMzjGjF2LJIvEkAUojKS9kO1U1RkvxXkjKLnXGg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1769168694731588.5037387472339; Fri, 23 Jan 2026 03:44:54 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vjFab-0005Zt-44; Fri, 23 Jan 2026 06:44:33 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjFZV-00050y-6a; Fri, 23 Jan 2026 06:43:32 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjFZN-0006yG-U7; Fri, 23 Jan 2026 06:43:22 -0500 Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 60N1pUvd019631; Fri, 23 Jan 2026 11:43:15 GMT Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4br256fn3t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jan 2026 11:43:15 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 60NB6gVC009265; Fri, 23 Jan 2026 11:43:14 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4brp8krrjn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jan 2026 11:43:14 +0000 Received: from smtpav03.fra02v.mail.ibm.com (smtpav03.fra02v.mail.ibm.com [10.20.54.102]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 60NBhAdl36241896 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 23 Jan 2026 11:43:10 GMT Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E02492004D; Fri, 23 Jan 2026 11:43:09 +0000 (GMT) Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D34D720043; Fri, 23 Jan 2026 11:43:09 +0000 (GMT) Received: from funtu2.ibm.com (unknown [9.111.163.22]) by smtpav03.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 23 Jan 2026 11:43:09 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=EDP61jLmK1jNqZRzE gQ2zLehGOZdosVN9H0FTuCW5EY=; b=JA2e3BDZL3wvk4bI+HVESkwUBzz08nyiM MdtnbmtpPjYtZ8/QKIvqDcouxsB8AXxkY4SVQlCMNwbAh6W3lfXmefvdHsmtJN23 WBrkKWzjHJ2ygb6tmn1I40Qx3CWJeNWqe05v22jCptN5IIkqgBlMxfJJxwSdFA9m 5SZufgWzKHXyfB5Lt02x0UHhjzoXyg9ab6+a/v0JK0m8Lt6k48WSbtMybEtIbfrQ nvgVbKY06oSBAJ2wmVeoruKigDh/46J/lDNDR3iUn4vrDTmreExfVgn3c8rPZzZe 3xGa9BGVzAZifIB5Rc1npVOsgRwAWL71dvH2+5l3skLpntCGVWxsQ== From: Harald Freudenberger To: pbonzini@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, borntraeger@linux.ibm.com, frankja@linux.ibm.com Subject: [PATCH v3 10/14] target/s390x: Support protected key AES ECB for cpacf km instruction Date: Fri, 23 Jan 2026 12:43:04 +0100 Message-ID: <20260123114308.19401-11-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260123114308.19401-1-freude@linux.ibm.com> References: <20260123114308.19401-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMTIzMDA5MiBTYWx0ZWRfX+wriZhwrufOe wUmVdk5SCFmexVCu/IH+G4/mkx7KSfwMwyIJEWQpR8XrxClc939BoDlIm25Ljd/bwCfqaIRLwUv d2dHppv7HTs4IjU/Y1HxTUSEkhON8v2Hbb4/lHA9DgtYZjAge9ghqhH2SCdYTyv+qRvVTtNLBgm WQBhEzSLZef97ImPx2udSJGWT/d4pv06qKNjxs35469JNVJci5U0lXo/11dQuh13bTZBcQjh1ut zkeGgnbDLmpFLafHm3D6bwaDUaKqqjMx0J+aZ0vWB1QKmlpcPCCF5M4sqpM+FtVxDqP72okKmTY FHzECxODxUe5zLT/vxhb4sfAg0KapvLtGBCzgOJaNvFwh10yhOkmfGKrrMGY7lyhkUSSheOm8i7 Yp24/8xYj20k5vXTU7+zZP6ZLwE6DqUf3TfF/dfJRA0eUxaiVgH0oO63C4ywXpPChyKlcNmYLpL 3XZlb/fNyYuSIZfEBzA== X-Authority-Analysis: v=2.4 cv=BpSQAIX5 c=1 sm=1 tr=0 ts=69735ed3 cx=c_pps a=3Bg1Hr4SwmMryq2xdFQyZA==:117 a=3Bg1Hr4SwmMryq2xdFQyZA==:17 a=vUbySO9Y5rIA:10 a=VkNPw1HP01LnGYTKEx00:22 a=VnNF1IyMAAAA:8 a=kMBD09bGjcw6kBLitfwA:9 X-Proofpoint-GUID: CWK2uuJF-oKLwFd9dWflbm9HQHNfVP8k X-Proofpoint-ORIG-GUID: CWK2uuJF-oKLwFd9dWflbm9HQHNfVP8k X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.20,FMLib:17.12.100.49 definitions=2026-01-23_02,2026-01-22_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 bulkscore=0 clxscore=1015 adultscore=0 phishscore=0 malwarescore=0 impostorscore=0 suspectscore=0 priorityscore=1501 lowpriorityscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2601150000 definitions=main-2601230092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=freude@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1769168696222154100 Content-Type: text/plain; charset="utf-8" Support the subfunctions CPACF_KM_PAES_128, CPACF_KM_PAES_192 and CPACF_KM_PAES_256 for the cpacf km instruction. Signed-off-by: Harald Freudenberger --- target/s390x/gen-features.c | 3 ++ target/s390x/tcg/cpacf.h | 3 ++ target/s390x/tcg/cpacf_aes.c | 83 ++++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 7 +++ 4 files changed, 96 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index d3e69aaca6..71e0e41d6e 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -924,6 +924,9 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KM_AES_128, S390_FEAT_KM_AES_192, S390_FEAT_KM_AES_256, + S390_FEAT_KM_EAES_128, + S390_FEAT_KM_EAES_192, + S390_FEAT_KM_EAES_256, S390_FEAT_KM_XTS_AES_128, S390_FEAT_KM_XTS_AES_256, S390_FEAT_KMC_AES_128, diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 2617cbed80..4c1e0ee58d 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -33,5 +33,8 @@ int cpacf_aes_xts(CPUS390XState *env, uintptr_t ra, uint6= 4_t param_addr, uint32_t type, uint8_t fc, uint8_t mod); int cpacf_aes_pckmo(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, uint8_t fc); +int cpacf_paes_ecb(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr, uint64_t *src_ptr, uint64_t *src_len, + uint32_t type, uint8_t fc, uint8_t mod); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index a53ef93635..6f909e433d 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -514,3 +514,86 @@ int cpacf_aes_pckmo(CPUS390XState *env, uintptr_t ra, = uint64_t param_addr, =20 return 0; } + +int cpacf_paes_ecb(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr, uint64_t *src_ptr, uint64_t *src_len, + uint32_t type, uint8_t fc, uint8_t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; + uint64_t addr, len =3D *src_len, processed =3D 0; + int i, keysize, data_reg_len =3D 64; + uint8_t key[32], wkvp[32]; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KM); + + switch (fc) { + case 0x1a: /* CPACF_KM_PAES_128 */ + keysize =3D 16; + break; + case 0x1b: /* CPACF_KM_PAES_192 */ + keysize =3D 24; + break; + case 0x1c: /* CPACF_KM_PAES_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + data_reg_len =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch and check wkvp from param block */ + for (i =3D 0; i < sizeof(wkvp); i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + wkvp[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + if (memcmp(wkvp, protkey_wkvp, sizeof(wkvp))) { + /* wkvp mismatch -> return with cc 1 */ + return 1; + } + + /* fetch protected key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + /* 'decrypt' the protected key */ + for (i =3D 0; i < keysize; i++) { + key[i] ^=3D protkey_xor_pattern[i]; + } + + /* expand key */ + if (mod) { + AES_set_decrypt_key(key, keysize * 8, &exkey); + } else { + AES_set_encrypt_key(key, keysize * 8, &exkey); + } + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + aes_read_block(env, *src_ptr + processed, in, ra); + if (mod) { + AES_decrypt(in, out, &exkey); + } else { + AES_encrypt(in, out, &exkey); + } + aes_write_block(env, *dst_ptr + processed, out, ra); + len -=3D AES_BLOCK_SIZE, processed +=3D AES_BLOCK_SIZE; + } + + *src_ptr =3D deposit64(*src_ptr, 0, data_reg_len, *src_ptr + processed= ); + *dst_ptr =3D deposit64(*dst_ptr, 0, data_reg_len, *dst_ptr + processed= ); + *src_len -=3D processed; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 8d1070ec89..146f970713 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -101,6 +101,13 @@ static int cpacf_km(CPUS390XState *env, uintptr_t ra, = uint32_t r1, &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], S390_FEAT_TYPE_KM, fc, mod); break; + case 0x1a: /* CPACF_KM_PAES_128 */ + case 0x1b: /* CPACF_KM_PAES_192 */ + case 0x1c: /* CPACF_KM_PAES_256 */ + rc =3D cpacf_paes_ecb(env, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 = + 1], + S390_FEAT_TYPE_KM, fc, mod); + break; case 0x32: /* CPACF_KM_XTS_128 */ case 0x34: /* CPACF_KM_XTS_256 */ rc =3D cpacf_aes_xts(env, ra, env->regs[1], --=20 2.43.0 From nobody Sun Jan 25 10:13:58 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1769168716; cv=none; d=zohomail.com; s=zohoarc; b=mML96BrWxouOs4VSWZT3idQH6o0NiW/+QXGN+rK6lvDlIHJy0eKoXRMxbV/ht+veeVcdvCQb8UoMcHh4B9CLCqBixjFU9lbtunnCAxJmOD5pQp+N+nrqSO369i1T2grzX32MTM+EU7jzfMwov4BX21BQe88JkEJTDPAsCDEapoc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1769168716; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=VNHvC5hsiBdjpBnmbUOvVfNlNC44IsIDahUU2XUrgjo=; b=hsL8hPXIAr2z8bjG4AZTc0U2D0y1fDAUgOMT4KzSIxv1VWfHO7mufcQSskvN2BqkE3Uq1Ze0QGXlhu0v8EQ0p3G1C2jzzcnb4w8zw8KO3Z9KaXT+lpSGCa8ls2/8lVyXM50Cx8mF86nIvAFHcSBgk5HBkJsB8Y9lxhhKl44pOrA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1769168716603721.1530236329544; Fri, 23 Jan 2026 03:45:16 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vjFaf-0005fd-1F; Fri, 23 Jan 2026 06:44:37 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjFZV-00050u-5L; Fri, 23 Jan 2026 06:43:32 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjFZN-0006yP-T3; Fri, 23 Jan 2026 06:43:24 -0500 Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 60N2kIwK028553; Fri, 23 Jan 2026 11:43:16 GMT Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4bt60f38rk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jan 2026 11:43:15 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 60NAnC5G009273; Fri, 23 Jan 2026 11:43:14 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4brp8krrjp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jan 2026 11:43:14 +0000 Received: from smtpav03.fra02v.mail.ibm.com (smtpav03.fra02v.mail.ibm.com [10.20.54.102]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 60NBhA2E46203364 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 23 Jan 2026 11:43:10 GMT Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 069E12004B; Fri, 23 Jan 2026 11:43:10 +0000 (GMT) Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id EDEF020040; Fri, 23 Jan 2026 11:43:09 +0000 (GMT) Received: from funtu2.ibm.com (unknown [9.111.163.22]) by smtpav03.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 23 Jan 2026 11:43:09 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=VNHvC5hsiBdjpBnmb UOvVfNlNC44IsIDahUU2XUrgjo=; b=cuINxmQGzaH7U6fW5ESXYfWGoVRFQMjan VrcdCHQYVqxbX3boQLPuZoA3zsHlDJqd28P+LHQ2gHUSNKEnC+3ckcYybN8kNXUy 4ctyiOYFbmeXwGJ8FrtXFEC+xrCm4evWcqog5Ba/4yvNPQj8jBfiEV9tc8Z/YUM2 iEOSUeliDQmoKt1XXeQ7Mipjmz4jjzZycg9HDGvN/2jxZraCkYfQjx7QdxMX24Ew AepDN2mIwOJGqzi3o706frgTSjWXvYNw2dr0byKF7ERF6YEsFCvOm7DzScHwv6lK 3C/OAqJFB7r7XOVfrSGdDggfCDaATMilW8N2gDc21xoXAHB9Etemw== From: Harald Freudenberger To: pbonzini@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, borntraeger@linux.ibm.com, frankja@linux.ibm.com Subject: [PATCH v3 11/14] target/s390x: Support protected key AES CBC for cpacf kmc instruction Date: Fri, 23 Jan 2026 12:43:05 +0100 Message-ID: <20260123114308.19401-12-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260123114308.19401-1-freude@linux.ibm.com> References: <20260123114308.19401-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=WMdyn3sR c=1 sm=1 tr=0 ts=69735ed3 cx=c_pps a=3Bg1Hr4SwmMryq2xdFQyZA==:117 a=3Bg1Hr4SwmMryq2xdFQyZA==:17 a=vUbySO9Y5rIA:10 a=VkNPw1HP01LnGYTKEx00:22 a=VnNF1IyMAAAA:8 a=1XR5bUzyU_lZOmb26nMA:9 X-Proofpoint-GUID: 0dsbrmohyMTW8dt26eea_WSL4t7XZUh2 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMTIzMDA5MiBTYWx0ZWRfX4KJsrsyQF0qr +lPK5Yr1Z1BUz7t4XmNuqz9q1KVEvYq5q8QIIyooqhpczcSA2P08gbaofcQlUHZHc70cKTCCH6n 3CUlAVS7SDSAYkaJBzDe11KefstGysFyprq4z4VZ42fUf9407K0cWbMSfFDoXkDU3wY9hTZaLr8 uEEYBYBuzl48AvxlnwoEB6208Z2Y31rqBvy/M0AoaPZzeJqnlwzFH53+bEnQOonShzv++wqOYqQ L1S0q5/x8d9kS/7Zt5Rw2he8nF0SjJUsjSZVGytsfXckCf2D+Dwb6dSgHbNYzdMHJVbFUk1V1rf WwfdYHzH4yoMydzaMp9/HfaOCzToA2MwnmENf/rKih1Qqj01dQjazmeAmNZAKCJbM4pf6aOCLXS PvMYtr0yjL2vluB9cFsizZotg/J/c6tHIjBdHMnoVCtcH4yz2UORdwQKBcZIoHUht46otOxYmb8 BQoPG2llRcXmTfppG0g== X-Proofpoint-ORIG-GUID: 0dsbrmohyMTW8dt26eea_WSL4t7XZUh2 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.20,FMLib:17.12.100.49 definitions=2026-01-23_02,2026-01-22_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 malwarescore=0 suspectscore=0 bulkscore=0 adultscore=0 impostorscore=0 spamscore=0 clxscore=1015 priorityscore=1501 lowpriorityscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2601150000 definitions=main-2601230092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=freude@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1769168718739158500 Content-Type: text/plain; charset="utf-8" Support the subfunctions CPACF_KMC_PAES_128, CPACF_KMC_PAES_192 and CPACF_KMC_PAES_256 for the cpacf kmc instruction. Signed-off-by: Harald Freudenberger --- target/s390x/gen-features.c | 3 + target/s390x/tcg/cpacf.h | 3 + target/s390x/tcg/cpacf_aes.c | 105 +++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 7 +++ 4 files changed, 118 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 71e0e41d6e..074c53aecd 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -932,6 +932,9 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KMC_AES_128, S390_FEAT_KMC_AES_192, S390_FEAT_KMC_AES_256, + S390_FEAT_KMC_EAES_128, + S390_FEAT_KMC_EAES_192, + S390_FEAT_KMC_EAES_256, S390_FEAT_KMCTR_AES_128, S390_FEAT_KMCTR_AES_192, S390_FEAT_KMCTR_AES_256, diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 4c1e0ee58d..920c1f50fb 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -36,5 +36,8 @@ int cpacf_aes_pckmo(CPUS390XState *env, uintptr_t ra, uin= t64_t param_addr, int cpacf_paes_ecb(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, uint64_t *dst_ptr, uint64_t *src_ptr, uint64_t *src_len, uint32_t type, uint8_t fc, uint8_t mod); +int cpacf_paes_cbc(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr, uint64_t *src_ptr, uint64_t *src_len, + uint32_t type, uint8_t fc, uint8_t mod); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index 6f909e433d..c0edc57572 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -597,3 +597,108 @@ int cpacf_paes_ecb(CPUS390XState *env, uintptr_t ra, = uint64_t param_addr, =20 return !len ? 0 : 3; } + +int cpacf_paes_cbc(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr, uint64_t *src_ptr, uint64_t *src_len, + uint32_t type, uint8_t fc, uint8_t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + uint8_t key[32], wkvp[32], iv[AES_BLOCK_SIZE]; + uint64_t addr, len =3D *src_len, processed =3D 0; + int i, keysize, data_reg_len =3D 64; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KMC); + + switch (fc) { + case 0x1a: /* CPACF_KMC_PAES_128 */ + keysize =3D 16; + break; + case 0x1b: /* CPACF_KMC_PAES_192 */ + keysize =3D 24; + break; + case 0x1c: /* CPACF_KMC_PAES_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + data_reg_len =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch and check wkvp from param block */ + for (i =3D 0; i < sizeof(wkvp); i++) { + addr =3D wrap_address(env, param_addr + AES_BLOCK_SIZE + keysize += i); + wkvp[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + if (memcmp(wkvp, protkey_wkvp, sizeof(wkvp))) { + /* wkvp mismatch -> return with cc 1 */ + return 1; + } + + /* fetch iv from param blick */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + i); + iv[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + + /* fetch protected key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + AES_BLOCK_SIZE + i); + key[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + /* 'decrypt' the protected key */ + for (i =3D 0; i < keysize; i++) { + key[i] ^=3D protkey_xor_pattern[i]; + } + + /* expand key */ + if (mod) { + AES_set_decrypt_key(key, keysize * 8, &exkey); + } else { + AES_set_encrypt_key(key, keysize * 8, &exkey); + } + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + aes_read_block(env, *src_ptr + processed, in, ra); + if (mod) { + /* decrypt in =3D> buf */ + AES_decrypt(in, buf, &exkey); + /* buf xor iv =3D> out */ + aes_xor(buf, iv, out); + /* prep iv for next round */ + memcpy(iv, in, AES_BLOCK_SIZE); + } else { + /* in xor iv =3D> buf */ + aes_xor(in, iv, buf); + /* encrypt buf =3D> out */ + AES_encrypt(buf, out, &exkey); + /* prep iv for next round */ + memcpy(iv, out, AES_BLOCK_SIZE); + } + aes_write_block(env, *dst_ptr + processed, out, ra); + len -=3D AES_BLOCK_SIZE, processed +=3D AES_BLOCK_SIZE; + } + + /* update iv in param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + i); + cpu_stb_data_ra(env, addr, iv[i], ra); + } + + *src_ptr =3D deposit64(*src_ptr, 0, data_reg_len, *src_ptr + processed= ); + *dst_ptr =3D deposit64(*dst_ptr, 0, data_reg_len, *dst_ptr + processed= ); + *src_len -=3D processed; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 146f970713..a69f4edf74 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -134,6 +134,13 @@ static int cpacf_kmc(CPUS390XState *env, uintptr_t ra,= uint32_t r1, &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], S390_FEAT_TYPE_KMC, fc, mod); break; + case 0x1a: /* CPACF_KMC_PAES_128 */ + case 0x1b: /* CPACF_KMC_PAES_192 */ + case 0x1c: /* CPACF_KMC_PAES_256 */ + rc =3D cpacf_paes_cbc(env, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 = + 1], + S390_FEAT_TYPE_KMC, fc, mod); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Sun Jan 25 10:13:58 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1769168681; cv=none; d=zohomail.com; s=zohoarc; b=Tv/03pAfWKOUYIc0Dmop22W+dJFtSgJIEO3BmCYiZ31CtpeYU4BZKhB3DE3RTji5DN6x4mp9pagJUkeHaUBQpPvvPmPWYxnxJlpuWvvPQYvbMSv4l1LmPCyHeTpsOR8r/PPpJRbuujoSSjF/ycM+/lKuJl4IrIibVgMWSUxLmXI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1769168681; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=5xuTPXIa+1B5CVDVGTFhYpG+nvsBAWpL23KODpPcoKk=; b=L85DqQXOaGsjOJe7N4EWfJ+KidQKvltYxS6Gj1yB6wOcvD86hIwTglKJZMJrK8pzhi8LToHs6smmhFxqJTF+Q0eVVBpRrFETHL6T5qU+dI44gW8owDVWTdrXNOQjrm8KV87a1br7o1zZxQGSxppvEKFdFwaPIH+xt6Y81ZoE6q0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1769168681549711.6243869888425; Fri, 23 Jan 2026 03:44:41 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vjFaf-0005ff-Ly; Fri, 23 Jan 2026 06:44:37 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjFZV-00050x-6R; Fri, 23 Jan 2026 06:43:32 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjFZN-0006xi-TT; Fri, 23 Jan 2026 06:43:22 -0500 Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 60NBgHRn007756; Fri, 23 Jan 2026 11:43:14 GMT Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4bqyukp397-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jan 2026 11:43:14 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 60NB026V001404; Fri, 23 Jan 2026 11:43:13 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 4brpyk8m1k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jan 2026 11:43:13 +0000 Received: from smtpav03.fra02v.mail.ibm.com (smtpav03.fra02v.mail.ibm.com [10.20.54.102]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 60NBhAw646203366 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 23 Jan 2026 11:43:10 GMT Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2E76C20040; Fri, 23 Jan 2026 11:43:10 +0000 (GMT) Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 16E7E20043; Fri, 23 Jan 2026 11:43:10 +0000 (GMT) Received: from funtu2.ibm.com (unknown [9.111.163.22]) by smtpav03.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 23 Jan 2026 11:43:10 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=5xuTPXIa+1B5CVDVG TFhYpG+nvsBAWpL23KODpPcoKk=; b=LivszraxKDX6zl4PT83vDMokB3lkZg4DI IhEZ6tJbjO55INsYyMbQfC5QlS4GuDCF3UjMneLcR4DU+SMbkGhLhOwssYMQQOaK FPC0PfAYILMqC6xMLJmhOLeeU5HS5XnnVD5M3e78WRVscP62qVMbylNC3UtgN1h5 JEIhMQ+LI03rkM99Ts6mqk6xWz2Bl5BBx7xSiK7VvVIJVLsy4n5TNUxos2EpzAdM 3VLDwk9hN3Om6XRYPxp5GFn32oppE5bgUJ7C1eliiC4yseXh7YnnSKFk89YCkW2c hPcwcNDa3hXMUGUMQPNns5+ocFKihARXjVeZyewyYjwoHfnJ1Dh4Q== From: Harald Freudenberger To: pbonzini@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, borntraeger@linux.ibm.com, frankja@linux.ibm.com Subject: [PATCH v3 12/14] target/s390x: Support protected key AES CTR for cpacf kmctr instruction Date: Fri, 23 Jan 2026 12:43:06 +0100 Message-ID: <20260123114308.19401-13-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260123114308.19401-1-freude@linux.ibm.com> References: <20260123114308.19401-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMTIzMDA5MiBTYWx0ZWRfXwXTrKsQjfgQq Ri3aT21yxNnnYcZwbKCC+3PEVurx5w7up/aAiLRNP0ahOLzOnTiTW317bxKchQhRrkMltRBYNCA fD+/YhF8MV9p29YetK1XGPf67Cn2BsnX6nwCs7+JV3fqCfB5KyjxY/aY/kFKTm5dILLCNeWGGBQ cv6gX71QqYMPSmZvZb/w3xV/4RaKn3NlkmdMyVdEmuSKDlvcjXUJO+0kCAqNJYyIeTT+JdO3Tu+ 7IK6Yx4mrLYC7LDDz0KB6a66LTLM/Wh0tnxgQhLWFbd8qxZ5y843EO9ji6yNDeVqTypRpS5jaxS rxMoG4W3rPC2KsU4bU2cwYO8pOcpRiG4XSOUblab9gCERbIasCRavkOvPnYRrubAHwPgp6FXCyx PoGmzzmXKazrgqVHuBI/69qYK6i58ODVB/vCPpVbXSxkUbgJdyMGYDLzviM+HjS4wjNJVE8KUUQ hzBEIBGloj8jpCtezhw== X-Authority-Analysis: v=2.4 cv=bsBBxUai c=1 sm=1 tr=0 ts=69735ed2 cx=c_pps a=AfN7/Ok6k8XGzOShvHwTGQ==:117 a=AfN7/Ok6k8XGzOShvHwTGQ==:17 a=vUbySO9Y5rIA:10 a=VkNPw1HP01LnGYTKEx00:22 a=VnNF1IyMAAAA:8 a=Ff2AzlR8v_7kNCG2J78A:9 X-Proofpoint-ORIG-GUID: BMKNfvzrVu7XGBljP1XXeOwzS5SCb5cU X-Proofpoint-GUID: BMKNfvzrVu7XGBljP1XXeOwzS5SCb5cU X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.20,FMLib:17.12.100.49 definitions=2026-01-23_02,2026-01-22_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 suspectscore=0 phishscore=0 lowpriorityscore=0 bulkscore=0 impostorscore=0 malwarescore=0 clxscore=1015 adultscore=0 spamscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2601150000 definitions=main-2601230092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1769168682759158500 Content-Type: text/plain; charset="utf-8" Support the subfunctions CPACF_KMCTR_PAES_128, CPACF_KMCTR_PAES_192 and CPACF_KMCTR_PAES_256 for the cpacf kmctr instruction. Signed-off-by: Harald Freudenberger --- target/s390x/gen-features.c | 3 ++ target/s390x/tcg/cpacf.h | 3 ++ target/s390x/tcg/cpacf_aes.c | 84 ++++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 7 +++ 4 files changed, 97 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 074c53aecd..4a131dc191 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -938,6 +938,9 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KMCTR_AES_128, S390_FEAT_KMCTR_AES_192, S390_FEAT_KMCTR_AES_256, + S390_FEAT_KMCTR_EAES_128, + S390_FEAT_KMCTR_EAES_192, + S390_FEAT_KMCTR_EAES_256, S390_FEAT_PCC_XTS_AES_128, S390_FEAT_PCC_XTS_AES_256, S390_FEAT_PCKMO_AES_128, diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 920c1f50fb..35518aef4b 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -39,5 +39,8 @@ int cpacf_paes_ecb(CPUS390XState *env, uintptr_t ra, uint= 64_t param_addr, int cpacf_paes_cbc(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, uint64_t *dst_ptr, uint64_t *src_ptr, uint64_t *src_len, uint32_t type, uint8_t fc, uint8_t mod); +int cpacf_paes_ctr(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr, uint64_t *src_ptr, uint64_t *src_len, + uint64_t *ctr_ptr, uint32_t type, uint8_t fc, uint8_t m= od); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index c0edc57572..78af0ce8d5 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -702,3 +702,87 @@ int cpacf_paes_cbc(CPUS390XState *env, uintptr_t ra, u= int64_t param_addr, =20 return !len ? 0 : 3; } + +int cpacf_paes_ctr(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr, uint64_t *src_ptr, uint64_t *src_len, + uint64_t *ctr_ptr, uint32_t type, uint8_t fc, uint8_t m= od) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + uint8_t ctr[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; + uint64_t addr, len =3D *src_len, processed =3D 0; + int i, keysize, data_reg_len =3D 64; + uint8_t key[32], wkvp[32]; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KMCTR); + + switch (fc) { + case 0x1a: /* CPACF_KMCTR_PAES_128 */ + keysize =3D 16; + break; + case 0x1b: /* CPACF_KMCTR_PAES_192 */ + keysize =3D 24; + break; + case 0x1c: /* CPACF_KMCTR_PAES_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + data_reg_len =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch and check wkvp from param block */ + for (i =3D 0; i < sizeof(wkvp); i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + wkvp[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + if (memcmp(wkvp, protkey_wkvp, sizeof(wkvp))) { + /* wkvp mismatch -> return with cc 1 */ + return 1; + } + + /* fetch protected key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + /* 'decrypt' the protected key */ + for (i =3D 0; i < keysize; i++) { + key[i] ^=3D protkey_xor_pattern[i]; + } + + /* expand key */ + AES_set_encrypt_key(key, keysize * 8, &exkey); + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + /* read in nonce/ctr =3D> ctr */ + aes_read_block(env, *ctr_ptr + processed, ctr, ra); + /* encrypt ctr =3D> buf */ + AES_encrypt(ctr, buf, &exkey); + /* read in one block of input data =3D> in */ + aes_read_block(env, *src_ptr + processed, in, ra); + /* exor input data with encrypted ctr =3D> out */ + aes_xor(in, buf, out); + /* write out the processed block */ + aes_write_block(env, *dst_ptr + processed, out, ra); + len -=3D AES_BLOCK_SIZE, processed +=3D AES_BLOCK_SIZE; + } + + *src_ptr =3D deposit64(*src_ptr, 0, data_reg_len, *src_ptr + processed= ); + *dst_ptr =3D deposit64(*dst_ptr, 0, data_reg_len, *dst_ptr + processed= ); + *ctr_ptr =3D deposit64(*ctr_ptr, 0, data_reg_len, *ctr_ptr + processed= ); + *src_len -=3D processed; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index a69f4edf74..2791e69f84 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -161,6 +161,13 @@ static int cpacf_kmctr(CPUS390XState *env, uintptr_t r= a, uint32_t r1, &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], &env->regs[r3], S390_FEAT_TYPE_KMCTR, fc, mod); break; + case 0x1a: /* CPACF_KMCTR_PAES_128 */ + case 0x1b: /* CPACF_KMCTR_PAES_192 */ + case 0x1c: /* CPACF_KMCTR_PAES_256 */ + rc =3D cpacf_paes_ctr(env, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 = + 1], + &env->regs[r3], S390_FEAT_TYPE_KMCTR, fc, mod); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Sun Jan 25 10:13:58 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1769168720; cv=none; d=zohomail.com; s=zohoarc; b=NitjSnMUOgHokgxdW+Li+iFp8GGhXASnAv5C703K8ee0yC8xcOx3hTnTwTb7vxl3tlXvJBw9B3oazZh1Rw/nZoNqvDgeQqf4ouFYtPk0T/3K3bPH9awdOlWEPfbKRDYz5Fe76BLZ69hrQ/narPZ8zHosi/cnwxFQIRS8yJObSrw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1769168720; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=nPsDdoGjwRfkk3lX18SG4RiW++gIDwyUmJEHk82NR68=; b=awkCOSx88+nzqRGu/lRqT0nwWRvj5hpagDypY8b+hx/luDVZwtwOelViCXtCvBTIvQqCDnYjs0kPDR5hAJzMw/WC24V3OAkjAUUJcOEPlHGjx6AOu2nsX74tmZQ39TN8JSCXM26xeVmrtEz3JpEzNG2ht7Kh0TC8TeCs/SjP2sY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1769168720827203.93887255209074; Fri, 23 Jan 2026 03:45:20 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vjFac-0005b5-2Z; Fri, 23 Jan 2026 06:44:34 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjFZV-00050t-4J; Fri, 23 Jan 2026 06:43:32 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjFZN-0006yB-SO; Fri, 23 Jan 2026 06:43:22 -0500 Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 60N9BJgw028566; Fri, 23 Jan 2026 11:43:15 GMT Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4bt60f38rh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jan 2026 11:43:15 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 60N8Jn5m001171; Fri, 23 Jan 2026 11:43:14 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 4brpyk8m1p-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jan 2026 11:43:14 +0000 Received: from smtpav03.fra02v.mail.ibm.com (smtpav03.fra02v.mail.ibm.com [10.20.54.102]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 60NBhA3u34668932 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 23 Jan 2026 11:43:10 GMT Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 48D4520043; Fri, 23 Jan 2026 11:43:10 +0000 (GMT) Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 326682004D; Fri, 23 Jan 2026 11:43:10 +0000 (GMT) Received: from funtu2.ibm.com (unknown [9.111.163.22]) by smtpav03.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 23 Jan 2026 11:43:10 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=nPsDdoGjwRfkk3lX1 8SG4RiW++gIDwyUmJEHk82NR68=; b=KdAKIP3O0qYb2DZddWBBxB5dI+uFCXwqf WDDWTQDRCQ9EjCsxL7txSfBCkZG2A0eS+VNrQChth4YH/unOb1hiOgn+AEPTIaDB 5epk5fEpow/L8516pH5UvYakHD1VyVD1Y/J39VYg4N1sW4pzvHWIuCH+okFdiMZ0 9n2JDGcu+qO4wNraR9lVTjkMt30cJ43QYbLrBYIGTmOi/UJg2P07agPN6NzzD5Ev zQmkBywGY5Ti217LWuqyfvZfFhaF5Lyp30c5gZxj8lnnGgCsvtkVOM97VvTlYkR2 /28qyyCofwu3OM5siGpYI9GdGInZ2kFhcrrNUGAf97vphqt1Rf7EQ== From: Harald Freudenberger To: pbonzini@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, borntraeger@linux.ibm.com, frankja@linux.ibm.com Subject: [PATCH v3 13/14] target/s390x: Minimal protected key AES XTS support for cpacf pcc instruction Date: Fri, 23 Jan 2026 12:43:07 +0100 Message-ID: <20260123114308.19401-14-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260123114308.19401-1-freude@linux.ibm.com> References: <20260123114308.19401-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=WMdyn3sR c=1 sm=1 tr=0 ts=69735ed3 cx=c_pps a=AfN7/Ok6k8XGzOShvHwTGQ==:117 a=AfN7/Ok6k8XGzOShvHwTGQ==:17 a=vUbySO9Y5rIA:10 a=VkNPw1HP01LnGYTKEx00:22 a=VnNF1IyMAAAA:8 a=k9NNRZQrG_SOijgty3UA:9 X-Proofpoint-GUID: 4dgFsyvtIJ4c-7B82ToejzoUfebm_7Eo X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMTIzMDA5MiBTYWx0ZWRfX+JpXeU/Ge9Aj GAkMYLBeDAALZP6DNZPt1Kqkdz0Xoi3uzNHF559SKTZvzmd4iCL64YU8rrwmi2YWrYtzlSrmic/ hRcNTAIFtWd4Nn5K1v2j+BmupqNaQ6kQB6u87sM/4Ar+onpEHuJ6RHN4JFdTOBT4cq4TApte+PC Uif9TNliC7jIjjLZucL+a5qlzMIDaPWUm2g/kfsMpmFhI/gQR7J9LZP38OOZjD55KnYoOXRulT8 pt5x3SAs4iALEWryj09DpP8Afd6SfGnPc2/HMBRP64SUdxgLtX+G5WDoj5hQTu5s8FMSgkL1M5b NmBmOPZ+D2MEtsRfA6ZV6410KW7E/9j3ZdnKtuXZNZj55bOsjBIcb5CY1t7iCB05aAYKjLB69qk 3TiPY2B4oGV5RRctCeUXr/WyIt8tP7KK7GFUTpz1PB8iw87L0jJabXWStRqQevR8XzlyLM6ZE1A sXro+1VUy4ZdIKxS+0g== X-Proofpoint-ORIG-GUID: 4dgFsyvtIJ4c-7B82ToejzoUfebm_7Eo X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.20,FMLib:17.12.100.49 definitions=2026-01-23_02,2026-01-22_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 malwarescore=0 suspectscore=0 bulkscore=0 adultscore=0 impostorscore=0 spamscore=0 clxscore=1015 priorityscore=1501 lowpriorityscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2601150000 definitions=main-2601230092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=freude@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1769168722860158501 Content-Type: text/plain; charset="utf-8" Support CPACF pcc subfunctions PCC-Compute-XTS-Parameter-Encrypted-AES-128 and PCC-Compute-XTS-Parameter-Encrypted-AES-128 but only for the special case block sequential number is 0. However, this covers the s390 PAES XTS implementation in the Linux kernel. Signed-off-by: Harald Freudenberger --- target/s390x/gen-features.c | 2 + target/s390x/tcg/cpacf.h | 2 + target/s390x/tcg/cpacf_aes.c | 79 ++++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 4 ++ 4 files changed, 87 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 4a131dc191..126bacb281 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -943,6 +943,8 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KMCTR_EAES_256, S390_FEAT_PCC_XTS_AES_128, S390_FEAT_PCC_XTS_AES_256, + S390_FEAT_PCC_XTS_EAES_128, + S390_FEAT_PCC_XTS_EAES_256, S390_FEAT_PCKMO_AES_128, S390_FEAT_PCKMO_AES_192, S390_FEAT_PCKMO_AES_256, diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 35518aef4b..9d0801b217 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -42,5 +42,7 @@ int cpacf_paes_cbc(CPUS390XState *env, uintptr_t ra, uint= 64_t param_addr, int cpacf_paes_ctr(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, uint64_t *dst_ptr, uint64_t *src_ptr, uint64_t *src_len, uint64_t *ctr_ptr, uint32_t type, uint8_t fc, uint8_t m= od); +int cpacf_paes_pcc(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint8_t fc); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index 78af0ce8d5..c4406f4a34 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -786,3 +786,82 @@ int cpacf_paes_ctr(CPUS390XState *env, uintptr_t ra, u= int64_t param_addr, =20 return !len ? 0 : 3; } + +int cpacf_paes_pcc(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint8_t fc) +{ + uint8_t key[32], wkvp[32], tweak[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + int keysize, i; + uint64_t addr; + AES_KEY exkey; + + switch (fc) { + case 0x3a: /* CPACF_PCC compute XTS param Encrypted AES-128 */ + keysize =3D 16; + break; + case 0x3c: /* CPACF PCC compute XTS param Encrypted AES-256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + /* fetch and check wkvp from param block */ + for (i =3D 0; i < sizeof(wkvp); i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + wkvp[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + if (memcmp(wkvp, protkey_wkvp, sizeof(wkvp))) { + /* wkvp mismatch -> return with cc 1 */ + return 1; + } + + /* fetch block sequence nr from param block into buf */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + + sizeof(wkvp) + AES_BLOCK_SIZE + i); + buf[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + + /* is the block sequence nr 0 ? */ + for (i =3D 0; i < AES_BLOCK_SIZE && !buf[i]; i++) { + ; + } + if (i < AES_BLOCK_SIZE) { + /* no, sorry handling of non zero block sequence is not implemente= d */ + cpu_abort(env_cpu(env), + "PCC-compute-XTS-param (encrypted) with non zero block s= eq nr is not implemented\n"); + return 1; + } + + /* fetch protected key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + /* 'decrypt' the protected key */ + for (i =3D 0; i < keysize; i++) { + key[i] ^=3D protkey_xor_pattern[i]; + } + + /* fetch tweak from param block into tweak */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + sizeof(wkvp) + i= ); + tweak[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + + /* expand key */ + AES_set_encrypt_key(key, keysize * 8, &exkey); + + /* encrypt tweak */ + AES_encrypt(tweak, buf, &exkey); + + /* store encrypted tweak into xts parameter field of the param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + + sizeof(wkvp) + 3 * AES_BLOCK_SIZE + i); + cpu_stb_data_ra(env, addr, buf[i], ra); + } + + return 0; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 2791e69f84..3ff8331993 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -201,6 +201,10 @@ static int cpacf_pcc(CPUS390XState *env, uintptr_t ra,= uint8_t fc) case 0x34: /* CPACF PCC compute XTS param AES-256 */ rc =3D cpacf_aes_pcc(env, ra, env->regs[1], fc); break; + case 0x3a: /* CPACF_PCC compute XTS param Encrypted AES-128 */ + case 0x3c: /* CPACF PCC compute XTS param Encrypted AES-256 */ + rc =3D cpacf_paes_pcc(env, ra, env->regs[1], fc); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Sun Jan 25 10:13:58 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1769168687; cv=none; d=zohomail.com; s=zohoarc; b=DmivxIB02uXIGK4K1lLHOyjrJe7M7LCJgh3t2vSsO9bn/xU0HF/Ja+5JkeuPKqsoMUKzpfAyV6kMrRqhu2pUdszzdyA4albcJJDh01AqVJHPRpNKgoLH0V0TnsFrRM3ynQee28BRXIXsRz2Vkcj/o7bWmPhaKqGKKq1FfttMHEw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1769168687; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=7liwe3si5AKGhGJgWJIBRhvax/5XDvE8f4CFgTgFO80=; b=m2bIWvjKSiP7y3SF7BYI9Ie8ppDw8DhgPUyG9xGkpfUgGdRzLlDtq+nAhB+wPvdbfR6LbLu3e3zgNIeVjUgjOaG+ZBwwULlzgBt8KQZos/AaR3XSyRJaCoanWZtpHG/fVZrlu9ZqbJe+KYJrYoePe+/WPdi4EWgUNbVy2T1UqXI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1769168687229873.2379223310485; Fri, 23 Jan 2026 03:44:47 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vjFac-0005d1-Vh; Fri, 23 Jan 2026 06:44:35 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjFZV-00050s-3s; Fri, 23 Jan 2026 06:43:32 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vjFZN-0006xz-V1; Fri, 23 Jan 2026 06:43:22 -0500 Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 60N8TCE6022521; Fri, 23 Jan 2026 11:43:15 GMT Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4bt612j8tr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jan 2026 11:43:15 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 60N8q3RJ006427; Fri, 23 Jan 2026 11:43:14 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 4brqf20gd0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jan 2026 11:43:14 +0000 Received: from smtpav03.fra02v.mail.ibm.com (smtpav03.fra02v.mail.ibm.com [10.20.54.102]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 60NBhATg34668934 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 23 Jan 2026 11:43:10 GMT Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 59FB32004F; Fri, 23 Jan 2026 11:43:10 +0000 (GMT) Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4D0972004E; Fri, 23 Jan 2026 11:43:10 +0000 (GMT) Received: from funtu2.ibm.com (unknown [9.111.163.22]) by smtpav03.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 23 Jan 2026 11:43:10 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=7liwe3si5AKGhGJgW JIBRhvax/5XDvE8f4CFgTgFO80=; b=kWWpLl0d5Ir9EBX09/lU8CEjPg9x2xw3W 5rftOQ79pCD/E1jgP9R5t1uDecanK1O/Qhb33J2S+rKEV9KTsrzLgIflB+JnohKN FPVDr5i3oyVR4ZJrmrn1fgINYAtJAhy9waZ6XSP//0+6ZvXzcl3QCDJLAR36zXxu SrCVI+NUw7gi877ZAT539VlXdZOdbVRYgHx3XKN1u5Uk9wjoIoRrW8e4lMc1zG+y 9stkidtSoYxUKk6il069iC4twVabJvY0/a/7jlOpBL85c77VMbBPndIwq7bBbM2i LTwMLGI9ud8Kza/Pcr/GRvx1gFigHxIHAy/sgaImNVYM48Ka+TRgQ== From: Harald Freudenberger To: pbonzini@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, borntraeger@linux.ibm.com, frankja@linux.ibm.com Subject: [PATCH v3 14/14] target/s390x: Support protected key AES XTS for cpacf km instruction Date: Fri, 23 Jan 2026 12:43:08 +0100 Message-ID: <20260123114308.19401-15-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260123114308.19401-1-freude@linux.ibm.com> References: <20260123114308.19401-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: e9UQqAFfktY9HWzAs7LbaTai1jZHuX9q X-Authority-Analysis: v=2.4 cv=LaIxKzfi c=1 sm=1 tr=0 ts=69735ed3 cx=c_pps a=aDMHemPKRhS1OARIsFnwRA==:117 a=aDMHemPKRhS1OARIsFnwRA==:17 a=vUbySO9Y5rIA:10 a=VkNPw1HP01LnGYTKEx00:22 a=VnNF1IyMAAAA:8 a=ub7L66Qb16_Canke32oA:9 X-Proofpoint-ORIG-GUID: e9UQqAFfktY9HWzAs7LbaTai1jZHuX9q X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMTIzMDA5MiBTYWx0ZWRfX8/XmOA6QFNu1 x5g2YkTqUKUMFBrN+lNEe0nSy5MNrnNY/mfQxas1VeI/XyrdQkD6ir3BLtoRJdSeTBhxtWM6LCT EPbv3l9IpnzNwG99fw2lu+SY8KDD5ShWmpvMzYT04S4lovFIcGw8nWPK1fW3GdGs2m8/5+jP9bp oJw8MAFIlRHNrU6JMrHGr51AoMm2jdfuoZzJZoKtnMTU4tk839Sj5dvaVwyqwuyVoYlP2bHP332 +u6d63a80uDavXYuotLbaAhhKL/mxtebXxawP2FyZljqKlu0weISXgE3dclIrYtMt0iXVwbHsdb QwbhhHUyjr1wyFFUNTgXiJ3mS+thmx80HV/yfSP3/Apuco9bIYSFyLUuAnblGMNWgTZzUJ/DnsA 6UCNvbTZX4JMVuTmDbmib5AjKKYqMBnjG5kVudNjPfDAHkMHwmKEzcp83DnnQ44LkmLlUSHEOZT ulxRM5Vkn7WT1DWPcuw== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.20,FMLib:17.12.100.49 definitions=2026-01-23_02,2026-01-22_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 adultscore=0 phishscore=0 priorityscore=1501 lowpriorityscore=0 suspectscore=0 clxscore=1015 impostorscore=0 spamscore=0 malwarescore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2601150000 definitions=main-2601230092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1769168688647158500 Content-Type: text/plain; charset="utf-8" Support the subfunctions CPACF_KM_PXTS_128 and CPACF_KM_PAES_256 for the cpacf km instruction. Signed-off-by: Harald Freudenberger --- target/s390x/gen-features.c | 2 + target/s390x/tcg/cpacf.h | 3 + target/s390x/tcg/cpacf_aes.c | 102 +++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 6 ++ 4 files changed, 113 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 126bacb281..c4c59c3504 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -929,6 +929,8 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KM_EAES_256, S390_FEAT_KM_XTS_AES_128, S390_FEAT_KM_XTS_AES_256, + S390_FEAT_KM_XTS_EAES_128, + S390_FEAT_KM_XTS_EAES_256, S390_FEAT_KMC_AES_128, S390_FEAT_KMC_AES_192, S390_FEAT_KMC_AES_256, diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 9d0801b217..47dfa6bef7 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -44,5 +44,8 @@ int cpacf_paes_ctr(CPUS390XState *env, uintptr_t ra, uint= 64_t param_addr, uint64_t *ctr_ptr, uint32_t type, uint8_t fc, uint8_t m= od); int cpacf_paes_pcc(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, uint8_t fc); +int cpacf_paes_xts(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr, uint64_t *src_ptr, uint64_t *src_len, + uint32_t type, uint8_t fc, uint8_t mod); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index c4406f4a34..0892413e74 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -865,3 +865,105 @@ int cpacf_paes_pcc(CPUS390XState *env, uintptr_t ra, = uint64_t param_addr, =20 return 0; } + +int cpacf_paes_xts(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr, uint64_t *src_ptr, uint64_t *src_len, + uint32_t type, uint8_t fc, uint8_t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + uint8_t buf1[AES_BLOCK_SIZE], buf2[AES_BLOCK_SIZE]; + uint8_t key[32], wkvp[32], tweak[AES_BLOCK_SIZE]; + uint64_t addr, len =3D *src_len, processed =3D 0; + int i, keysize, data_reg_len =3D 64; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KM); + + switch (fc) { + case 0x3a: /* CPACF_KM_PXTS_128 */ + keysize =3D 16; + break; + case 0x3c: /* CPACF_KM_PXTS_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + data_reg_len =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch and check wkvp from param block */ + for (i =3D 0; i < sizeof(wkvp); i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + wkvp[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + if (memcmp(wkvp, protkey_wkvp, sizeof(wkvp))) { + /* wkvp mismatch -> return with cc 1 */ + return 1; + } + + /* fetch protected key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + /* 'decrypt' the protected key */ + for (i =3D 0; i < keysize; i++) { + key[i] ^=3D protkey_xor_pattern[i]; + } + + /* expand key */ + if (mod) { + AES_set_decrypt_key(key, keysize * 8, &exkey); + } else { + AES_set_encrypt_key(key, keysize * 8, &exkey); + } + + /* fetch tweak from param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + sizeof(wkvp) + i= ); + tweak[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + /* fetch one AES block into buf1 */ + aes_read_block(env, *src_ptr + processed, buf1, ra); + /* buf1 xor tweak =3D> buf2 */ + aes_xor(buf1, tweak, buf2); + if (mod) { + /* decrypt buf2 =3D> buf1 */ + AES_decrypt(buf2, buf1, &exkey); + } else { + /* encrypt buf2 =3D> buf1 */ + AES_encrypt(buf2, buf1, &exkey); + } + /* buf1 xor tweak =3D> buf2 */ + aes_xor(buf1, tweak, buf2); + /* prep tweak for next round */ + aes_xts_prep_next_tweak(tweak); + /* write out this processed block from buf2 */ + aes_write_block(env, *dst_ptr + processed, buf2, ra); + len -=3D AES_BLOCK_SIZE, processed +=3D AES_BLOCK_SIZE; + } + + /* update tweak in param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + sizeof(wkvp) + i= ); + cpu_stb_data_ra(env, addr, tweak[i], ra); + } + + *src_ptr =3D deposit64(*src_ptr, 0, data_reg_len, *src_ptr + processed= ); + *dst_ptr =3D deposit64(*dst_ptr, 0, data_reg_len, *dst_ptr + processed= ); + *src_len -=3D processed; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 3ff8331993..1dd61cac5e 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -114,6 +114,12 @@ static int cpacf_km(CPUS390XState *env, uintptr_t ra, = uint32_t r1, &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], S390_FEAT_TYPE_KM, fc, mod); break; + case 0x3a: /* CPACF_KM_PXTS_128 */ + case 0x3c: /* CPACF_KM_PXTS_256 */ + rc =3D cpacf_paes_xts(env, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 = + 1], + S390_FEAT_TYPE_KM, fc, mod); + break; default: g_assert_not_reached(); } --=20 2.43.0