From nobody Sat May 30 18:34:22 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779261796; cv=none; d=zohomail.com; s=zohoarc; b=eF0n1PvSzze5xXOUCrYcGJePMzRQkDoq0PzlZVUJLN+fjiCFU1OSQzg1TJEy/7vMwluunbdpPDOQye2FruGZ/w5onPNjg9eVqQ7GdNltqTf4Va7XNqhfJGyS/lXT6RtRxf2Vr/GnWT7qv2a4N8ZXc9n62i4Hk0n+VFbgnZejsKs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779261796; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=6Syxy2UAX0dzS6aByiyXvfDNMURuoKfM2nfhdpxwjss=; b=GSDX7iTJ4+WFjoOOc3Z0rERSA/ZB1xmSrurgzI+0FpA2sHhS8T4R8YwSz1P5kQrLTCNWPLLaQdSad224yC4DdsNU/J4qVJ79rJlCtCogRXuoaN0beg0d3fk+D17DnKvboUWG4De0/zDuce8fFEhOoGMx/Uob9AcUnO5euyeq8wo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779261796325698.275132584958; Wed, 20 May 2026 00:23:16 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wPbFt-0006YX-OY; Wed, 20 May 2026 03:22:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEt-0006De-M0; Wed, 20 May 2026 03:21:15 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEp-0002T0-64; Wed, 20 May 2026 03:21:10 -0400 Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64K6K6Fo2562204; Wed, 20 May 2026 07:21:00 GMT Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4e6h88fxdd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:20:59 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64K79GI6029148; Wed, 20 May 2026 07:20:59 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4e74dhp7jw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:20:58 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64K7Kt1P53477840 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 20 May 2026 07:20:55 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2887F20040; Wed, 20 May 2026 07:20:55 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0823B2004B; Wed, 20 May 2026 07:20:55 +0000 (GMT) Received: from funtu2.fritz.box (unknown [9.111.209.15]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 20 May 2026 07:20:54 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=6Syxy2UAX0dzS6aBy iyXvfDNMURuoKfM2nfhdpxwjss=; b=EXYIf1yMdysx2rkoQWYOdGIksKZIdrtRY AhtA2Oo12X585onKKza42HbVzsnYtUHl307AQC1YqLhjpgAWp6I6qXGuBHrLhp6B PnS7qKzBAPwviWdFlPgK/mr1VmU4yaUkDjv2YcrGGsa6fCDIrx5grpPIiZqNSR5g zo7KeitOkxtFlgpcWTkjxMmKX/L0mF7Lmrn2rS+xnhe4SRHuwNuEqKn2pdCskTnk 0k/WvoYWOdQyvd6JbR51IfBciAXS1pieVd8GDAVBQG5sOu9NHD9C8vr0rjoKBxRA EDMOGoVdmtp0tYI34wAsC1u7iT6nLWhEBpi9MYU13tTDPgAXSmrVA== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v5 01/15] target/s390x: Rework s390 cpacf implementations Date: Wed, 20 May 2026 09:20:40 +0200 Message-ID: <20260520072054.293306-2-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260520072054.293306-1-freude@linux.ibm.com> References: <20260520072054.293306-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: csIG5o5NxO1cVdgVQBbikxskCX9zN4OM X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTIwMDA2NyBTYWx0ZWRfXzx4KdBRDP4YP l31tMpvItEY1w1hGqiivMLpOZkBljQooErPFp0KhmwliCQKhkgtBjPb0TLxB4G0IQ00J8xxM8SB h6Q+lU22LRDp0nTfbuZ1bHzhehptbhIqA4DpNu4gW75c86mkvSBIcrAdJv62vtLleFjPuKATC/l lmX0SwwE6FtOM8bVBXfRbXp0SJyPNB5JHe+hLaPs+T8gBUM3Ebw5x0Ij7+BEXuCwbxqQPAjq4w9 z1/Dvd7QL4vIgGb/xn7Xl9IECh1NJz4qDqh4r2iWmJakCist6BJKSn82g/1I2mrkBWEtBBCcdfA GKffFQ+v18Fu0kI+w7op5eKYYC0llcReHKgJQqnF0EZbwpnRW1bnACjQ3c/ru17ROXwynnpUiBw hOmuBfHcjvm0MMglo+sFhGrkn4c7CtY75mkkBuN4+AIlS4XcehTECImJ08AYJRiRZYS5NlywzfR qjN67NDsEfeOdaZaMkw== X-Proofpoint-GUID: csIG5o5NxO1cVdgVQBbikxskCX9zN4OM X-Authority-Analysis: v=2.4 cv=apyCzyZV c=1 sm=1 tr=0 ts=6a0d60db cx=c_pps a=3Bg1Hr4SwmMryq2xdFQyZA==:117 a=3Bg1Hr4SwmMryq2xdFQyZA==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=V8glGbnc2Ofi9Qvn3v5h:22 a=VnNF1IyMAAAA:8 a=n0GLcnPdRiOQeUnuI50A:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-05-20_01,2026-05-18_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 lowpriorityscore=0 priorityscore=1501 impostorscore=0 bulkscore=0 suspectscore=0 adultscore=0 spamscore=0 phishscore=0 clxscore=1015 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605200067 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779261797090158500 Content-Type: text/plain; charset="utf-8" Fix missing parts for MSA 9 kdsa and rework the cpacf handling code so that further extensions can be made in a clean and structured way. Signed-off-by: Harald Freudenberger Reviewed-by: Holger Dengler Tested-by: Holger Dengler --- target/s390x/tcg/crypto_helper.c | 85 ++++++++++++++++++++++++++------ target/s390x/tcg/insn-data.h.inc | 1 + target/s390x/tcg/translate.c | 2 + 3 files changed, 74 insertions(+), 14 deletions(-) diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 4447bb66ee..0b00d8ba5b 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -268,6 +268,57 @@ static void fill_buf_random(CPUS390XState *env, uintpt= r_t ra, } } =20 +static int cpacf_kimd(CPUS390XState *env, const uintptr_t ra, + uint32_t r1, uint32_t r2, uint32_t r3, uint8_t fc) +{ + int rc =3D 0; + + switch (fc) { + case 0x03: /* CPACF_KIMD_SHA_512 */ + rc =3D cpacf_sha512(env, ra, env->regs[1], &env->regs[r2], + &env->regs[r2 + 1], S390_FEAT_TYPE_KIMD); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + +static int cpacf_klmd(CPUS390XState *env, const uintptr_t ra, + uint32_t r1, uint32_t r2, uint32_t r3, uint8_t fc) +{ + int rc =3D 0; + + switch (fc) { + case 0x03: /* CPACF_KLMD_SHA_512 */ + rc =3D cpacf_sha512(env, ra, env->regs[1], &env->regs[r2], + &env->regs[r2 + 1], S390_FEAT_TYPE_KLMD); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + +static int cpacf_ppno(CPUS390XState *env, uintptr_t ra, + uint32_t r1, uint32_t r2, uint32_t r3, uint8_t fc) +{ + int rc =3D 0; + + switch (fc) { + case 0x72: /* CPACF_PRNO_TRNG */ + fill_buf_random(env, ra, &env->regs[r1], &env->regs[r1 + 1]); + fill_buf_random(env, ra, &env->regs[r2], &env->regs[r2 + 1]); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, uint32_t r2, uint32_= t r3, uint32_t type) { @@ -276,14 +327,15 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1,= uint32_t r2, uint32_t r3, const uint8_t fc =3D env->regs[0] & 0x7fULL; uint8_t subfunc[16] =3D { 0 }; uint64_t param_addr; - int i; + int i, rc =3D 0; =20 switch (type) { - case S390_FEAT_TYPE_KMAC: + case S390_FEAT_TYPE_KDSA: case S390_FEAT_TYPE_KIMD: case S390_FEAT_TYPE_KLMD: - case S390_FEAT_TYPE_PCKMO: + case S390_FEAT_TYPE_KMAC: case S390_FEAT_TYPE_PCC: + case S390_FEAT_TYPE_PCKMO: if (mod) { tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); } @@ -295,24 +347,29 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1,= uint32_t r2, uint32_t r3, tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); } =20 - switch (fc) { - case 0: /* query subfunction */ - for (i =3D 0; i < 16; i++) { + /* handle query subfunction */ + if (fc =3D=3D 0) { + for (i =3D 0; i < sizeof(subfunc); i++) { param_addr =3D wrap_address(env, env->regs[1] + i); cpu_stb_data_ra(env, param_addr, subfunc[i], ra); } + goto out; + } + + switch (type) { + case S390_FEAT_TYPE_KIMD: + rc =3D cpacf_kimd(env, ra, r1, r2, r3, fc); break; - case 3: /* CPACF_*_SHA_512 */ - return cpacf_sha512(env, ra, env->regs[1], &env->regs[r2], - &env->regs[r2 + 1], type); - case 114: /* CPACF_PRNO_TRNG */ - fill_buf_random(env, ra, &env->regs[r1], &env->regs[r1 + 1]); - fill_buf_random(env, ra, &env->regs[r2], &env->regs[r2 + 1]); + case S390_FEAT_TYPE_KLMD: + rc =3D cpacf_klmd(env, ra, r1, r2, r3, fc); + break; + case S390_FEAT_TYPE_PPNO: + rc =3D cpacf_ppno(env, ra, r1, r2, r3, fc); break; default: - /* we don't implement any other subfunction yet */ g_assert_not_reached(); } =20 - return 0; +out: + return rc; } diff --git a/target/s390x/tcg/insn-data.h.inc b/target/s390x/tcg/insn-data.= h.inc index ec730ee091..b6095711f2 100644 --- a/target/s390x/tcg/insn-data.h.inc +++ b/target/s390x/tcg/insn-data.h.inc @@ -1012,6 +1012,7 @@ D(0xb92e, KM, RRE, MSA, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_KM) D(0xb92f, KMC, RRE, MSA, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_KMC) D(0xb929, KMA, RRF_b, MSA8, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_KMA) + D(0xb93a, KDSA, RRE, MSA9, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_KDS= A) E(0xb93c, PPNO, RRE, MSA5, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_PPN= O, IF_IO) D(0xb93e, KIMD, RRE, MSA, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_KIM= D) D(0xb93f, KLMD, RRE, MSA, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_KLM= D) diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c index 4d2b8c5e2b..8ddd0975f8 100644 --- a/target/s390x/tcg/translate.c +++ b/target/s390x/tcg/translate.c @@ -2564,6 +2564,7 @@ static DisasJumpType op_msa(DisasContext *s, DisasOps= *o) /* FALL THROUGH */ case S390_FEAT_TYPE_PCKMO: case S390_FEAT_TYPE_PCC: + case S390_FEAT_TYPE_KDSA: break; default: g_assert_not_reached(); @@ -6018,6 +6019,7 @@ enum DisasInsnEnum { #define FAC_MSA4 S390_FEAT_MSA_EXT_4 /* msa-extension-4 facility */ #define FAC_MSA5 S390_FEAT_MSA_EXT_5 /* msa-extension-5 facility */ #define FAC_MSA8 S390_FEAT_MSA_EXT_8 /* msa-extension-8 facility */ +#define FAC_MSA9 S390_FEAT_MSA_EXT_9 /* msa-extension-9 facility */ #define FAC_ECT S390_FEAT_EXTRACT_CPU_TIME #define FAC_PCI S390_FEAT_ZPCI /* z/PCI facility */ #define FAC_AIS S390_FEAT_ADAPTER_INT_SUPPRESSION --=20 2.43.0 From nobody Sat May 30 18:34:22 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779261788; cv=none; d=zohomail.com; s=zohoarc; b=WWZ7aqBDPgcVHR45GUuC+IndCzRnz6KG9UEEeU4YTUll5CQ6FLCBTuxmvO5/Apc8wftvBajOMZqyAToSiNlagq8hzBEDg4lzLp2/LHzJC1bwGRyCFCKhwZVG7cQL8IQIQUV00C2T0/sCjWMmY1t2s8M8KUMSVc4Qkmc+qXvY2BU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779261788; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=CzRQSIHIL1UJxzgOASrhCU754S7Ucer9rIPhocxvtLM=; b=DsO+kDDoV/OtA2g8J7ux4il4Z9gHO7QV96EjylI5HKSbVPdRCg45mDgkm1O5ToBqgNZ+BGbs6VZbG4ip4u5+/F3yqgwlKY9j140nBJIlICHz/zuipdF/E5DV0u/eY6UbsxdBKMvv0tvUm01J9itf5k4olttAGKtztknI2hLAu6I= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779261788615790.2901579779034; Wed, 20 May 2026 00:23:08 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wPbFd-0006L3-P8; Wed, 20 May 2026 03:21:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEv-0006Dq-DK; Wed, 20 May 2026 03:21:15 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEq-0002U9-92; Wed, 20 May 2026 03:21:13 -0400 Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64K09WEh935604; Wed, 20 May 2026 07:21:00 GMT Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4e6h88fxde-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:20:59 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64K797QW029970; Wed, 20 May 2026 07:20:59 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 4e754ge2t5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:20:58 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64K7KtuP52232684 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 20 May 2026 07:20:55 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5FD8C20043; Wed, 20 May 2026 07:20:55 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2D24C2004D; Wed, 20 May 2026 07:20:55 +0000 (GMT) Received: from funtu2.fritz.box (unknown [9.111.209.15]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 20 May 2026 07:20:55 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=CzRQSIHIL1UJxzgOA SrhCU754S7Ucer9rIPhocxvtLM=; b=IsMoJcRJL/EvidGUaOgXtJzTiIZY1SZ1Q UW+tFJGDGnf7KDUrHF8cAcJRYZj0M31RPu/0TrIX4NsCIvIXHQ3/NGtEgo1NLvfz 3b0jaGtHL4Bmf1/Zn3SLYckDmTlv2ZDn0Vja4Va2iAVIaEHULV1LjVkgtDXbhT7V 4LD0eBPr7ZiFtEBh7tGL3aRbUuPX3Kww33ZRlzDyI3VDtZjskRZPzS0wyDTcCj+S rdKFwHHPQZI7xnRBYAw5ZgC47yJwcV7G4BqlW2Wc+TBSnYLCcBjfI0Y8U+LRnK62 LKZZqhb/2ClANSDjiL5PTcy/smEEG2uWNPm0f4pD3x+mNI5ohlJFw== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v5 02/15] target/s390x: Move cpacf sha512 code into a new file Date: Wed, 20 May 2026 09:20:41 +0200 Message-ID: <20260520072054.293306-3-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260520072054.293306-1-freude@linux.ibm.com> References: <20260520072054.293306-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: nyp3LNh-VsQVNWYwrp0W71tppj9uZJeJ X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTIwMDA2NyBTYWx0ZWRfX8TXLepLDO2OF /AH0IX2w6ph3IN9/LUldXFQKK4HYvuXNoVLo26PCLWfJNGaLTxKwwMHTFnanKNvmCgQ/sXaUr3W ev2vNRrt6XxWG9UzJm2RG6tAPsENsinhRTtImyyTV02UtzovQfqbqPKx178nyotekUnS3mmB/ZV +7rukMWQ8VE/jwFbBNrM8c58kmKgTSL7rHp3VW0EhVqSRUIStD7jXFXtoZ0301k87EzJGxhvNrs P9KgpyoDETvtDBRsCZqpCrraY7tJ/0QGosGmNdc0Z4ZY/LxsKC6KF7x9ZjBdW7zqPFX+PKI1j2+ +isY+P40PUG1TZViDJlKxnqfkEhKjkfElkKs4LhynhtMiWXqKs7HXQBDXnPOvEpr5DJZiysGgm6 8YW6DubSvYSC0HgMQr7FFdX33MrRYrk7KmypUPsERKbh8DILO7Ri2spm8j1cfcZQDxe4F5DYji1 YinGiHVNsNnC5IdzOaw== X-Proofpoint-GUID: nyp3LNh-VsQVNWYwrp0W71tppj9uZJeJ X-Authority-Analysis: v=2.4 cv=apyCzyZV c=1 sm=1 tr=0 ts=6a0d60dc cx=c_pps a=AfN7/Ok6k8XGzOShvHwTGQ==:117 a=AfN7/Ok6k8XGzOShvHwTGQ==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=V8glGbnc2Ofi9Qvn3v5h:22 a=VnNF1IyMAAAA:8 a=UGG5zPGqAAAA:8 a=AX_EWL0yeIb428kAMdMA:9 a=17ibUXfGiVyGqR_YBevW:22 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-05-20_01,2026-05-18_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 lowpriorityscore=0 priorityscore=1501 impostorscore=0 bulkscore=0 suspectscore=0 adultscore=0 spamscore=0 phishscore=0 clxscore=1011 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605200067 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779261790978154100 Content-Type: text/plain; charset="utf-8" Move the cpacf sha512 implementation into a new file cpacf_sha512.c. Add this new file to the build and add a new header file cpacf.h containing the prototypes for the s390 cpacf stuff. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler --- target/s390x/tcg/cpacf.h | 15 ++ target/s390x/tcg/cpacf_sha512.c | 241 +++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 225 +---------------------------- target/s390x/tcg/meson.build | 1 + 4 files changed, 258 insertions(+), 224 deletions(-) create mode 100644 target/s390x/tcg/cpacf.h create mode 100644 target/s390x/tcg/cpacf_sha512.c diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h new file mode 100644 index 0000000000..99b8a11232 --- /dev/null +++ b/target/s390x/tcg/cpacf.h @@ -0,0 +1,15 @@ +/* + * s390x cpacf + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ + +#ifndef S390X_CPACF_H +#define S390X_CPACF_H + +/* from crypto_sha512.c */ +int cpacf_sha512(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *message_reg, uint64_t *len_reg, uint32_t type); + +#endif diff --git a/target/s390x/tcg/cpacf_sha512.c b/target/s390x/tcg/cpacf_sha51= 2.c new file mode 100644 index 0000000000..5df55c3c50 --- /dev/null +++ b/target/s390x/tcg/cpacf_sha512.c @@ -0,0 +1,241 @@ +/* + * s390 cpacf sha512 + * + * Copyright (C) 2022 Jason A. Donenfeld . All Rights Re= served. + * + * Authors: + * Jason A. Donenfeld + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" +#include "s390x-internal.h" +#include "tcg_s390x.h" +#include "accel/tcg/cpu-ldst.h" +#include "cpacf.h" + +static uint64_t R(uint64_t x, int c) +{ + return (x >> c) | (x << (64 - c)); +} +static uint64_t Ch(uint64_t x, uint64_t y, uint64_t z) +{ + return (x & y) ^ (~x & z); +} +static uint64_t Maj(uint64_t x, uint64_t y, uint64_t z) +{ + return (x & y) ^ (x & z) ^ (y & z); +} +static uint64_t Sigma0(uint64_t x) +{ + return R(x, 28) ^ R(x, 34) ^ R(x, 39); +} +static uint64_t Sigma1(uint64_t x) +{ + return R(x, 14) ^ R(x, 18) ^ R(x, 41); +} +static uint64_t sigma0(uint64_t x) +{ + return R(x, 1) ^ R(x, 8) ^ (x >> 7); +} +static uint64_t sigma1(uint64_t x) +{ + return R(x, 19) ^ R(x, 61) ^ (x >> 6); +} + +static const uint64_t K[80] =3D { + 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, + 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, + 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL, + 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, + 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL, + 0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, + 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL, + 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, + 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL, + 0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, + 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL, + 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, + 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL, + 0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, + 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL, + 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, + 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL, + 0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, + 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL, + 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, + 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL, + 0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, + 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL, + 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, + 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL, + 0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, + 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL +}; + +/* a is icv/ocv, w is a single message block. w will get reused internally= . */ +static void sha512_bda(uint64_t a[8], uint64_t w[16]) +{ + uint64_t t, z[8], b[8]; + int i, j; + + memcpy(z, a, sizeof(z)); + for (i =3D 0; i < 80; i++) { + memcpy(b, a, sizeof(b)); + + t =3D a[7] + Sigma1(a[4]) + Ch(a[4], a[5], a[6]) + K[i] + w[i % 16= ]; + b[7] =3D t + Sigma0(a[0]) + Maj(a[0], a[1], a[2]); + b[3] +=3D t; + for (j =3D 0; j < 8; ++j) { + a[(j + 1) % 8] =3D b[j]; + } + if (i % 16 =3D=3D 15) { + for (j =3D 0; j < 16; ++j) { + w[j] +=3D w[(j + 9) % 16] + sigma0(w[(j + 1) % 16]) + + sigma1(w[(j + 14) % 16]); + } + } + } + + for (i =3D 0; i < 8; i++) { + a[i] +=3D z[i]; + } +} + +/* a is icv/ocv, w is a single message block that needs be64 conversion. */ +static void sha512_bda_be64(uint64_t a[8], uint64_t w[16]) +{ + uint64_t t[16]; + int i; + + for (i =3D 0; i < 16; i++) { + t[i] =3D be64_to_cpu(w[i]); + } + sha512_bda(a, t); +} + +static void sha512_read_icv(CPUS390XState *env, uint64_t addr, + uint64_t a[8], uintptr_t ra) +{ + int i; + + for (i =3D 0; i < 8; i++, addr +=3D 8) { + addr =3D wrap_address(env, addr); + a[i] =3D cpu_ldq_be_data_ra(env, addr, ra); + } +} + +static void sha512_write_ocv(CPUS390XState *env, uint64_t addr, + uint64_t a[8], uintptr_t ra) +{ + int i; + + for (i =3D 0; i < 8; i++, addr +=3D 8) { + addr =3D wrap_address(env, addr); + cpu_stq_be_data_ra(env, addr, a[i], ra); + } +} + +static void sha512_read_block(CPUS390XState *env, uint64_t addr, + uint64_t a[16], uintptr_t ra) +{ + int i; + + for (i =3D 0; i < 16; i++, addr +=3D 8) { + addr =3D wrap_address(env, addr); + a[i] =3D cpu_ldq_be_data_ra(env, addr, ra); + } +} + +static void sha512_read_mbl_be64(CPUS390XState *env, uint64_t addr, + uint8_t a[16], uintptr_t ra) +{ + int i; + + for (i =3D 0; i < 16; i++, addr +=3D 1) { + addr =3D wrap_address(env, addr); + a[i] =3D cpu_ldub_data_ra(env, addr, ra); + } +} + +int cpacf_sha512(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *message_reg, uint64_t *len_reg, uint32_t type) +{ + enum { MAX_BLOCKS_PER_RUN =3D 64 }; /* Arbitrary: keep interactivity. = */ + uint64_t len =3D *len_reg, a[8], processed =3D 0; + int i, message_reg_len =3D 64; + + g_assert(type =3D=3D S390_FEAT_TYPE_KIMD || type =3D=3D S390_FEAT_TYPE= _KLMD); + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + message_reg_len =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* KIMD: length has to be properly aligned. */ + if (type =3D=3D S390_FEAT_TYPE_KIMD && !QEMU_IS_ALIGNED(len, 128)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + sha512_read_icv(env, param_addr, a, ra); + + /* Process full blocks first. */ + for (; len >=3D 128; len -=3D 128, processed +=3D 128) { + uint64_t w[16]; + + if (processed >=3D MAX_BLOCKS_PER_RUN * 128) { + break; + } + + sha512_read_block(env, *message_reg + processed, w, ra); + sha512_bda(a, w); + } + + /* KLMD: Process partial/empty block last. */ + if (type =3D=3D S390_FEAT_TYPE_KLMD && len < 128) { + uint8_t x[128]; + + /* Read the remainder of the message byte-per-byte. */ + for (i =3D 0; i < len; i++) { + uint64_t addr =3D wrap_address(env, *message_reg + processed += i); + + x[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + /* Pad the remainder with zero and set the top bit. */ + memset(x + len, 0, 128 - len); + x[len] =3D 128; + + /* + * Place the MBL either into this block (if there is space left), + * or use an additional one. + */ + if (len < 112) { + sha512_read_mbl_be64(env, param_addr + 64, x + 112, ra); + } + sha512_bda_be64(a, (uint64_t *)x); + + if (len >=3D 112) { + memset(x, 0, 112); + sha512_read_mbl_be64(env, param_addr + 64, x + 112, ra); + sha512_bda_be64(a, (uint64_t *)x); + } + + processed +=3D len; + len =3D 0; + } + + /* + * Modify memory after we read all inputs and modify registers only af= ter + * writing memory succeeded. + * + * TODO: if writing fails halfway through (e.g., when crossing page + * boundaries), we're in trouble. We'd need something like access_prep= are(). + */ + sha512_write_ocv(env, param_addr, a, ra); + *message_reg =3D deposit64(*message_reg, 0, message_reg_len, + *message_reg + processed); + *len_reg -=3D processed; + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 0b00d8ba5b..2d1c0290b5 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -18,230 +18,7 @@ #include "tcg_s390x.h" #include "exec/helper-proto.h" #include "accel/tcg/cpu-ldst.h" - -static uint64_t R(uint64_t x, int c) -{ - return (x >> c) | (x << (64 - c)); -} -static uint64_t Ch(uint64_t x, uint64_t y, uint64_t z) -{ - return (x & y) ^ (~x & z); -} -static uint64_t Maj(uint64_t x, uint64_t y, uint64_t z) -{ - return (x & y) ^ (x & z) ^ (y & z); -} -static uint64_t Sigma0(uint64_t x) -{ - return R(x, 28) ^ R(x, 34) ^ R(x, 39); -} -static uint64_t Sigma1(uint64_t x) -{ - return R(x, 14) ^ R(x, 18) ^ R(x, 41); -} -static uint64_t sigma0(uint64_t x) -{ - return R(x, 1) ^ R(x, 8) ^ (x >> 7); -} -static uint64_t sigma1(uint64_t x) -{ - return R(x, 19) ^ R(x, 61) ^ (x >> 6); -} - -static const uint64_t K[80] =3D { - 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, - 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, - 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL, - 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, - 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL, - 0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, - 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL, - 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, - 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL, - 0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, - 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL, - 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, - 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL, - 0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, - 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL, - 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, - 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL, - 0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, - 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL, - 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, - 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL, - 0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, - 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL, - 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, - 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL, - 0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, - 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL -}; - -/* a is icv/ocv, w is a single message block. w will get reused internally= . */ -static void sha512_bda(uint64_t a[8], uint64_t w[16]) -{ - uint64_t t, z[8], b[8]; - int i, j; - - memcpy(z, a, sizeof(z)); - for (i =3D 0; i < 80; i++) { - memcpy(b, a, sizeof(b)); - - t =3D a[7] + Sigma1(a[4]) + Ch(a[4], a[5], a[6]) + K[i] + w[i % 16= ]; - b[7] =3D t + Sigma0(a[0]) + Maj(a[0], a[1], a[2]); - b[3] +=3D t; - for (j =3D 0; j < 8; ++j) { - a[(j + 1) % 8] =3D b[j]; - } - if (i % 16 =3D=3D 15) { - for (j =3D 0; j < 16; ++j) { - w[j] +=3D w[(j + 9) % 16] + sigma0(w[(j + 1) % 16]) + - sigma1(w[(j + 14) % 16]); - } - } - } - - for (i =3D 0; i < 8; i++) { - a[i] +=3D z[i]; - } -} - -/* a is icv/ocv, w is a single message block that needs be64 conversion. */ -static void sha512_bda_be64(uint64_t a[8], uint64_t w[16]) -{ - uint64_t t[16]; - int i; - - for (i =3D 0; i < 16; i++) { - t[i] =3D be64_to_cpu(w[i]); - } - sha512_bda(a, t); -} - -static void sha512_read_icv(CPUS390XState *env, uint64_t addr, - uint64_t a[8], uintptr_t ra) -{ - int i; - - for (i =3D 0; i < 8; i++, addr +=3D 8) { - addr =3D wrap_address(env, addr); - a[i] =3D cpu_ldq_be_data_ra(env, addr, ra); - } -} - -static void sha512_write_ocv(CPUS390XState *env, uint64_t addr, - uint64_t a[8], uintptr_t ra) -{ - int i; - - for (i =3D 0; i < 8; i++, addr +=3D 8) { - addr =3D wrap_address(env, addr); - cpu_stq_be_data_ra(env, addr, a[i], ra); - } -} - -static void sha512_read_block(CPUS390XState *env, uint64_t addr, - uint64_t a[16], uintptr_t ra) -{ - int i; - - for (i =3D 0; i < 16; i++, addr +=3D 8) { - addr =3D wrap_address(env, addr); - a[i] =3D cpu_ldq_be_data_ra(env, addr, ra); - } -} - -static void sha512_read_mbl_be64(CPUS390XState *env, uint64_t addr, - uint8_t a[16], uintptr_t ra) -{ - int i; - - for (i =3D 0; i < 16; i++, addr +=3D 1) { - addr =3D wrap_address(env, addr); - a[i] =3D cpu_ldub_data_ra(env, addr, ra); - } -} - -static int cpacf_sha512(CPUS390XState *env, uintptr_t ra, uint64_t param_a= ddr, - uint64_t *message_reg, uint64_t *len_reg, uint32_t t= ype) -{ - enum { MAX_BLOCKS_PER_RUN =3D 64 }; /* Arbitrary: keep interactivity. = */ - uint64_t len =3D *len_reg, a[8], processed =3D 0; - int i, message_reg_len =3D 64; - - g_assert(type =3D=3D S390_FEAT_TYPE_KIMD || type =3D=3D S390_FEAT_TYPE= _KLMD); - - if (!(env->psw.mask & PSW_MASK_64)) { - len =3D (uint32_t)len; - message_reg_len =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; - } - - /* KIMD: length has to be properly aligned. */ - if (type =3D=3D S390_FEAT_TYPE_KIMD && !QEMU_IS_ALIGNED(len, 128)) { - tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); - } - - sha512_read_icv(env, param_addr, a, ra); - - /* Process full blocks first. */ - for (; len >=3D 128; len -=3D 128, processed +=3D 128) { - uint64_t w[16]; - - if (processed >=3D MAX_BLOCKS_PER_RUN * 128) { - break; - } - - sha512_read_block(env, *message_reg + processed, w, ra); - sha512_bda(a, w); - } - - /* KLMD: Process partial/empty block last. */ - if (type =3D=3D S390_FEAT_TYPE_KLMD && len < 128) { - uint8_t x[128]; - - /* Read the remainder of the message byte-per-byte. */ - for (i =3D 0; i < len; i++) { - uint64_t addr =3D wrap_address(env, *message_reg + processed += i); - - x[i] =3D cpu_ldub_data_ra(env, addr, ra); - } - /* Pad the remainder with zero and set the top bit. */ - memset(x + len, 0, 128 - len); - x[len] =3D 128; - - /* - * Place the MBL either into this block (if there is space left), - * or use an additional one. - */ - if (len < 112) { - sha512_read_mbl_be64(env, param_addr + 64, x + 112, ra); - } - sha512_bda_be64(a, (uint64_t *)x); - - if (len >=3D 112) { - memset(x, 0, 112); - sha512_read_mbl_be64(env, param_addr + 64, x + 112, ra); - sha512_bda_be64(a, (uint64_t *)x); - } - - processed +=3D len; - len =3D 0; - } - - /* - * Modify memory after we read all inputs and modify registers only af= ter - * writing memory succeeded. - * - * TODO: if writing fails halfway through (e.g., when crossing page - * boundaries), we're in trouble. We'd need something like access_prep= are(). - */ - sha512_write_ocv(env, param_addr, a, ra); - *message_reg =3D deposit64(*message_reg, 0, message_reg_len, - *message_reg + processed); - *len_reg -=3D processed; - return !len ? 0 : 3; -} +#include "cpacf.h" =20 static void fill_buf_random(CPUS390XState *env, uintptr_t ra, uint64_t *buf_reg, uint64_t *len_reg) diff --git a/target/s390x/tcg/meson.build b/target/s390x/tcg/meson.build index ee4e8fec77..6dbc7ead65 100644 --- a/target/s390x/tcg/meson.build +++ b/target/s390x/tcg/meson.build @@ -1,5 +1,6 @@ s390x_ss.add(when: 'CONFIG_TCG', if_true: files( 'cc_helper.c', + 'cpacf_sha512.c', 'crypto_helper.c', 'excp_helper.c', 'fpu_helper.c', --=20 2.43.0 From nobody Sat May 30 18:34:22 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779261766; cv=none; d=zohomail.com; s=zohoarc; b=ao+V0bHx4zmjSoGSMa2t+MnHIwjqcIslH1aSXVujvUDF1kuirBcJV8rudgzEja8djp5hcKwuuDRz+sCGHFc6oj585JJStFZTypprm07iTR8obf9xZLdnHx/itPngz2gCwH0PUxHp6d4XjnAJRskuS4D1tNvnrmchs/3UAQLx16w= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779261766; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=2ct83msy/CR2/D37Rqr7pGTaze4FnUlgoWEc6opW1nc=; b=mjEaIxDW+POVRxOGN+zVFkKhDl422R/yd8xJ5VhBVYWhRE5nZLB5f9ttBcporb3jCqJy+wXoIugCd8J/T/yZ9NLnoFXBB6skv+9WRniWrAP87kR/DnKG6jC8Fke0KR2Pa19EAc8a8Ka3cVXMtyKwmghIK6G0/POKsi0HqkOrYWE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779261766401426.17214081964266; Wed, 20 May 2026 00:22:46 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wPbFi-0006R6-Ka; Wed, 20 May 2026 03:22:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEu-0006Dm-GB; Wed, 20 May 2026 03:21:15 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEp-0002Ta-OU; Wed, 20 May 2026 03:21:12 -0400 Received: from pps.filterd (m0353729.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64JJNqv82789992; Wed, 20 May 2026 07:21:00 GMT Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4e6h8mruk1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:21:00 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64K79Hev029183; Wed, 20 May 2026 07:20:59 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4e74dhp7jx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:20:59 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64K7KtME52232688 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 20 May 2026 07:20:55 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8E81620043; Wed, 20 May 2026 07:20:55 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 64A4320040; Wed, 20 May 2026 07:20:55 +0000 (GMT) Received: from funtu2.fritz.box (unknown [9.111.209.15]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 20 May 2026 07:20:55 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=2ct83msy/CR2/D37R qr7pGTaze4FnUlgoWEc6opW1nc=; b=cBv2xDAi05tcQn5Q5vP/V5MfKlfz/LZBx n84G4izVgZWJppLo8dii+K0dvDWTKH7cAa4ckw+wWvksbTYI5rnLTL4+oiaAkA3c hntlWBcQoMLjx0V9djK6H2FhwZX57Dz6tX00BURnlH0MeOjz11d6riZgXii2jUv0 DPtCNAo8X4fvn1EjI0JQe97Et3g3LqEaY4YvdnCL/gOIccyRnUgLh+SjBGeGcrqf kO/kl9DoU0jRcbbb8VPtgBfkMkyxad6TNYxpeLFTFtn6Sn/Lj3es/GIydFABWfgB jJzFdbVDNs0vDjBL4l5SAo5tQlb1qymVykjb7cAQ57NlNRH1CppcQ== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v5 03/15] target/s390x: Support cpacf sha256 Date: Wed, 20 May 2026 09:20:42 +0200 Message-ID: <20260520072054.293306-4-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260520072054.293306-1-freude@linux.ibm.com> References: <20260520072054.293306-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: -FU-r6S5GgSsiu5llXxrt9ZdVynVtoeY X-Authority-Analysis: v=2.4 cv=GYMnWwXL c=1 sm=1 tr=0 ts=6a0d60dc cx=c_pps a=3Bg1Hr4SwmMryq2xdFQyZA==:117 a=3Bg1Hr4SwmMryq2xdFQyZA==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=uAbxVGIbfxUO_5tXvNgY:22 a=VnNF1IyMAAAA:8 a=Oku5TADFz1XGWIWXx1gA:9 X-Proofpoint-ORIG-GUID: -FU-r6S5GgSsiu5llXxrt9ZdVynVtoeY X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTIwMDA2NyBTYWx0ZWRfX7VdKJ1uxgUjb sh2d4GQcwJUb+NfWSQD3P28+D/WmQ1Rf7kMqNJmC5vrPxoU9xHYHmRtosdGQa2RZxy6Mh2UlslA HuP6Bm/SF76TMg0/wDNC8c2kJlbGmmvhj/OykYmjf0lamTgMTHgVuE7TxbvOajSO/h+yitms6NR 9gGEMCgtn8z3FK+tBE14RSOdPxPoKVqVhAPGqT6el0HqQLLbZuIDY0kJTckkg0iJd8Yu9s96PgI luhZnAvoPq0xtejL97uBbmiVdv1af72EBSwLghJKINSsMW/QNBN6TlevJvAy1Vsprxh1YPs0Iq0 kYQQEGAQCqBIWXWSawZguJIwE/B7tKuVRF9BvGDhPuiioibZnTTu5bV7p323Vb/dD/lIPCM4okz 1FuTKICdpgWZaAc7GVI597QUL9Y1WasZd+ClSqsKR8In6sowS12ZJ8zIHxco57Dh7ouzu5AyPQT kGCBx43GFJaEAaqmDUw== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-05-20_01,2026-05-18_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 malwarescore=0 lowpriorityscore=0 priorityscore=1501 bulkscore=0 adultscore=0 suspectscore=0 spamscore=0 clxscore=1015 impostorscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605200067 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=freude@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779261768411154100 Content-Type: text/plain; charset="utf-8" Add a new file cpacf_sha256.c which implements sha256. Add support for the sha256 subfuction for CPACF kimd and klmd. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler --- target/s390x/gen-features.c | 2 + target/s390x/tcg/cpacf.h | 4 + target/s390x/tcg/cpacf_sha256.c | 229 +++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 8 ++ target/s390x/tcg/meson.build | 1 + 5 files changed, 244 insertions(+) create mode 100644 target/s390x/tcg/cpacf_sha256.c diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 8218e6470e..5cf5b92c37 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -916,7 +916,9 @@ static uint16_t qemu_V7_1[] =3D { */ static uint16_t qemu_MAX[] =3D { S390_FEAT_MSA_EXT_5, + S390_FEAT_KIMD_SHA_256, S390_FEAT_KIMD_SHA_512, + S390_FEAT_KLMD_SHA_256, S390_FEAT_KLMD_SHA_512, S390_FEAT_PRNO_TRNG, }; diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 99b8a11232..79f05e1e14 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -8,6 +8,10 @@ #ifndef S390X_CPACF_H #define S390X_CPACF_H =20 +/* from crypto_sha256.c */ +int cpacf_sha256(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *message_reg, uint64_t *len_reg, uint32_t type); + /* from crypto_sha512.c */ int cpacf_sha512(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, uint64_t *message_reg, uint64_t *len_reg, uint32_t type); diff --git a/target/s390x/tcg/cpacf_sha256.c b/target/s390x/tcg/cpacf_sha25= 6.c new file mode 100644 index 0000000000..5190aef6fa --- /dev/null +++ b/target/s390x/tcg/cpacf_sha256.c @@ -0,0 +1,229 @@ +/* + * s390 cpacf sha256 + * + * Authors: + * Harald Freudenberger + * + * The sha256 implementation here is more or less a copy-and-paste + * from Jason A. Donenfeld's implementation of sha 512 with adaptions + * for sha 256. + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" +#include "s390x-internal.h" +#include "tcg_s390x.h" +#include "accel/tcg/cpu-ldst.h" +#include "cpacf.h" + +static uint32_t R(uint32_t x, int c) +{ + return (x >> c) | (x << (32 - c)); +} +static uint32_t Ch(uint32_t x, uint32_t y, uint32_t z) +{ + return (x & y) ^ (~x & z); +} +static uint32_t Maj(uint32_t x, uint32_t y, uint32_t z) +{ + return (x & y) ^ (x & z) ^ (y & z); +} +static uint32_t Sigma0(uint32_t x) +{ + return R(x, 2) ^ R(x, 13) ^ R(x, 22); +} +static uint32_t Sigma1(uint32_t x) +{ + return R(x, 6) ^ R(x, 11) ^ R(x, 25); +} +static uint32_t sigma0(uint32_t x) +{ + return R(x, 7) ^ R(x, 18) ^ (x >> 3); +} +static uint32_t sigma1(uint32_t x) +{ + return R(x, 17) ^ R(x, 19) ^ (x >> 10); +} + +static const uint32_t K[64] =3D { + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, + 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, + 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, + 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, + 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, + 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2, +}; + +/* a is icv/ocv, w is a single message block. w will get reused internally= . */ +static void sha256_bda(uint32_t a[8], uint32_t w[16]) +{ + uint32_t t, z[8], b[8]; + int i, j; + + memcpy(z, a, sizeof(z)); + for (i =3D 0; i < 64; i++) { + memcpy(b, a, sizeof(b)); + + t =3D a[7] + Sigma1(a[4]) + Ch(a[4], a[5], a[6]) + K[i] + w[i % 16= ]; + b[7] =3D t + Sigma0(a[0]) + Maj(a[0], a[1], a[2]); + b[3] +=3D t; + for (j =3D 0; j < 8; ++j) { + a[(j + 1) % 8] =3D b[j]; + } + if (i % 16 =3D=3D 15) { + for (j =3D 0; j < 16; ++j) { + w[j] +=3D w[(j + 9) % 16] + sigma0(w[(j + 1) % 16]) + + sigma1(w[(j + 14) % 16]); + } + } + } + + for (i =3D 0; i < 8; i++) { + a[i] +=3D z[i]; + } +} + +/* a is icv/ocv, w is a single message block that needs be32 conversion. */ +static void sha256_bda_be32(uint32_t a[8], uint32_t w[16]) +{ + uint32_t t[16]; + int i; + + for (i =3D 0; i < 16; i++) { + t[i] =3D be32_to_cpu(w[i]); + } + sha256_bda(a, t); +} + +static void sha256_read_icv(CPUS390XState *env, uint64_t addr, + uint32_t a[8], uintptr_t ra) +{ + int i; + + for (i =3D 0; i < 8; i++, addr +=3D 4) { + addr =3D wrap_address(env, addr); + a[i] =3D cpu_ldl_be_data_ra(env, addr, ra); + } +} + +static void sha256_write_ocv(CPUS390XState *env, uint64_t addr, + uint32_t a[8], uintptr_t ra) +{ + int i; + + for (i =3D 0; i < 8; i++, addr +=3D 4) { + addr =3D wrap_address(env, addr); + cpu_stl_be_data_ra(env, addr, a[i], ra); + } +} + +static void sha256_read_block(CPUS390XState *env, uint64_t addr, + uint32_t a[16], uintptr_t ra) +{ + int i; + + for (i =3D 0; i < 16; i++, addr +=3D 4) { + addr =3D wrap_address(env, addr); + a[i] =3D cpu_ldl_be_data_ra(env, addr, ra); + } +} + +static void sha256_read_mbl(CPUS390XState *env, uint64_t addr, + uint8_t a[8], uintptr_t ra) +{ + int i; + + for (i =3D 0; i < 8; i++, addr +=3D 1) { + addr =3D wrap_address(env, addr); + a[i] =3D cpu_ldub_data_ra(env, addr, ra); + } +} + +int cpacf_sha256(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *message_reg, uint64_t *len_reg, uint32_t type) +{ + enum { MAX_BLOCKS_PER_RUN =3D 128 }; /* 128 * 64 =3D 8K */ + uint64_t len =3D *len_reg, processed =3D 0; + int i, message_reg_len =3D 64; + uint32_t a[8]; + + g_assert(type =3D=3D S390_FEAT_TYPE_KIMD || type =3D=3D S390_FEAT_TYPE= _KLMD); + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + message_reg_len =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* KIMD: length has to be properly aligned. */ + if (type =3D=3D S390_FEAT_TYPE_KIMD && !QEMU_IS_ALIGNED(len, 64)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + sha256_read_icv(env, param_addr, a, ra); + + /* Process full blocks first. */ + for (; len >=3D 64; len -=3D 64, processed +=3D 64) { + uint32_t w[16]; + + if (processed >=3D MAX_BLOCKS_PER_RUN * 64) { + break; + } + + sha256_read_block(env, *message_reg + processed, w, ra); + sha256_bda(a, w); + } + + /* KLMD: Process partial/empty block last. */ + if (type =3D=3D S390_FEAT_TYPE_KLMD && len < 64) { + uint8_t x[64]; + + /* Read the remainder of the message byte-per-byte. */ + for (i =3D 0; i < len; i++) { + uint64_t addr =3D wrap_address(env, *message_reg + processed += i); + + x[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + /* Pad the remainder with zero and set the top bit. */ + memset(x + len, 0, 64 - len); + x[len] =3D 0x80; + + /* + * Place the MBL either into this block (if there is space left), + * or use an additional one. + */ + if (len < 56) { + sha256_read_mbl(env, param_addr + 32, x + 56, ra); + } + sha256_bda_be32(a, (uint32_t *)x); + + if (len >=3D 56) { + memset(x, 0, 56); + sha256_read_mbl(env, param_addr + 32, x + 56, ra); + sha256_bda_be32(a, (uint32_t *)x); + } + + processed +=3D len; + len =3D 0; + } + + /* + * Modify memory after we read all inputs and modify registers only af= ter + * writing memory succeeded. + * + * TODO: if writing fails halfway through (e.g., when crossing page + * boundaries), we're in trouble. We'd need something like access_prep= are(). + */ + sha256_write_ocv(env, param_addr, a, ra); + *message_reg =3D deposit64(*message_reg, 0, message_reg_len, + *message_reg + processed); + *len_reg -=3D processed; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 2d1c0290b5..b69dbb61a6 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -51,6 +51,10 @@ static int cpacf_kimd(CPUS390XState *env, const uintptr_= t ra, int rc =3D 0; =20 switch (fc) { + case 0x02: /* CPACF_KIMD_SHA_256 */ + rc =3D cpacf_sha256(env, ra, env->regs[1], &env->regs[r2], + &env->regs[r2 + 1], S390_FEAT_TYPE_KIMD); + break; case 0x03: /* CPACF_KIMD_SHA_512 */ rc =3D cpacf_sha512(env, ra, env->regs[1], &env->regs[r2], &env->regs[r2 + 1], S390_FEAT_TYPE_KIMD); @@ -68,6 +72,10 @@ static int cpacf_klmd(CPUS390XState *env, const uintptr_= t ra, int rc =3D 0; =20 switch (fc) { + case 0x02: /* CPACF_KLMD_SHA_256 */ + rc =3D cpacf_sha256(env, ra, env->regs[1], &env->regs[r2], + &env->regs[r2 + 1], S390_FEAT_TYPE_KLMD); + break; case 0x03: /* CPACF_KLMD_SHA_512 */ rc =3D cpacf_sha512(env, ra, env->regs[1], &env->regs[r2], &env->regs[r2 + 1], S390_FEAT_TYPE_KLMD); diff --git a/target/s390x/tcg/meson.build b/target/s390x/tcg/meson.build index 6dbc7ead65..4115f4c704 100644 --- a/target/s390x/tcg/meson.build +++ b/target/s390x/tcg/meson.build @@ -1,5 +1,6 @@ s390x_ss.add(when: 'CONFIG_TCG', if_true: files( 'cc_helper.c', + 'cpacf_sha256.c', 'cpacf_sha512.c', 'crypto_helper.c', 'excp_helper.c', --=20 2.43.0 From nobody Sat May 30 18:34:22 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779261786; cv=none; d=zohomail.com; s=zohoarc; b=A0o/3EHgSQuC1Xczzn4OmXMyfKNRZbxx933pktNvi89YI3D/OOd79Bw+nAuKUI8grvcSAYr8iwZBtjSGsIaAlDoql3yaHAD6r/eUa/VvfUX2VI35Oph0L6iNnVc74ue8f4v6tevvLVNO80tgwGhRtFvDfZoWbTIi0RDsB5lew5Y= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779261786; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=mk+iVr3F9TXee3GwudIdc2I7UQ7RxTnhocQeKdHnWa0=; b=hR4Cu4xRKeuorH7ih+nMRApfaVa17a1mg3/Wxp1xwPO480kxHjaV3rqfNHgQhwTA/JML0kV3RmWdlJ7WRWhpgLI0EVWlXavk8fjcOHfJVkkoB3FIO6T/BYTKfGfWeZyVQUGVtXZuBBEVjLidiBwU3XOXbAZNJAlgbc5rFr1mJe4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779261786500255.2198330077896; Wed, 20 May 2026 00:23:06 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wPbG0-0006nr-GO; Wed, 20 May 2026 03:22:20 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEr-0006DU-Da; Wed, 20 May 2026 03:21:14 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEo-0002T6-9u; Wed, 20 May 2026 03:21:09 -0400 Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64K0VH6X3628517; Wed, 20 May 2026 07:21:00 GMT Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4e6haw7y1s-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:21:00 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64K796aF029958; Wed, 20 May 2026 07:20:59 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 4e754ge2t6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:20:59 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64K7KtQu52232690 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 20 May 2026 07:20:55 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B3D4220040; Wed, 20 May 2026 07:20:55 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 93B392004B; Wed, 20 May 2026 07:20:55 +0000 (GMT) Received: from funtu2.fritz.box (unknown [9.111.209.15]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 20 May 2026 07:20:55 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=mk+iVr3F9TXee3Gwu dIdc2I7UQ7RxTnhocQeKdHnWa0=; b=FkNmPT3L21Wil2Gu8EZzLSv+/Akhby97j McGSD7Xbz2sOxia3SZSkaoUK/45rdUjixw47MyrcI7MgqnQ0gTlI/EgPPCfgJbkb y7B6wvsF6mYKkohrhboxSTOWSgme7iH4JZSoYW7xItQGxEB8CCn+32qVHjSjzyxT dR+3NP99w81AKRoNP2xJNqVv+FZgZtJykMxEJ+xUb7pF7llNasBvOaEnocnNP2OB XCbTh0bEtidzzr0aZSvSZ0qrEA439WD19QAPRJsMpHp+zOQOUt9Muk33lxflPIFd t0/YQBgf0ZXoDdhBXnM5QWsr0eKCCpmdWEo5Bur0BEZ+U4EiPlx8g== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v5 04/15] target/s390x: Support AES ECB for cpacf km instruction Date: Wed, 20 May 2026 09:20:43 +0200 Message-ID: <20260520072054.293306-5-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260520072054.293306-1-freude@linux.ibm.com> References: <20260520072054.293306-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTIwMDA2NyBTYWx0ZWRfXyaShgitW4r9B QYIMuBK8A6VFudX8cRiNsfMOvuZZEqifUlkxoi1juY9Tc5wjQArWtfMwGLOnfnEgpLCHZACxPUo M9+KsEdnBHkH2rfXGjYjm9bhm72aR4+3wNfHi5WHmqLhuN/jVZ4QCijhtq6B32jd3NtgPr8B6kQ o7+uiNC0ogM/njztt47CcXryiyT1dr1Ywu5GG9GJmwX9OD/h2Dmg+aeqrs+EsrKCz/qz/avzonj J9WT3+gg6IUcgN2ndJasndKIVEGkzUW8tZh56z9ODvc+tNnm3qmUS/XSWh6BBTI3DB9bWkM+v+z hpOvoDAfheHArZngYFBdq3kdzjaSoVOPUcJAdxFTZhhGfMQvueUTJjxHV1Mps+FNTYXhvRbhBjB HBismZUTZY2kL6lrHBVaH5A+JCyhM5hE8Qnh/3rFSuJoo4AqUxSUjml+lCS7g4r3cnkTwwyeWMY qAlEacfhrVsJ5vf0ZMw== X-Authority-Analysis: v=2.4 cv=Np/htcdJ c=1 sm=1 tr=0 ts=6a0d60dc cx=c_pps a=AfN7/Ok6k8XGzOShvHwTGQ==:117 a=AfN7/Ok6k8XGzOShvHwTGQ==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=RzCfie-kr_QcCd8fBx8p:22 a=VnNF1IyMAAAA:8 a=2jo1MQRKDEzzzhCldZQA:9 X-Proofpoint-ORIG-GUID: Ba767t2CN6K9Y_RV3wV4ZV-SQM3OcTrn X-Proofpoint-GUID: Ba767t2CN6K9Y_RV3wV4ZV-SQM3OcTrn X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-05-20_01,2026-05-18_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 spamscore=0 clxscore=1011 priorityscore=1501 impostorscore=0 lowpriorityscore=0 suspectscore=0 adultscore=0 phishscore=0 malwarescore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605200067 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779261786999158500 Content-Type: text/plain; charset="utf-8" Support the subfunctions CPACF_KM_AES_128, CPACF_KM_AES_192 and CPACF_KM_AES_256 for the cpacf km instruction. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler --- target/s390x/gen-features.c | 3 + target/s390x/tcg/cpacf.h | 6 ++ target/s390x/tcg/cpacf_aes.c | 110 +++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 24 +++++++ target/s390x/tcg/meson.build | 1 + 5 files changed, 144 insertions(+) create mode 100644 target/s390x/tcg/cpacf_aes.c diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 5cf5b92c37..a35d1fd2f9 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -921,6 +921,9 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KLMD_SHA_256, S390_FEAT_KLMD_SHA_512, S390_FEAT_PRNO_TRNG, + S390_FEAT_KM_AES_128, + S390_FEAT_KM_AES_192, + S390_FEAT_KM_AES_256, }; =20 /****** END FEATURE DEFS ******/ diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 79f05e1e14..db72adc91b 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -16,4 +16,10 @@ int cpacf_sha256(CPUS390XState *env, uintptr_t ra, uint6= 4_t param_addr, int cpacf_sha512(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, uint64_t *message_reg, uint64_t *len_reg, uint32_t type); =20 +/* from crypto_aes.c */ +int cpacf_aes_ecb(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, + uint64_t *src_len_reg, uint32_t type, + uint8_t fc, uint8_t mod); + #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c new file mode 100644 index 0000000000..f2018e8e32 --- /dev/null +++ b/target/s390x/tcg/cpacf_aes.c @@ -0,0 +1,110 @@ +/* + * s390 cpacf aes + * + * Authors: + * Harald Freudenberger + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" +#include "s390x-internal.h" +#include "tcg_s390x.h" +#include "accel/tcg/cpu-ldst.h" +#include "crypto/aes.h" +#include "cpacf.h" + +static void aes_read_block(CPUS390XState *env, uint64_t addr, + uint8_t *a, uintptr_t ra) +{ + uint64_t _addr; + int i; + + for (i =3D 0; i < AES_BLOCK_SIZE; i++, addr +=3D 1) { + _addr =3D wrap_address(env, addr); + a[i] =3D cpu_ldub_data_ra(env, _addr, ra); + } +} + +static void aes_write_block(CPUS390XState *env, uint64_t addr, + uint8_t *a, uintptr_t ra) +{ + uint64_t _addr; + int i; + + for (i =3D 0; i < AES_BLOCK_SIZE; i++, addr +=3D 1) { + _addr =3D wrap_address(env, addr); + cpu_stb_data_ra(env, _addr, a[i], ra); + } +} + +int cpacf_aes_ecb(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, + uint64_t *src_len_reg, uint32_t type, uint8_t fc, uint8_= t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; + uint64_t addr, len =3D *src_len_reg, done =3D 0; + int i, keysize, addr_reg_size =3D 64; + uint8_t key[32]; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KM); + switch (fc) { + case 0x12: /* CPACF_KM_AES_128 */ + keysize =3D 16; + break; + case 0x13: /* CPACF_KM_AES_192 */ + keysize =3D 24; + break; + case 0x14: /* CPACF_KM_AES_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + addr_reg_size =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + + /* expand key */ + if (mod) { + AES_set_decrypt_key(key, keysize * 8, &exkey); + } else { + AES_set_encrypt_key(key, keysize * 8, &exkey); + } + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + aes_read_block(env, *src_ptr_reg + done, in, ra); + if (mod) { + AES_decrypt(in, out, &exkey); + } else { + AES_encrypt(in, out, &exkey); + } + aes_write_block(env, *dst_ptr_reg + done, out, ra); + len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; + } + + *src_ptr_reg =3D deposit64(*src_ptr_reg, 0, addr_reg_size, + *src_ptr_reg + done); + *dst_ptr_reg =3D deposit64(*dst_ptr_reg, 0, addr_reg_size, + *dst_ptr_reg + done); + *src_len_reg -=3D done; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index b69dbb61a6..dff119176e 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -87,6 +87,27 @@ static int cpacf_klmd(CPUS390XState *env, const uintptr_= t ra, return rc; } =20 + +static int cpacf_km(CPUS390XState *env, uintptr_t ra, uint32_t r1, + uint32_t r2, uint32_t r3, uint8_t fc, uint8_t mod) +{ + int rc =3D 0; + + switch (fc) { + case 0x12: /* CPACF_KM_AES_128 */ + case 0x13: /* CPACF_KM_AES_192 */ + case 0x14: /* CPACF_KM_AES_256 */ + rc =3D cpacf_aes_ecb(env, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], + S390_FEAT_TYPE_KM, fc, mod); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + static int cpacf_ppno(CPUS390XState *env, uintptr_t ra, uint32_t r1, uint32_t r2, uint32_t r3, uint8_t fc) { @@ -151,6 +172,9 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, u= int32_t r2, uint32_t r3, case S390_FEAT_TYPE_PPNO: rc =3D cpacf_ppno(env, ra, r1, r2, r3, fc); break; + case S390_FEAT_TYPE_KM: + rc =3D cpacf_km(env, ra, r1, r2, r3, fc, mod); + break; default: g_assert_not_reached(); } diff --git a/target/s390x/tcg/meson.build b/target/s390x/tcg/meson.build index 4115f4c704..da948471ea 100644 --- a/target/s390x/tcg/meson.build +++ b/target/s390x/tcg/meson.build @@ -1,5 +1,6 @@ s390x_ss.add(when: 'CONFIG_TCG', if_true: files( 'cc_helper.c', + 'cpacf_aes.c', 'cpacf_sha256.c', 'cpacf_sha512.c', 'crypto_helper.c', --=20 2.43.0 From nobody Sat May 30 18:34:22 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779261731; cv=none; d=zohomail.com; s=zohoarc; b=bC0yqGodxJHL5reDs6IW8Vvrj+3xpihM5/On+aFsObIimb8fRFb/KIGUbqjox5H33yRNSMXk6u+zcxwvRE1igM68bRppDQ7SJBaLr7Q1rd/7s9R/uqTpNYOi53WNXmg8RfB01IYhwwaFIAnCcc0nEnll0XRa0MNClxkLCcE3eqU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779261731; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=5w+RgFdHKONWQWPz7B8mAJJN2mJnYyxVRRCnKlFU2MU=; b=ZVTuqe30gX6SNKnXZ3rtIKdCluEOuv95QieFKCogGfqu47zVkWkrbMJKbOQmMuBAUFztcfjPMR90LYcV7KWC+upClRFMvZLUZsbbaUjCiU5P8phL8R1n+h7kFF8TvjvrIig7FOaQ9KThVM6NVxTXEXTnkvvLPEY+F/jNuAzO7nM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 177926173138714.53924403413589; Wed, 20 May 2026 00:22:11 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wPbFS-0006Km-MP; Wed, 20 May 2026 03:21:49 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEt-0006Df-Mw; Wed, 20 May 2026 03:21:15 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEo-0002TB-5A; Wed, 20 May 2026 03:21:10 -0400 Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64K2YJv4733638; Wed, 20 May 2026 07:21:00 GMT Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4e6hb8fwuj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:21:00 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64K797oe009539; Wed, 20 May 2026 07:20:59 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 4e75ky60ym-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:20:59 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64K7Ktqx52232692 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 20 May 2026 07:20:56 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D73CC20043; Wed, 20 May 2026 07:20:55 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B85022004D; Wed, 20 May 2026 07:20:55 +0000 (GMT) Received: from funtu2.fritz.box (unknown [9.111.209.15]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 20 May 2026 07:20:55 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=5w+RgFdHKONWQWPz7 B8mAJJN2mJnYyxVRRCnKlFU2MU=; b=Q09dslsRB2PItWEGQbmZ4VZOeGgYEi7Mq TzBdN9Eh13nm2J25LexWuxW9F2xo/O72KaxANEuEhwR2iEyXtAx+AY/E5+DEQrUw 3eY11Dnv5PmXxmdI5hjvVqUDT6Q00fdtl4pWyTC5rirxK/RVYj5RrWGtdrVcWy7X oLyl8I+2NS4/CRdW8jEVGzWH3MHkwlRg5WieJzvM4ydvMkRKsHExZd9nrPkl0SSJ Ar8yMYore6maUQzxxNrX65W+7wzb+ydUJP8JV9Wkvu62/O+pl2gnhk+odlJP37Pf gMn26ffQxG/ksG0JG4kSbIP6+WwPNrIz8d49NX3NGBgKP90RdMxew== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v5 05/15] target/s390x: Support AES CBC for cpacf kmc instruction Date: Wed, 20 May 2026 09:20:44 +0200 Message-ID: <20260520072054.293306-6-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260520072054.293306-1-freude@linux.ibm.com> References: <20260520072054.293306-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTIwMDA2NyBTYWx0ZWRfX6Qu3THsqZrjb BLJWEsBUAH56O0L3CK0n3JF7Ms+TDdpIhqLrszHNcgFCe4RZanGeEQU5uDj12GuMs86rquWpsRV OxI8lNu0XV8YcNkxMNgQbQdI3Z5F7394ykHtJhBnsQR9aQL/N9slC9wgVrBOnsVHqnbiIV0Lsby tFz3vy0bEjWLcfpncDrjJfXlDMPndbRorrF8Dh3BDYmB+a5/Cn9Ex+beX/ZSWuRPMRqlCQOqcjn 34XuWYGGD5rRN3sqhwuJhmW7rKONda21etYJ6CAxqHWjD3vLM0Z9bicuNFjaSQduTVUbmA7j2Lt q7hr2IjDtnXW8xwErFTYQOzffyaEodF2JuFZYUSx/br78ijKIc0ZE5zuM8oxzNMCK+DtHWuDbaD Bpc30ehJzTeHW96ev4EcaB/vFMgx6steQFJH84cBr2SdYVDS6k1Qzh2IAWvtEZ3ckAxA68xoEmv vc7PgXua2NtLfcWqK/Q== X-Proofpoint-GUID: cDWSWIS-EdpaFgtdHqgiOFBHv6MIZiDd X-Proofpoint-ORIG-GUID: cDWSWIS-EdpaFgtdHqgiOFBHv6MIZiDd X-Authority-Analysis: v=2.4 cv=aYBRWxot c=1 sm=1 tr=0 ts=6a0d60dc cx=c_pps a=aDMHemPKRhS1OARIsFnwRA==:117 a=aDMHemPKRhS1OARIsFnwRA==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=Y2IxJ9c9Rs8Kov3niI8_:22 a=VnNF1IyMAAAA:8 a=4s_zGP7M7QCs5o7xjogA:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-05-20_01,2026-05-18_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 adultscore=0 bulkscore=0 suspectscore=0 lowpriorityscore=0 clxscore=1015 spamscore=0 phishscore=0 priorityscore=1501 malwarescore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605200067 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779261733945154100 Content-Type: text/plain; charset="utf-8" Support the subfunctions CPACF_KMC_AES_128, CPACF_KMC_AES_192 and CPACF_KMC_AES_256 for the cpacf kmc instruction. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler --- target/s390x/gen-features.c | 3 + target/s390x/tcg/cpacf.h | 4 ++ target/s390x/tcg/cpacf_aes.c | 102 +++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 23 +++++++ 4 files changed, 132 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index a35d1fd2f9..9c0c0b229f 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -924,6 +924,9 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KM_AES_128, S390_FEAT_KM_AES_192, S390_FEAT_KM_AES_256, + S390_FEAT_KMC_AES_128, + S390_FEAT_KMC_AES_192, + S390_FEAT_KMC_AES_256, }; =20 /****** END FEATURE DEFS ******/ diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index db72adc91b..96dc61e94f 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -21,5 +21,9 @@ int cpacf_aes_ecb(CPUS390XState *env, uintptr_t ra, uint6= 4_t param_addr, uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint32_t type, uint8_t fc, uint8_t mod); +int cpacf_aes_cbc(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, + uint64_t *src_len_reg, uint32_t type, + uint8_t fc, uint8_t mod); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index f2018e8e32..3a7420de48 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -108,3 +108,105 @@ int cpacf_aes_ecb(CPUS390XState *env, uintptr_t ra, u= int64_t param_addr, =20 return !len ? 0 : 3; } + +static void aes_xor(const uint8_t *src1, const uint8_t *src2, uint8_t *dst) +{ + int i; + + for (i =3D 0; i < AES_BLOCK_SIZE / sizeof(uint32_t); i++) { + ((uint32_t *)dst)[i] =3D ((uint32_t *)src1)[i] ^ ((uint32_t *)src2= )[i]; + } +} + +int cpacf_aes_cbc(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, + uint64_t *src_len_reg, uint32_t type, uint8_t fc, uint8_= t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + uint64_t addr, len =3D *src_len_reg, done =3D 0; + int i, keysize, addr_reg_size =3D 64; + uint8_t key[32], iv[AES_BLOCK_SIZE]; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KMC); + + switch (fc) { + case 0x12: /* CPACF_KMC_AES_128 */ + keysize =3D 16; + break; + case 0x13: /* CPACF_KMC_AES_192 */ + keysize =3D 24; + break; + case 0x14: /* CPACF_KMC_AES_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + addr_reg_size =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch iv from param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + i); + iv[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + + /* fetch key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + AES_BLOCK_SIZE + i); + key[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + + /* expand key */ + if (mod) { + AES_set_decrypt_key(key, keysize * 8, &exkey); + } else { + AES_set_encrypt_key(key, keysize * 8, &exkey); + } + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + aes_read_block(env, *src_ptr_reg + done, in, ra); + if (mod) { + /* decrypt in =3D> buf */ + AES_decrypt(in, buf, &exkey); + /* buf xor iv =3D> out */ + aes_xor(buf, iv, out); + /* prep iv for next round */ + memcpy(iv, in, AES_BLOCK_SIZE); + } else { + /* in xor iv =3D> buf */ + aes_xor(in, iv, buf); + /* encrypt buf =3D> out */ + AES_encrypt(buf, out, &exkey); + /* prep iv for next round */ + memcpy(iv, out, AES_BLOCK_SIZE); + } + aes_write_block(env, *dst_ptr_reg + done, out, ra); + len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; + } + + /* update iv in param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + i); + cpu_stb_data_ra(env, addr, iv[i], ra); + } + + *src_ptr_reg =3D deposit64(*src_ptr_reg, 0, addr_reg_size, + *src_ptr_reg + done); + *dst_ptr_reg =3D deposit64(*dst_ptr_reg, 0, addr_reg_size, + *dst_ptr_reg + done); + *src_len_reg -=3D done; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index dff119176e..df01c1c54e 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -108,6 +108,26 @@ static int cpacf_km(CPUS390XState *env, uintptr_t ra, = uint32_t r1, return rc; } =20 +static int cpacf_kmc(CPUS390XState *env, uintptr_t ra, uint32_t r1, + uint32_t r2, uint32_t r3, uint8_t fc, uint8_t mod) +{ + int rc =3D 0; + + switch (fc) { + case 0x12: /* CPACF_KMC_AES_128 */ + case 0x13: /* CPACF_KMC_AES_192 */ + case 0x14: /* CPACF_KMC_AES_256 */ + rc =3D cpacf_aes_cbc(env, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], + S390_FEAT_TYPE_KMC, fc, mod); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + static int cpacf_ppno(CPUS390XState *env, uintptr_t ra, uint32_t r1, uint32_t r2, uint32_t r3, uint8_t fc) { @@ -175,6 +195,9 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, u= int32_t r2, uint32_t r3, case S390_FEAT_TYPE_KM: rc =3D cpacf_km(env, ra, r1, r2, r3, fc, mod); break; + case S390_FEAT_TYPE_KMC: + rc =3D cpacf_kmc(env, ra, r1, r2, r3, fc, mod); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Sat May 30 18:34:22 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779261755; cv=none; d=zohomail.com; s=zohoarc; b=cNw3y5sDpYQgaMRGXGO64GFM2a7Ubyz7nx+nn84kF+C/q7niVaCdX5ifLvGbw4Ty4bs9wp1Eal64hmeTm+sM9PHCKMyuEib00Q8IMNA2yYsYU8YqzmDxZhLe5nK4hCBDaRl2BS7QI6TebZc7PgEb2pN5vmX3lsLkS7affogmdP4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779261755; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=gVK+zd0SZBqcAKbD4vzLg/mPVlEmi5OshewvlIsbCPY=; b=V9K+PEA6c4PRnlWA6N+yM/KpzdTXgmYADYJKLckkNrTiESONalE18qHriMYCXyBiqJiiQZXzRRy70SKR9E4Yp38IItssnqUie4BgYgi93KnL8lQpN29CL64NYva7HJPbz8DgMDHPDUV627bVCCpiSzVO5rnPxPFRIeN9ERWV4Gs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 177926175517036.83684572536788; Wed, 20 May 2026 00:22:35 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wPbF5-0006J0-Te; Wed, 20 May 2026 03:21:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEt-0006Di-Q9; Wed, 20 May 2026 03:21:15 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEp-0002TT-DX; Wed, 20 May 2026 03:21:10 -0400 Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64JKfbeZ4007920; Wed, 20 May 2026 07:21:01 GMT Received: from ppma22.wdc07v.mail.ibm.com (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4e6h9y0x6m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:21:00 +0000 (GMT) Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1]) by ppma22.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64K799Dw021265; Wed, 20 May 2026 07:20:59 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4e739vxdr5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:20:59 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64K7KuZn58130770 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 20 May 2026 07:20:56 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0737B20040; Wed, 20 May 2026 07:20:56 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DBBD62004B; Wed, 20 May 2026 07:20:55 +0000 (GMT) Received: from funtu2.fritz.box (unknown [9.111.209.15]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 20 May 2026 07:20:55 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=gVK+zd0SZBqcAKbD4 vzLg/mPVlEmi5OshewvlIsbCPY=; b=IDfS2zphfs14yQjy0TluLUHwXXWoR/J6q AkcOXiYhiYYxH6XOkckjmQa2Fy7Tw1EAdFGoeDOWUO4BT7h6KdgQho7qCT12ASmE fn6809r2rAqqd12ptT+QxeTKhLqxD5WnbU3p2pQhgrCnNrY2Zz1iP/dKEmU1m2XQ 3QqkT5msODZk3Vqg3G+0EtYRsYwC3U7MWdaRyUS9AakVv6ir7ft24CSYfCZVP3DB 19j38T9wkbJOKJ3UWnGLhG6cJUNiT5z6nrN7ZvaMeieoi54iuwEVUVuxWpmscoPH wIihPB/6db17s6xewTKVJ08I2FrYYnxI7Q1MQX6ItpcSLbxBo6vvg== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v5 06/15] target/s390x: Support AES CTR for cpacf kmctr instruction Date: Wed, 20 May 2026 09:20:45 +0200 Message-ID: <20260520072054.293306-7-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260520072054.293306-1-freude@linux.ibm.com> References: <20260520072054.293306-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTIwMDA2NyBTYWx0ZWRfX1ZwQqgK1rBYU GkuV7LaXxmUYByeQZkFA30Bct/27c9E0F5odJRANmZSH+vBUftOKy+lNBj9jMqV0Ux+OR4lMPZi wSS0zp3D2HrkYfpVEnveSa1bvclv8b55xWgZXeFfT3g9lAoYiu7LaCkiSRz2Nv5Vo/LJL1tP3Ue sA2PrMwpgb9w3+RbUAZfPZQgx2NzEvQa6uBii+3jUe5r3RZnIBT1aAMYBsWSMotVlTdxtBEgPku BhY0MIpE4BtqLh9DpCb1QVXq88dVURb3LzU21bNl2tz1Na4PTvp3i8uTOqYDwUNW8lQr8KHqR// suNFE1kXAbM03awjM6b/h06lEKBSdXt9eTsjIl02Czoq4iBW948cv6Wt9Z872G6t3EXPkCeIU+j N78tlGyQSFAywwedK77a3yT9yK3A2rXULAzwmT++CHsawSCFVfc2YyQs0xvukIutYmJYbSNc/Ne FhlB5m95NhL7QvyMw2A== X-Authority-Analysis: v=2.4 cv=BNuDalQG c=1 sm=1 tr=0 ts=6a0d60dc cx=c_pps a=5BHTudwdYE3Te8bg5FgnPg==:117 a=5BHTudwdYE3Te8bg5FgnPg==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=iQ6ETzBq9ecOQQE5vZCe:22 a=VnNF1IyMAAAA:8 a=FtH1yQ7YNcEQcFzwLPgA:9 X-Proofpoint-ORIG-GUID: TBz22JI53ixjQiHktaNemYYPTGw2dWQP X-Proofpoint-GUID: TBz22JI53ixjQiHktaNemYYPTGw2dWQP X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-05-20_01,2026-05-18_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 priorityscore=1501 malwarescore=0 impostorscore=0 suspectscore=0 lowpriorityscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605200067 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=freude@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779261758258154100 Content-Type: text/plain; charset="utf-8" Support the subfunctions CPACF_KMCTR_AES_128, CPACF_KMCTR_AES_192 and CPACF_KMCTR_AES_256 for the cpacf kmctr instruction. Signed-off-by: Harald Freudenberger --- target/s390x/gen-features.c | 3 ++ target/s390x/tcg/cpacf.h | 4 ++ target/s390x/tcg/cpacf_aes.c | 74 ++++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 23 ++++++++++ 4 files changed, 104 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 9c0c0b229f..59c2a47539 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -927,6 +927,9 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KMC_AES_128, S390_FEAT_KMC_AES_192, S390_FEAT_KMC_AES_256, + S390_FEAT_KMCTR_AES_128, + S390_FEAT_KMCTR_AES_192, + S390_FEAT_KMCTR_AES_256, }; =20 /****** END FEATURE DEFS ******/ diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 96dc61e94f..7367e513e7 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -25,5 +25,9 @@ int cpacf_aes_cbc(CPUS390XState *env, uintptr_t ra, uint6= 4_t param_addr, uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint32_t type, uint8_t fc, uint8_t mod); +int cpacf_aes_ctr(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, + uint64_t *src_len_reg, uint64_t *ctr_ptr_reg, + uint32_t type, uint8_t fc, uint8_t mod); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index 3a7420de48..016b043c56 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -210,3 +210,77 @@ int cpacf_aes_cbc(CPUS390XState *env, uintptr_t ra, ui= nt64_t param_addr, =20 return !len ? 0 : 3; } + +int cpacf_aes_ctr(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, + uint64_t *src_len_reg, uint64_t *ctr_ptr_reg, + uint32_t type, uint8_t fc, uint8_t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + uint8_t ctr[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; + uint64_t addr, len =3D *src_len_reg, done =3D 0; + int i, keysize, addr_reg_size =3D 64; + uint8_t key[32]; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KMCTR); + + switch (fc) { + case 0x12: /* CPACF_KMCTR_AES_128 */ + keysize =3D 16; + break; + case 0x13: /* CPACF_KMCTR_AES_192 */ + keysize =3D 24; + break; + case 0x14: /* CPACF_KMCTR_AES_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + addr_reg_size =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + + /* expand key */ + AES_set_encrypt_key(key, keysize * 8, &exkey); + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + /* read in nonce/ctr =3D> ctr */ + aes_read_block(env, *ctr_ptr_reg + done, ctr, ra); + /* encrypt ctr =3D> buf */ + AES_encrypt(ctr, buf, &exkey); + /* read in one block of input data =3D> in */ + aes_read_block(env, *src_ptr_reg + done, in, ra); + /* exor input data with encrypted ctr =3D> out */ + aes_xor(in, buf, out); + /* write out the processed block */ + aes_write_block(env, *dst_ptr_reg + done, out, ra); + len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; + } + + *src_ptr_reg =3D deposit64(*src_ptr_reg, 0, addr_reg_size, + *src_ptr_reg + done); + *dst_ptr_reg =3D deposit64(*dst_ptr_reg, 0, addr_reg_size, + *dst_ptr_reg + done); + *ctr_ptr_reg =3D deposit64(*ctr_ptr_reg, 0, addr_reg_size, + *ctr_ptr_reg + done); + *src_len_reg -=3D done; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index df01c1c54e..c1c79daf19 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -128,6 +128,26 @@ static int cpacf_kmc(CPUS390XState *env, uintptr_t ra,= uint32_t r1, return rc; } =20 +static int cpacf_kmctr(CPUS390XState *env, uintptr_t ra, uint32_t r1, + uint32_t r2, uint32_t r3, uint8_t fc, uint8_t mod) +{ + int rc =3D 0; + + switch (fc) { + case 0x12: /* CPACF_KMCTR_AES_128 */ + case 0x13: /* CPACF_KMCTR_AES_192 */ + case 0x14: /* CPACF_KMCTR_AES_256 */ + rc =3D cpacf_aes_ctr(env, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], + &env->regs[r3], S390_FEAT_TYPE_KMCTR, fc, mod); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + static int cpacf_ppno(CPUS390XState *env, uintptr_t ra, uint32_t r1, uint32_t r2, uint32_t r3, uint8_t fc) { @@ -198,6 +218,9 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, u= int32_t r2, uint32_t r3, case S390_FEAT_TYPE_KMC: rc =3D cpacf_kmc(env, ra, r1, r2, r3, fc, mod); break; + case S390_FEAT_TYPE_KMCTR: + rc =3D cpacf_kmctr(env, ra, r1, r2, r3, fc, mod); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Sat May 30 18:34:22 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779261803; cv=none; d=zohomail.com; s=zohoarc; b=RjIG+Jj7N6UoMADKd5TVBqtcGQxHmODEamnUwve3cS/qXCOme6uQsjNz/h3Z/oOd8NBqIhSBSND5oS0Gpl8pgERXTt4ABs9Y1yAW3OSNHA8BuVWp+kZfBJNN2NjaMOm/Wr53mnhPME9FNGAFQgoXWuPYIYgeNsRnUyUHBjKxxNE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779261803; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=ldzT7KQUgSHEwEhwXEHU5hYKYckSJlAntg3oDo4f4DM=; b=GLF0TcFMBCEUYGRLfKNqYrJYAlVyXS/YjQq6Oyav9KIwRhrWwjOSlDHRDAmuuUDp6C5x9UieSTgRaza3GGBKVYSSqtcyZVdc6Tc7l2qA1v00HCmMRG77tmZH7Rin+eFfr9fytQpIv+kf8FCNF7sFAg4NSOKTyq+kSxlnOA+tIoc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779261803662406.78960449367924; Wed, 20 May 2026 00:23:23 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wPbF7-0006Jl-LT; Wed, 20 May 2026 03:21:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEu-0006Dj-2m; Wed, 20 May 2026 03:21:15 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEp-0002Th-JH; Wed, 20 May 2026 03:21:11 -0400 Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64K7CGHv790111; Wed, 20 May 2026 07:21:00 GMT Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4e6hb8fwup-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:21:00 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64K79Hew029183; Wed, 20 May 2026 07:20:59 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4e74dhp7jy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:20:59 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64K7KuZ458130772 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 20 May 2026 07:20:56 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2AE1E20043; Wed, 20 May 2026 07:20:56 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0BB6A2004D; Wed, 20 May 2026 07:20:56 +0000 (GMT) Received: from funtu2.fritz.box (unknown [9.111.209.15]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 20 May 2026 07:20:55 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=ldzT7KQUgSHEwEhwX EHU5hYKYckSJlAntg3oDo4f4DM=; b=AWrJqPrHettdJhpsV/Y9AM0oBbPqVJcRk srepGmk2ks2VXTtEJpW6DuQJgHqi82K/pfCELnmZ+oZ3oZJboE2hza7nSbVGK5Ek Kt3YvFxhucO6XBgrlOrCO8ZhgVUjmYT5wthxmhisldv4EgYesXjXJm9pj33Fomjo +nIIE/hv05s2BAajlDKM7Imfzj/WAshdptDGX8jwl2mdVhB1RPb6pzabqgDzcfpR KOvbdpZHx2scL57X97Ust9C6CPGCYMMoH58vw2sbNp8YZ/nmKWSSNZof6OwRUAV1 xlRvQa6ctcQ+BFWjle2rzJHoQi0ZKqowUOtzeA6WTezJ2BeoatNzQ== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v5 07/15] target/s390x: Minimal AES XTS support for cpacf pcc instruction Date: Wed, 20 May 2026 09:20:46 +0200 Message-ID: <20260520072054.293306-8-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260520072054.293306-1-freude@linux.ibm.com> References: <20260520072054.293306-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTIwMDA2NyBTYWx0ZWRfX61d4ABj2aWqM +/eBYoAPrDGjXDkJ2GCXJYC6IUQaopKv0AutFKkFcBHZcuCNZNlVP5KFN1mqGSf/F/EIXAhowM5 O8sDriPZ9urlJqwjwfCec1GB3pgTZmVXNS7kZ7FIGH6ecT3uqma5Hrubja9U1a965wNOGo2InF/ qY3KCupUaYUoZEfxATI3sXgZRk6U2hk2UB5qP9Ih3h0TOJripzED4v7U/7vMz6dQVPsY5BG9nYg +25v+N8wFnP4pfK3ENjiR/zgTnJeD6L9gY7gpIbTx9H5wBOLK/IOCwHJVki3nodsyCTXHpooy0h od4a3KERQF5PHQX1sZMs+C5fLU1VOKaLG3ErlSa/+P8XOFx3/l6ZIU3Z1I6/wjMZIPl1Xu9UYJD SGFDPUtbj+17wpwAHS4d9oZRlvQf2qrdntf0yq7SkUtz6uEnouPfbJ14kT7jfy9thELQXF4udrS X1SO4ZkJ5hZeAMJ1mcQ== X-Proofpoint-GUID: IcbsfL2_zcQ5VhhKuEQu_LZWN2EnD1-C X-Proofpoint-ORIG-GUID: IcbsfL2_zcQ5VhhKuEQu_LZWN2EnD1-C X-Authority-Analysis: v=2.4 cv=aYBRWxot c=1 sm=1 tr=0 ts=6a0d60dc cx=c_pps a=3Bg1Hr4SwmMryq2xdFQyZA==:117 a=3Bg1Hr4SwmMryq2xdFQyZA==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=Y2IxJ9c9Rs8Kov3niI8_:22 a=VnNF1IyMAAAA:8 a=gr50lgQh3SlUKNVXMSoA:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-05-20_01,2026-05-18_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 adultscore=0 bulkscore=0 suspectscore=0 lowpriorityscore=0 clxscore=1015 spamscore=0 phishscore=0 priorityscore=1501 malwarescore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605200067 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779261805059158500 Content-Type: text/plain; charset="utf-8" Support CPACF pcc subfunctions PCC-Compute-XTS-Parameter-AES-128 and PCC-Compute-XTS-Parameter-AES-128 but only for the special case block sequential number is 0. However, this covers the s390 AES XTS implementation in the Linux kernel and Libica and thus also Opencryptoki clear key via Libica. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler --- target/s390x/gen-features.c | 2 + target/s390x/tcg/cpacf.h | 2 + target/s390x/tcg/cpacf_aes.c | 70 ++++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 19 +++++++++ 4 files changed, 93 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 59c2a47539..1b6a874b90 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -930,6 +930,8 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KMCTR_AES_128, S390_FEAT_KMCTR_AES_192, S390_FEAT_KMCTR_AES_256, + S390_FEAT_PCC_XTS_AES_128, + S390_FEAT_PCC_XTS_AES_256, }; =20 /****** END FEATURE DEFS ******/ diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 7367e513e7..0e500eb183 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -29,5 +29,7 @@ int cpacf_aes_ctr(CPUS390XState *env, uintptr_t ra, uint6= 4_t param_addr, uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint64_t *ctr_ptr_reg, uint32_t type, uint8_t fc, uint8_t mod); +int cpacf_aes_pcc(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint8_t fc); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index 016b043c56..1fcb762099 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -15,6 +15,13 @@ #include "crypto/aes.h" #include "cpacf.h" =20 +/* #define DEBUG_HELPER */ +#ifdef DEBUG_HELPER +#define HELPER_LOG(x...) qemu_log(x) +#else +#define HELPER_LOG(x...) +#endif + static void aes_read_block(CPUS390XState *env, uint64_t addr, uint8_t *a, uintptr_t ra) { @@ -284,3 +291,66 @@ int cpacf_aes_ctr(CPUS390XState *env, uintptr_t ra, ui= nt64_t param_addr, =20 return !len ? 0 : 3; } + +int cpacf_aes_pcc(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint8_t fc) +{ + uint8_t key[32], tweak[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + int keysize, i; + uint64_t addr; + AES_KEY exkey; + + switch (fc) { + case 0x32: /* CPACF_PCC compute XTS param AES-128 */ + keysize =3D 16; + break; + case 0x34: /* CPACF PCC compute XTS param AES-256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + /* fetch block sequence nr from param block into buf */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + AES_BLOCK_SIZE += i); + buf[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + + /* is the block sequence nr 0 ? */ + for (i =3D 0; i < AES_BLOCK_SIZE && !buf[i]; i++) { + ; + } + if (i < AES_BLOCK_SIZE) { + /* no, sorry handling of non zero block sequence is not implemente= d */ + cpu_abort(env_cpu(env), + "PCC-compute-XTS-param with non zero block sequence is n= ot implemented\n"); + return 1; + } + + /* fetch key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + + /* fetch tweak from param block into tweak */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + tweak[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + + /* expand key */ + AES_set_encrypt_key(key, keysize * 8, &exkey); + + /* encrypt tweak */ + AES_encrypt(tweak, buf, &exkey); + + /* store encrypted tweak into xts parameter field of the param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + 3 * AES_BLOCK_SI= ZE + i); + cpu_stb_data_ra(env, addr, buf[i], ra); + } + + return 0; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index c1c79daf19..a7f4e135e1 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -165,6 +165,22 @@ static int cpacf_ppno(CPUS390XState *env, uintptr_t ra, return rc; } =20 +static int cpacf_pcc(CPUS390XState *env, uintptr_t ra, uint8_t fc) +{ + int rc =3D 0; + + switch (fc) { + case 0x32: /* CPACF_PCC compute XTS param AES-128 */ + case 0x34: /* CPACF PCC compute XTS param AES-256 */ + rc =3D cpacf_aes_pcc(env, ra, env->regs[1], fc); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, uint32_t r2, uint32_= t r3, uint32_t type) { @@ -221,6 +237,9 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, u= int32_t r2, uint32_t r3, case S390_FEAT_TYPE_KMCTR: rc =3D cpacf_kmctr(env, ra, r1, r2, r3, fc, mod); break; + case S390_FEAT_TYPE_PCC: + rc =3D cpacf_pcc(env, ra, fc); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Sat May 30 18:34:22 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779261715; cv=none; d=zohomail.com; s=zohoarc; b=gqgNjdOLp0u4Z05jQy79cwqoEyl2ncGwIXg7Od9mIlMmk2o7MdVJn+4SPtj2pURdIc7mBYrWmN2vhldyJlWNZcFGLIgY92udqBJ0RhbaMlIi4dGYOhwjM3TItQ+zZODPV+i+lNu1FCrsZUoiaw8kkp2jOqY8HCZskDlW8weZpNA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779261715; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=jjO6C7OHB9qDP5QcaHyA80EGlyDJzlN/JN16uAUaiDA=; b=m13n1cAaCuV9LaKdDXfLMNxXeO7tvYihdPMj+qCvdHxheMQe+KT8Jeda/qcItZbnMop5n5UG9i7NHTNiCWjIlXYb9wYKbH03L76aG4oEWprVWwNW0MikpaUejNFkdkjM7FgT2lYxv2dvIbr1OJQEDByVjY7AfotnatGloj5WGN4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779261715907442.98318993954626; Wed, 20 May 2026 00:21:55 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wPbF5-0006Ia-0G; Wed, 20 May 2026 03:21:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEw-0006Dv-9a; Wed, 20 May 2026 03:21:15 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEr-0002UO-4x; Wed, 20 May 2026 03:21:13 -0400 Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64JM6M0p3350414; Wed, 20 May 2026 07:21:01 GMT Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4e6h750vkd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:21:01 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64K79ATQ029129; Wed, 20 May 2026 07:21:00 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4e74dhp7k0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:21:00 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64K7Kuat58130774 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 20 May 2026 07:20:56 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4E09D20040; Wed, 20 May 2026 07:20:56 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2F5A42004B; Wed, 20 May 2026 07:20:56 +0000 (GMT) Received: from funtu2.fritz.box (unknown [9.111.209.15]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 20 May 2026 07:20:56 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=jjO6C7OHB9qDP5Qca HyA80EGlyDJzlN/JN16uAUaiDA=; b=KexC5WBgIwH7xqFe/hEzNd5x8gAYYfYgg YKxeqJrU8OOOXqFPCHIKkFXfNVj+tqYoI2Eku4zTMxoUd5F8D0sYMfYarCqsR/fx OrZ13ighib9o2FRY1OcnQMf5D3uaDQ/fAhhRFR8UsXsMuwHyvopxzk0OP42kSY9c us89y6c8tRbbhkARqxDuglhKc7BXcFXZ5cVLaWkqE5PIoLB6RsqwOQGx/mywFBXC mjY/1rPUX3U5tQ528iuVd8BqRbohRjc42f8cvY13ezObay9OBTL4B2qJZQt+c/Pu PZr/NvSRwXgAOLQxa/si/Pryq1fdoZhNoQlbanX/DZFpJDrKvNqbw== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v5 08/15] target/s390x: Support AES XTS for cpacf km instruction Date: Wed, 20 May 2026 09:20:47 +0200 Message-ID: <20260520072054.293306-9-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260520072054.293306-1-freude@linux.ibm.com> References: <20260520072054.293306-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=ffCdDUQF c=1 sm=1 tr=0 ts=6a0d60dd cx=c_pps a=3Bg1Hr4SwmMryq2xdFQyZA==:117 a=3Bg1Hr4SwmMryq2xdFQyZA==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=U7nrCbtTmkRpXpFmAIza:22 a=VnNF1IyMAAAA:8 a=eqHtp_S4Ax5_VAgAp9wA:9 X-Proofpoint-ORIG-GUID: BIa_aZIeaLkpU4VzCWWoVVpcmN3RjdHn X-Proofpoint-GUID: BIa_aZIeaLkpU4VzCWWoVVpcmN3RjdHn X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTIwMDA2NyBTYWx0ZWRfX8QgJCvnDY8nX B+QX3ZiLQt46CHTHnmRG43svBimoZsBfQRFBJK9v2ZbZOOmISpnUfNKJlJ9rrA2ISydaqThd4Ki cenud5hX5vITrPwZBtZx5EMC3RD0pECWPt1zdiEQDKb/3jygMtfo12rFUJ2ALzbBxr2BONwkYxB aoWVDw0smSsSdw7KisxpG4IidVEA5pu9W86ZifH4/2qT0qYdoF81n/YyeqcZ8NaDMrwGrTxrCfd xxb+xMGMPtzmHAW4ymDHTHRRbVCWjiy5lH+CYcdaBVw16ii3wR5Sty3sNzoVWgjAw5jydN2s5BJ GXTpfd0WAL7WBsQKCXRFCSEUPlCR1Y+LF5yo85PHNjVDyrCMEVMr0qHg6GGGIEm7L4Kg/k/xe1W aA2VrcpPShUh/Xs/Hc65fuWfqGa3Rm9O7GLUlcvJiqthlwI8DtBE4ZZATnWkTTzQphz3Ydbn5qc ybeh+ytN1i3dHsp7Iag== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-05-20_01,2026-05-18_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 spamscore=0 phishscore=0 suspectscore=0 adultscore=0 clxscore=1015 impostorscore=0 lowpriorityscore=0 bulkscore=0 malwarescore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605200067 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=freude@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779261717584154100 Content-Type: text/plain; charset="utf-8" Support the subfunctions XTS-AES-128 and XTS-AES-256 for the cpacf km instruction. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler --- target/s390x/gen-features.c | 2 + target/s390x/tcg/cpacf.h | 4 ++ target/s390x/tcg/cpacf_aes.c | 105 +++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 6 ++ 4 files changed, 117 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 1b6a874b90..f9b1a40c7c 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -924,6 +924,8 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KM_AES_128, S390_FEAT_KM_AES_192, S390_FEAT_KM_AES_256, + S390_FEAT_KM_XTS_AES_128, + S390_FEAT_KM_XTS_AES_256, S390_FEAT_KMC_AES_128, S390_FEAT_KMC_AES_192, S390_FEAT_KMC_AES_256, diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 0e500eb183..66cae0961d 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -31,5 +31,9 @@ int cpacf_aes_ctr(CPUS390XState *env, uintptr_t ra, uint6= 4_t param_addr, uint32_t type, uint8_t fc, uint8_t mod); int cpacf_aes_pcc(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, uint8_t fc); +int cpacf_aes_xts(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, + uint64_t *src_len_reg, uint32_t type, + uint8_t fc, uint8_t mod); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index 1fcb762099..7c173885bb 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -354,3 +354,108 @@ int cpacf_aes_pcc(CPUS390XState *env, uintptr_t ra, u= int64_t param_addr, =20 return 0; } + +static void aes_xts_prep_next_tweak(uint8_t tweak[AES_BLOCK_SIZE]) +{ + uint8_t carry; + int i; + + carry =3D tweak[AES_BLOCK_SIZE - 1] >> 7; + + for (i =3D AES_BLOCK_SIZE - 1; i > 0; i--) { + tweak[i] =3D (uint8_t)((tweak[i] << 1) | (tweak[i - 1] >> 7)); + } + + tweak[i] =3D (uint8_t)(tweak[i] << 1); + tweak[i] ^=3D (uint8_t)(0x87 & (uint8_t)(-(int8_t)carry)); +} + +int cpacf_aes_xts(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, + uint64_t *src_len_reg, uint32_t type, uint8_t fc, uint8_= t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + uint8_t buf1[AES_BLOCK_SIZE], buf2[AES_BLOCK_SIZE]; + uint64_t addr, len =3D *src_len_reg, done =3D 0; + uint8_t key[32], tweak[AES_BLOCK_SIZE]; + int i, keysize, addr_reg_size =3D 64; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KM); + + switch (fc) { + case 0x32: /* CPACF_KM_XTS_128 */ + keysize =3D 16; + break; + case 0x34: /* CPACF_KM_XTS_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + addr_reg_size =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + + /* expand key */ + if (mod) { + AES_set_decrypt_key(key, keysize * 8, &exkey); + } else { + AES_set_encrypt_key(key, keysize * 8, &exkey); + } + + /* fetch tweak from param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + tweak[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + /* fetch one AES block into buf1 */ + aes_read_block(env, *src_ptr_reg + done, buf1, ra); + /* buf1 xor tweak =3D> buf2 */ + aes_xor(buf1, tweak, buf2); + if (mod) { + /* decrypt buf2 =3D> buf1 */ + AES_decrypt(buf2, buf1, &exkey); + } else { + /* encrypt buf2 =3D> buf1 */ + AES_encrypt(buf2, buf1, &exkey); + } + /* buf1 xor tweak =3D> buf2 */ + aes_xor(buf1, tweak, buf2); + /* prep tweak for next round */ + aes_xts_prep_next_tweak(tweak); + /* write out this processed block from buf2 */ + aes_write_block(env, *dst_ptr_reg + done, buf2, ra); + len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; + } + + /* update tweak in param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + cpu_stb_data_ra(env, addr, tweak[i], ra); + } + + *src_ptr_reg =3D deposit64(*src_ptr_reg, 0, addr_reg_size, + *src_ptr_reg + done); + *dst_ptr_reg =3D deposit64(*dst_ptr_reg, 0, addr_reg_size, + *dst_ptr_reg + done); + *src_len_reg -=3D done; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index a7f4e135e1..7129b38703 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -101,6 +101,12 @@ static int cpacf_km(CPUS390XState *env, uintptr_t ra, = uint32_t r1, &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], S390_FEAT_TYPE_KM, fc, mod); break; + case 0x32: /* CPACF_KM_XTS_128 */ + case 0x34: /* CPACF_KM_XTS_256 */ + rc =3D cpacf_aes_xts(env, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], + S390_FEAT_TYPE_KM, fc, mod); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Sat May 30 18:34:22 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779261734; cv=none; d=zohomail.com; s=zohoarc; b=Vsnd2UZtPitz44dtwJzVx7hrlKK9p4Xh5v5t8uDdjWLT3K9dcIKubD3sKxNMqq4vtCtd0Jb04+klMT8b/jEvxmZ80VtC72Qw3w3AMprl/MhA0Jb8v3WLz7aZPdVU+L11t1opM1fJYC7QXoHKU7yV6oshcoeaNPJVS0GiFgoYoZg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779261734; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=6c7tkjBBfZAQBP8IH3CDijy+6k+pxZZJdc7eZHnGjTA=; b=AMU9Z6FPBm2kgfl875PK3LjPV3smua0va/cX+Cn+8QMMQU4yxbLgCiUaYgHji9J8cAfTs2Op1PaRpz2wUPILX07EMOytCxW4hMyBBxPUfRKptPopzPM+9lfzMiyyhNc4tmrnPQB4W+Fhf5KN17Uh9PnwP9gZjYQlOxIGtyMtAeg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779261734582216.58393006155893; Wed, 20 May 2026 00:22:14 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wPbFO-0006KN-2k; Wed, 20 May 2026 03:21:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEu-0006Dl-Ca; Wed, 20 May 2026 03:21:15 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEq-0002U6-6k; Wed, 20 May 2026 03:21:12 -0400 Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64JJI7hP4011095; Wed, 20 May 2026 07:21:00 GMT Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4e6hb8fwun-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:21:00 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64K79FJW030409; Wed, 20 May 2026 07:20:59 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 4e754ge2t7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:20:59 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64K7KulO58130776 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 20 May 2026 07:20:56 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 726DF20043; Wed, 20 May 2026 07:20:56 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 52EF22004D; Wed, 20 May 2026 07:20:56 +0000 (GMT) Received: from funtu2.fritz.box (unknown [9.111.209.15]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 20 May 2026 07:20:56 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=6c7tkjBBfZAQBP8IH 3CDijy+6k+pxZZJdc7eZHnGjTA=; b=AMcNq98rJdDM8Aw6xtcIRiY8qXoU6S/DN 7IeqAMgzeHJd0K7GgXSa3YRBzCX7ZdT6TChxkGSPpCRq4u+kSF5ATv1eSse2/mDt 4JDVKyuWUdepr2+XaMr46CxNOB1gGZP4Q3kMGG+lX7NfhBt6xJ/2/oMI/pIZdYA5 GhEEOc/W0dsgvmdDNQbeilfbe2Jh1aaq61lYldWgjSBRbdnrF8uhchwPNWJF5/xp GwmqRzkn1sRvNgSv4CVkIxoPdPWvSleRonmfSijsNoSuA9lax0fNNDLWjFMzWmaQ YATPQCdllSSjOatIFSISrH7m+UllFqQyO0gh5z8dbygh+iqArFlow== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v5 09/15] target/s390x: Support pckmo encrypt AES subfunctions Date: Wed, 20 May 2026 09:20:48 +0200 Message-ID: <20260520072054.293306-10-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260520072054.293306-1-freude@linux.ibm.com> References: <20260520072054.293306-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTIwMDA2NyBTYWx0ZWRfXxvcD+omNP8Dh i70nKVlrOiXDIuXybxr8XH9PbMibV7iW0Eb7QtVByDlk4JaX3pItD3FQ0I59cahWKvJDKVSFnK1 pSKeIRbXW/SHgJZOcLDecC4RFDO6d/+uyApnn58ZK6iw9QSZ786mPpHnqlYKSmksqJ4Veyu0h7m 54dePoJjBQqPRXXPVlyfR0XVrdrw7OphYc70LQuiDF5X0wy4iC5e+XcfGspfwktMVT9jYomlpmx 70k2Ejl4R3uKJSLeykQe7nwsU+o0QAk5RVYTh6AhhsSd1efIux2lYkSZxJjBFY0+EsqHNX0NFd/ PbKRMuet3o++o3IRGSlXT+gfgkT1VjTCivrviMK+f8t+DGqM4nt3MnSZAquwrIb3Tj4E1HHaesk Sy1bxGF5Eg2bXzBZa21iK7oZvqTaWTkCdBbLrzAndySDesYm3XaTg3i2zQrpnS7gu0EtWV3xyRG VhmFXBO2amUO+UJtl1w== X-Proofpoint-GUID: g_molYfBX9OQu6KL0WlRMdHqZyYCG0r8 X-Proofpoint-ORIG-GUID: g_molYfBX9OQu6KL0WlRMdHqZyYCG0r8 X-Authority-Analysis: v=2.4 cv=aYBRWxot c=1 sm=1 tr=0 ts=6a0d60dc cx=c_pps a=AfN7/Ok6k8XGzOShvHwTGQ==:117 a=AfN7/Ok6k8XGzOShvHwTGQ==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=Y2IxJ9c9Rs8Kov3niI8_:22 a=VnNF1IyMAAAA:8 a=Z4AAViVgUL_E5abT2tgA:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-05-20_01,2026-05-18_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 adultscore=0 bulkscore=0 suspectscore=0 lowpriorityscore=0 clxscore=1011 spamscore=0 phishscore=0 priorityscore=1501 malwarescore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605200067 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779261736854158500 Content-Type: text/plain; charset="utf-8" Support the subfuctions PCKMO-Encrypt-AES-128-Key, PCKMO-Encrypt-AES-192-Key and PCKMO-Encrypt-AES-256-Key. These subfunctions derive a protected key from an AES clear key by encrypting it with an internal AES wrapping key. More details can be found in the "z/Architecture Prinziples of Operation" document. The qemu version provided here is only a fake indented to make protected key available for developing and testing purpose: * The protected key is 'derived' from the clear key by xoring the fixed pattern 0xAAAA... onto the key value. * The AES Wrapping Key Verification Pattern is a fixed value of 32 bytes 0xFACEFACE... Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler --- target/s390x/gen-features.c | 3 ++ target/s390x/tcg/cpacf.h | 2 + target/s390x/tcg/cpacf_aes.c | 65 ++++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 20 ++++++++++ 4 files changed, 90 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index f9b1a40c7c..d3e69aaca6 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -934,6 +934,9 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KMCTR_AES_256, S390_FEAT_PCC_XTS_AES_128, S390_FEAT_PCC_XTS_AES_256, + S390_FEAT_PCKMO_AES_128, + S390_FEAT_PCKMO_AES_192, + S390_FEAT_PCKMO_AES_256, }; =20 /****** END FEATURE DEFS ******/ diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 66cae0961d..35d7bb7afe 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -35,5 +35,7 @@ int cpacf_aes_xts(CPUS390XState *env, uintptr_t ra, uint6= 4_t param_addr, uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint32_t type, uint8_t fc, uint8_t mod); +int cpacf_aes_pckmo(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint8_t fc); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index 7c173885bb..e921ac6072 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -459,3 +459,68 @@ int cpacf_aes_xts(CPUS390XState *env, uintptr_t ra, ui= nt64_t param_addr, =20 return !len ? 0 : 3; } + +/* + * Hard coded pattern xored with the AES clear key + * to 'produce' the protected key. + */ +static const uint8_t protkey_xor_pattern[32] =3D { + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA }; + +/* + * Hard coded wkvp ("Wrapping Key Verification Pattern") + */ +static const uint8_t protkey_wkvp[32] =3D { + 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E, + 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E, + 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E, + 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E }; + +int cpacf_aes_pckmo(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint8_t fc) +{ + uint8_t key[32]; + int keysize, i; + uint64_t addr; + + switch (fc) { + case 0x12: /* CPACF_PCKMO_ENC_AES_128_KEY */ + keysize =3D 16; + break; + case 0x13: /* CPACF_PCKMO_ENC_AES_192_KEY */ + keysize =3D 24; + break; + case 0x14: /* CPACF_PCKMO_ENC_AES_256_KEY */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + /* fetch key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + + /* 'derive' the protected key */ + for (i =3D 0; i < keysize; i++) { + key[i] ^=3D protkey_xor_pattern[i]; + } + + /* store the protected key into param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + cpu_stb_data_ra(env, addr, key[i], ra); + } + /* followed by the fake wkvp */ + for (i =3D 0; i < sizeof(protkey_wkvp); i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + cpu_stb_data_ra(env, addr, protkey_wkvp[i], ra); + } + + return 0; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 7129b38703..8d1070ec89 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -187,6 +187,23 @@ static int cpacf_pcc(CPUS390XState *env, uintptr_t ra,= uint8_t fc) return rc; } =20 +static int cpacf_pckmo(CPUS390XState *env, uintptr_t ra, uint8_t fc) +{ + int rc =3D 0; + + switch (fc) { + case 0x12: /* CPACF_PCKMO_ENC_AES_128_KEY */ + case 0x13: /* CPACF_PCKMO_ENC_AES_192_KEY */ + case 0x14: /* CPACF_PCKMO_ENC_AES_256_KEY */ + rc =3D cpacf_aes_pckmo(env, ra, env->regs[1], fc); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, uint32_t r2, uint32_= t r3, uint32_t type) { @@ -246,6 +263,9 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, u= int32_t r2, uint32_t r3, case S390_FEAT_TYPE_PCC: rc =3D cpacf_pcc(env, ra, fc); break; + case S390_FEAT_TYPE_PCKMO: + rc =3D cpacf_pckmo(env, ra, fc); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Sat May 30 18:34:22 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779261827; cv=none; d=zohomail.com; s=zohoarc; b=VYHzZ++kXFo4Z7JoRQ3ae0GruBbkIVTP74SZI0G1o9p6i6TWdkcS7AMH2klfOKoz+0ZYWb5Z5PoFWw0HgYE5KAFl8YIxZ2a4CczEACIL9VqOtIFxB7alr2uVsA5q1z6M6EdGMVbz8Epr5YelOjwf2k3WaYtXsnYcvCmqh8yzFv4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779261827; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=3FLTRO/31nCYe3cgcMdpwN7Hx3DEi/EiTvt9PgFaS6Q=; b=GN3v99hdpN87rBmylrNxWA7htT/zcwgkmsvUisV3rpy/FL7V4qSW6VsJb7B5ISU6o1OLQS8ut3dfxwPUOomvVmFauAFRYfUBObVPvPiITcu6IOm2drLs6XVfZ41WWD21+6kulmgOOjkZzjXFqS41+5gasrrJB9/N5uT5KFl3rwQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779261827082287.9925283995018; Wed, 20 May 2026 00:23:47 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wPbFt-0006Wc-Lo; Wed, 20 May 2026 03:22:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEw-0006Dt-90; Wed, 20 May 2026 03:21:15 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEq-0002Tt-77; Wed, 20 May 2026 03:21:13 -0400 Received: from pps.filterd (m0353729.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64JJpapE069628; Wed, 20 May 2026 07:21:01 GMT Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4e6h8mruk4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:21:01 +0000 (GMT) Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64K6s7Vu031389; Wed, 20 May 2026 07:21:00 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4e73wk6a09-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:21:00 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64K7Ku9F57082270 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 20 May 2026 07:20:56 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 95C3820040; Wed, 20 May 2026 07:20:56 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 771E22004B; Wed, 20 May 2026 07:20:56 +0000 (GMT) Received: from funtu2.fritz.box (unknown [9.111.209.15]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 20 May 2026 07:20:56 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=3FLTRO/31nCYe3cgc MdpwN7Hx3DEi/EiTvt9PgFaS6Q=; b=dlb8N15KmC3T+jV0gBmndUOBxPPrHeoyA nXhjADLpNn0iQn+zglgM/jdAO8Idfn8V6iJQ7mBq0RCmjOOuOXiWgRSYCNgBM8CP uPjFkMXy3uEnUwoC8Bwiu3Q7KImb2uJnr0tn/F29RHu/7wJ4Q2l0wGqvK6ifthyT +XF42nr3n8Cj9iqAwaCAilI9qvY/w+Y32pWx/IIwhBRckZhNZND7/pwXhv7gn6DJ h7Lk0ZvnH/r9XhrHuqZbmNzNRkC6m6DZHC5KV7v91IRo+kJZ8aS/FiO1iKG3urR5 5q0W/YsMTw5iYKe/IdaFpsDRRp5htJX8lhsQjrBJ1ZSSDsiPZReVA== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v5 10/15] target/s390x: Support protected key AES ECB for cpacf km instruction Date: Wed, 20 May 2026 09:20:49 +0200 Message-ID: <20260520072054.293306-11-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260520072054.293306-1-freude@linux.ibm.com> References: <20260520072054.293306-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: qmfq_ukBD6Im-uDQAh4x22MtHTg8tC5F X-Authority-Analysis: v=2.4 cv=GYMnWwXL c=1 sm=1 tr=0 ts=6a0d60dd cx=c_pps a=GFwsV6G8L6GxiO2Y/PsHdQ==:117 a=GFwsV6G8L6GxiO2Y/PsHdQ==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=uAbxVGIbfxUO_5tXvNgY:22 a=VnNF1IyMAAAA:8 a=kMBD09bGjcw6kBLitfwA:9 X-Proofpoint-ORIG-GUID: qmfq_ukBD6Im-uDQAh4x22MtHTg8tC5F X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTIwMDA2NyBTYWx0ZWRfXxmHjgfd61sWT qm7sv81qS0RXdM3t1o8fb9npCSWSBVdPgO08A7FPla7E7SZMdXdovki+J04yDc3A+l05nBhj4gS EIs6IDaaYHKOQEnW9ry2T01/z5Q4HhkMRcqTEREZblwIgaXRAqAk6QKtGHDatqaNM5aPMIJEn+d dHsa7VNC7eBvQUbBymgJ3roFMNH9ebMSm4+x/N7+g/4zn4ccYROw0AiUa515SSqhKIeenBQOtoB yhELD5mP6ZavwUwx+fYmNgzRPVgMj1GvJgHKhErVb/tvDt1bEpoPelgRkiLEOuM150Kb9w+rCIb eOcgu6ywHfuSvmkP4dTy4a9FDWCtgby+Oyqfns8TBzGK52Td+mAAKIZcwlf1O52hZq+dlSpMgu4 /HPiE3/ds23Eu+Y3DLEmxzsi9a7heFNP67KO1e2TiLqomvHg/SpK1QJzLrhFAgV1f57DBD57juE qsxNNsUPdEII3pLnzLA== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-05-20_01,2026-05-18_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 malwarescore=0 lowpriorityscore=0 priorityscore=1501 bulkscore=0 adultscore=0 suspectscore=0 spamscore=0 clxscore=1011 impostorscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605200067 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=freude@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779261829207154100 Content-Type: text/plain; charset="utf-8" Support the subfunctions CPACF_KM_PAES_128, CPACF_KM_PAES_192 and CPACF_KM_PAES_256 for the cpacf km instruction. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler --- target/s390x/gen-features.c | 3 ++ target/s390x/tcg/cpacf.h | 4 ++ target/s390x/tcg/cpacf_aes.c | 86 ++++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 7 +++ 4 files changed, 100 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index d3e69aaca6..71e0e41d6e 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -924,6 +924,9 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KM_AES_128, S390_FEAT_KM_AES_192, S390_FEAT_KM_AES_256, + S390_FEAT_KM_EAES_128, + S390_FEAT_KM_EAES_192, + S390_FEAT_KM_EAES_256, S390_FEAT_KM_XTS_AES_128, S390_FEAT_KM_XTS_AES_256, S390_FEAT_KMC_AES_128, diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 35d7bb7afe..b67ae53847 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -37,5 +37,9 @@ int cpacf_aes_xts(CPUS390XState *env, uintptr_t ra, uint6= 4_t param_addr, uint8_t fc, uint8_t mod); int cpacf_aes_pckmo(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, uint8_t fc); +int cpacf_paes_ecb(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, + uint64_t *src_len_reg, uint32_t type, + uint8_t fc, uint8_t mod); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index e921ac6072..580f3fcd2e 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -524,3 +524,89 @@ int cpacf_aes_pckmo(CPUS390XState *env, uintptr_t ra, = uint64_t param_addr, =20 return 0; } + +int cpacf_paes_ecb(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, + uint64_t *src_len_reg, uint32_t type, + uint8_t fc, uint8_t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; + uint64_t addr, len =3D *src_len_reg, done =3D 0; + int i, keysize, addr_reg_size =3D 64; + uint8_t key[32], wkvp[32]; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KM); + + switch (fc) { + case 0x1a: /* CPACF_KM_PAES_128 */ + keysize =3D 16; + break; + case 0x1b: /* CPACF_KM_PAES_192 */ + keysize =3D 24; + break; + case 0x1c: /* CPACF_KM_PAES_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + addr_reg_size =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch and check wkvp from param block */ + for (i =3D 0; i < sizeof(wkvp); i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + wkvp[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + if (memcmp(wkvp, protkey_wkvp, sizeof(wkvp))) { + /* wkvp mismatch -> return with cc 1 */ + return 1; + } + + /* fetch protected key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + /* 'decrypt' the protected key */ + for (i =3D 0; i < keysize; i++) { + key[i] ^=3D protkey_xor_pattern[i]; + } + + /* expand key */ + if (mod) { + AES_set_decrypt_key(key, keysize * 8, &exkey); + } else { + AES_set_encrypt_key(key, keysize * 8, &exkey); + } + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + aes_read_block(env, *src_ptr_reg + done, in, ra); + if (mod) { + AES_decrypt(in, out, &exkey); + } else { + AES_encrypt(in, out, &exkey); + } + aes_write_block(env, *dst_ptr_reg + done, out, ra); + len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; + } + + *src_ptr_reg =3D deposit64(*src_ptr_reg, 0, addr_reg_size, + *src_ptr_reg + done); + *dst_ptr_reg =3D deposit64(*dst_ptr_reg, 0, addr_reg_size, + *dst_ptr_reg + done); + *src_len_reg -=3D done; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 8d1070ec89..146f970713 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -101,6 +101,13 @@ static int cpacf_km(CPUS390XState *env, uintptr_t ra, = uint32_t r1, &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], S390_FEAT_TYPE_KM, fc, mod); break; + case 0x1a: /* CPACF_KM_PAES_128 */ + case 0x1b: /* CPACF_KM_PAES_192 */ + case 0x1c: /* CPACF_KM_PAES_256 */ + rc =3D cpacf_paes_ecb(env, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 = + 1], + S390_FEAT_TYPE_KM, fc, mod); + break; case 0x32: /* CPACF_KM_XTS_128 */ case 0x34: /* CPACF_KM_XTS_256 */ rc =3D cpacf_aes_xts(env, ra, env->regs[1], --=20 2.43.0 From nobody Sat May 30 18:34:22 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779261831; cv=none; d=zohomail.com; s=zohoarc; b=Zi1UIDxjlJ3OrcOuyGkWcxqBbX6/8fug6kYxYsXFJw/L3RBOpHWwVUtf/axXxFk7couRjCvUNTIlPtKa0TDGbnXTzVS162y7a5PvhA2Dou1MceXENPLy4hNlFaVkEKThfqhdTcOxyO+l7ZirUoQnOY0B7jnA4QvgjyylNh5JabI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779261831; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Q05FXRHwQbucUIMrOliL9UJM907osYwRFZUvDCz1XxI=; b=mXRDvUkl4qmIX5enF1zFnt2V1oBDD55arFNr76t8lD1cztjqlf0eM1/p7OZImrrhnWy6WZkHSzttZXBBay+cgSYuvkdcdpBQEEagows0VQiUwq/lyfUZsYsJGo4+Ca8l+H+pxHEIc0qB0wvEeZ5WAUFILm8un5yYfJKfWD3/fvI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779261831939962.7638463637188; Wed, 20 May 2026 00:23:51 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wPbF7-0006Jc-DT; Wed, 20 May 2026 03:21:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEt-0006Dg-N9; Wed, 20 May 2026 03:21:15 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEp-0002TW-7G; Wed, 20 May 2026 03:21:10 -0400 Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64JLu5m93690499; Wed, 20 May 2026 07:21:01 GMT Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4e6haw7y1u-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:21:01 +0000 (GMT) Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64K79DJE007330; Wed, 20 May 2026 07:21:00 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 4e72wq6gc0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:21:00 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64K7KuvA57082272 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 20 May 2026 07:20:56 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B9C0B20043; Wed, 20 May 2026 07:20:56 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9A4B42004D; Wed, 20 May 2026 07:20:56 +0000 (GMT) Received: from funtu2.fritz.box (unknown [9.111.209.15]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 20 May 2026 07:20:56 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=Q05FXRHwQbucUIMrO liL9UJM907osYwRFZUvDCz1XxI=; b=h97+YGkRKamkP2rTU6ETNpFmYHzYuGwY7 bARNzu/y77SFVa2yi1L4t8Dx57ARTKRG200o+0xPopkOoadwKvuMlyWrQxrOTp0/ 9cre0mxgwsDyF2+UWJhXdnGs+vFxNxlyHg/51FbLwkbt5CeyUIt/e5mt1Scez3tj P3cdRRTJAnwYptZVVSjcKnbnpEaZ/X4x8zDK8ddT3CS89y22fOzZCc17nMXg+dTa 7JU4UyT1MHpnrQS+Hv4aKJq0axs6MLh5IYCHnEkZuGnA62a0rX3terUoTGAUmAJ5 Py6WRGggMWvZooJGVxRQVmZ0Pp2llCF7bugDxbj/k6r/ywLEX4X+w== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v5 11/15] target/s390x: Support protected key AES CBC for cpacf kmc instruction Date: Wed, 20 May 2026 09:20:50 +0200 Message-ID: <20260520072054.293306-12-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260520072054.293306-1-freude@linux.ibm.com> References: <20260520072054.293306-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTIwMDA2NyBTYWx0ZWRfXzJkN25VjJ+zj gzAVH0VdCT4yaBq6UnW3SOTgBN1gGjNar2wt7X/uzEErg+AiAGyVfa/Fd/OK3pn6rxc+9su6ERV qbqjKkN6kjIKNN6qx78HWQT+E1+T0Z5IjbqjU3nGexAIDNKRA1a899wuAgp92ytp4fC7hKAsBFI JW+mq3OzlY2UQ3ECoHGeg4UPTCigkc61ZUj5pBB6oCWzWe4LdRe4JJLbdmDzJphgxCG+PiZvCCf 52QmyQze+DyXyuWgcNsqiKvhgrmuzkOU1YlAYyJpr9oT0Kr9eh11oS3eWcI5adCypYT2ckVhPYB qfyBuS1eiGJaqlHPfwgaY1xJ5jcDGzY/jrZGMVycwXBCpqMRQT+dElOJ4SaTIl1VF8+xTB5VEoK Uf2Dgi9TH/fylPMjN6gwjT+HECepykFQe0Cuvmrnydk6XSnCUsc2U8otbORQazK7hiWTqKH7TDl gUS+KUxlWqGmtzgF6qA== X-Authority-Analysis: v=2.4 cv=Np/htcdJ c=1 sm=1 tr=0 ts=6a0d60dd cx=c_pps a=bLidbwmWQ0KltjZqbj+ezA==:117 a=bLidbwmWQ0KltjZqbj+ezA==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=RzCfie-kr_QcCd8fBx8p:22 a=VnNF1IyMAAAA:8 a=1XR5bUzyU_lZOmb26nMA:9 X-Proofpoint-ORIG-GUID: mRhU1y1FfXWajwT3M-bqLe3x7HSSfx3u X-Proofpoint-GUID: mRhU1y1FfXWajwT3M-bqLe3x7HSSfx3u X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-05-20_01,2026-05-18_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 spamscore=0 clxscore=1015 priorityscore=1501 impostorscore=0 lowpriorityscore=0 suspectscore=0 adultscore=0 phishscore=0 malwarescore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605200067 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779261833233154100 Content-Type: text/plain; charset="utf-8" Support the subfunctions CPACF_KMC_PAES_128, CPACF_KMC_PAES_192 and CPACF_KMC_PAES_256 for the cpacf kmc instruction. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler --- target/s390x/gen-features.c | 3 + target/s390x/tcg/cpacf.h | 4 ++ target/s390x/tcg/cpacf_aes.c | 108 +++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 7 ++ 4 files changed, 122 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 71e0e41d6e..074c53aecd 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -932,6 +932,9 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KMC_AES_128, S390_FEAT_KMC_AES_192, S390_FEAT_KMC_AES_256, + S390_FEAT_KMC_EAES_128, + S390_FEAT_KMC_EAES_192, + S390_FEAT_KMC_EAES_256, S390_FEAT_KMCTR_AES_128, S390_FEAT_KMCTR_AES_192, S390_FEAT_KMCTR_AES_256, diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index b67ae53847..05500b9da9 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -41,5 +41,9 @@ int cpacf_paes_ecb(CPUS390XState *env, uintptr_t ra, uint= 64_t param_addr, uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint32_t type, uint8_t fc, uint8_t mod); +int cpacf_paes_cbc(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, + uint64_t *src_len_reg, uint32_t type, + uint8_t fc, uint8_t mod); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index 580f3fcd2e..e36289568c 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -610,3 +610,111 @@ int cpacf_paes_ecb(CPUS390XState *env, uintptr_t ra, = uint64_t param_addr, =20 return !len ? 0 : 3; } + +int cpacf_paes_cbc(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, + uint64_t *src_len_reg, uint32_t type, + uint8_t fc, uint8_t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + uint8_t key[32], wkvp[32], iv[AES_BLOCK_SIZE]; + uint64_t addr, len =3D *src_len_reg, done =3D 0; + int i, keysize, addr_reg_size =3D 64; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KMC); + + switch (fc) { + case 0x1a: /* CPACF_KMC_PAES_128 */ + keysize =3D 16; + break; + case 0x1b: /* CPACF_KMC_PAES_192 */ + keysize =3D 24; + break; + case 0x1c: /* CPACF_KMC_PAES_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + addr_reg_size =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch and check wkvp from param block */ + for (i =3D 0; i < sizeof(wkvp); i++) { + addr =3D wrap_address(env, param_addr + AES_BLOCK_SIZE + keysize += i); + wkvp[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + if (memcmp(wkvp, protkey_wkvp, sizeof(wkvp))) { + /* wkvp mismatch -> return with cc 1 */ + return 1; + } + + /* fetch iv from param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + i); + iv[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + + /* fetch protected key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + AES_BLOCK_SIZE + i); + key[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + /* 'decrypt' the protected key */ + for (i =3D 0; i < keysize; i++) { + key[i] ^=3D protkey_xor_pattern[i]; + } + + /* expand key */ + if (mod) { + AES_set_decrypt_key(key, keysize * 8, &exkey); + } else { + AES_set_encrypt_key(key, keysize * 8, &exkey); + } + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + aes_read_block(env, *src_ptr_reg + done, in, ra); + if (mod) { + /* decrypt in =3D> buf */ + AES_decrypt(in, buf, &exkey); + /* buf xor iv =3D> out */ + aes_xor(buf, iv, out); + /* prep iv for next round */ + memcpy(iv, in, AES_BLOCK_SIZE); + } else { + /* in xor iv =3D> buf */ + aes_xor(in, iv, buf); + /* encrypt buf =3D> out */ + AES_encrypt(buf, out, &exkey); + /* prep iv for next round */ + memcpy(iv, out, AES_BLOCK_SIZE); + } + aes_write_block(env, *dst_ptr_reg + done, out, ra); + len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; + } + + /* update iv in param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + i); + cpu_stb_data_ra(env, addr, iv[i], ra); + } + + *src_ptr_reg =3D deposit64(*src_ptr_reg, 0, addr_reg_size, + *src_ptr_reg + done); + *dst_ptr_reg =3D deposit64(*dst_ptr_reg, 0, addr_reg_size, + *dst_ptr_reg + done); + *src_len_reg -=3D done; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 146f970713..a69f4edf74 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -134,6 +134,13 @@ static int cpacf_kmc(CPUS390XState *env, uintptr_t ra,= uint32_t r1, &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], S390_FEAT_TYPE_KMC, fc, mod); break; + case 0x1a: /* CPACF_KMC_PAES_128 */ + case 0x1b: /* CPACF_KMC_PAES_192 */ + case 0x1c: /* CPACF_KMC_PAES_256 */ + rc =3D cpacf_paes_cbc(env, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 = + 1], + S390_FEAT_TYPE_KMC, fc, mod); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Sat May 30 18:34:22 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779261787; cv=none; d=zohomail.com; s=zohoarc; b=YamGIn29kPo/90azbn4mjovkKe8rKq4tl5EH50tk5rBb+X2XSnudb8sUrkmOND7F3fLcAQKkFf9EBIqKbdoj1RUo6oqSuH2zZ2HmNP6sMLkboAwjeQd7hqfCRoc5yJ00OTb4IQpowCoyLjpmRFVk5wwyljsLgkx9+NQqzkzZ1BM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779261787; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=N/qXJR0UpikX78GSPFThSh/j7D+6B+rC2dB2eDHlF10=; b=XQpp6pRomm7sc9km3lTQSuz5t0LGAkg3Iwgf0q+dom/zxwWh7aIMwaibEZiaXnggLQjq9Ub86FqLN4kiA2F5QjPcPF0OE56zg3biHXtjgHh+rz52ygNBn8mYurvu+Tajpj06FMUQrZbedrvE1IK1MrTSK3sKdfn7K0wxvODPpyo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779261787678130.83876029499197; Wed, 20 May 2026 00:23:07 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wPbFg-0006Q8-E2; Wed, 20 May 2026 03:22:02 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEu-0006Dk-85; Wed, 20 May 2026 03:21:15 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEp-0002Te-Su; Wed, 20 May 2026 03:21:11 -0400 Received: from pps.filterd (m0353729.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64K0tx2H3505643; Wed, 20 May 2026 07:21:02 GMT Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4e6h8mruk5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:21:01 +0000 (GMT) Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64K6sLVq031893; Wed, 20 May 2026 07:21:00 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4e73wk6a0a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:21:00 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64K7KumF57082274 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 20 May 2026 07:20:57 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DC99720040; Wed, 20 May 2026 07:20:56 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BE2C82004B; Wed, 20 May 2026 07:20:56 +0000 (GMT) Received: from funtu2.fritz.box (unknown [9.111.209.15]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 20 May 2026 07:20:56 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=N/qXJR0UpikX78GSP FThSh/j7D+6B+rC2dB2eDHlF10=; b=X7CFHsNRBuVefCz5CvZ4XC833DJv4rKIr wnJ2/xYoOmNihdTEOFiMr5WnxXR0e8zZj29Hwbpb/aZqyn8KrFB6kfghjcCYuDlk 5zTPW2ns3t9XPcmGTH3y5Erx++y2bsNmCLyQ+RBCr8vz8UzRjyA+BqWDgVITX/QK ntgoQAznefdqUA16CRE34ei1vuHpCMy1jk5n2a3d/IHMmeU7spsuIhodbVAuB3D+ hLjUmOuUsRpkFtebceVUFhNyzaggd5iNU3st0skUyx3v79I4oe/ckU0bxy1oCZ0A x9QGowfh4V5sjROK7ZeWGXX6TcsX0nhVJlM7ojB2Ry7nQvgENIvyg== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v5 12/15] target/s390x: Support protected key AES CTR for cpacf kmctr instruction Date: Wed, 20 May 2026 09:20:51 +0200 Message-ID: <20260520072054.293306-13-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260520072054.293306-1-freude@linux.ibm.com> References: <20260520072054.293306-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: OZ8lJei5XXw5_hIO-o2kz-2LeKHO0loA X-Authority-Analysis: v=2.4 cv=GYMnWwXL c=1 sm=1 tr=0 ts=6a0d60dd cx=c_pps a=GFwsV6G8L6GxiO2Y/PsHdQ==:117 a=GFwsV6G8L6GxiO2Y/PsHdQ==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=uAbxVGIbfxUO_5tXvNgY:22 a=VnNF1IyMAAAA:8 a=Ff2AzlR8v_7kNCG2J78A:9 X-Proofpoint-ORIG-GUID: OZ8lJei5XXw5_hIO-o2kz-2LeKHO0loA X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTIwMDA2NyBTYWx0ZWRfXycNtxZLUxhMT uE8336nvk46sqFmRb+n5J14+tK7CVfH6yECzgwIQ2I91Ewbnc3jyzv2fBYPeZGjzf8t0jSN5/FE Jn42qq0pBf/ars9aiAw+mvKYtoEOHg4SqMxTC7laMYLp02cse/shJ+9mHUajN7Qu0u4ge9IUNJe NAFV+JduDj1lQnzR2q8t8A9bEBNabuEToVfJOKNd+m4XQMe/l/1f9Q0oAiLa3k8+RBXNg5Im4J+ fk/YW5aw68Bwcd2EzhSHIqICvPPV5fihWsYQWVuoVeESLpm3HC6GPCT2+TR0WgrBKHWm1R/L/x/ MPQ73cI94J04jcHSkeeEeU8Dtvv3OJTiiBIptNHbRMaoeLE/YAefJ7N2XuB1vIttX7zOSGPc3aN Rsc9cYJXt1NEEfmEXEqgXXMtKKE+EkG2Xi7MpLb8zPYQ7KmkdCIIRmTrN/ChKS2jD0uGWJw5ac7 oHDuANSRXDc+nPGuXSQ== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-05-20_01,2026-05-18_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 malwarescore=0 lowpriorityscore=0 priorityscore=1501 bulkscore=0 adultscore=0 suspectscore=0 spamscore=0 clxscore=1015 impostorscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605200067 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=freude@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779261790934154100 Content-Type: text/plain; charset="utf-8" Support the subfunctions CPACF_KMCTR_PAES_128, CPACF_KMCTR_PAES_192 and CPACF_KMCTR_PAES_256 for the cpacf kmctr instruction. Signed-off-by: Harald Freudenberger --- target/s390x/gen-features.c | 3 ++ target/s390x/tcg/cpacf.h | 4 ++ target/s390x/tcg/cpacf_aes.c | 88 ++++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 7 +++ 4 files changed, 102 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 074c53aecd..4a131dc191 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -938,6 +938,9 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KMCTR_AES_128, S390_FEAT_KMCTR_AES_192, S390_FEAT_KMCTR_AES_256, + S390_FEAT_KMCTR_EAES_128, + S390_FEAT_KMCTR_EAES_192, + S390_FEAT_KMCTR_EAES_256, S390_FEAT_PCC_XTS_AES_128, S390_FEAT_PCC_XTS_AES_256, S390_FEAT_PCKMO_AES_128, diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 05500b9da9..c79679c55e 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -45,5 +45,9 @@ int cpacf_paes_cbc(CPUS390XState *env, uintptr_t ra, uint= 64_t param_addr, uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint32_t type, uint8_t fc, uint8_t mod); +int cpacf_paes_ctr(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, + uint64_t *src_len_reg, uint64_t *ctr_ptr_reg, + uint32_t type, uint8_t fc, uint8_t mod); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index e36289568c..ce5fc21439 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -718,3 +718,91 @@ int cpacf_paes_cbc(CPUS390XState *env, uintptr_t ra, u= int64_t param_addr, =20 return !len ? 0 : 3; } + +int cpacf_paes_ctr(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, + uint64_t *src_len_reg, uint64_t *ctr_ptr_reg, + uint32_t type, uint8_t fc, uint8_t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + uint8_t ctr[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; + uint64_t addr, len =3D *src_len_reg, done =3D 0; + int i, keysize, addr_reg_size =3D 64; + uint8_t key[32], wkvp[32]; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KMCTR); + + switch (fc) { + case 0x1a: /* CPACF_KMCTR_PAES_128 */ + keysize =3D 16; + break; + case 0x1b: /* CPACF_KMCTR_PAES_192 */ + keysize =3D 24; + break; + case 0x1c: /* CPACF_KMCTR_PAES_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + addr_reg_size =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch and check wkvp from param block */ + for (i =3D 0; i < sizeof(wkvp); i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + wkvp[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + if (memcmp(wkvp, protkey_wkvp, sizeof(wkvp))) { + /* wkvp mismatch -> return with cc 1 */ + return 1; + } + + /* fetch protected key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + /* 'decrypt' the protected key */ + for (i =3D 0; i < keysize; i++) { + key[i] ^=3D protkey_xor_pattern[i]; + } + + /* expand key */ + AES_set_encrypt_key(key, keysize * 8, &exkey); + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + /* read in nonce/ctr =3D> ctr */ + aes_read_block(env, *ctr_ptr_reg + done, ctr, ra); + /* encrypt ctr =3D> buf */ + AES_encrypt(ctr, buf, &exkey); + /* read in one block of input data =3D> in */ + aes_read_block(env, *src_ptr_reg + done, in, ra); + /* exor input data with encrypted ctr =3D> out */ + aes_xor(in, buf, out); + /* write out the processed block */ + aes_write_block(env, *dst_ptr_reg + done, out, ra); + len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; + } + + *src_ptr_reg =3D deposit64(*src_ptr_reg, 0, addr_reg_size, + *src_ptr_reg + done); + *dst_ptr_reg =3D deposit64(*dst_ptr_reg, 0, addr_reg_size, + *dst_ptr_reg + done); + *ctr_ptr_reg =3D deposit64(*ctr_ptr_reg, 0, addr_reg_size, + *ctr_ptr_reg + done); + *src_len_reg -=3D done; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index a69f4edf74..2791e69f84 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -161,6 +161,13 @@ static int cpacf_kmctr(CPUS390XState *env, uintptr_t r= a, uint32_t r1, &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], &env->regs[r3], S390_FEAT_TYPE_KMCTR, fc, mod); break; + case 0x1a: /* CPACF_KMCTR_PAES_128 */ + case 0x1b: /* CPACF_KMCTR_PAES_192 */ + case 0x1c: /* CPACF_KMCTR_PAES_256 */ + rc =3D cpacf_paes_ctr(env, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 = + 1], + &env->regs[r3], S390_FEAT_TYPE_KMCTR, fc, mod); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Sat May 30 18:34:22 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779261843; cv=none; d=zohomail.com; s=zohoarc; b=dMFSZcSMOHiH00G7e2UtjwPlriq+QyAGJP2A+X2kq8BYVPn+bVS11l8CxbVJJtu9TKDXSPFBHWmOMYOtgql4KzuybiSpnQ4NPlomeU6oFifd4FWzItvJPhlmgOwE7ac5OYdaes9Dw2tm2GEfl540FoEUL1WfSZ0yhEq0m/EfHyU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779261843; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=QQ31xoTwGtHMnMYznfUvPyjY2bfqV+03Ssvt2uIJ+cw=; b=Xh9ucDXBShsw8YQ3gFrFVfUelYLtpiAMbOge4FBSiauTvmMWLxRmj/HHhsZWfk8sqIOHFdcN8zY3pmCf4RqfVEWQ/exRv6SqCrKn0h/22Z+FO0IoIYNuwE0ZlA59NYyPgp2k70BDqbQPG/f+oZU974OnzG8KGDXzzKGqtXHDp9k= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779261843284796.1359846706234; Wed, 20 May 2026 00:24:03 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wPbF7-0006JE-3q; Wed, 20 May 2026 03:21:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEt-0006Dh-QE; Wed, 20 May 2026 03:21:15 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEp-0002TY-CE; Wed, 20 May 2026 03:21:10 -0400 Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64K4nR9e2386827; Wed, 20 May 2026 07:21:01 GMT Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4e6hb8fwuq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:21:01 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64K796lg009536; Wed, 20 May 2026 07:21:00 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 4e75ky60yn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:21:00 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64K7Kvlp24183254 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 20 May 2026 07:20:57 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0CD0620043; Wed, 20 May 2026 07:20:57 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E119B2004D; Wed, 20 May 2026 07:20:56 +0000 (GMT) Received: from funtu2.fritz.box (unknown [9.111.209.15]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 20 May 2026 07:20:56 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=QQ31xoTwGtHMnMYzn fUvPyjY2bfqV+03Ssvt2uIJ+cw=; b=PFpuuCvnmS8Nqu1F8Pps2eqroUiiDUMw2 y+oVl3Tmf1l5g9+PYnVtTw4o2FHlsQGygaF5Jjai9YedO/1prX8vyBs84p9qbMYL FVgIJ8ELvrhuQIGP/7DNVihb8Kt04DUvCE2uHNMUFStoH+/0qNN0ODE3j0FIffaq 3oMCNij+jokghnChzavMHzoFtg/hQvrQfDg6fo4NtFNVbS+t2apB6dgKSBQBjP9s jeb1j2qizDPSmIbmAczZzd34S4bNVjwuenn3JO/60K9f8F4tqZrfG86J8vMC5Mve +1d6lB27jwKy/K/K+pENLVf3MTbT/1jOo9TqRa5GSnHP15Vnafnxg== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v5 13/15] target/s390x: Minimal protected key AES XTS support for cpacf pcc instruction Date: Wed, 20 May 2026 09:20:52 +0200 Message-ID: <20260520072054.293306-14-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260520072054.293306-1-freude@linux.ibm.com> References: <20260520072054.293306-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTIwMDA2NyBTYWx0ZWRfXx7q9JfKdlebM QR3/tAHqLcxKuO6MASdNzZj9HhcW61P7gFMVAIq/XcOKNeB/X5HpHoffbPKEEFboqKrN4HYscGo nNUSAjPTT7r53oSa8IprqBZ0yXdJ20yB5Yi/xcNcpl0eo37XrRr7kMBWjq8I2HocSHzGInE5CBT rrXePhaBdlDAqHJF8ommZ0GP/WfyJqQLmuf4+j2YkAOeyUHAmir2g9aEaDXWQEhRodbSDp4rV/N lkM1EZMS4zkpHx+lFMK1ZuhupcFwBvb7zla/zH0s7D+7pcPFvFlNFcvrOS7ljisLF2onWzXfRIs zO4xyQszlFm3chA1g51U066E4kEzlDthf6ypW9bP7DLVaOUke9WNOFb2aWoei08tTyQ4ZMmBqPW KWoBJw5c5ZZknwqwv7fHDM6c8i/qm0isXW9J1AkNMlHNeriCBs0fyBcREYd5xdFCVcXaMMhCzLR TRewZBRFuts40bkMEzQ== X-Proofpoint-GUID: 8BZTWLDMw62zEa_BWwqsH77mcDFx7iDi X-Proofpoint-ORIG-GUID: 8BZTWLDMw62zEa_BWwqsH77mcDFx7iDi X-Authority-Analysis: v=2.4 cv=aYBRWxot c=1 sm=1 tr=0 ts=6a0d60dd cx=c_pps a=aDMHemPKRhS1OARIsFnwRA==:117 a=aDMHemPKRhS1OARIsFnwRA==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=Y2IxJ9c9Rs8Kov3niI8_:22 a=VnNF1IyMAAAA:8 a=k9NNRZQrG_SOijgty3UA:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-05-20_01,2026-05-18_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 adultscore=0 bulkscore=0 suspectscore=0 lowpriorityscore=0 clxscore=1015 spamscore=0 phishscore=0 priorityscore=1501 malwarescore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605200067 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779261843446158500 Content-Type: text/plain; charset="utf-8" Support CPACF pcc subfunctions PCC-Compute-XTS-Parameter-Encrypted-AES-128 and PCC-Compute-XTS-Parameter-Encrypted-AES-128 but only for the special case block sequential number is 0. However, this covers the s390 PAES XTS implementation in the Linux kernel. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler --- target/s390x/gen-features.c | 2 + target/s390x/tcg/cpacf.h | 2 + target/s390x/tcg/cpacf_aes.c | 79 ++++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 4 ++ 4 files changed, 87 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 4a131dc191..126bacb281 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -943,6 +943,8 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KMCTR_EAES_256, S390_FEAT_PCC_XTS_AES_128, S390_FEAT_PCC_XTS_AES_256, + S390_FEAT_PCC_XTS_EAES_128, + S390_FEAT_PCC_XTS_EAES_256, S390_FEAT_PCKMO_AES_128, S390_FEAT_PCKMO_AES_192, S390_FEAT_PCKMO_AES_256, diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index c79679c55e..2775f2fd3e 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -49,5 +49,7 @@ int cpacf_paes_ctr(CPUS390XState *env, uintptr_t ra, uint= 64_t param_addr, uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint64_t *ctr_ptr_reg, uint32_t type, uint8_t fc, uint8_t mod); +int cpacf_paes_pcc(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint8_t fc); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index ce5fc21439..cb8a6c224a 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -806,3 +806,82 @@ int cpacf_paes_ctr(CPUS390XState *env, uintptr_t ra, u= int64_t param_addr, =20 return !len ? 0 : 3; } + +int cpacf_paes_pcc(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint8_t fc) +{ + uint8_t key[32], wkvp[32], tweak[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + int keysize, i; + uint64_t addr; + AES_KEY exkey; + + switch (fc) { + case 0x3a: /* CPACF_PCC compute XTS param Encrypted AES-128 */ + keysize =3D 16; + break; + case 0x3c: /* CPACF PCC compute XTS param Encrypted AES-256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + /* fetch and check wkvp from param block */ + for (i =3D 0; i < sizeof(wkvp); i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + wkvp[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + if (memcmp(wkvp, protkey_wkvp, sizeof(wkvp))) { + /* wkvp mismatch -> return with cc 1 */ + return 1; + } + + /* fetch block sequence nr from param block into buf */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + + sizeof(wkvp) + AES_BLOCK_SIZE + i); + buf[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + + /* is the block sequence nr 0 ? */ + for (i =3D 0; i < AES_BLOCK_SIZE && !buf[i]; i++) { + ; + } + if (i < AES_BLOCK_SIZE) { + /* no, sorry handling of non zero block sequence is not implemente= d */ + cpu_abort(env_cpu(env), + "PCC-compute-XTS-param (encrypted) with non zero block s= eq nr is not implemented\n"); + return 1; + } + + /* fetch protected key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + /* 'decrypt' the protected key */ + for (i =3D 0; i < keysize; i++) { + key[i] ^=3D protkey_xor_pattern[i]; + } + + /* fetch tweak from param block into tweak */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + sizeof(wkvp) + i= ); + tweak[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + + /* expand key */ + AES_set_encrypt_key(key, keysize * 8, &exkey); + + /* encrypt tweak */ + AES_encrypt(tweak, buf, &exkey); + + /* store encrypted tweak into xts parameter field of the param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + + sizeof(wkvp) + 3 * AES_BLOCK_SIZE + i); + cpu_stb_data_ra(env, addr, buf[i], ra); + } + + return 0; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 2791e69f84..3ff8331993 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -201,6 +201,10 @@ static int cpacf_pcc(CPUS390XState *env, uintptr_t ra,= uint8_t fc) case 0x34: /* CPACF PCC compute XTS param AES-256 */ rc =3D cpacf_aes_pcc(env, ra, env->regs[1], fc); break; + case 0x3a: /* CPACF_PCC compute XTS param Encrypted AES-128 */ + case 0x3c: /* CPACF PCC compute XTS param Encrypted AES-256 */ + rc =3D cpacf_paes_pcc(env, ra, env->regs[1], fc); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Sat May 30 18:34:22 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779261797; cv=none; d=zohomail.com; s=zohoarc; b=l+lj80lHT9PPI0k5PpLO1il3YbU+PeOcartA3VpSWONZqRg4dfH/xW9E7ZvuCRL4+4mwhqphrZLqW9X+/j0rXKwjU6k4bWvbd50HIho4Z+AymVX+3Ql6LVa1I+gDijsnqCwEL7cpTg8x2XIlWU9ugJGGoXlxxzFTFmrAX7+KM8A= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779261797; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=6dcMveHd+o4bKrRCjefXI6GrXsuglW0vVCHgloj5rro=; b=U+kXZ/7gs57gr7BSGp48qGpOI/v0Knm0xNowyyZ9k2JM82r3Z5NXhIDV2lDjoM7XX718oWS6ZbbjbaUuS82zlKzlkhK2QZ/HJOpCHiSVHyGxY2Bjb5TSPrCy40PNARMwyMmBE2mb94DOnF+XKC/s0Ixt9LJcaQSJXN+uN6GqtgQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779261797082661.5461354082978; Wed, 20 May 2026 00:23:17 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wPbG1-0006tD-Fp; Wed, 20 May 2026 03:22:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEw-0006Du-9P; Wed, 20 May 2026 03:21:15 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEr-0002UW-Ab; Wed, 20 May 2026 03:21:13 -0400 Received: from pps.filterd (m0353729.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64K71jh1795743; Wed, 20 May 2026 07:21:02 GMT Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4e6h8mruk6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:21:02 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64K79Hex029183; Wed, 20 May 2026 07:21:01 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4e74dhp7k1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:21:00 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64K7Kv9R24183256 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 20 May 2026 07:20:57 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2F44D20040; Wed, 20 May 2026 07:20:57 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 115212004B; Wed, 20 May 2026 07:20:57 +0000 (GMT) Received: from funtu2.fritz.box (unknown [9.111.209.15]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 20 May 2026 07:20:57 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=6dcMveHd+o4bKrRCj efXI6GrXsuglW0vVCHgloj5rro=; b=eErQe4mvftwAfJ+be43V1J6bsL5lPKJ8c LA8UaknFz0t1hUUf3iJVCRwRwBldbmZRB3n1YvrBi1lAh7vbCV1bhQVXW3TS7qBM Kk0BR7jgIousgc0uyMMtJM33HbytIFj9ZO3Vk8OqRfIUlcyHoCIo7kIa7Gsdw1mA OXHMIy4M598sQvzSz3L2PUrucK1PoBGN7u0eoOKCepcpg+zRfBmks4xIKxVJTAS7 wEDZNoWqXGfHxDF0cIPCIu7D8GqhsV5QBkc7PCSnphuKMC5O6iEilUBONq/YLOWD EznOhKlqS1snbW3ivEpBYbmU5y+RbBU5wv+YwfV1ag6J6ojyd4BdA== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v5 14/15] target/s390x: Support protected key AES XTS for cpacf km instruction Date: Wed, 20 May 2026 09:20:53 +0200 Message-ID: <20260520072054.293306-15-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260520072054.293306-1-freude@linux.ibm.com> References: <20260520072054.293306-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: sN1tJMXCxVUYeiEPmZWvze32kPOMpX-8 X-Authority-Analysis: v=2.4 cv=GYMnWwXL c=1 sm=1 tr=0 ts=6a0d60de cx=c_pps a=3Bg1Hr4SwmMryq2xdFQyZA==:117 a=3Bg1Hr4SwmMryq2xdFQyZA==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=uAbxVGIbfxUO_5tXvNgY:22 a=VnNF1IyMAAAA:8 a=ub7L66Qb16_Canke32oA:9 X-Proofpoint-ORIG-GUID: sN1tJMXCxVUYeiEPmZWvze32kPOMpX-8 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTIwMDA2NyBTYWx0ZWRfX/s647FjPHkYU OoSnG5w46Wi9PxUDGUOxuSwCnh5GvlHGCNusyfFj8qnIrFMOQC42sMy9fp/mlrSN8Rzo8f3hK8L GnSM945pC/hYuwn82+xMfKsFsNhQcOly5YJ7UVIMPfuGgUKw/Lq167mvhDDCWljkyGvIGw4OD9T xbKAc2fqPBHl7NkbXeDuXCqLbtoGoC83Wom7t9fyPZAbhZGIDohCZbgGCyw88d1kbmZPPDp1oK+ FFWJ5G75Wp2iIzbhngnpqLrXP/J/qAabhus1qlWOe7ELps/Vo7Q821sJVQD392XQmSvf7i+5R/B f3IrBhVGPt1Bwennm3LniPOZnV8auGkddwh+R58+5uRZgKPYa8ivhYavWsx0Uy65Wqtb3i3CSww mFeMIKB1c8QVAbfB81exZufRV801xEzPNgb+i9mKAlWAuxbBzQi0hNtdCLIJYjRVgpQzh+wDOrZ 3d1DZtcqJtO+UM1cAHA== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-05-20_01,2026-05-18_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 malwarescore=0 lowpriorityscore=0 priorityscore=1501 bulkscore=0 adultscore=0 suspectscore=0 spamscore=0 clxscore=1015 impostorscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605200067 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=freude@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779261798901154100 Content-Type: text/plain; charset="utf-8" Support the subfunctions CPACF_KM_PXTS_128 and CPACF_KM_PAES_256 for the cpacf km instruction. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler --- target/s390x/gen-features.c | 2 + target/s390x/tcg/cpacf.h | 4 ++ target/s390x/tcg/cpacf_aes.c | 105 +++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 6 ++ 4 files changed, 117 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 126bacb281..c4c59c3504 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -929,6 +929,8 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KM_EAES_256, S390_FEAT_KM_XTS_AES_128, S390_FEAT_KM_XTS_AES_256, + S390_FEAT_KM_XTS_EAES_128, + S390_FEAT_KM_XTS_EAES_256, S390_FEAT_KMC_AES_128, S390_FEAT_KMC_AES_192, S390_FEAT_KMC_AES_256, diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 2775f2fd3e..43059a97ef 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -51,5 +51,9 @@ int cpacf_paes_ctr(CPUS390XState *env, uintptr_t ra, uint= 64_t param_addr, uint32_t type, uint8_t fc, uint8_t mod); int cpacf_paes_pcc(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, uint8_t fc); +int cpacf_paes_xts(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, + uint64_t *src_len_reg, uint32_t type, + uint8_t fc, uint8_t mod); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index cb8a6c224a..a68c618d74 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -885,3 +885,108 @@ int cpacf_paes_pcc(CPUS390XState *env, uintptr_t ra, = uint64_t param_addr, =20 return 0; } + +int cpacf_paes_xts(CPUS390XState *env, uintptr_t ra, uint64_t param_addr, + uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, + uint64_t *src_len_reg, uint32_t type, + uint8_t fc, uint8_t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + uint8_t buf1[AES_BLOCK_SIZE], buf2[AES_BLOCK_SIZE]; + uint8_t key[32], wkvp[32], tweak[AES_BLOCK_SIZE]; + uint64_t addr, len =3D *src_len_reg, done =3D 0; + int i, keysize, addr_reg_size =3D 64; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KM); + + switch (fc) { + case 0x3a: /* CPACF_KM_PXTS_128 */ + keysize =3D 16; + break; + case 0x3c: /* CPACF_KM_PXTS_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + addr_reg_size =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch and check wkvp from param block */ + for (i =3D 0; i < sizeof(wkvp); i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + wkvp[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + if (memcmp(wkvp, protkey_wkvp, sizeof(wkvp))) { + /* wkvp mismatch -> return with cc 1 */ + return 1; + } + + /* fetch protected key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + /* 'decrypt' the protected key */ + for (i =3D 0; i < keysize; i++) { + key[i] ^=3D protkey_xor_pattern[i]; + } + + /* expand key */ + if (mod) { + AES_set_decrypt_key(key, keysize * 8, &exkey); + } else { + AES_set_encrypt_key(key, keysize * 8, &exkey); + } + + /* fetch tweak from param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + sizeof(wkvp) + i= ); + tweak[i] =3D cpu_ldub_data_ra(env, addr, ra); + } + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + /* fetch one AES block into buf1 */ + aes_read_block(env, *src_ptr_reg + done, buf1, ra); + /* buf1 xor tweak =3D> buf2 */ + aes_xor(buf1, tweak, buf2); + if (mod) { + /* decrypt buf2 =3D> buf1 */ + AES_decrypt(buf2, buf1, &exkey); + } else { + /* encrypt buf2 =3D> buf1 */ + AES_encrypt(buf2, buf1, &exkey); + } + /* buf1 xor tweak =3D> buf2 */ + aes_xor(buf1, tweak, buf2); + /* prep tweak for next round */ + aes_xts_prep_next_tweak(tweak); + /* write out this processed block from buf2 */ + aes_write_block(env, *dst_ptr_reg + done, buf2, ra); + len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; + } + + /* update tweak in param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + sizeof(wkvp) + i= ); + cpu_stb_data_ra(env, addr, tweak[i], ra); + } + + *src_ptr_reg =3D deposit64(*src_ptr_reg, 0, addr_reg_size, + *src_ptr_reg + done); + *dst_ptr_reg =3D deposit64(*dst_ptr_reg, 0, addr_reg_size, + *dst_ptr_reg + done); + *src_len_reg -=3D done; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 3ff8331993..1dd61cac5e 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -114,6 +114,12 @@ static int cpacf_km(CPUS390XState *env, uintptr_t ra, = uint32_t r1, &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], S390_FEAT_TYPE_KM, fc, mod); break; + case 0x3a: /* CPACF_KM_PXTS_128 */ + case 0x3c: /* CPACF_KM_PXTS_256 */ + rc =3D cpacf_paes_xts(env, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 = + 1], + S390_FEAT_TYPE_KM, fc, mod); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Sat May 30 18:34:22 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779261794; cv=none; d=zohomail.com; s=zohoarc; b=aEMsGzHMYC8ufxIyCnKJm4V8yYct9i8M0NQwxOv8n8eX1BPD1fseFRvnnWa/2d7HxoFohb0VATCZT2IKBoNI+T6pI6tTsIvhTiIvzpCumeaEzQWEBWSS0UzITNO4/YTwR1ihVMFmw+Fi1AF6BWmFOZ6bzcSrIczWkMq37Jqy/LY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779261794; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=cl4/uzUgqBttQtJZnq+cRxnOtLR4MjIY/RLroL7Uvjg=; b=BfDI4fcrArvWywJU1zF7ilvmj9cT/u+x8ZCGP67VJWrqWZlZau14zhRXmcTFxbCLbqnaDg4L5d4ZaQ+gE+skG4V+Q6KOL9iMk+f1VjLRGzK6kMXx8vP9pMG+LTOlJvp9/JGYC3iUA51EPkZhEA9eA0ZPmirGjBD9bX4VbwQRVrg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779261794886621.0889357835468; Wed, 20 May 2026 00:23:14 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wPbG1-0006vD-Ot; Wed, 20 May 2026 03:22:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEw-0006Ds-96; Wed, 20 May 2026 03:21:15 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPbEq-0002Tx-BC; Wed, 20 May 2026 03:21:13 -0400 Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64K5ItEr271835; Wed, 20 May 2026 07:21:02 GMT Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4e6h750vkg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:21:02 +0000 (GMT) Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64K6s9Wu031402; Wed, 20 May 2026 07:21:01 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4e73wk6a0b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 May 2026 07:21:01 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64K7KvjU24183258 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 20 May 2026 07:20:57 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 526B920043; Wed, 20 May 2026 07:20:57 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 340322004D; Wed, 20 May 2026 07:20:57 +0000 (GMT) Received: from funtu2.fritz.box (unknown [9.111.209.15]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 20 May 2026 07:20:57 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=cl4/uzUgqBttQtJZn q+cRxnOtLR4MjIY/RLroL7Uvjg=; b=ZADBuBFUYL7udKrwDO+vxY1MLHJE1lcpm tJYTz/QXrPImcwCU0QdLkMP200LWeC1GpHlJkSKQYCnbnZoOgTTDpx7jQpJo5koI 0OYiARMiViQa7ZT20Ti2pSs/aXPZ2o+W41wmz5VgLijZVwk+PF/CWQYYRQbOwVI8 5H0MjYaD+heoEWchSkryuZzEnDkF8hBF4D1xTrkDWyYXWjuXZcSytUx6OYaNXokW LZrYXO1m/WGVU51SSfbipcGUhgiRFVSQcsk1gMd9+EZbVJYT1vKnxMxuhAHR9lKI qSNP76rklh2Hx10JSLJ7h6NsYk0dtwGsqUMqcLFggYZmMEyguaFfA== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v5 15/15] docs/s390: Document CPACF instructions support Date: Wed, 20 May 2026 09:20:54 +0200 Message-ID: <20260520072054.293306-16-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260520072054.293306-1-freude@linux.ibm.com> References: <20260520072054.293306-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=ffCdDUQF c=1 sm=1 tr=0 ts=6a0d60de cx=c_pps a=GFwsV6G8L6GxiO2Y/PsHdQ==:117 a=GFwsV6G8L6GxiO2Y/PsHdQ==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=U7nrCbtTmkRpXpFmAIza:22 a=VnNF1IyMAAAA:8 a=0leUbG1rbJNNX_27dkMA:9 a=5wi_FRADO1KgGG3s:21 a=O8hF6Hzn-FEA:10 X-Proofpoint-ORIG-GUID: Dh5azakMgrA5i5Usjl76qPfb1893A_UZ X-Proofpoint-GUID: Dh5azakMgrA5i5Usjl76qPfb1893A_UZ X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTIwMDA2NyBTYWx0ZWRfX/nmrgrdEQPTW NjnAixgoCVjPdzVUR2NJzNcR/cmbzW9U+nzMf+5Nr4kXzA9VKuc1vDmjU2M009+k9YLQyT3992x OkfOSSbEc1nVpa+OS/oE5Ba3WmA0vG4RknwDZ9AOaCxq3DDJM9C+AE+jo6of5CkvNFHwS0A8J0u l+63VSlLH7/Qat1qIMEUUdpwnW3XMB73e4QMC9Ficmf+MsSqboeeR7Vor3uffFqaxHLLhRCSMDm CIUf60fq3gerfdDC0bLActw9hBpxQkL3Rh67RrzoC4FnvGfGlzyk1MWQZj0Hw2ZhREQlkDFzW4G q37koCbDyy2V/b6IQi3qoJXMCw7iJozky69J0xB/ntduppBZfxWbrdaEkKB8Y3SyKaNTjqIbKar RGeyIcrOmCol3X5lbYentcqoqGv3jcSQlH5CTq9F5DbULdsAm+/SHTR0TbqKENAdPZWzxsjSAQW MgadO9TPysArnS697aQ== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-05-20_01,2026-05-18_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 spamscore=0 phishscore=0 suspectscore=0 adultscore=0 clxscore=1015 impostorscore=0 lowpriorityscore=0 bulkscore=0 malwarescore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605200067 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=freude@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779261795070158500 Content-Type: text/plain; charset="utf-8" Add a first document covering the Qemu s390 CPACF instructions and functions supported. Signed-off-by: Harald Freudenberger --- docs/system/s390x/cpacf.rst | 109 ++++++++++++++++++++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 docs/system/s390x/cpacf.rst diff --git a/docs/system/s390x/cpacf.rst b/docs/system/s390x/cpacf.rst new file mode 100644 index 0000000000..fd9a38fd02 --- /dev/null +++ b/docs/system/s390x/cpacf.rst @@ -0,0 +1,109 @@ +CPACF Support +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +CPACF +----- + +CP Assist for Cryptographic Function (CPACF) is a hardware-integrated +coprocessor feature built into every processor core of IBM Z and +LinuxONE mainframes (s390x architecture). It provides high-speed, +hardware-accelerated encryption and hashing directly on the CPU. + +CPACF provides a set of z/Architecture instructions (known as Message +Security Assist or MSA) that execute cryptographic operations +synchronously with the main processor. + +- Symmetric Encryption: Support for AES (128, 192, 256-bit), DES, and + Triple-DES (TDES). +- Hashing: Acceleration for SHA-1, SHA-2 (up to SHA-512), SHA-3 and + SHAKE. +- Random Number Generation: Pseudo Random Number Generator (PRNG) and + a hardware-based True Random Number Generator (TRNG). +- Asymmetric Support: Elliptic Curve Cryptography (ECC) primitives + P-256, P-384, P-521, Montgomery/Edwards curves (e.g., Ed25519). + +CPACF instructions +------------------ + +Here is a list of implemented CPACF instructions and the supported +functions for each instruction: + +KDSA (COMPUTE DIGITAL SIGNATURE AUTHENTICATION) +- Function code 0x00 - Function Query + +KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST) +- Function code 0x00 - Function Query +- Function code 0x02 - CPACF_KIMD_SHA_256 +- Function code 0x03 - CPACF_KIMD_SHA_512 + +KLMD (COMPUTE LAST MESSAGE DIGEST) +- Function code 0x00 - Function Query +- Function code 0x02 - CPACF_KLMD_SHA_256 +- Function code 0x03 - CPACF_KLMD_SHA_512 + +KM (CIPHER MESSAGE) +- Function code 0x00 - Function Query +- Function code 0x12 - CPACF_KM_AES_128 +- Function code 0x13 - CPACF_KM_AES_192 +- Function code 0x14 - CPACF_KM_AES_256 +- Function code 0x1a - CPACF_KM_PAES_128 +- Function code 0x1b - CPACF_KM_PAES_192 +- Function code 0x1c - CPACF_KM_PAES_256 +- Function code 0x32 - CPACF_KM_XTS_128 +- Function code 0x34 - CPACF_KM_XTS_256 +- Function code 0x3a - CPACF_KM_PXTS_128 +- Function code 0x3c - CPACF_KM_PXTS_256 + +KMAC (COMPUTE MESSAGE AUTHENTICATION CODE) +- Function code 0x00 - Function Query + +KMC (CIPHER MESSAGE WITH CHAINING) +- Function code 0x00 - Function Query +- Function code 0x12 - CPACF_KMC_AES_128 +- Function code 0x13 - CPACF_KMC_AES_192 +- Function code 0x14 - CPACF_KMC_AES_256 +- Function code 0x1a - CPACF_KMC_PAES_128 +- Function code 0x1b - CPACF_KMC_PAES_192 +- Function code 0x1c - CPACF_KMC_PAES_256 + +KMCTR (CIPHER MESSAGE WITH COUNTER) +- Function code 0x00 - Function Query +- Function code 0x12 - CPACF_KMCTR_AES_128 +- Function code 0x13 - CPACF_KMCTR_AES_192 +- Function code 0x14 - CPACF_KMCTR_AES_256 +- Function code 0x1a - CPACF_KMCTR_PAES_128 +- Function code 0x1b - CPACF_KMCTR_PAES_192 +- Function code 0x1c - CPACF_KMCTR_PAES_256 + +KMF (CIPHER MESSAGE WITH CIPHER FEEDBACK) +- not supported + +KMO (CIPHER MESSAGE WITH OUTPUT FEEDBACK) +- not supported + +PCC (PERFORM CRYPTOGRAPHIC COMPUTATION) +- Function code 0x00 - Function Query +- Function code 0x32 - compute XTS param AES-128 +- Function code 0x34 - compute XTS param AES-256 +- Function code 0x3a - compute XTS param Encrypted AES-128 +- Function code 0x3c - compute XTS param Encrypted AES-256 + +PCKMO (PERFORM CRYPTOGRAPHIC KEY MANAGEMENT OPERATION) +- Function code 0x00 - Function Query +- Function code 0x12 - CPACF_PCKMO_ENC_AES_128_KEY +- Function code 0x13 - CPACF_PCKMO_ENC_AES_192_KEY +- Function code 0x14 - CPACF_PCKMO_ENC_AES_256_KEY + +PRNO (PERFORM RANDOM NUMBER OPERATION) +- Function code 0x00 - Function Query +- Function code 0x72 - CPACF_PRNO_TRNG + +Note that the use of a not supported CPACF instruction (KMF and KMO) +or invocation of a not listed function will result in a Specification +Exception. + +Not listed CPACF instructions (KMF, KMO) cause an Operation Exception +when used. Not listed functions cause a Specification Exception when +called. If only the query function is listed (KDSA), then the query +function will return a function status word with all but the query +function bit set to 0. --=20 2.43.0