From nobody Sat May 30 17:43:37 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779797863; cv=none; d=zohomail.com; s=zohoarc; b=mL0/wy5OonnPQCcv7bx87AOGi+oN6mqNkADogMni8dzkebIQy7f5UGOm+91j2qaGsOtCkKoBmMueaT1tG8sNMZa44uGOSbSeH2/4cMtvPe233DWeBRFwrYE3+6iK6MlSSf+tbJjIBVR+BH9LeT+sTX5THxk6TpnUCZxtEOauecc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779797863; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=sieWYaykj5ryM52Pmgpfk4hwLcr93k/YDn5QDFV187k=; b=POAIAVZQIboorH37zws1ET51khjxy++Urqxth3p58VFAfd2pCIT0rvwBUZLEYaE09nyB5vucSmUPYbmF/5WxtMSi8roVrqNPSGbHmLhND67mX9uvDpp8p+a8K721mDRGbiZAUYz+D5TaEAoh+OsZAnAV/ROrEsJ4b/wU0197T50= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779797863215776.0128306484348; Tue, 26 May 2026 05:17:43 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wRqhd-0006OT-5h; Tue, 26 May 2026 08:16:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhb-0006NA-PJ; Tue, 26 May 2026 08:16:07 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhX-0006Wx-Qq; Tue, 26 May 2026 08:16:07 -0400 Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64PNGVb5521787; Tue, 26 May 2026 12:15:55 GMT Received: from ppma22.wdc07v.mail.ibm.com (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eb4nq31d1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:55 +0000 (GMT) Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1]) by ppma22.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64QC9kR3029336; Tue, 26 May 2026 12:15:54 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4ebpxw1bkm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:54 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64QCFo7R54722980 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 26 May 2026 12:15:50 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8995D20040; Tue, 26 May 2026 12:15:50 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 60EE42004B; Tue, 26 May 2026 12:15:50 +0000 (GMT) Received: from funtu2.aag-de.ibm.com (unknown [9.52.218.240]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 26 May 2026 12:15:50 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=sieWYaykj5ryM52Pm gpfk4hwLcr93k/YDn5QDFV187k=; b=erojrHvYqvE2GbrFSRY3RBoayyvDnZq8h xkBt4L3ttHpAcv9+is/klgsdRvVOPvp0UBBr6V/JobFKivoYKO35zf7KdZpvxcf9 /RVmq5U8uyd7ZHkLQsz7VwuYbb1dFLK4ivL6M0/TvnxzyXBDgcs/N1VMDc0HT7/G z0zHQ6sEkjvBjng/jev4ZeTxGrFHKwTE9E1pn5CM68DR68mzCELyeXu9tjOO52CJ z5OLfVZTKPDmPKRlcbApdGqYTjcv7QN+/Ge9BVLmzxOZJMUvlGSspVU14060kOny LVC2pAsWxVG/NJGikims1Wp0oOQ+XgqOslG/Bl6ywr1dYDtOHDpWA== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v6 01/17] target/s390x: Rework s390 cpacf implementations Date: Tue, 26 May 2026 14:15:33 +0200 Message-ID: <20260526121550.5296-2-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260526121550.5296-1-freude@linux.ibm.com> References: <20260526121550.5296-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: cnVqicEMyrNri-IhkBGouIhLfVYaqoVS X-Proofpoint-ORIG-GUID: cnVqicEMyrNri-IhkBGouIhLfVYaqoVS X-Authority-Analysis: v=2.4 cv=QIJYgALL c=1 sm=1 tr=0 ts=6a158efb cx=c_pps a=5BHTudwdYE3Te8bg5FgnPg==:117 a=5BHTudwdYE3Te8bg5FgnPg==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=Y2IxJ9c9Rs8Kov3niI8_:22 a=VnNF1IyMAAAA:8 a=v0hsMmXGSI8d9nQ1oYgA:9 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTI2MDEwNSBTYWx0ZWRfX5kr35e91N8+T /gKzE8dGgGyx5LDW0zJU2gqObmF9IJ3Utu76N/X+Dq/eYAg7v5N68xWPsl/vCCUdTTRmAa+E665 b1QbXSeVyv5OuMeE01Jo3Lk0M8VpJVI1Fet86ZQPhOjOGo43P7TZjpWExvNyVw9aZBP9OexlmZC o5hfNGYu24YuWWZ0jLSTW5dXT8+sDbBKAUTmGawIo9jxQCxkFMrnOkaKxumQknd2w2HGyO4hYhL BHvuzwBh0CRwFM6AcmLePu+8iSqH6pc3tiLaSLlPi2WjOO8gVxjvwSOYzNyPWmgE8LyoUJl9sIA tkkOQ9+uJz8dqBxnQvl6DXRDdWGkAy/xdDKgBJ4uFaW6p8Gl8Zg3D2oOmRiwInq9BZH3/8zrSRL 2K+ojAX/y7KLSCwjZrrmGObbjPkj3uTvFbkxDoM6s7L08mVd627byqC0gRMtKelQOO9U1OD9/3L ILSfStOyIURNA1IFIlw== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-05-26_02,2026-05-26_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1011 priorityscore=1501 impostorscore=0 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 adultscore=0 spamscore=0 lowpriorityscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605260105 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779797865227158500 Content-Type: text/plain; charset="utf-8" Fix missing parts for MSA 9 kdsa and rework the cpacf handling code so that further extensions can be made in a clean and structured way. Signed-off-by: Harald Freudenberger Reviewed-by: Holger Dengler Tested-by: Holger Dengler --- target/s390x/tcg/crypto_helper.c | 84 +++++++++++++++++++++++++++----- target/s390x/tcg/insn-data.h.inc | 1 + target/s390x/tcg/translate.c | 2 + 3 files changed, 74 insertions(+), 13 deletions(-) diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index ae392bce0e..35f0cc26a4 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -272,6 +272,57 @@ static void fill_buf_random(CPUS390XState *env, const = int mmu_idx, uintptr_t ra, } } =20 +static int cpacf_kimd(CPUS390XState *env, const int mmu_idx, const uintptr= _t ra, + uint32_t r1, uint32_t r2, uint32_t r3, uint8_t fc) +{ + int rc =3D 0; + + switch (fc) { + case 0x03: /* CPACF_KIMD_SHA_512 */ + rc =3D cpacf_sha512(env, mmu_idx, ra, env->regs[1], &env->regs[r2], + &env->regs[r2 + 1], S390_FEAT_TYPE_KIMD); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + +static int cpacf_klmd(CPUS390XState *env, const int mmu_idx, const uintptr= _t ra, + uint32_t r1, uint32_t r2, uint32_t r3, uint8_t fc) +{ + int rc =3D 0; + + switch (fc) { + case 0x03: /* CPACF_KLMD_SHA_512 */ + rc =3D cpacf_sha512(env, mmu_idx, ra, env->regs[1], &env->regs[r2], + &env->regs[r2 + 1], S390_FEAT_TYPE_KLMD); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + +static int cpacf_ppno(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint32_t r1, uint32_t r2, uint32_t r3, uint8_t fc) +{ + int rc =3D 0; + + switch (fc) { + case 0x72: /* CPACF_PRNO_TRNG */ + fill_buf_random(env, mmu_idx, ra, &env->regs[r1], &env->regs[r1 + = 1]); + fill_buf_random(env, mmu_idx, ra, &env->regs[r2], &env->regs[r2 + = 1]); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, uint32_t r2, uint32_= t r3, uint32_t type) { @@ -282,13 +333,15 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1,= uint32_t r2, uint32_t r3, uint8_t subfunc[16] =3D { 0 }; uint64_t param_addr; MemOpIdx oi; + int rc =3D 0; =20 switch (type) { - case S390_FEAT_TYPE_KMAC: + case S390_FEAT_TYPE_KDSA: case S390_FEAT_TYPE_KIMD: case S390_FEAT_TYPE_KLMD: - case S390_FEAT_TYPE_PCKMO: + case S390_FEAT_TYPE_KMAC: case S390_FEAT_TYPE_PCC: + case S390_FEAT_TYPE_PCKMO: if (mod) { tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); } @@ -300,25 +353,30 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1,= uint32_t r2, uint32_t r3, tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); } =20 - switch (fc) { - case 0: /* query subfunction */ + /* handle query subfunction */ + if (fc =3D=3D 0) { oi =3D make_memop_idx(MO_8, mmu_idx); - for (int i =3D 0; i < 16; i++) { + for (int i =3D 0; i < sizeof(subfunc); i++) { param_addr =3D wrap_address(env, env->regs[1] + i); cpu_stb_mmu(env, param_addr, subfunc[i], oi, ra); } + goto out; + } + + switch (type) { + case S390_FEAT_TYPE_KIMD: + rc =3D cpacf_kimd(env, mmu_idx, ra, r1, r2, r3, fc); break; - case 3: /* CPACF_*_SHA_512 */ - return cpacf_sha512(env, mmu_idx, ra, env->regs[1], &env->regs[r2], - &env->regs[r2 + 1], type); - case 114: /* CPACF_PRNO_TRNG */ - fill_buf_random(env, mmu_idx, ra, &env->regs[r1], &env->regs[r1 + = 1]); - fill_buf_random(env, mmu_idx, ra, &env->regs[r2], &env->regs[r2 + = 1]); + case S390_FEAT_TYPE_KLMD: + rc =3D cpacf_klmd(env, mmu_idx, ra, r1, r2, r3, fc); + break; + case S390_FEAT_TYPE_PPNO: + rc =3D cpacf_ppno(env, mmu_idx, ra, r1, r2, r3, fc); break; default: - /* we don't implement any other subfunction yet */ g_assert_not_reached(); } =20 - return 0; +out: + return rc; } diff --git a/target/s390x/tcg/insn-data.h.inc b/target/s390x/tcg/insn-data.= h.inc index 0d5392eac5..6a0a7aacda 100644 --- a/target/s390x/tcg/insn-data.h.inc +++ b/target/s390x/tcg/insn-data.h.inc @@ -1015,6 +1015,7 @@ D(0xb92e, KM, RRE, MSA, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_KM) D(0xb92f, KMC, RRE, MSA, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_KMC) D(0xb929, KMA, RRF_b, MSA8, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_KMA) + D(0xb93a, KDSA, RRE, MSA9, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_KDS= A) E(0xb93c, PPNO, RRE, MSA5, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_PPN= O, IF_IO) D(0xb93e, KIMD, RRE, MSA, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_KIM= D) D(0xb93f, KLMD, RRE, MSA, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_KLM= D) diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c index 82165ac1ec..cef1b55149 100644 --- a/target/s390x/tcg/translate.c +++ b/target/s390x/tcg/translate.c @@ -2592,6 +2592,7 @@ static DisasJumpType op_msa(DisasContext *s, DisasOps= *o) /* FALL THROUGH */ case S390_FEAT_TYPE_PCKMO: case S390_FEAT_TYPE_PCC: + case S390_FEAT_TYPE_KDSA: break; default: g_assert_not_reached(); @@ -6046,6 +6047,7 @@ enum DisasInsnEnum { #define FAC_MSA4 S390_FEAT_MSA_EXT_4 /* msa-extension-4 facility */ #define FAC_MSA5 S390_FEAT_MSA_EXT_5 /* msa-extension-5 facility */ #define FAC_MSA8 S390_FEAT_MSA_EXT_8 /* msa-extension-8 facility */ +#define FAC_MSA9 S390_FEAT_MSA_EXT_9 /* msa-extension-9 facility */ #define FAC_ECT S390_FEAT_EXTRACT_CPU_TIME #define FAC_PCI S390_FEAT_ZPCI /* z/PCI facility */ #define FAC_AIS S390_FEAT_ADAPTER_INT_SUPPRESSION --=20 2.43.0 From nobody Sat May 30 17:43:37 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779797853; cv=none; d=zohomail.com; s=zohoarc; b=a6IPiYLFqq26xMTYHc4Mt4MTTtZxfx64o3FAKR5mUKDGy5prDmxa++3JWLG5x7ffrBsoK0gCWqQ1MonFKfValkf89of8Q/I/Y8DD8epwTZ2RCako8vpw5GoZcjI0g0K+3G+BZ1Rmabl6IS3qvVuNhxvkLFeKOc6kOeveVAZGPzk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779797853; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=byFgDfw334MXfi03de5ZqxQG8VQpjWq4RqiQfbC6UiU=; b=WcyeIMkvzwbHY/uaFTk7z6u1M5NQp7YSaiB03LU7ys6d7AmgtdP+fSav8GxpHtqaajAxwBZ5mRIV4IAonT22X3DXNgDb1BfPS3qlXLg/PHUpFNLF+j7gKBA1wYYndqiOyg3H/mhiUpZlRVBuHb9r3q48mhCPz1deNq01Ql93ezs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779797853041595.0753844443253; Tue, 26 May 2026 05:17:33 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wRqhk-0006V7-O7; Tue, 26 May 2026 08:16:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhf-0006R7-QJ; Tue, 26 May 2026 08:16:11 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhY-0006Xg-B7; Tue, 26 May 2026 08:16:11 -0400 Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64PK2sGZ1022696; Tue, 26 May 2026 12:15:56 GMT Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eb4nc306y-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:55 +0000 (GMT) Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64QC9w3s012878; Tue, 26 May 2026 12:15:54 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 4ebpjq9d5x-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:54 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64QCFoof54722982 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 26 May 2026 12:15:51 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CCFCC20040; Tue, 26 May 2026 12:15:50 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8F8E920043; Tue, 26 May 2026 12:15:50 +0000 (GMT) Received: from funtu2.aag-de.ibm.com (unknown [9.52.218.240]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 26 May 2026 12:15:50 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=byFgDfw334MXfi03d e5ZqxQG8VQpjWq4RqiQfbC6UiU=; b=gOOL6dOGwro4Q9jUCxrf88FU92HP41Xj9 y/ciPQMSQdnu4SWOHCDeMF+OC/Zb1ehMv4So++aHlL5dGIJu0XzcvvOPCozVWlju VzRXXr9IewGzmA3h1uYFHfTytNUvN+CA0wHTVkCZXJSjRiCqb/mQcbiMgB394ILq sdlJoQnefai4Kd8IGoeOm2X+8iX5gi7LsXkQ7fT+qi1+0VwD/feJc6HiylcJF+1t 41Hs0lx1aKKD3GLcPTF7q6CNDjMAG6ZNzkjjJwxrOYzMu1ykGfh/MX2WeuxiYwLu C49PSsXNtnviQFO03ZvVqGwlQpIVsYw5McprakXbVFacgU4Dksb/g== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v6 02/17] target/s390x: Move cpacf sha512 code into a new file Date: Tue, 26 May 2026 14:15:34 +0200 Message-ID: <20260526121550.5296-3-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260526121550.5296-1-freude@linux.ibm.com> References: <20260526121550.5296-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=VvYTxe2n c=1 sm=1 tr=0 ts=6a158efb cx=c_pps a=bLidbwmWQ0KltjZqbj+ezA==:117 a=bLidbwmWQ0KltjZqbj+ezA==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=V8glGbnc2Ofi9Qvn3v5h:22 a=VnNF1IyMAAAA:8 a=UGG5zPGqAAAA:8 a=yMKeI-deMsSePwiaAVEA:9 a=17ibUXfGiVyGqR_YBevW:22 X-Proofpoint-ORIG-GUID: -GTPankVIOUclr-6egvFg8Zep94590qr X-Proofpoint-GUID: -GTPankVIOUclr-6egvFg8Zep94590qr X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTI2MDEwNSBTYWx0ZWRfX43nt58Zo9zGz yaxWucUmQhbosx3AoEf/sVFNNkNqL9qAoDK5GwS5KtSFXnZE/JqxPKWfzFKXBvwzuwresBb/Kfc x+BwlhYufDpyav3GSAnWGD/6cbdf+gohBEDdZSWB/KUNCYJm1I0cRnYFRgaItlGnftVB4+Ht1Wy cQvQaPxCOpRcm9mW380saB9m20sGzwqLabRp01UeONHfENA5K8sGOSZK09QoOiTDo4FQshko0Bp /q5rIuf4iTqqX+Jg9V+t0VnFwAkTUauiqsryGgZQEfM8B18M9Hzi1bKypDy94JA/KqxPspKF85G 2PFgF/y4xwSIeFHy3sKraeCgvVTNJq3nS3leVQHf1MJnJXy4SsIdPgOSN6UCJY3MhxFb5Cnl/Zb AVLhWw06DgLNUmie8zPWB/viE0l23A/rGI4GmqZNmujjOFzhF7sE9iVecJNZO6Lmu5nwBn6kc1B O/iNZZkYMSpRLYROBVw== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-05-26_02,2026-05-26_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 phishscore=0 priorityscore=1501 spamscore=0 adultscore=0 lowpriorityscore=0 malwarescore=0 impostorscore=0 clxscore=1011 bulkscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605260105 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779797855135158501 Content-Type: text/plain; charset="utf-8" Move the cpacf sha512 implementation into a new file cpacf_sha512.c. Add this new file to the build and add a new header file cpacf.h containing the prototypes for the s390 cpacf stuff. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler --- target/s390x/tcg/cpacf.h | 16 ++ target/s390x/tcg/cpacf_sha512.c | 245 +++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 227 +--------------------------- target/s390x/tcg/meson.build | 1 + 4 files changed, 263 insertions(+), 226 deletions(-) create mode 100644 target/s390x/tcg/cpacf.h create mode 100644 target/s390x/tcg/cpacf_sha512.c diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h new file mode 100644 index 0000000000..d27839ddd9 --- /dev/null +++ b/target/s390x/tcg/cpacf.h @@ -0,0 +1,16 @@ +/* + * s390x cpacf + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ + +#ifndef S390X_CPACF_H +#define S390X_CPACF_H + +/* from crypto_sha512.c */ +int cpacf_sha512(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *message_reg, uint64_t *len= _reg, + uint32_t type); + +#endif diff --git a/target/s390x/tcg/cpacf_sha512.c b/target/s390x/tcg/cpacf_sha51= 2.c new file mode 100644 index 0000000000..59b99e3a91 --- /dev/null +++ b/target/s390x/tcg/cpacf_sha512.c @@ -0,0 +1,245 @@ +/* + * s390 cpacf sha512 + * + * Copyright (C) 2022 Jason A. Donenfeld . All Rights Re= served. + * + * Authors: + * Jason A. Donenfeld + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" +#include "s390x-internal.h" +#include "tcg_s390x.h" +#include "exec/helper-proto.h" +#include "accel/tcg/cpu-ldst-common.h" +#include "accel/tcg/cpu-mmu-index.h" +#include "cpacf.h" + +static uint64_t R(uint64_t x, int c) +{ + return (x >> c) | (x << (64 - c)); +} +static uint64_t Ch(uint64_t x, uint64_t y, uint64_t z) +{ + return (x & y) ^ (~x & z); +} +static uint64_t Maj(uint64_t x, uint64_t y, uint64_t z) +{ + return (x & y) ^ (x & z) ^ (y & z); +} +static uint64_t Sigma0(uint64_t x) +{ + return R(x, 28) ^ R(x, 34) ^ R(x, 39); +} +static uint64_t Sigma1(uint64_t x) +{ + return R(x, 14) ^ R(x, 18) ^ R(x, 41); +} +static uint64_t sigma0(uint64_t x) +{ + return R(x, 1) ^ R(x, 8) ^ (x >> 7); +} +static uint64_t sigma1(uint64_t x) +{ + return R(x, 19) ^ R(x, 61) ^ (x >> 6); +} + +static const uint64_t K[80] =3D { + 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, + 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, + 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL, + 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, + 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL, + 0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, + 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL, + 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, + 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL, + 0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, + 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL, + 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, + 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL, + 0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, + 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL, + 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, + 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL, + 0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, + 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL, + 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, + 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL, + 0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, + 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL, + 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, + 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL, + 0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, + 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL +}; + +/* a is icv/ocv, w is a single message block. w will get reused internally= . */ +static void sha512_bda(uint64_t a[8], uint64_t w[16]) +{ + uint64_t t, z[8], b[8]; + int i, j; + + memcpy(z, a, sizeof(z)); + for (i =3D 0; i < 80; i++) { + memcpy(b, a, sizeof(b)); + + t =3D a[7] + Sigma1(a[4]) + Ch(a[4], a[5], a[6]) + K[i] + w[i % 16= ]; + b[7] =3D t + Sigma0(a[0]) + Maj(a[0], a[1], a[2]); + b[3] +=3D t; + for (j =3D 0; j < 8; ++j) { + a[(j + 1) % 8] =3D b[j]; + } + if (i % 16 =3D=3D 15) { + for (j =3D 0; j < 16; ++j) { + w[j] +=3D w[(j + 9) % 16] + sigma0(w[(j + 1) % 16]) + + sigma1(w[(j + 14) % 16]); + } + } + } + + for (i =3D 0; i < 8; i++) { + a[i] +=3D z[i]; + } +} + +/* a is icv/ocv, w is a single message block that needs be64 conversion. */ +static void sha512_bda_be64(uint64_t a[8], uint64_t w[16]) +{ + uint64_t t[16]; + int i; + + for (i =3D 0; i < 16; i++) { + t[i] =3D be64_to_cpu(w[i]); + } + sha512_bda(a, t); +} + +static void sha512_read_icv(CPUS390XState *env, const int mmu_idx, + uint64_t addr, uint64_t a[8], uintptr_t ra) +{ + const MemOpIdx oi =3D make_memop_idx(MO_BE | MO_64 | MO_UNALN, mmu_idx= ); + + for (int i =3D 0; i < 8; i++, addr +=3D 8) { + addr =3D wrap_address(env, addr); + a[i] =3D cpu_ldq_mmu(env, addr, oi, ra); + } +} + +static void sha512_write_ocv(CPUS390XState *env, const int mmu_idx, + uint64_t addr, uint64_t a[8], uintptr_t ra) +{ + const MemOpIdx oi =3D make_memop_idx(MO_BE | MO_64 | MO_UNALN, mmu_idx= ); + + for (int i =3D 0; i < 8; i++, addr +=3D 8) { + addr =3D wrap_address(env, addr); + cpu_stq_mmu(env, addr, a[i], oi, ra); + } +} + +static void sha512_read_block(CPUS390XState *env, const int mmu_idx, + uint64_t addr, uint64_t a[16], uintptr_t ra) +{ + const MemOpIdx oi =3D make_memop_idx(MO_BE | MO_64 | MO_UNALN, mmu_idx= ); + + for (int i =3D 0; i < 16; i++, addr +=3D 8) { + addr =3D wrap_address(env, addr); + a[i] =3D cpu_ldq_mmu(env, addr, oi, ra); + } +} + +static void sha512_read_mbl_be64(CPUS390XState *env, const int mmu_idx, + uint64_t addr, uint8_t a[16], uintptr_t r= a) +{ + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + + for (int i =3D 0; i < 16; i++, addr +=3D 1) { + addr =3D wrap_address(env, addr); + a[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } +} + +int cpacf_sha512(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *message_reg, uint64_t *len= _reg, + uint32_t type) +{ + enum { MAX_BLOCKS_PER_RUN =3D 64 }; /* Arbitrary: keep interactivity. = */ + uint64_t len =3D *len_reg, a[8], processed =3D 0; + int i, message_reg_len =3D 64; + + g_assert(type =3D=3D S390_FEAT_TYPE_KIMD || type =3D=3D S390_FEAT_TYPE= _KLMD); + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + message_reg_len =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* KIMD: length has to be properly aligned. */ + if (type =3D=3D S390_FEAT_TYPE_KIMD && !QEMU_IS_ALIGNED(len, 128)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + sha512_read_icv(env, mmu_idx, param_addr, a, ra); + + /* Process full blocks first. */ + for (; len >=3D 128; len -=3D 128, processed +=3D 128) { + uint64_t w[16]; + + if (processed >=3D MAX_BLOCKS_PER_RUN * 128) { + break; + } + + sha512_read_block(env, mmu_idx, *message_reg + processed, w, ra); + sha512_bda(a, w); + } + + /* KLMD: Process partial/empty block last. */ + if (type =3D=3D S390_FEAT_TYPE_KLMD && len < 128) { + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + uint8_t x[128]; + + /* Read the remainder of the message byte-per-byte. */ + for (i =3D 0; i < len; i++) { + uint64_t addr =3D wrap_address(env, *message_reg + processed += i); + + x[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + /* Pad the remainder with zero and set the top bit. */ + memset(x + len, 0, 128 - len); + x[len] =3D 128; + + /* + * Place the MBL either into this block (if there is space left), + * or use an additional one. + */ + if (len < 112) { + sha512_read_mbl_be64(env, mmu_idx, param_addr + 64, x + 112, r= a); + } + sha512_bda_be64(a, (uint64_t *)x); + + if (len >=3D 112) { + memset(x, 0, 112); + sha512_read_mbl_be64(env, mmu_idx, param_addr + 64, x + 112, r= a); + sha512_bda_be64(a, (uint64_t *)x); + } + + processed +=3D len; + len =3D 0; + } + + /* + * Modify memory after we read all inputs and modify registers only af= ter + * writing memory succeeded. + * + * TODO: if writing fails halfway through (e.g., when crossing page + * boundaries), we're in trouble. We'd need something like access_prep= are(). + */ + sha512_write_ocv(env, mmu_idx, param_addr, a, ra); + *message_reg =3D deposit64(*message_reg, 0, message_reg_len, + *message_reg + processed); + *len_reg -=3D processed; + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 35f0cc26a4..574a39258c 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -19,232 +19,7 @@ #include "exec/helper-proto.h" #include "accel/tcg/cpu-ldst-common.h" #include "accel/tcg/cpu-mmu-index.h" - -static uint64_t R(uint64_t x, int c) -{ - return (x >> c) | (x << (64 - c)); -} -static uint64_t Ch(uint64_t x, uint64_t y, uint64_t z) -{ - return (x & y) ^ (~x & z); -} -static uint64_t Maj(uint64_t x, uint64_t y, uint64_t z) -{ - return (x & y) ^ (x & z) ^ (y & z); -} -static uint64_t Sigma0(uint64_t x) -{ - return R(x, 28) ^ R(x, 34) ^ R(x, 39); -} -static uint64_t Sigma1(uint64_t x) -{ - return R(x, 14) ^ R(x, 18) ^ R(x, 41); -} -static uint64_t sigma0(uint64_t x) -{ - return R(x, 1) ^ R(x, 8) ^ (x >> 7); -} -static uint64_t sigma1(uint64_t x) -{ - return R(x, 19) ^ R(x, 61) ^ (x >> 6); -} - -static const uint64_t K[80] =3D { - 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, - 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, - 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL, - 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, - 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL, - 0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, - 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL, - 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, - 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL, - 0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, - 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL, - 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, - 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL, - 0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, - 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL, - 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, - 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL, - 0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, - 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL, - 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, - 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL, - 0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, - 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL, - 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, - 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL, - 0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, - 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL -}; - -/* a is icv/ocv, w is a single message block. w will get reused internally= . */ -static void sha512_bda(uint64_t a[8], uint64_t w[16]) -{ - uint64_t t, z[8], b[8]; - int i, j; - - memcpy(z, a, sizeof(z)); - for (i =3D 0; i < 80; i++) { - memcpy(b, a, sizeof(b)); - - t =3D a[7] + Sigma1(a[4]) + Ch(a[4], a[5], a[6]) + K[i] + w[i % 16= ]; - b[7] =3D t + Sigma0(a[0]) + Maj(a[0], a[1], a[2]); - b[3] +=3D t; - for (j =3D 0; j < 8; ++j) { - a[(j + 1) % 8] =3D b[j]; - } - if (i % 16 =3D=3D 15) { - for (j =3D 0; j < 16; ++j) { - w[j] +=3D w[(j + 9) % 16] + sigma0(w[(j + 1) % 16]) + - sigma1(w[(j + 14) % 16]); - } - } - } - - for (i =3D 0; i < 8; i++) { - a[i] +=3D z[i]; - } -} - -/* a is icv/ocv, w is a single message block that needs be64 conversion. */ -static void sha512_bda_be64(uint64_t a[8], uint64_t w[16]) -{ - uint64_t t[16]; - int i; - - for (i =3D 0; i < 16; i++) { - t[i] =3D be64_to_cpu(w[i]); - } - sha512_bda(a, t); -} - -static void sha512_read_icv(CPUS390XState *env, const int mmu_idx, - uint64_t addr, uint64_t a[8], uintptr_t ra) -{ - const MemOpIdx oi =3D make_memop_idx(MO_BE | MO_64 | MO_UNALN, mmu_idx= ); - - for (int i =3D 0; i < 8; i++, addr +=3D 8) { - addr =3D wrap_address(env, addr); - a[i] =3D cpu_ldq_mmu(env, addr, oi, ra); - } -} - -static void sha512_write_ocv(CPUS390XState *env, const int mmu_idx, - uint64_t addr, uint64_t a[8], uintptr_t ra) -{ - const MemOpIdx oi =3D make_memop_idx(MO_BE | MO_64 | MO_UNALN, mmu_idx= ); - - for (int i =3D 0; i < 8; i++, addr +=3D 8) { - addr =3D wrap_address(env, addr); - cpu_stq_mmu(env, addr, a[i], oi, ra); - } -} - -static void sha512_read_block(CPUS390XState *env, const int mmu_idx, - uint64_t addr, uint64_t a[16], uintptr_t ra) -{ - const MemOpIdx oi =3D make_memop_idx(MO_BE | MO_64 | MO_UNALN, mmu_idx= ); - - for (int i =3D 0; i < 16; i++, addr +=3D 8) { - addr =3D wrap_address(env, addr); - a[i] =3D cpu_ldq_mmu(env, addr, oi, ra); - } -} - -static void sha512_read_mbl_be64(CPUS390XState *env, const int mmu_idx, - uint64_t addr, uint8_t a[16], uintptr_t r= a) -{ - const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); - - for (int i =3D 0; i < 16; i++, addr +=3D 1) { - addr =3D wrap_address(env, addr); - a[i] =3D cpu_ldb_mmu(env, addr, oi, ra); - } -} - -static int cpacf_sha512(CPUS390XState *env, const int mmu_idx, uintptr_t r= a, - uint64_t param_addr, uint64_t *message_reg, - uint64_t *len_reg, uint32_t type) -{ - enum { MAX_BLOCKS_PER_RUN =3D 64 }; /* Arbitrary: keep interactivity. = */ - uint64_t len =3D *len_reg, a[8], processed =3D 0; - int i, message_reg_len =3D 64; - - g_assert(type =3D=3D S390_FEAT_TYPE_KIMD || type =3D=3D S390_FEAT_TYPE= _KLMD); - - if (!(env->psw.mask & PSW_MASK_64)) { - len =3D (uint32_t)len; - message_reg_len =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; - } - - /* KIMD: length has to be properly aligned. */ - if (type =3D=3D S390_FEAT_TYPE_KIMD && !QEMU_IS_ALIGNED(len, 128)) { - tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); - } - - sha512_read_icv(env, mmu_idx, param_addr, a, ra); - - /* Process full blocks first. */ - for (; len >=3D 128; len -=3D 128, processed +=3D 128) { - uint64_t w[16]; - - if (processed >=3D MAX_BLOCKS_PER_RUN * 128) { - break; - } - - sha512_read_block(env, mmu_idx, *message_reg + processed, w, ra); - sha512_bda(a, w); - } - - /* KLMD: Process partial/empty block last. */ - if (type =3D=3D S390_FEAT_TYPE_KLMD && len < 128) { - const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); - uint8_t x[128]; - - /* Read the remainder of the message byte-per-byte. */ - for (i =3D 0; i < len; i++) { - uint64_t addr =3D wrap_address(env, *message_reg + processed += i); - - x[i] =3D cpu_ldb_mmu(env, addr, oi, ra); - } - /* Pad the remainder with zero and set the top bit. */ - memset(x + len, 0, 128 - len); - x[len] =3D 128; - - /* - * Place the MBL either into this block (if there is space left), - * or use an additional one. - */ - if (len < 112) { - sha512_read_mbl_be64(env, mmu_idx, param_addr + 64, x + 112, r= a); - } - sha512_bda_be64(a, (uint64_t *)x); - - if (len >=3D 112) { - memset(x, 0, 112); - sha512_read_mbl_be64(env, mmu_idx, param_addr + 64, x + 112, r= a); - sha512_bda_be64(a, (uint64_t *)x); - } - - processed +=3D len; - len =3D 0; - } - - /* - * Modify memory after we read all inputs and modify registers only af= ter - * writing memory succeeded. - * - * TODO: if writing fails halfway through (e.g., when crossing page - * boundaries), we're in trouble. We'd need something like access_prep= are(). - */ - sha512_write_ocv(env, mmu_idx, param_addr, a, ra); - *message_reg =3D deposit64(*message_reg, 0, message_reg_len, - *message_reg + processed); - *len_reg -=3D processed; - return !len ? 0 : 3; -} +#include "cpacf.h" =20 static void fill_buf_random(CPUS390XState *env, const int mmu_idx, uintptr= _t ra, uint64_t *buf_reg, uint64_t *len_reg) diff --git a/target/s390x/tcg/meson.build b/target/s390x/tcg/meson.build index 36cb0e079e..54a87393a3 100644 --- a/target/s390x/tcg/meson.build +++ b/target/s390x/tcg/meson.build @@ -5,6 +5,7 @@ s390x_ss.add(when: 'CONFIG_TCG', if_true: files( )) s390x_common_ss.add(when: 'CONFIG_TCG', if_true: files( 'cc_helper.c', + 'cpacf_sha512.c', 'crypto_helper.c', 'excp_helper.c', 'fpu_helper.c', --=20 2.43.0 From nobody Sat May 30 17:43:37 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779797875; cv=none; d=zohomail.com; s=zohoarc; b=Pek1t0hSxVVy7UJGy+aej/YoY7+t9G7cPQ3PrIcDsRZxnvSEKn8V5/EW7552FRyWp7n+oZDoLSOlYVMvE5ijrRyCpG2AyMxIYVVGVMSOYbjYjX9fAfgszasJueEhJuUvA4Y8/5paupjMG0ojr7V7y2G740KxkFiHG6ItTAfubPI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779797875; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=nlOibi4HPvjBP+TYkZte0kwsLjNKG+Cc8j6Slk32Q+Y=; b=PuztSvjoOyLHwwNb/hWRkWnjPXNtTlkhfJ1+l1cnsDGeVc4gYR8DR8/JFFca+G3BIvt+IUXQq/LkB+1tt6LPA709NS0PsUscHaHYw7n+kk+eTW4OZLZfbn1ALGKiwzz1XEDc786K1p9W2nrMLMNB1uvZA95qJro2qLWBm9ZeYos= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779797875392318.7834035753847; Tue, 26 May 2026 05:17:55 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wRqhe-0006Pi-Fs; Tue, 26 May 2026 08:16:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhc-0006NY-4l; Tue, 26 May 2026 08:16:08 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhX-0006XG-Or; Tue, 26 May 2026 08:16:07 -0400 Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64Q9cw1D3034174; Tue, 26 May 2026 12:15:55 GMT Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eb4nc306x-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:55 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64QC9msf021239; Tue, 26 May 2026 12:15:54 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 4ebs8y8ypn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:54 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64QCFpjM45023712 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 26 May 2026 12:15:51 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 107DC20040; Tue, 26 May 2026 12:15:51 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D32A32004B; Tue, 26 May 2026 12:15:50 +0000 (GMT) Received: from funtu2.aag-de.ibm.com (unknown [9.52.218.240]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 26 May 2026 12:15:50 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=nlOibi4HPvjBP+TYk Zte0kwsLjNKG+Cc8j6Slk32Q+Y=; b=h2vZwCM7HCbhBnaqCpFvfeJNQSWuIcTxk Q5Lc38RajBFYpy4fklIJW+P+Y/7HTl2nn0lDCfEkPZdhMAsK7uxn2FLratmZl1s5 y0cgtryfGVZFCHwgJLnHjuJIyb8r7CYMQ73tYZ/rFVjaYljL0kKfQqbFtVgSUneG JHFqgVXDpakEe5gTbNG+kgxmLHhtOKUW9TT/I1hCWVlECPD+ZgvYhhCOVesnXM7d x3BFoSXT2ZAN799cU+Zq3xefkwM2PEP15LiK6sHq+0BlOSCqxkQlTg/N4OS1yoa9 EoDfBxCdWvn2kbPwKOCEvzFEX+TBKm2pc+8UXZGqCy79BBAqO++wA== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v6 03/17] target/s390x: Support cpacf sha256 Date: Tue, 26 May 2026 14:15:35 +0200 Message-ID: <20260526121550.5296-4-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260526121550.5296-1-freude@linux.ibm.com> References: <20260526121550.5296-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=VvYTxe2n c=1 sm=1 tr=0 ts=6a158efb cx=c_pps a=aDMHemPKRhS1OARIsFnwRA==:117 a=aDMHemPKRhS1OARIsFnwRA==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=V8glGbnc2Ofi9Qvn3v5h:22 a=VnNF1IyMAAAA:8 a=Oku5TADFz1XGWIWXx1gA:9 X-Proofpoint-ORIG-GUID: cb9mr9s6G1cu3VvbmuKiXbVfgG8jVCWv X-Proofpoint-GUID: cb9mr9s6G1cu3VvbmuKiXbVfgG8jVCWv X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTI2MDEwNSBTYWx0ZWRfX6RDyEqZ4icFp ZLT0v8TBSVWozz5k18fz/AGUMtxUSxwK77NyOXI9g5d1rdxjFQPW8MAzq5BGCyVKxCFYBBapk3j gqTsNxFM54ZHj9prqEJF2/2Zc14mRo9wUvOL2Ypc9U+otpb2nbl3aYYoWVw5moe8zucyEVX137t 0y5JMOLaBcq2XOk4C4d+GBTWZn0fqViO7ovaQrfcTk93sPjs/H7j9dUkhty0vRQMrzR1C/C/49i 8kdwoLd9niRjPal37TwADjDvN7+pnrLsM2MrQ2esd/r+AvB46NyUqw+hIdrd02H55b9rof1YuR+ nqpcifDEMC3RXWY4rikoBWZqUcYmOMWlIQcVJQCf/mloZ535nBll8nb6ltG/i4r8arI7gBrln7u Qz+fT0Ue8sm2wL2UURmxRm9ChF9x74Lw+IEMSTrfeOcAkfNiH1Lh5wPccaY8R7BMfdf8zHOEjHz Aqklu8LZHEM7E+TIjYA== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-05-26_02,2026-05-26_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 phishscore=0 priorityscore=1501 spamscore=0 adultscore=0 lowpriorityscore=0 malwarescore=0 impostorscore=0 clxscore=1015 bulkscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605260105 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779797877242158500 Content-Type: text/plain; charset="utf-8" Add a new file cpacf_sha256.c which implements sha256. Add support for the sha256 subfuction for CPACF kimd and klmd. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler --- target/s390x/gen-features.c | 2 + target/s390x/tcg/cpacf.h | 5 + target/s390x/tcg/cpacf_sha256.c | 232 +++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 8 ++ target/s390x/tcg/meson.build | 1 + 5 files changed, 248 insertions(+) create mode 100644 target/s390x/tcg/cpacf_sha256.c diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 8218e6470e..5cf5b92c37 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -916,7 +916,9 @@ static uint16_t qemu_V7_1[] =3D { */ static uint16_t qemu_MAX[] =3D { S390_FEAT_MSA_EXT_5, + S390_FEAT_KIMD_SHA_256, S390_FEAT_KIMD_SHA_512, + S390_FEAT_KLMD_SHA_256, S390_FEAT_KLMD_SHA_512, S390_FEAT_PRNO_TRNG, }; diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index d27839ddd9..e2c36306b2 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -8,6 +8,11 @@ #ifndef S390X_CPACF_H #define S390X_CPACF_H =20 +/* from crypto_sha256.c */ +int cpacf_sha256(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *message_reg, uint64_t *len= _reg, + uint32_t type); + /* from crypto_sha512.c */ int cpacf_sha512(CPUS390XState *env, const int mmu_idx, uintptr_t ra, uint64_t param_addr, uint64_t *message_reg, uint64_t *len= _reg, diff --git a/target/s390x/tcg/cpacf_sha256.c b/target/s390x/tcg/cpacf_sha25= 6.c new file mode 100644 index 0000000000..baffa2f44b --- /dev/null +++ b/target/s390x/tcg/cpacf_sha256.c @@ -0,0 +1,232 @@ +/* + * s390 cpacf sha256 + * + * Authors: + * Harald Freudenberger + * + * The sha256 implementation here is more or less a copy-and-paste + * from Jason A. Donenfeld's implementation of sha 512 with adaptions + * for sha 256. + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" +#include "s390x-internal.h" +#include "tcg_s390x.h" +#include "exec/helper-proto.h" +#include "accel/tcg/cpu-ldst-common.h" +#include "accel/tcg/cpu-mmu-index.h" +#include "cpacf.h" + +static uint32_t R(uint32_t x, int c) +{ + return (x >> c) | (x << (32 - c)); +} +static uint32_t Ch(uint32_t x, uint32_t y, uint32_t z) +{ + return (x & y) ^ (~x & z); +} +static uint32_t Maj(uint32_t x, uint32_t y, uint32_t z) +{ + return (x & y) ^ (x & z) ^ (y & z); +} +static uint32_t Sigma0(uint32_t x) +{ + return R(x, 2) ^ R(x, 13) ^ R(x, 22); +} +static uint32_t Sigma1(uint32_t x) +{ + return R(x, 6) ^ R(x, 11) ^ R(x, 25); +} +static uint32_t sigma0(uint32_t x) +{ + return R(x, 7) ^ R(x, 18) ^ (x >> 3); +} +static uint32_t sigma1(uint32_t x) +{ + return R(x, 17) ^ R(x, 19) ^ (x >> 10); +} + +static const uint32_t K[64] =3D { + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, + 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, + 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, + 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, + 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, + 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2, +}; + +/* a is icv/ocv, w is a single message block. w will get reused internally= . */ +static void sha256_bda(uint32_t a[8], uint32_t w[16]) +{ + uint32_t t, z[8], b[8]; + int i, j; + + memcpy(z, a, sizeof(z)); + for (i =3D 0; i < 64; i++) { + memcpy(b, a, sizeof(b)); + + t =3D a[7] + Sigma1(a[4]) + Ch(a[4], a[5], a[6]) + K[i] + w[i % 16= ]; + b[7] =3D t + Sigma0(a[0]) + Maj(a[0], a[1], a[2]); + b[3] +=3D t; + for (j =3D 0; j < 8; ++j) { + a[(j + 1) % 8] =3D b[j]; + } + if (i % 16 =3D=3D 15) { + for (j =3D 0; j < 16; ++j) { + w[j] +=3D w[(j + 9) % 16] + sigma0(w[(j + 1) % 16]) + + sigma1(w[(j + 14) % 16]); + } + } + } + + for (i =3D 0; i < 8; i++) { + a[i] +=3D z[i]; + } +} + +/* a is icv/ocv, w is a single message block that needs be32 conversion. */ +static void sha256_bda_be32(uint32_t a[8], uint32_t w[16]) +{ + uint32_t t[16]; + int i; + + for (i =3D 0; i < 16; i++) { + t[i] =3D be32_to_cpu(w[i]); + } + sha256_bda(a, t); +} + +static void sha256_read_icv(CPUS390XState *env, const int mmu_idx, + uint64_t addr, uint32_t a[8], uintptr_t ra) +{ + const MemOpIdx oi =3D make_memop_idx(MO_BE | MO_32 | MO_UNALN, mmu_idx= ); + + for (int i =3D 0; i < 8; i++, addr +=3D 4) { + addr =3D wrap_address(env, addr); + a[i] =3D cpu_ldl_mmu(env, addr, oi, ra); + } +} + +static void sha256_write_ocv(CPUS390XState *env, const int mmu_idx, + uint64_t addr, uint32_t a[8], uintptr_t ra) +{ + const MemOpIdx oi =3D make_memop_idx(MO_BE | MO_32 | MO_UNALN, mmu_idx= ); + + for (int i =3D 0; i < 8; i++, addr +=3D 4) { + addr =3D wrap_address(env, addr); + cpu_stl_mmu(env, addr, a[i], oi, ra); + } +} + +static void sha256_read_block(CPUS390XState *env, const int mmu_idx, + uint64_t addr, uint32_t a[16], uintptr_t ra) +{ + const MemOpIdx oi =3D make_memop_idx(MO_BE | MO_32 | MO_UNALN, mmu_idx= ); + + for (int i =3D 0; i < 16; i++, addr +=3D 4) { + addr =3D wrap_address(env, addr); + a[i] =3D cpu_ldl_mmu(env, addr, oi, ra); + } +} + +static void sha256_read_mbl_be32(CPUS390XState *env, const int mmu_idx, + uint64_t addr, uint8_t a[8], uintptr_t ra) +{ + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + + for (int i =3D 0; i < 8; i++, addr +=3D 1) { + addr =3D wrap_address(env, addr); + a[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } +} + +int cpacf_sha256(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *message_reg, uint64_t *len= _reg, + uint32_t type) +{ + enum { MAX_BLOCKS_PER_RUN =3D 128 }; /* 128 * 64 =3D 8K */ + uint64_t len =3D *len_reg, processed =3D 0; + int i, message_reg_len =3D 64; + uint32_t a[8]; + + g_assert(type =3D=3D S390_FEAT_TYPE_KIMD || type =3D=3D S390_FEAT_TYPE= _KLMD); + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + message_reg_len =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* KIMD: length has to be properly aligned. */ + if (type =3D=3D S390_FEAT_TYPE_KIMD && !QEMU_IS_ALIGNED(len, 64)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + sha256_read_icv(env, mmu_idx, param_addr, a, ra); + + /* Process full blocks first. */ + for (; len >=3D 64; len -=3D 64, processed +=3D 64) { + uint32_t w[16]; + + if (processed >=3D MAX_BLOCKS_PER_RUN * 64) { + break; + } + + sha256_read_block(env, mmu_idx, *message_reg + processed, w, ra); + sha256_bda(a, w); + } + + /* KLMD: Process partial/empty block last. */ + if (type =3D=3D S390_FEAT_TYPE_KLMD && len < 64) { + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + uint8_t x[64]; + + /* Read the remainder of the message byte-per-byte. */ + for (i =3D 0; i < len; i++) { + uint64_t addr =3D wrap_address(env, *message_reg + processed += i); + + x[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + /* Pad the remainder with zero and set the top bit. */ + memset(x + len, 0, 64 - len); + x[len] =3D 0x80; + + /* + * Place the MBL either into this block (if there is space left), + * or use an additional one. + */ + if (len < 56) { + sha256_read_mbl_be32(env, mmu_idx, param_addr + 32, x + 56, ra= ); + } + sha256_bda_be32(a, (uint32_t *)x); + + if (len >=3D 56) { + memset(x, 0, 56); + sha256_read_mbl_be32(env, mmu_idx, param_addr + 32, x + 56, ra= ); + sha256_bda_be32(a, (uint32_t *)x); + } + + processed +=3D len; + len =3D 0; + } + + /* + * Modify memory after we read all inputs and modify registers only af= ter + * writing memory succeeded. + * + * TODO: if writing fails halfway through (e.g., when crossing page + * boundaries), we're in trouble. We'd need something like access_prep= are(). + */ + sha256_write_ocv(env, mmu_idx, param_addr, a, ra); + *message_reg =3D deposit64(*message_reg, 0, message_reg_len, + *message_reg + processed); + *len_reg -=3D processed; + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 574a39258c..a701dd8c6f 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -53,6 +53,10 @@ static int cpacf_kimd(CPUS390XState *env, const int mmu_= idx, const uintptr_t ra, int rc =3D 0; =20 switch (fc) { + case 0x02: /* CPACF_KIMD_SHA_256 */ + rc =3D cpacf_sha256(env, mmu_idx, ra, env->regs[1], &env->regs[r2], + &env->regs[r2 + 1], S390_FEAT_TYPE_KIMD); + break; case 0x03: /* CPACF_KIMD_SHA_512 */ rc =3D cpacf_sha512(env, mmu_idx, ra, env->regs[1], &env->regs[r2], &env->regs[r2 + 1], S390_FEAT_TYPE_KIMD); @@ -70,6 +74,10 @@ static int cpacf_klmd(CPUS390XState *env, const int mmu_= idx, const uintptr_t ra, int rc =3D 0; =20 switch (fc) { + case 0x02: /* CPACF_KLMD_SHA_256 */ + rc =3D cpacf_sha256(env, mmu_idx, ra, env->regs[1], &env->regs[r2], + &env->regs[r2 + 1], S390_FEAT_TYPE_KLMD); + break; case 0x03: /* CPACF_KLMD_SHA_512 */ rc =3D cpacf_sha512(env, mmu_idx, ra, env->regs[1], &env->regs[r2], &env->regs[r2 + 1], S390_FEAT_TYPE_KLMD); diff --git a/target/s390x/tcg/meson.build b/target/s390x/tcg/meson.build index 54a87393a3..8ae8da9708 100644 --- a/target/s390x/tcg/meson.build +++ b/target/s390x/tcg/meson.build @@ -5,6 +5,7 @@ s390x_ss.add(when: 'CONFIG_TCG', if_true: files( )) s390x_common_ss.add(when: 'CONFIG_TCG', if_true: files( 'cc_helper.c', + 'cpacf_sha256.c', 'cpacf_sha512.c', 'crypto_helper.c', 'excp_helper.c', --=20 2.43.0 From nobody Sat May 30 17:43:37 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779797806; cv=none; d=zohomail.com; s=zohoarc; b=GDRZNeFNnQN6QPi0KuxGOhm7wV1cmZGQ58WAK/kt+RonHDhEtZ+ZPZqfzvnmuCTi73Vsjf7qUF83nZ48tKCFhcubtS+4j/6MSiD+IjQpCLqU4WHPWPFk8OTk3c0UySspygsspo/cgtL0PNjJ5h93SISKj6T4bRfLFfZxzFAnJpA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779797806; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=5QEzqbYULvvp8bcxzzys8AZt/rvqXneaK6TdDr8e0fE=; b=NCNFliK5rAoYtQRWRUpZ5YMQMZJn9lf9knkA9rWLGXYI2jcnd+CSPwIEF0RmAO95CyUEZFfZtNttY0KB30YtbgKxg1lcfVRw2zrbshBzHhwVr3j4Wn5xrP/oAab0fNARyNHxt7tZbMKZVgvsAu9PPO9BeZ8KSN+gfyDDWjup44E= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779797805924783.1991455194551; Tue, 26 May 2026 05:16:45 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wRqhf-0006QY-Cj; Tue, 26 May 2026 08:16:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhd-0006Oa-6G; Tue, 26 May 2026 08:16:09 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhX-0006X8-UF; Tue, 26 May 2026 08:16:08 -0400 Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64PNK5H31305351; Tue, 26 May 2026 12:15:55 GMT Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eb4nc3070-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:55 +0000 (GMT) Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64QC9w3t012878; Tue, 26 May 2026 12:15:54 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 4ebpjq9d5y-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:54 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64QCFpHx28639520 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 26 May 2026 12:15:51 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 48AB920040; Tue, 26 May 2026 12:15:51 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 16EFA20043; Tue, 26 May 2026 12:15:51 +0000 (GMT) Received: from funtu2.aag-de.ibm.com (unknown [9.52.218.240]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 26 May 2026 12:15:51 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=5QEzqbYULvvp8bcxz zys8AZt/rvqXneaK6TdDr8e0fE=; b=qH66TETACQ7gl87ovQkuE26SJnd/WzdqH cLAE3C7Onhpi+lBXXlhA21Zm+TNkccxxDadSEYzRyZjAo3tFPcqxwHCWjTf7YRdk TtR0y07Re/vrswXO5ETKMdb+8mok/4sspOaGxRbHd1699cyrf1jO5/4fQVP/F16a 9ZP3hiFa7si5ENod1pbQX7uUDZ8T3HyPqosTNynnRrs7Rz5faQcm6lL00NLMFz7/ lIfIOV50KMiNz6banVshVXKaG+/+OQ4S9Cu/t5h4qZ7Njfavt+9fjurN2jyebcgU hsqFgJinD0zhBumyGDDZ+sfLQ2AfINl8ldzgWiUZ6PcmvW76m+sRg== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v6 04/17] target/s390x: Support AES ECB for cpacf km instruction Date: Tue, 26 May 2026 14:15:36 +0200 Message-ID: <20260526121550.5296-5-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260526121550.5296-1-freude@linux.ibm.com> References: <20260526121550.5296-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=VvYTxe2n c=1 sm=1 tr=0 ts=6a158efb cx=c_pps a=bLidbwmWQ0KltjZqbj+ezA==:117 a=bLidbwmWQ0KltjZqbj+ezA==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=V8glGbnc2Ofi9Qvn3v5h:22 a=VnNF1IyMAAAA:8 a=UeJqcyLMtA2A8E2_xXgA:9 X-Proofpoint-ORIG-GUID: yDA4EHYoDSy2SxEblG0fU2jwD4BQ7CoE X-Proofpoint-GUID: yDA4EHYoDSy2SxEblG0fU2jwD4BQ7CoE X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTI2MDEwNSBTYWx0ZWRfX9Zc1+exWFZIJ 1zBovWFJtOu0olWdGQ1qtnE0aJz4AsxgV89NAKO2NESstJaGzvrgNCmn5mCym9lq8N6BwjOBlLD H1ED4lsU7zsXsiYFAJO8fmdQPeACJRdFGFSDf0UZbOGIA978bhvas1yBU7N3WjnalbJZuGhe2LZ mRYx6EfnKIToE6t3P+10qZ4PGHpt9eZzIX4MXHOM8MHVSr+ldmmjDAY8PhNePLB4KQdvR6tEYTR 0LkP1xUcRDn5I/hOy2FbvmwRUG+zya+u99K+B7WU4GA8j9MHgWZsVJTsS8AgojvIQRs5ES0ukF3 x1s2wkqkMgg1DbEYOVSLdU+QtQ1XhHoaBHHdqXVzjR0+aUZxL0rxiQIrhKNQN/OKfarA44G/t3Y JuVlqWQzqXjIhTME/YLlVetjvs1dbJSamG9v6jIeU8/gA8GIpqXIoP0jiAA6m2aKqtrPqJJhxhD IFSwC2MNm87Ci8plcFg== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-05-26_02,2026-05-26_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 phishscore=0 priorityscore=1501 spamscore=0 adultscore=0 lowpriorityscore=0 malwarescore=0 impostorscore=0 clxscore=1015 bulkscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605260105 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779797806986158500 Content-Type: text/plain; charset="utf-8" Support the subfunctions CPACF_KM_AES_128, CPACF_KM_AES_192 and CPACF_KM_AES_256 for the cpacf km instruction. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler --- target/s390x/gen-features.c | 3 + target/s390x/tcg/cpacf.h | 6 ++ target/s390x/tcg/cpacf_aes.c | 113 +++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 24 +++++++ target/s390x/tcg/meson.build | 1 + 5 files changed, 147 insertions(+) create mode 100644 target/s390x/tcg/cpacf_aes.c diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 5cf5b92c37..a35d1fd2f9 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -921,6 +921,9 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KLMD_SHA_256, S390_FEAT_KLMD_SHA_512, S390_FEAT_PRNO_TRNG, + S390_FEAT_KM_AES_128, + S390_FEAT_KM_AES_192, + S390_FEAT_KM_AES_256, }; =20 /****** END FEATURE DEFS ******/ diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index e2c36306b2..36d0c81893 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -18,4 +18,10 @@ int cpacf_sha512(CPUS390XState *env, const int mmu_idx, = uintptr_t ra, uint64_t param_addr, uint64_t *message_reg, uint64_t *len= _reg, uint32_t type); =20 +/* from crypto_aes.c */ +int cpacf_aes_ecb(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint32_t type, uint8_t fc, uint8_t mod); + #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c new file mode 100644 index 0000000000..ba836f1473 --- /dev/null +++ b/target/s390x/tcg/cpacf_aes.c @@ -0,0 +1,113 @@ +/* + * s390 cpacf aes + * + * Authors: + * Harald Freudenberger + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" +#include "s390x-internal.h" +#include "tcg_s390x.h" +#include "accel/tcg/cpu-ldst-common.h" +#include "accel/tcg/cpu-mmu-index.h" +#include "crypto/aes.h" +#include "cpacf.h" + +static void aes_read_block(CPUS390XState *env, const int mmu_idx, + uint64_t addr, uint8_t *a, uintptr_t ra) +{ + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + uint64_t _addr; + + for (int i =3D 0; i < AES_BLOCK_SIZE; i++, addr +=3D 1) { + _addr =3D wrap_address(env, addr); + a[i] =3D cpu_ldb_mmu(env, _addr, oi, ra); + } +} + +static void aes_write_block(CPUS390XState *env, const int mmu_idx, + uint64_t addr, uint8_t *a, uintptr_t ra) +{ + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + uint64_t _addr; + + for (int i =3D 0; i < AES_BLOCK_SIZE; i++, addr +=3D 1) { + _addr =3D wrap_address(env, addr); + cpu_stb_mmu(env, _addr, a[i], oi, ra); + } +} + +int cpacf_aes_ecb(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint32_t type, uint8_t fc, uint8_t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; + uint64_t addr, len =3D *src_len_reg, done =3D 0; + int i, keysize, addr_reg_size =3D 64; + uint8_t key[32]; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KM); + switch (fc) { + case 0x12: /* CPACF_KM_AES_128 */ + keysize =3D 16; + break; + case 0x13: /* CPACF_KM_AES_192 */ + keysize =3D 24; + break; + case 0x14: /* CPACF_KM_AES_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + addr_reg_size =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + + /* expand key */ + if (mod) { + AES_set_decrypt_key(key, keysize * 8, &exkey); + } else { + AES_set_encrypt_key(key, keysize * 8, &exkey); + } + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); + if (mod) { + AES_decrypt(in, out, &exkey); + } else { + AES_encrypt(in, out, &exkey); + } + aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); + len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; + } + + *src_ptr_reg =3D deposit64(*src_ptr_reg, 0, addr_reg_size, + *src_ptr_reg + done); + *dst_ptr_reg =3D deposit64(*dst_ptr_reg, 0, addr_reg_size, + *dst_ptr_reg + done); + *src_len_reg -=3D done; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index a701dd8c6f..6585dfd4e7 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -89,6 +89,27 @@ static int cpacf_klmd(CPUS390XState *env, const int mmu_= idx, const uintptr_t ra, return rc; } =20 +static int cpacf_km(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint32_t r1, uint32_t r2, uint32_t r3, + uint8_t fc, uint8_t mod) +{ + int rc =3D 0; + + switch (fc) { + case 0x12: /* CPACF_KM_AES_128 */ + case 0x13: /* CPACF_KM_AES_192 */ + case 0x14: /* CPACF_KM_AES_256 */ + rc =3D cpacf_aes_ecb(env, mmu_idx, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], + S390_FEAT_TYPE_KM, fc, mod); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + static int cpacf_ppno(CPUS390XState *env, const int mmu_idx, uintptr_t ra, uint32_t r1, uint32_t r2, uint32_t r3, uint8_t fc) { @@ -156,6 +177,9 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, u= int32_t r2, uint32_t r3, case S390_FEAT_TYPE_PPNO: rc =3D cpacf_ppno(env, mmu_idx, ra, r1, r2, r3, fc); break; + case S390_FEAT_TYPE_KM: + rc =3D cpacf_km(env, mmu_idx, ra, r1, r2, r3, fc, mod); + break; default: g_assert_not_reached(); } diff --git a/target/s390x/tcg/meson.build b/target/s390x/tcg/meson.build index 8ae8da9708..6f2e75764b 100644 --- a/target/s390x/tcg/meson.build +++ b/target/s390x/tcg/meson.build @@ -5,6 +5,7 @@ s390x_ss.add(when: 'CONFIG_TCG', if_true: files( )) s390x_common_ss.add(when: 'CONFIG_TCG', if_true: files( 'cc_helper.c', + 'cpacf_aes.c', 'cpacf_sha256.c', 'cpacf_sha512.c', 'crypto_helper.c', --=20 2.43.0 From nobody Sat May 30 17:43:37 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779797806; cv=none; d=zohomail.com; s=zohoarc; b=UWAv4kraJBfyST2I5IAxufoJSfYtregAPAB7no0XBSbfTmyXvP4vg86d1DcYl/xpAchiTOlAf/pAAB/6UT6HsGzR7Nl1k4f/EJ7/C26deVayZfQwqNYafY5UPCQ1+olSXXg0+EA0Xe2aO1TCv7pgwZXk/82b4HwrSXIvwdCtXOU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779797806; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=/TTIoZJjMyVrnBAPlj9qOqPGCDyzP1uozw4zO+Q+dw0=; b=fXqbPlBYeGWovGKmBq3tdHfg+P7j2VCFrsqHooi4Iq1rBZe48ww5oimxJ+zq171kv71Z3QIUunrgL9nHOmXXFxjCUU6l4Xmp6I4qmpdoraq1vd7o0b7L7Io+Yp0l1y2LrC5aAJhb/ijioSj3YV/9wTWihXcIA3fX+RNkFY+D8gI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779797806276813.1470326422121; Tue, 26 May 2026 05:16:46 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wRqhh-0006SB-2N; Tue, 26 May 2026 08:16:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhf-0006Q8-1R; Tue, 26 May 2026 08:16:11 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhY-0006XX-BE; Tue, 26 May 2026 08:16:10 -0400 Received: from pps.filterd (m0353729.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64Q8aK601961560; Tue, 26 May 2026 12:15:56 GMT Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eb4qbux4h-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:56 +0000 (GMT) Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64QC9pun012387; Tue, 26 May 2026 12:15:55 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 4ebpjq9d61-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:55 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64QCFpwq28639522 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 26 May 2026 12:15:51 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7611420040; Tue, 26 May 2026 12:15:51 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4ED4C2004B; Tue, 26 May 2026 12:15:51 +0000 (GMT) Received: from funtu2.aag-de.ibm.com (unknown [9.52.218.240]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 26 May 2026 12:15:51 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=/TTIoZJjMyVrnBAPl j9qOqPGCDyzP1uozw4zO+Q+dw0=; b=n9CM03WW1mE9Px3CUqNM63Y80J1K7wanL ik1Ull21YDr9PyrZNCH0YpapC0Y7WAMcn5t0IWdU8vX+YVTsOAJJqb1gMrdo4n2Q EKVsJgZjzUVl1zodscX4mENnSzGLeBPhTunbkdDeiquMWoTp1VhrHsdlZPUrsRRd u4mdJ72a3NuCUtfjKqqgdF/DaROiXVEzYrwtS91IGJU7jqyPzfEvD+lBvwdjycFC yk5+8VQA3m++cAL+WiKOk9DpmuFGTh67qb/iH6yAVAZsjwzAfpYd84FM7QqMaGmX EKEDcAhDJMwUsrlHkTQMWucKEpJIQlw2BPP77q/6YlUDn2EvjNIvg== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v6 05/17] target/s390x: Support AES CBC for cpacf kmc instruction Date: Tue, 26 May 2026 14:15:37 +0200 Message-ID: <20260526121550.5296-6-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260526121550.5296-1-freude@linux.ibm.com> References: <20260526121550.5296-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTI2MDEwNSBTYWx0ZWRfX3WKANEqwQe9x 2AeRTHvckrxjokc70Z8JD+t59TWWQFQnS90kJ/eVEq8BO5w9hgV9aZJIIJNbOJpZx9sI0wDUAV9 aCcvztCanm/3y9wpsdblv80ptesLCcE+xSh09LvEO5jzHyXpbbl5IKbKOWc/GcdZ8lntemASoGq 0/9F2hbE+vr2DnmJmtQc+x+2xNMFSH2fy4SvUO8VsCQB2BhYlhPWUz4kfnC81oIHxY2Yl2TnjoI UKj8f1/iaN9uTYYfcrmDVI/UMDxhNUk4ihAjvLEI51Z15m/N4XXlKkyjthdyZkwrt5XGpzqksks I0rjwkEwqNPtt20PjeWbBGwRNMM4E8rmBouVP3l4p/HFNZzxivrKep11ok/Vjbm55YqW4m1cPUe SuzSZd5AWqxw85S+zwG2zkpCuxZZn6Oc+ydZFi32N4KVnFEPCoghNkoc8FtJi8XZGKAenoaoTzn ev2FsFwhJSb9+VingSg== X-Authority-Analysis: v=2.4 cv=KItqylFo c=1 sm=1 tr=0 ts=6a158efc cx=c_pps a=bLidbwmWQ0KltjZqbj+ezA==:117 a=bLidbwmWQ0KltjZqbj+ezA==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=uAbxVGIbfxUO_5tXvNgY:22 a=VnNF1IyMAAAA:8 a=4s_zGP7M7QCs5o7xjogA:9 X-Proofpoint-ORIG-GUID: YdvBsHw0_RLe8aSig-kglTuPMkYyadi2 X-Proofpoint-GUID: YdvBsHw0_RLe8aSig-kglTuPMkYyadi2 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-05-26_02,2026-05-26_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 malwarescore=0 lowpriorityscore=0 spamscore=0 priorityscore=1501 clxscore=1011 adultscore=0 suspectscore=0 bulkscore=0 impostorscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605260105 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=freude@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779797808136154100 Content-Type: text/plain; charset="utf-8" Support the subfunctions CPACF_KMC_AES_128, CPACF_KMC_AES_192 and CPACF_KMC_AES_256 for the cpacf kmc instruction. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler --- target/s390x/gen-features.c | 3 + target/s390x/tcg/cpacf.h | 4 ++ target/s390x/tcg/cpacf_aes.c | 102 +++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 24 ++++++++ 4 files changed, 133 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index a35d1fd2f9..9c0c0b229f 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -924,6 +924,9 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KM_AES_128, S390_FEAT_KM_AES_192, S390_FEAT_KM_AES_256, + S390_FEAT_KMC_AES_128, + S390_FEAT_KMC_AES_192, + S390_FEAT_KMC_AES_256, }; =20 /****** END FEATURE DEFS ******/ diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 36d0c81893..8b21b16147 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -23,5 +23,9 @@ int cpacf_aes_ecb(CPUS390XState *env, const int mmu_idx, = uintptr_t ra, uint64_t param_addr, uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint32_t type, uint8_t fc, uint8_t mod); +int cpacf_aes_cbc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint32_t type, uint8_t fc, uint8_t mod); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index ba836f1473..6412cc187d 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -111,3 +111,105 @@ int cpacf_aes_ecb(CPUS390XState *env, const int mmu_i= dx, uintptr_t ra, =20 return !len ? 0 : 3; } + +static void aes_xor(const uint8_t *src1, const uint8_t *src2, uint8_t *dst) +{ + for (int i =3D 0; i < AES_BLOCK_SIZE; i++) { + dst[i] =3D src1[i] ^ src2[i]; + } +} + +int cpacf_aes_cbc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint32_t type, uint8_t fc, uint8_t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + uint64_t addr, len =3D *src_len_reg, done =3D 0; + int i, keysize, addr_reg_size =3D 64; + uint8_t key[32], iv[AES_BLOCK_SIZE]; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KMC); + + switch (fc) { + case 0x12: /* CPACF_KMC_AES_128 */ + keysize =3D 16; + break; + case 0x13: /* CPACF_KMC_AES_192 */ + keysize =3D 24; + break; + case 0x14: /* CPACF_KMC_AES_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + addr_reg_size =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch iv from param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + i); + iv[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + + /* fetch key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + AES_BLOCK_SIZE + i); + key[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + + /* expand key */ + if (mod) { + AES_set_decrypt_key(key, keysize * 8, &exkey); + } else { + AES_set_encrypt_key(key, keysize * 8, &exkey); + } + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); + if (mod) { + /* decrypt in =3D> buf */ + AES_decrypt(in, buf, &exkey); + /* buf xor iv =3D> out */ + aes_xor(buf, iv, out); + /* prep iv for next round */ + memcpy(iv, in, AES_BLOCK_SIZE); + } else { + /* in xor iv =3D> buf */ + aes_xor(in, iv, buf); + /* encrypt buf =3D> out */ + AES_encrypt(buf, out, &exkey); + /* prep iv for next round */ + memcpy(iv, out, AES_BLOCK_SIZE); + } + aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); + len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; + } + + /* update iv in param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + i); + cpu_stb_mmu(env, addr, iv[i], oi, ra); + } + + *src_ptr_reg =3D deposit64(*src_ptr_reg, 0, addr_reg_size, + *src_ptr_reg + done); + *dst_ptr_reg =3D deposit64(*dst_ptr_reg, 0, addr_reg_size, + *dst_ptr_reg + done); + *src_len_reg -=3D done; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 6585dfd4e7..b6f7696809 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -110,6 +110,27 @@ static int cpacf_km(CPUS390XState *env, const int mmu_= idx, uintptr_t ra, return rc; } =20 +static int cpacf_kmc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint32_t r1, uint32_t r2, uint32_t r3, + uint8_t fc, uint8_t mod) +{ + int rc =3D 0; + + switch (fc) { + case 0x12: /* CPACF_KMC_AES_128 */ + case 0x13: /* CPACF_KMC_AES_192 */ + case 0x14: /* CPACF_KMC_AES_256 */ + rc =3D cpacf_aes_cbc(env, mmu_idx, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], + S390_FEAT_TYPE_KMC, fc, mod); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + static int cpacf_ppno(CPUS390XState *env, const int mmu_idx, uintptr_t ra, uint32_t r1, uint32_t r2, uint32_t r3, uint8_t fc) { @@ -180,6 +201,9 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, u= int32_t r2, uint32_t r3, case S390_FEAT_TYPE_KM: rc =3D cpacf_km(env, mmu_idx, ra, r1, r2, r3, fc, mod); break; + case S390_FEAT_TYPE_KMC: + rc =3D cpacf_kmc(env, mmu_idx, ra, r1, r2, r3, fc, mod); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Sat May 30 17:43:37 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779797909; cv=none; d=zohomail.com; s=zohoarc; b=BUMynrVKs4oT3VhBjGwh4eIq4/fMTS280aK4Mv40X803cJQ64u5ziDpjOBlrcGszKX7JRmkoqx651rKGSC8GyH+YwOKj+gm+i0fVIMvYfsXIk5KGl+RkkktahehozZZh54yVV204N9Id4izx82NnPLAsdRDRnx8VVSmg8TvxaSQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779797909; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=OeKr1D+NRHQZVeRBNcji4Qw0ZqTzZytuXqG+mvonh8o=; b=LS2gVSxOlvCZ6/y3Mv6td5WErWqZs441rQaS4Sxf6fwRkWOOlnAGnSUVlXQFBSPdxZQl8wVQ+NM01FIMEXzEEy02YVu6ZTiwfg2rJoKEBt1p2ap3TjpJEKxaY+XWzp72GrsDETREXctQfS/X6nQT7E0rj1+3MQRbmEFT7Optt2o= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779797909517436.1148456777322; Tue, 26 May 2026 05:18:29 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wRqhm-0006Ze-Ob; Tue, 26 May 2026 08:16:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhd-0006Oc-AV; Tue, 26 May 2026 08:16:09 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhX-0006XB-Uw; Tue, 26 May 2026 08:16:08 -0400 Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64Q0jZom1909318; Tue, 26 May 2026 12:15:56 GMT Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eb4nq31d3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:56 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64QC9tL3012798; Tue, 26 May 2026 12:15:55 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4ebr2h157n-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:55 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64QCFpJw45023720 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 26 May 2026 12:15:51 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A47592004B; Tue, 26 May 2026 12:15:51 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7BCEC20043; Tue, 26 May 2026 12:15:51 +0000 (GMT) Received: from funtu2.aag-de.ibm.com (unknown [9.52.218.240]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 26 May 2026 12:15:51 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=OeKr1D+NRHQZVeRBN cji4Qw0ZqTzZytuXqG+mvonh8o=; b=c1SakoSh7Um+uFBsD/qbcmlElGXiUnPC6 mO0F0IXkIEH+5YMXcVkTFjrXF8/RX1SEcz8sHwriBnxW3zrcX7T/IjLfA3Lx46B5 cX71nddcl8vOdQJrU53GisN64SU8GO0nv15Hj/A4wmcMW1cKpON+2VAsGiRUXhI3 HGcBIDJr5NNrAqoN0tuV3NDVzrOFvgBkRGx9TH+IB+/ZblJ8jlQTAb3XkDnbPku6 OVhFltXCeUWHBLgdEOjWbG2RUA5+wN/+V0kOwCmashwq547C+O1ffcGcqOFq3/4B H3VXNOv0SAXenHbMddxNFN51+dBGMtvKg90wGbqfOvcVGKv3L2rcA== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v6 06/17] target/s390x: Support AES CTR for cpacf kmctr instruction Date: Tue, 26 May 2026 14:15:38 +0200 Message-ID: <20260526121550.5296-7-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260526121550.5296-1-freude@linux.ibm.com> References: <20260526121550.5296-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: Q7kC-MJMaZF4FUZc82lDbrJOpEEbNXaI X-Proofpoint-ORIG-GUID: Q7kC-MJMaZF4FUZc82lDbrJOpEEbNXaI X-Authority-Analysis: v=2.4 cv=QIJYgALL c=1 sm=1 tr=0 ts=6a158efc cx=c_pps a=3Bg1Hr4SwmMryq2xdFQyZA==:117 a=3Bg1Hr4SwmMryq2xdFQyZA==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=Y2IxJ9c9Rs8Kov3niI8_:22 a=VnNF1IyMAAAA:8 a=LQnWXxm1RwZjr7XDrSkA:9 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTI2MDEwNSBTYWx0ZWRfX06IGVL+rXsnV dqqIjr60XRrBDjxDBebTi2BDp9YId9sOuOMloDx2Uod0jSUSVLvgOFHSTxxHTZZ5YJrxajbaARQ 5Tep0N/CMeC1rA9xtB9zXzRUMpKnJOSYbHwvakcyCgOXjwHBtF0iSC2wvz7bz51sozDvWrulKgR JlHYS7zFFlO/TDew39fNnVeW+OAKYKhy3wakSZEwedLK5BLRmlR8J8j8IzkMecLAxEgSXUGZKQH UWWWjcqkGtxw8CN4wDkDLXx9c1jq66BJC5OpPAUbEQuXhu2759iNbY+qPaKAxDPpMhf2mxO3Apy 5K9/tZ1Fh6zFRFbkRmE30UCXPGpxzJ3HicF8Lg7vSFkh9uBOGRYxq4AWlLhZJKEXJsGjBCFUX4F 9t8QLPd+3zRsVXrvd2AMNU5EUCHhhD2rMowpfuB23RElMezAaWwH6KfDbNyvCOWgE9qcMQxlADK k3sb/L1FXLE82Z2RGSA== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-05-26_02,2026-05-26_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1011 priorityscore=1501 impostorscore=0 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 adultscore=0 spamscore=0 lowpriorityscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605260105 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779797911455158500 Content-Type: text/plain; charset="utf-8" Support the subfunctions CPACF_KMCTR_AES_128, CPACF_KMCTR_AES_192 and CPACF_KMCTR_AES_256 for the cpacf kmctr instruction. Signed-off-by: Harald Freudenberger --- target/s390x/gen-features.c | 3 ++ target/s390x/tcg/cpacf.h | 5 +++ target/s390x/tcg/cpacf_aes.c | 76 ++++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 24 ++++++++++ 4 files changed, 108 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 9c0c0b229f..59c2a47539 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -927,6 +927,9 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KMC_AES_128, S390_FEAT_KMC_AES_192, S390_FEAT_KMC_AES_256, + S390_FEAT_KMCTR_AES_128, + S390_FEAT_KMCTR_AES_192, + S390_FEAT_KMCTR_AES_256, }; =20 /****** END FEATURE DEFS ******/ diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 8b21b16147..d73cb98c38 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -27,5 +27,10 @@ int cpacf_aes_cbc(CPUS390XState *env, const int mmu_idx,= uintptr_t ra, uint64_t param_addr, uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint32_t type, uint8_t fc, uint8_t mod); +int cpacf_aes_ctr(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint64_t *ctr_ptr_reg, uint32_t type, + uint8_t fc, uint8_t mod); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index 6412cc187d..e200a9a87a 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -213,3 +213,79 @@ int cpacf_aes_cbc(CPUS390XState *env, const int mmu_id= x, uintptr_t ra, =20 return !len ? 0 : 3; } + +int cpacf_aes_ctr(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint64_t *ctr_ptr_reg, uint32_t type, + uint8_t fc, uint8_t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + uint8_t ctr[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; + uint64_t addr, len =3D *src_len_reg, done =3D 0; + int i, keysize, addr_reg_size =3D 64; + uint8_t key[32]; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KMCTR); + + switch (fc) { + case 0x12: /* CPACF_KMCTR_AES_128 */ + keysize =3D 16; + break; + case 0x13: /* CPACF_KMCTR_AES_192 */ + keysize =3D 24; + break; + case 0x14: /* CPACF_KMCTR_AES_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + addr_reg_size =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + + /* expand key */ + AES_set_encrypt_key(key, keysize * 8, &exkey); + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + /* read in nonce/ctr =3D> ctr */ + aes_read_block(env, mmu_idx, *ctr_ptr_reg + done, ctr, ra); + /* encrypt ctr =3D> buf */ + AES_encrypt(ctr, buf, &exkey); + /* read in one block of input data =3D> in */ + aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); + /* exor input data with encrypted ctr =3D> out */ + aes_xor(in, buf, out); + /* write out the processed block */ + aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); + len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; + } + + *src_ptr_reg =3D deposit64(*src_ptr_reg, 0, addr_reg_size, + *src_ptr_reg + done); + *dst_ptr_reg =3D deposit64(*dst_ptr_reg, 0, addr_reg_size, + *dst_ptr_reg + done); + *ctr_ptr_reg =3D deposit64(*ctr_ptr_reg, 0, addr_reg_size, + *ctr_ptr_reg + done); + *src_len_reg -=3D done; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index b6f7696809..98dfa37185 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -131,6 +131,27 @@ static int cpacf_kmc(CPUS390XState *env, const int mmu= _idx, uintptr_t ra, return rc; } =20 +static int cpacf_kmctr(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint32_t r1, uint32_t r2, uint32_t r3, + uint8_t fc, uint8_t mod) +{ + int rc =3D 0; + + switch (fc) { + case 0x12: /* CPACF_KMCTR_AES_128 */ + case 0x13: /* CPACF_KMCTR_AES_192 */ + case 0x14: /* CPACF_KMCTR_AES_256 */ + rc =3D cpacf_aes_ctr(env, mmu_idx, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], + &env->regs[r3], S390_FEAT_TYPE_KMCTR, fc, mod); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + static int cpacf_ppno(CPUS390XState *env, const int mmu_idx, uintptr_t ra, uint32_t r1, uint32_t r2, uint32_t r3, uint8_t fc) { @@ -204,6 +225,9 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, u= int32_t r2, uint32_t r3, case S390_FEAT_TYPE_KMC: rc =3D cpacf_kmc(env, mmu_idx, ra, r1, r2, r3, fc, mod); break; + case S390_FEAT_TYPE_KMCTR: + rc =3D cpacf_kmctr(env, mmu_idx, ra, r1, r2, r3, fc, mod); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Sat May 30 17:43:37 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779797805; cv=none; d=zohomail.com; s=zohoarc; b=VWkGUxJkrzLJJ6GmNXlGOACxrSBghZ+lJYaYWT6JisO8SrCHW7wDOh4xtUWfRO1C7EzvUt2fU+okZui7WSG8dLr1tax67y/n8acgYnXYkoUUAvFpcizfyzmmdVCvMJudW2fwpNjMMcjkpgrWFA/FafOcW9AOSPw9pXbK/J3l/Ls= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779797805; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=zSZ3VjdOEdZm4Cy5E7lbwQx6q36NPD32dnucX3IJVVU=; b=G3aDhNgldz6ziw2um2TE/DRmZHPq33JLsPgsrSwcNtDQtAlSQAOh7BGBnBs+4sy5cwKNLNIvKSvLycNNaYG2CVrC61B0VDUEbYvmOf92xRrxNTyNHy41mwG1dedYu2TDssSyJcHBAE82BV/vLE+YeqhczZ3WtI4PpxT6kk+k1hw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779797805303498.04156778983065; Tue, 26 May 2026 05:16:45 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wRqhi-0006Sr-Py; Tue, 26 May 2026 08:16:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhd-0006Oy-J2; Tue, 26 May 2026 08:16:09 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhY-0006Y6-3o; Tue, 26 May 2026 08:16:09 -0400 Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64Q1kJsC492464; Tue, 26 May 2026 12:15:56 GMT Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eb4num1p7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:56 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64QC9huj029582; Tue, 26 May 2026 12:15:55 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 4ebrsg91re-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:55 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64QCFp7x45023722 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 26 May 2026 12:15:52 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D19AB20040; Tue, 26 May 2026 12:15:51 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AA67C2004D; Tue, 26 May 2026 12:15:51 +0000 (GMT) Received: from funtu2.aag-de.ibm.com (unknown [9.52.218.240]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 26 May 2026 12:15:51 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=zSZ3VjdOEdZm4Cy5E 7lbwQx6q36NPD32dnucX3IJVVU=; b=sp9bW0W8EEt3ixbrk5UE3lLBnu0aoNJXF KKcdd79QXkJ0UvqMPRHbPDIwGln20ajjo0Pb7nPi46auCvx6K1jgWgsAwRq/oheR dNYwrmGYlc3FwBZbra1zue71vF8HAwNkL1+5kHsGfGdi/gdhh6siFxXJ8f6crmcW qQ14AAZLHvBZZBNQwuMUJIcyWwPPtBoLyDacg1rSKP+DuvieZa92QA0IYvFYH1Rn hhE0MZuwcJQ7OzDSj8Y+azJ3ji+n+lWci/OAarbp9IjDa2ffx4Bt+WGEIgTklO0g 6/mCefL4wGQCmUqahhvX/bggr63I+5CtEtE/H+NqIVI9Qo2DlreRA== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v6 07/17] target/s390x: Minimal AES XTS support for cpacf pcc instruction Date: Tue, 26 May 2026 14:15:39 +0200 Message-ID: <20260526121550.5296-8-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260526121550.5296-1-freude@linux.ibm.com> References: <20260526121550.5296-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTI2MDEwNSBTYWx0ZWRfX5cJzpi1inMvH Vk3aMup2828w9WWngCzhgxUg2ZTXSJWv1ujGLQHdbbLsXMHBAtvx4fYgTWwDCBwfUozt1hyx4Vs B54yEJrOIusyWF0CxVAwpDL9IHURrNLZMG2GeBv/FAakim5d2Q70o4xxFsMMCc2MHUhWS+Q/KuT ApuD3JZ/ubgYV9OGfT5KHPMGG2yWUru3WUEqynviGJvCidXqh0o5aGGpvinGq6Yt+jFW+XRmTS2 8UNnIXzJDchMcjp2/zg1OWba7m9MAPEq712Xo3kE/BIjH/YtlukCNL8o/nQEavvD/KjxNZpZ4tr XtTjTRLVEfYf0aeC+3/5ZNXmfqVHAN85GWkmd41W8uoASIsBx3Q8EIpaTDpXf/vIz3IF0hRgPul ErAbblMUAbOZndggSXk3MHmml03v168DXWTzslAzmySlSdbBa55IJRCGhns+9HD0xX5CRGLcL4w 7Vsp57uI8FOKeNfHTZQ== X-Authority-Analysis: v=2.4 cv=UtJT8ewB c=1 sm=1 tr=0 ts=6a158efc cx=c_pps a=AfN7/Ok6k8XGzOShvHwTGQ==:117 a=AfN7/Ok6k8XGzOShvHwTGQ==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=iQ6ETzBq9ecOQQE5vZCe:22 a=VnNF1IyMAAAA:8 a=gr50lgQh3SlUKNVXMSoA:9 X-Proofpoint-ORIG-GUID: fPxYH1kB5QlSlWIy_tmD5-4alDzV7MBx X-Proofpoint-GUID: fPxYH1kB5QlSlWIy_tmD5-4alDzV7MBx X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-05-26_02,2026-05-26_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 adultscore=0 clxscore=1011 bulkscore=0 phishscore=0 impostorscore=0 malwarescore=0 lowpriorityscore=0 priorityscore=1501 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605260105 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=freude@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779797806254154100 Content-Type: text/plain; charset="utf-8" Support CPACF pcc subfunctions PCC-Compute-XTS-Parameter-AES-128 and PCC-Compute-XTS-Parameter-AES-128 but only for the special case block sequential number is 0. However, this covers the s390 AES XTS implementation in the Linux kernel and Libica and thus also Opencryptoki clear key via Libica. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler --- target/s390x/gen-features.c | 2 + target/s390x/tcg/cpacf.h | 2 + target/s390x/tcg/cpacf_aes.c | 71 ++++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 20 +++++++++ 4 files changed, 95 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 59c2a47539..1b6a874b90 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -930,6 +930,8 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KMCTR_AES_128, S390_FEAT_KMCTR_AES_192, S390_FEAT_KMCTR_AES_256, + S390_FEAT_PCC_XTS_AES_128, + S390_FEAT_PCC_XTS_AES_256, }; =20 /****** END FEATURE DEFS ******/ diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index d73cb98c38..381a6c3ff1 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -32,5 +32,7 @@ int cpacf_aes_ctr(CPUS390XState *env, const int mmu_idx, = uintptr_t ra, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint64_t *ctr_ptr_reg, uint32_t type, uint8_t fc, uint8_t mod); +int cpacf_aes_pcc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint8_t fc); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index e200a9a87a..43c556f31b 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -16,6 +16,13 @@ #include "crypto/aes.h" #include "cpacf.h" =20 +/* #define DEBUG_HELPER */ +#ifdef DEBUG_HELPER +#define HELPER_LOG(x...) qemu_log(x) +#else +#define HELPER_LOG(x...) +#endif + static void aes_read_block(CPUS390XState *env, const int mmu_idx, uint64_t addr, uint8_t *a, uintptr_t ra) { @@ -289,3 +296,67 @@ int cpacf_aes_ctr(CPUS390XState *env, const int mmu_id= x, uintptr_t ra, =20 return !len ? 0 : 3; } + +int cpacf_aes_pcc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint8_t fc) +{ + uint8_t key[32], tweak[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + int keysize, i; + uint64_t addr; + AES_KEY exkey; + + switch (fc) { + case 0x32: /* CPACF_PCC compute XTS param AES-128 */ + keysize =3D 16; + break; + case 0x34: /* CPACF PCC compute XTS param AES-256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + /* fetch block sequence nr from param block into buf */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + AES_BLOCK_SIZE += i); + buf[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + + /* is the block sequence nr 0 ? */ + for (i =3D 0; i < AES_BLOCK_SIZE && !buf[i]; i++) { + ; + } + if (i < AES_BLOCK_SIZE) { + /* no, sorry handling of non zero block sequence is not implemente= d */ + cpu_abort(env_cpu(env), + "PCC-compute-XTS-param with non zero block sequence is n= ot implemented\n"); + return 1; + } + + /* fetch key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + + /* fetch tweak from param block into tweak */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + tweak[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + + /* expand key */ + AES_set_encrypt_key(key, keysize * 8, &exkey); + + /* encrypt tweak */ + AES_encrypt(tweak, buf, &exkey); + + /* store encrypted tweak into xts parameter field of the param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + 3 * AES_BLOCK_SI= ZE + i); + cpu_stb_mmu(env, addr, buf[i], oi, ra); + } + + return 0; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 98dfa37185..1a0a503844 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -169,6 +169,23 @@ static int cpacf_ppno(CPUS390XState *env, const int mm= u_idx, uintptr_t ra, return rc; } =20 +static int cpacf_pcc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint8_t fc) +{ + int rc =3D 0; + + switch (fc) { + case 0x32: /* CPACF_PCC compute XTS param AES-128 */ + case 0x34: /* CPACF PCC compute XTS param AES-256 */ + rc =3D cpacf_aes_pcc(env, mmu_idx, ra, env->regs[1], fc); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, uint32_t r2, uint32_= t r3, uint32_t type) { @@ -228,6 +245,9 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, u= int32_t r2, uint32_t r3, case S390_FEAT_TYPE_KMCTR: rc =3D cpacf_kmctr(env, mmu_idx, ra, r1, r2, r3, fc, mod); break; + case S390_FEAT_TYPE_PCC: + rc =3D cpacf_pcc(env, mmu_idx, ra, fc); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Sat May 30 17:43:37 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779797895; cv=none; d=zohomail.com; s=zohoarc; b=kp1ffgF0iO2HODjEdqA7HpN26MZBMrYGySNIHijxdE8RfTiu6IFvcYzhr1iuPybywCg72o6En4M5ajRJJvleGIK2b9XmRbQ99ZevbgRv51ufVV8xud57XZhRj9qe+KP8ibNKwzuTlFdYG2eczicj/n7C0g9Y173XntCpqQMa+UE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779797895; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=w1rgyq+KbgxdJ9SY5ewg/Ew7WgdmMKcT8Ugp1mWH7VE=; b=RWv2NqSf6mcXIozjbI8goqqfHomUms5JcBxEYOvpWgccrCueLjcCG80UCENPItPNl6iqOcdcwB+VvLBTY2t6BQqlicfKdwb9F8OzIQrvmttTqGWrI7NEXwhaLUGspzf/NHFGeePT3yszGkp/SPSh+WFyBN8W/aYia/vqUFDLqTY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779797895904528.686063735674; Tue, 26 May 2026 05:18:15 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wRqhd-0006OZ-Av; Tue, 26 May 2026 08:16:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhb-0006N3-Dt; Tue, 26 May 2026 08:16:07 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhX-0006XI-Jg; Tue, 26 May 2026 08:16:07 -0400 Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64Q3PU5F047078; Tue, 26 May 2026 12:15:56 GMT Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eb4s2by05-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:56 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64QC9h1D029570; Tue, 26 May 2026 12:15:55 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 4ebrsg91rf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:55 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64QCFqE953412302 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 26 May 2026 12:15:52 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0BA0220040; Tue, 26 May 2026 12:15:52 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D750620043; Tue, 26 May 2026 12:15:51 +0000 (GMT) Received: from funtu2.aag-de.ibm.com (unknown [9.52.218.240]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 26 May 2026 12:15:51 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=w1rgyq+KbgxdJ9SY5 ewg/Ew7WgdmMKcT8Ugp1mWH7VE=; b=scxbwIsZTsHyNu4wGM0Cxtr0nExWjaKy5 A/VFpNzdCSUzylGw5mXY4siJJMx9Mr/5Om2Tjne2tAMjHE22D4gcAJ3+Y2L5XgmZ rsqw6KPLOmS5UWsmavJbol0JVwXWfvu4Nu15LLuJU9km/n4k2y+F5e999ETjezGu 5hH5C6FGEKflC9Fj+gzJM/x8086ncEgZa5uPHssXqcMDw4Z3kCPu8uLEjcsW+R2a f0bkJHjyooQd6+bhJcG+XDZaNIpnNDIPtiz+EicFxxI391uBIjXpEjzgMQmt9gMT ryrtkZWvkwbqTXTeF6xc2/EbKgKfOb42UIurb8/jd5VZbGm/IQknw== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v6 08/17] target/s390x: Support AES XTS for cpacf km instruction Date: Tue, 26 May 2026 14:15:40 +0200 Message-ID: <20260526121550.5296-9-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260526121550.5296-1-freude@linux.ibm.com> References: <20260526121550.5296-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: HNwiNbo_vTV8wmHqGcBTvv1d9IMX3Hvm X-Authority-Analysis: v=2.4 cv=Sq2gLvO0 c=1 sm=1 tr=0 ts=6a158efc cx=c_pps a=AfN7/Ok6k8XGzOShvHwTGQ==:117 a=AfN7/Ok6k8XGzOShvHwTGQ==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=U7nrCbtTmkRpXpFmAIza:22 a=VnNF1IyMAAAA:8 a=eqHtp_S4Ax5_VAgAp9wA:9 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTI2MDEwNSBTYWx0ZWRfX5RvG50AmiDRZ +tPEEgCrAS1thSVZj2J9cx3+IPvROcAGVRmIT2AJdbIjnWFstNvIoKMWQnAvFv7eGyZLu1zpqZM /r5/XOKWRDCrjJSFdqRLQYVAgxGrD5A+TeYmwghUew1WlKPHN8t/ghZSFUQbkdsP/cgvnIiIs2w ACXN9UTX9P4TZGtqHC0Hv40Klt3d/sWACPSu4pgC6xfj/GfHF0iaYV0xBfeJBSBjanlYgYXC810 IF2TOYhDZcxb2YjmHmRZRARWoorjrxvpf6qVg8T8WvVTpwILylJ96OUMJ4HeS7K9rbCNYTGbWKf kETD0ZWSrxK6uuKjyG1mqNZBVocVAfs7dnSkQrzbKXoAzqsJsVHM+qZPC3L6MAjesu5ZXoi4I4z NqCqEL5SAezIpE+NM2kvX3hTlDxefKpSSverYvBmUQ15VSPuUdQHebHI37b8HJ7O71B09/HoSBp eSE0PEY6OGtnaiIKKkQ== X-Proofpoint-ORIG-GUID: HNwiNbo_vTV8wmHqGcBTvv1d9IMX3Hvm X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-05-26_02,2026-05-26_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 priorityscore=1501 phishscore=0 impostorscore=0 malwarescore=0 lowpriorityscore=0 adultscore=0 clxscore=1011 suspectscore=0 spamscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605260105 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=freude@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779797897352158500 Content-Type: text/plain; charset="utf-8" Support the subfunctions XTS-AES-128 and XTS-AES-256 for the cpacf km instruction. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler --- target/s390x/gen-features.c | 2 + target/s390x/tcg/cpacf.h | 4 ++ target/s390x/tcg/cpacf_aes.c | 107 +++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 6 ++ 4 files changed, 119 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 1b6a874b90..f9b1a40c7c 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -924,6 +924,8 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KM_AES_128, S390_FEAT_KM_AES_192, S390_FEAT_KM_AES_256, + S390_FEAT_KM_XTS_AES_128, + S390_FEAT_KM_XTS_AES_256, S390_FEAT_KMC_AES_128, S390_FEAT_KMC_AES_192, S390_FEAT_KMC_AES_256, diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 381a6c3ff1..7e53ce2a14 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -34,5 +34,9 @@ int cpacf_aes_ctr(CPUS390XState *env, const int mmu_idx, = uintptr_t ra, uint8_t fc, uint8_t mod); int cpacf_aes_pcc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, uint64_t param_addr, uint8_t fc); +int cpacf_aes_xts(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint32_t type, uint8_t fc, uint8_t mod); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index 43c556f31b..0312436c43 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -360,3 +360,110 @@ int cpacf_aes_pcc(CPUS390XState *env, const int mmu_i= dx, uintptr_t ra, =20 return 0; } + +static void aes_xts_prep_next_tweak(uint8_t tweak[AES_BLOCK_SIZE]) +{ + uint8_t carry; + int i; + + carry =3D tweak[AES_BLOCK_SIZE - 1] >> 7; + + for (i =3D AES_BLOCK_SIZE - 1; i > 0; i--) { + tweak[i] =3D (uint8_t)((tweak[i] << 1) | (tweak[i - 1] >> 7)); + } + + tweak[i] =3D (uint8_t)(tweak[i] << 1); + tweak[i] ^=3D (uint8_t)(0x87 & (uint8_t)(-(int8_t)carry)); +} + +int cpacf_aes_xts(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint32_t type, uint8_t fc, uint8_t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + uint8_t buf1[AES_BLOCK_SIZE], buf2[AES_BLOCK_SIZE]; + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + uint64_t addr, len =3D *src_len_reg, done =3D 0; + uint8_t key[32], tweak[AES_BLOCK_SIZE]; + int i, keysize, addr_reg_size =3D 64; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KM); + + switch (fc) { + case 0x32: /* CPACF_KM_XTS_128 */ + keysize =3D 16; + break; + case 0x34: /* CPACF_KM_XTS_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + addr_reg_size =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + + /* expand key */ + if (mod) { + AES_set_decrypt_key(key, keysize * 8, &exkey); + } else { + AES_set_encrypt_key(key, keysize * 8, &exkey); + } + + /* fetch tweak from param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + tweak[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + /* fetch one AES block into buf1 */ + aes_read_block(env, mmu_idx, *src_ptr_reg + done, buf1, ra); + /* buf1 xor tweak =3D> buf2 */ + aes_xor(buf1, tweak, buf2); + if (mod) { + /* decrypt buf2 =3D> buf1 */ + AES_decrypt(buf2, buf1, &exkey); + } else { + /* encrypt buf2 =3D> buf1 */ + AES_encrypt(buf2, buf1, &exkey); + } + /* buf1 xor tweak =3D> buf2 */ + aes_xor(buf1, tweak, buf2); + /* prep tweak for next round */ + aes_xts_prep_next_tweak(tweak); + /* write out this processed block from buf2 */ + aes_write_block(env, mmu_idx, *dst_ptr_reg + done, buf2, ra); + len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; + } + + /* update tweak in param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + cpu_stb_mmu(env, addr, tweak[i], oi, ra); + } + + *src_ptr_reg =3D deposit64(*src_ptr_reg, 0, addr_reg_size, + *src_ptr_reg + done); + *dst_ptr_reg =3D deposit64(*dst_ptr_reg, 0, addr_reg_size, + *dst_ptr_reg + done); + *src_len_reg -=3D done; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 1a0a503844..19d625f37f 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -103,6 +103,12 @@ static int cpacf_km(CPUS390XState *env, const int mmu_= idx, uintptr_t ra, &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], S390_FEAT_TYPE_KM, fc, mod); break; + case 0x32: /* CPACF_KM_XTS_128 */ + case 0x34: /* CPACF_KM_XTS_256 */ + rc =3D cpacf_aes_xts(env, mmu_idx, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], + S390_FEAT_TYPE_KM, fc, mod); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Sat May 30 17:43:37 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779797911; cv=none; d=zohomail.com; s=zohoarc; b=O+VIBSQRHB3E+EW+T2sWmBnZoyLyTdM3Qw74ueYwdkWRquP4hsPMGudmstf4wQlbpOsyFxCQWvsFmsr36EJu6f1xtkUgSiN0MRLQGbQPyQXE14kGMaaBietZx7kwxzKeqBzCLzTsCN0teFJ5Yi7P4AM2tdQqvTRUxoeD+13NiRU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779797911; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=UQE1RJsrMcPn7M+AG1mxjRbhMMn3csZqZ9UzCC7RhVA=; b=R5Wr17Bzz7wUyHTrUF0GCKUWHJGwxvLuZ46iTP01s0d+JWhi0zkeSclCWOY6UIRWD4Faail7FCLlz4IaDxnAa20xKjsDSfAieciVdoWx4uYrKy7zuGgZVOEi6ZDm0YzINnh3JLSRLocInJ7ywjOAcwQV0ajAtoBiG1au4X+qx8I= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779797911990548.35698589084; Tue, 26 May 2026 05:18:31 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wRqha-0006Mz-TG; Tue, 26 May 2026 08:16:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhZ-0006MX-Oc; Tue, 26 May 2026 08:16:05 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhX-0006Xb-M3; Tue, 26 May 2026 08:16:05 -0400 Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64Q9A6ru3026762; Tue, 26 May 2026 12:15:57 GMT Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eb4nc3074-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:56 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64QCA14o012888; Tue, 26 May 2026 12:15:56 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4ebr2h157p-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:56 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64QCFq4L53412304 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 26 May 2026 12:15:52 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3985020043; Tue, 26 May 2026 12:15:52 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 119692004B; Tue, 26 May 2026 12:15:52 +0000 (GMT) Received: from funtu2.aag-de.ibm.com (unknown [9.52.218.240]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 26 May 2026 12:15:52 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=UQE1RJsrMcPn7M+AG 1mxjRbhMMn3csZqZ9UzCC7RhVA=; b=fYvnwiJvcJgnC/fgrsWqzPhp0edopXwP/ IKX1RzDTFgyCwFRe62bgiLDlWXo/scgDBKhMDuYtZlopCsTeZxgbXmjC7TSQ20SW zEhxehFCyXr83XwvyjBrGMPDBjlHUcaB0ZTNtut6EUfEMvGD17g74ER8/uxUN37+ UCEazr9aOn9xwEqB1LQWfWseQcm9OfUz7IBfWWD+CsSrGkgwnI7WQy+dmt38fCFU 7K4eNqInmyD5FmHEKSZhRImFZ5nXMdCKpE4PyUNKlLjvDdXouK9+aCjrD5yd768Y CI8esznY/DyWGJnhRr6yC9+9FLkE49DEshxh7vXcKx05oPZcCSGFQ== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v6 09/17] target/s390x: Support pckmo encrypt AES subfunctions Date: Tue, 26 May 2026 14:15:41 +0200 Message-ID: <20260526121550.5296-10-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260526121550.5296-1-freude@linux.ibm.com> References: <20260526121550.5296-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=VvYTxe2n c=1 sm=1 tr=0 ts=6a158efc cx=c_pps a=3Bg1Hr4SwmMryq2xdFQyZA==:117 a=3Bg1Hr4SwmMryq2xdFQyZA==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=V8glGbnc2Ofi9Qvn3v5h:22 a=VnNF1IyMAAAA:8 a=Z4AAViVgUL_E5abT2tgA:9 X-Proofpoint-ORIG-GUID: mYQfuqkxFfRjx_1pnrVACN7cTbO8tj-G X-Proofpoint-GUID: mYQfuqkxFfRjx_1pnrVACN7cTbO8tj-G X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTI2MDEwNSBTYWx0ZWRfX/g1jgaS3OAZI PbGLIuKsFop8L9zkze5gue680i7lFBYQvVDga623xlIOOO0ithYkXXie/Yan7zkumXZ4ZKibXqW lsG9TTGrpoz002DZGQr0od5fxhA2Q6y1BNuqzB0bT/d/Dr/tpVc1lM8WX/Kr7ZhvwJkhY45AW1A ROt7iRQ9qY6mW4HjT6PRTLOX340e3hGnziaXjfCmmyQnBjopo3m8+gzpCZjP4rYRgPmqCBs1JyM /Tfx8NG60KotTVmA9XOo780l5YBwtbkTHgz6O7yAmLt7oREMWg+gOkJwrHg0IbI39ov1Afp0aio CIpri+xTqh9jn5F42vTh4aCmBc/eIlrA1PRY7rTEWynJtD0IXeHeY0SPteDVTOt83QIx7/3YZ3F XdNrApli4yiqNWmZEbW4+EPtOVYu/2UpVwLLyR2SY7EGY1J1q5KQ2qUBpOW4dmUIIIVZAGd2/18 HlNpJlisIxS+2uGqC6Q== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-05-26_02,2026-05-26_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 phishscore=0 priorityscore=1501 spamscore=0 adultscore=0 lowpriorityscore=0 malwarescore=0 impostorscore=0 clxscore=1015 bulkscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605260105 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779797913579154100 Content-Type: text/plain; charset="utf-8" Support the subfuctions PCKMO-Encrypt-AES-128-Key, PCKMO-Encrypt-AES-192-Key and PCKMO-Encrypt-AES-256-Key. These subfunctions derive a protected key from an AES clear key by encrypting it with an internal AES wrapping key. More details can be found in the "z/Architecture Prinziples of Operation" document. The qemu version provided here is only a fake indented to make protected key available for developing and testing purpose: * The protected key is 'derived' from the clear key by xoring the fixed pattern 0xAAAA... onto the key value. * The AES Wrapping Key Verification Pattern is a fixed value of 32 bytes 0xFACEFACE... Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler --- target/s390x/gen-features.c | 3 ++ target/s390x/tcg/cpacf.h | 2 + target/s390x/tcg/cpacf_aes.c | 66 ++++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 21 ++++++++++ 4 files changed, 92 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index f9b1a40c7c..d3e69aaca6 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -934,6 +934,9 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KMCTR_AES_256, S390_FEAT_PCC_XTS_AES_128, S390_FEAT_PCC_XTS_AES_256, + S390_FEAT_PCKMO_AES_128, + S390_FEAT_PCKMO_AES_192, + S390_FEAT_PCKMO_AES_256, }; =20 /****** END FEATURE DEFS ******/ diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 7e53ce2a14..5588e2bdec 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -38,5 +38,7 @@ int cpacf_aes_xts(CPUS390XState *env, const int mmu_idx, = uintptr_t ra, uint64_t param_addr, uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint32_t type, uint8_t fc, uint8_t mod); +int cpacf_aes_pckmo(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint8_t fc); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index 0312436c43..5a0a3473d5 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -467,3 +467,69 @@ int cpacf_aes_xts(CPUS390XState *env, const int mmu_id= x, uintptr_t ra, =20 return !len ? 0 : 3; } + +/* + * Hard coded pattern xored with the AES clear key + * to 'produce' the protected key. + */ +static const uint8_t protkey_xor_pattern[32] =3D { + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA }; + +/* + * Hard coded wkvp ("Wrapping Key Verification Pattern") + */ +static const uint8_t protkey_wkvp[32] =3D { + 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E, + 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E, + 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E, + 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E }; + +int cpacf_aes_pckmo(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint8_t fc) +{ + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + uint8_t key[32]; + int keysize, i; + uint64_t addr; + + switch (fc) { + case 0x12: /* CPACF_PCKMO_ENC_AES_128_KEY */ + keysize =3D 16; + break; + case 0x13: /* CPACF_PCKMO_ENC_AES_192_KEY */ + keysize =3D 24; + break; + case 0x14: /* CPACF_PCKMO_ENC_AES_256_KEY */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + /* fetch key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + + /* 'derive' the protected key */ + for (i =3D 0; i < keysize; i++) { + key[i] ^=3D protkey_xor_pattern[i]; + } + + /* store the protected key into param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + cpu_stb_mmu(env, addr, key[i], oi, ra); + } + /* followed by the fake wkvp */ + for (i =3D 0; i < sizeof(protkey_wkvp); i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + cpu_stb_mmu(env, addr, protkey_wkvp[i], oi, ra); + } + + return 0; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 19d625f37f..e1952ae4bc 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -192,6 +192,24 @@ static int cpacf_pcc(CPUS390XState *env, const int mmu= _idx, uintptr_t ra, return rc; } =20 +static int cpacf_pckmo(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint8_t fc) +{ + int rc =3D 0; + + switch (fc) { + case 0x12: /* CPACF_PCKMO_ENC_AES_128_KEY */ + case 0x13: /* CPACF_PCKMO_ENC_AES_192_KEY */ + case 0x14: /* CPACF_PCKMO_ENC_AES_256_KEY */ + rc =3D cpacf_aes_pckmo(env, mmu_idx, ra, env->regs[1], fc); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, uint32_t r2, uint32_= t r3, uint32_t type) { @@ -254,6 +272,9 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, u= int32_t r2, uint32_t r3, case S390_FEAT_TYPE_PCC: rc =3D cpacf_pcc(env, mmu_idx, ra, fc); break; + case S390_FEAT_TYPE_PCKMO: + rc =3D cpacf_pckmo(env, mmu_idx, ra, fc); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Sat May 30 17:43:37 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779797952; cv=none; d=zohomail.com; s=zohoarc; b=ZTSdSXwmigECBDOg6JBCf4l9n6J9niJV6m3/LLJFjr8ZZ5/Clyj8WRjtN9oOvf2/HF654+iie2lF432ifk3I1YJjkl7JI5/NmwaFRuscMGVRu8PB2DSY3l4MwDfp3vYMOmT7LosENRPlKkDUyzBsJ9wFAU1CaXLA9WFdzHs+Q58= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779797952; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Qp2TxYo1HJc1FR7jiAzWmbFxd9yeN+gKCgOOZSVsAc8=; b=I1ah1neSuFX55FioCt5d6xxRqcbapHBoKFV0Xxi2KIcNOuB2eP9iZKCGt37TLETCkQvLGVliB7ajSrgCd25K0aonZJGxXJcVXd9Uw7JtULAwsKLDhxmOaBY69UUPYHjMhXIN9QF3N5u85EfgUwEva3eWd5BFPMtrHUP3yGwTDQs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779797952610937.1142010710976; Tue, 26 May 2026 05:19:12 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wRqhl-0006Wg-Di; Tue, 26 May 2026 08:16:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhf-0006RD-Sc; Tue, 26 May 2026 08:16:11 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhY-0006Xk-M8; Tue, 26 May 2026 08:16:11 -0400 Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64Q2wsdK1113796; Tue, 26 May 2026 12:15:57 GMT Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eb4num1p8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:56 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64QC9t9b029948; Tue, 26 May 2026 12:15:55 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 4ebrsg91rg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:55 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64QCFq4X53412306 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 26 May 2026 12:15:52 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8051820043; Tue, 26 May 2026 12:15:52 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3EB7920040; Tue, 26 May 2026 12:15:52 +0000 (GMT) Received: from funtu2.aag-de.ibm.com (unknown [9.52.218.240]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 26 May 2026 12:15:52 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=Qp2TxYo1HJc1FR7ji AzWmbFxd9yeN+gKCgOOZSVsAc8=; b=MItjlziuLtgg57IylCTHsSa2YicOAejbi Aa+CAV0RYxpPT0xKjQboirK2Kn2MDZrmBIgHT1sEhSzi9Z1W7Tw2f1/KBjATpPYL g5Vmr4vEDlfpg8P/lnX/p2DMkzJRdvDmx2AsMjF3MzQ+3fqTpReRvDdYxcaYY3iu pIUeMdboUz9qI7XmuHJjIxS26EhBNrCFRucL93zb7cMqeOsi1H+P5q/zRKTNea5W yzUC4CsMfd5CmYPGWaVx8AHNcc5aU/Hpdnjs8ZIHlDaYxvUFHw8D/w8HYHzLX2+n 7eWrPbFnLQDyDBAqV3XEYK7VKZ9AJpkpdv1a9MTXBRy189FUC4LIg== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v6 10/17] target/s390x: Support protected key AES ECB for cpacf km instruction Date: Tue, 26 May 2026 14:15:42 +0200 Message-ID: <20260526121550.5296-11-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260526121550.5296-1-freude@linux.ibm.com> References: <20260526121550.5296-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTI2MDEwNSBTYWx0ZWRfXzsHAvKuuKSMu R3j935yjabxi+PA91dmbXBM3+24ExcjDhHpaP0fJ3qLZrrac1p7Eeq8t5PHL8rHNoobS3ZrZPej uI6FM32lWnbrZ/twSkAH83xNs0k+if/c40dIxknxi0snNB9eRmpPyIDUoJB5R4q8xam7W3E/OVc BweW34kjJvc+Kx+Z1U5TUhUt8loSxh7sPuPPVf/fw+n3kx8macU0RBcFhr8my+t5RHjZDFbzwRY efEo0RIi9idBLHF12xIofgKI8Wtsq0AFNjq/1xoYccFwFPxBabbZE+kc8VBNciHu+IgLI4wxhH6 6G7NDIRMCuVpv2mC5KuUQj35HulE3OpO8mg2bscIpFqWsJCjirBwKTDqpEeA4AxjDI/mAYFWMXE AojRqQ7ljnj00m/ETe2FhoauEctL64tcetfgML970xZ2SxIhJEg9xwpBxawT0TLWphp+25G44Dr BOyarcRYKsupnVoK1RA== X-Authority-Analysis: v=2.4 cv=UtJT8ewB c=1 sm=1 tr=0 ts=6a158efc cx=c_pps a=AfN7/Ok6k8XGzOShvHwTGQ==:117 a=AfN7/Ok6k8XGzOShvHwTGQ==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=iQ6ETzBq9ecOQQE5vZCe:22 a=VnNF1IyMAAAA:8 a=kMBD09bGjcw6kBLitfwA:9 X-Proofpoint-ORIG-GUID: 2jhjBawrl-9w6coPI_0x6ezGyYp2BdP0 X-Proofpoint-GUID: 2jhjBawrl-9w6coPI_0x6ezGyYp2BdP0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-05-26_02,2026-05-26_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 adultscore=0 clxscore=1015 bulkscore=0 phishscore=0 impostorscore=0 malwarescore=0 lowpriorityscore=0 priorityscore=1501 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605260105 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=freude@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779797953719158500 Content-Type: text/plain; charset="utf-8" Support the subfunctions CPACF_KM_PAES_128, CPACF_KM_PAES_192 and CPACF_KM_PAES_256 for the cpacf km instruction. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler --- target/s390x/gen-features.c | 3 ++ target/s390x/tcg/cpacf.h | 4 ++ target/s390x/tcg/cpacf_aes.c | 87 ++++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 7 +++ 4 files changed, 101 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index d3e69aaca6..71e0e41d6e 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -924,6 +924,9 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KM_AES_128, S390_FEAT_KM_AES_192, S390_FEAT_KM_AES_256, + S390_FEAT_KM_EAES_128, + S390_FEAT_KM_EAES_192, + S390_FEAT_KM_EAES_256, S390_FEAT_KM_XTS_AES_128, S390_FEAT_KM_XTS_AES_256, S390_FEAT_KMC_AES_128, diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 5588e2bdec..7cf739e7a4 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -40,5 +40,9 @@ int cpacf_aes_xts(CPUS390XState *env, const int mmu_idx, = uintptr_t ra, uint32_t type, uint8_t fc, uint8_t mod); int cpacf_aes_pckmo(CPUS390XState *env, const int mmu_idx, uintptr_t ra, uint64_t param_addr, uint8_t fc); +int cpacf_paes_ecb(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint32_t type, uint8_t fc, uint8_t mod); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index 5a0a3473d5..bcfcf3b660 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -533,3 +533,90 @@ int cpacf_aes_pckmo(CPUS390XState *env, const int mmu_= idx, uintptr_t ra, =20 return 0; } + +int cpacf_paes_ecb(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint32_t type, uint8_t fc, uint8_t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; + uint64_t addr, len =3D *src_len_reg, done =3D 0; + int i, keysize, addr_reg_size =3D 64; + uint8_t key[32], wkvp[32]; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KM); + + switch (fc) { + case 0x1a: /* CPACF_KM_PAES_128 */ + keysize =3D 16; + break; + case 0x1b: /* CPACF_KM_PAES_192 */ + keysize =3D 24; + break; + case 0x1c: /* CPACF_KM_PAES_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + addr_reg_size =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch and check wkvp from param block */ + for (i =3D 0; i < sizeof(wkvp); i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + wkvp[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + if (memcmp(wkvp, protkey_wkvp, sizeof(wkvp))) { + /* wkvp mismatch -> return with cc 1 */ + return 1; + } + + /* fetch protected key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + /* 'decrypt' the protected key */ + for (i =3D 0; i < keysize; i++) { + key[i] ^=3D protkey_xor_pattern[i]; + } + + /* expand key */ + if (mod) { + AES_set_decrypt_key(key, keysize * 8, &exkey); + } else { + AES_set_encrypt_key(key, keysize * 8, &exkey); + } + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); + if (mod) { + AES_decrypt(in, out, &exkey); + } else { + AES_encrypt(in, out, &exkey); + } + aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); + len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; + } + + *src_ptr_reg =3D deposit64(*src_ptr_reg, 0, addr_reg_size, + *src_ptr_reg + done); + *dst_ptr_reg =3D deposit64(*dst_ptr_reg, 0, addr_reg_size, + *dst_ptr_reg + done); + *src_len_reg -=3D done; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index e1952ae4bc..988226338d 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -103,6 +103,13 @@ static int cpacf_km(CPUS390XState *env, const int mmu_= idx, uintptr_t ra, &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], S390_FEAT_TYPE_KM, fc, mod); break; + case 0x1a: /* CPACF_KM_PAES_128 */ + case 0x1b: /* CPACF_KM_PAES_192 */ + case 0x1c: /* CPACF_KM_PAES_256 */ + rc =3D cpacf_paes_ecb(env, mmu_idx, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 = + 1], + S390_FEAT_TYPE_KM, fc, mod); + break; case 0x32: /* CPACF_KM_XTS_128 */ case 0x34: /* CPACF_KM_XTS_256 */ rc =3D cpacf_aes_xts(env, mmu_idx, ra, env->regs[1], --=20 2.43.0 From nobody Sat May 30 17:43:37 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779797955; cv=none; d=zohomail.com; s=zohoarc; b=iIiCFPXnhLTPJUNKhHUGqAYqp69voMycYzmELOh3DuKApMBcJGRd8Acm8Hlz786Ri4V9/PbbJhR6WE2kyEiUJazDViLwSGL5Q0nJQqujkqtj1XrgHuUP63A7i9RaY+MetlF0MJU/eBLyrN9+wdwyoFDKMnETSI14DvifLllZ5G4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779797955; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=5WSxuqwlknn4ZHqj8YRaf8gIGA2ogrmyZvmlU/MzUMc=; b=Q5ityMzrFtYHMK+vDSH6Tx1EHi/9wNGo8Vib1ityfpKuCNv93nJeiVzH6VCba9Ovd9x+w6to0/2vRCqKl9OQa85Mvmi4CjCvee/TUEyVKAcCcrjys/tdPyq+fPsebTO5DoPOGJHTxSBB4ThQEDWz7LOqisYPCsrHG6fRXjFTqdU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779797955221985.6935353408588; Tue, 26 May 2026 05:19:15 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wRqhj-0006Su-IL; Tue, 26 May 2026 08:16:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhe-0006Pg-Cu; Tue, 26 May 2026 08:16:10 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhY-0006XM-8X; Tue, 26 May 2026 08:16:10 -0400 Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64QA7e6p2781987; Tue, 26 May 2026 12:15:57 GMT Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eb4nq31d5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:57 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64QC9rYc021258; Tue, 26 May 2026 12:15:56 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 4ebs8y8ypr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:56 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64QCFrp016187766 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 26 May 2026 12:15:53 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E5E6720043; Tue, 26 May 2026 12:15:52 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A0FC020040; Tue, 26 May 2026 12:15:52 +0000 (GMT) Received: from funtu2.aag-de.ibm.com (unknown [9.52.218.240]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 26 May 2026 12:15:52 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=5WSxuqwlknn4ZHqj8 YRaf8gIGA2ogrmyZvmlU/MzUMc=; b=mfkU0wvjpDwPG6n9tOOvSbHpGyDexmb5T OdGoP250EYRr3pWl8gIVrsHd2wbwFVI13MdvlX3Wdk6m36DQM1mKhdA/F36zLhOV c2oAGRJI+sGGAkT451wfbWDioBptf+OfCMOEcjbJKJ03FHdIY+8wJnvjcXfxKMrR FeY4pBxeX41Tpe/9hrCddisSS39EfVsKVKapa75wugAwOSdO/RKiNfoYURBbQiyN AzyYK2bdsaZn7sqZOIQPKYbzeIkGi5vYArChiZbS95l8Dtl6WC4+icsA2iQu1V8x e8foPxQmNWp2YIYAWdL+XZcXKJrJsexR35OrdhCaT2KNqb9XV7uIA== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v6 11/17] target/s390x: Support protected key AES CBC for cpacf kmc instruction Date: Tue, 26 May 2026 14:15:43 +0200 Message-ID: <20260526121550.5296-12-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260526121550.5296-1-freude@linux.ibm.com> References: <20260526121550.5296-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: vvEVPG8lnnlrZHPmDyrJBPK2hYT2eyan X-Proofpoint-ORIG-GUID: vvEVPG8lnnlrZHPmDyrJBPK2hYT2eyan X-Authority-Analysis: v=2.4 cv=QIJYgALL c=1 sm=1 tr=0 ts=6a158efd cx=c_pps a=aDMHemPKRhS1OARIsFnwRA==:117 a=aDMHemPKRhS1OARIsFnwRA==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=Y2IxJ9c9Rs8Kov3niI8_:22 a=VnNF1IyMAAAA:8 a=1XR5bUzyU_lZOmb26nMA:9 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTI2MDEwNSBTYWx0ZWRfXxf23ncAfXmA7 BLrMMj2L6H3ThKq6+NjofVKuq03QP96/P1aGEbKiLB5XOFCzJZrXh5DeQP6P9LOe4OZ3TrQEB82 P6doyYgeKOq69/TmVkDcN1TasS0RuhlwZx+hwefA/a6oj/k0h1QzJSxEUfY30A2O1eW15oqSOkT AwiBe7Qmb7K+IL/7b2LpOE1UV1gDmXS8F1272mp+RG8vqBB9sVaA4x8q7tFEX57QNdgPMYl5Hte RbWV4AHcp5ySWQJtHqgUOUH2uONjUsI9TRMUUA8HNO7A+1Cj6vIV2KNUw7oLYrRi9Ryep/M4lcF F5RyIPoYycjtzO/0dPFzMVB0cJrKNICEPX143P5lIVzCuH/IhQkJjUNOo4zFwajbRxpKPNRIC71 TgntbmHG/VBiXu1XP4OYN23yz+dzaqC02aPEhwdWpbckacZ+qVY8mME6Zifw9IUUtuEd9hpBfsp g9k+Cpvpc8iWoGu6rIg== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-05-26_02,2026-05-26_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 priorityscore=1501 impostorscore=0 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 adultscore=0 spamscore=0 lowpriorityscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605260105 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779797955758158500 Content-Type: text/plain; charset="utf-8" Support the subfunctions CPACF_KMC_PAES_128, CPACF_KMC_PAES_192 and CPACF_KMC_PAES_256 for the cpacf kmc instruction. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler --- target/s390x/gen-features.c | 3 + target/s390x/tcg/cpacf.h | 4 ++ target/s390x/tcg/cpacf_aes.c | 109 +++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 7 ++ 4 files changed, 123 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 71e0e41d6e..074c53aecd 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -932,6 +932,9 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KMC_AES_128, S390_FEAT_KMC_AES_192, S390_FEAT_KMC_AES_256, + S390_FEAT_KMC_EAES_128, + S390_FEAT_KMC_EAES_192, + S390_FEAT_KMC_EAES_256, S390_FEAT_KMCTR_AES_128, S390_FEAT_KMCTR_AES_192, S390_FEAT_KMCTR_AES_256, diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 7cf739e7a4..e302c17a2f 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -44,5 +44,9 @@ int cpacf_paes_ecb(CPUS390XState *env, const int mmu_idx,= uintptr_t ra, uint64_t param_addr, uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint32_t type, uint8_t fc, uint8_t mod); +int cpacf_paes_cbc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint32_t type, uint8_t fc, uint8_t mod); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index bcfcf3b660..a6487261e1 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -620,3 +620,112 @@ int cpacf_paes_ecb(CPUS390XState *env, const int mmu_= idx, uintptr_t ra, =20 return !len ? 0 : 3; } + +int cpacf_paes_cbc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint32_t type, uint8_t fc, uint8_t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + uint8_t key[32], wkvp[32], iv[AES_BLOCK_SIZE]; + uint64_t addr, len =3D *src_len_reg, done =3D 0; + int i, keysize, addr_reg_size =3D 64; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KMC); + + switch (fc) { + case 0x1a: /* CPACF_KMC_PAES_128 */ + keysize =3D 16; + break; + case 0x1b: /* CPACF_KMC_PAES_192 */ + keysize =3D 24; + break; + case 0x1c: /* CPACF_KMC_PAES_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + addr_reg_size =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch and check wkvp from param block */ + for (i =3D 0; i < sizeof(wkvp); i++) { + addr =3D wrap_address(env, param_addr + AES_BLOCK_SIZE + keysize += i); + wkvp[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + if (memcmp(wkvp, protkey_wkvp, sizeof(wkvp))) { + /* wkvp mismatch -> return with cc 1 */ + return 1; + } + + /* fetch iv from param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + i); + iv[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + + /* fetch protected key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + AES_BLOCK_SIZE + i); + key[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + /* 'decrypt' the protected key */ + for (i =3D 0; i < keysize; i++) { + key[i] ^=3D protkey_xor_pattern[i]; + } + + /* expand key */ + if (mod) { + AES_set_decrypt_key(key, keysize * 8, &exkey); + } else { + AES_set_encrypt_key(key, keysize * 8, &exkey); + } + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); + if (mod) { + /* decrypt in =3D> buf */ + AES_decrypt(in, buf, &exkey); + /* buf xor iv =3D> out */ + aes_xor(buf, iv, out); + /* prep iv for next round */ + memcpy(iv, in, AES_BLOCK_SIZE); + } else { + /* in xor iv =3D> buf */ + aes_xor(in, iv, buf); + /* encrypt buf =3D> out */ + AES_encrypt(buf, out, &exkey); + /* prep iv for next round */ + memcpy(iv, out, AES_BLOCK_SIZE); + } + aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); + len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; + } + + /* update iv in param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + i); + cpu_stb_mmu(env, addr, iv[i], oi, ra); + } + + *src_ptr_reg =3D deposit64(*src_ptr_reg, 0, addr_reg_size, + *src_ptr_reg + done); + *dst_ptr_reg =3D deposit64(*dst_ptr_reg, 0, addr_reg_size, + *dst_ptr_reg + done); + *src_len_reg -=3D done; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 988226338d..3fc48bc9a1 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -137,6 +137,13 @@ static int cpacf_kmc(CPUS390XState *env, const int mmu= _idx, uintptr_t ra, &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], S390_FEAT_TYPE_KMC, fc, mod); break; + case 0x1a: /* CPACF_KMC_PAES_128 */ + case 0x1b: /* CPACF_KMC_PAES_192 */ + case 0x1c: /* CPACF_KMC_PAES_256 */ + rc =3D cpacf_paes_cbc(env, mmu_idx, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 = + 1], + S390_FEAT_TYPE_KMC, fc, mod); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Sat May 30 17:43:37 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779797805; cv=none; d=zohomail.com; s=zohoarc; b=PsfV21GyY+gAMzfTbmPurIIY49KRthdqt6jo9P4eK7fbOpp1X7/ggzo9osAmy1gsTNCz3uH2UVERrTcDSJ2UZcdyMXOs3yxAkE6QJ6jXFXrY3cxeDlughZWtrz16Kyv85fyEvaGfSJOCBGFnC1K1Murnk8y+K/1Y0xwAg4Yx8NU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779797805; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=xo7pvH/X4yi+gCUPrGrW2XBKdW8exQ2xAF/cbSvA7oU=; b=Bd3It18TB52K8y+lJJhDYjWW1BJ3nJrQyw+GOyINJOJufcAXH/IvLpV12uS708G0iEi3072XYKTsWWyUZxf9q9OtRbWOkKUBOCz1IGb1XogYfRCATZWXNFk5FkwPWPaQgUXMlpDxbWMH47Huo/bNvYmMzZ1u7A4sKd5UmEGPNq8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779797805817429.20945799354956; Tue, 26 May 2026 05:16:45 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wRqhk-0006Tf-5K; Tue, 26 May 2026 08:16:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhe-0006Px-Tw; Tue, 26 May 2026 08:16:10 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhY-0006Xj-8w; Tue, 26 May 2026 08:16:10 -0400 Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64QCEVnq3975487; Tue, 26 May 2026 12:15:58 GMT Received: from ppma22.wdc07v.mail.ibm.com (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eb4num1pb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:58 +0000 (GMT) Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1]) by ppma22.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64QC9kR5029336; Tue, 26 May 2026 12:15:57 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4ebpxw1bkq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:57 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64QCFrAG16187768 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 26 May 2026 12:15:53 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3F66520040; Tue, 26 May 2026 12:15:53 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id F3E132004B; Tue, 26 May 2026 12:15:52 +0000 (GMT) Received: from funtu2.aag-de.ibm.com (unknown [9.52.218.240]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 26 May 2026 12:15:52 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=xo7pvH/X4yi+gCUPr GrW2XBKdW8exQ2xAF/cbSvA7oU=; b=Qv5k9eaYbDxW62jMGWSeNHPIRJMWMnWCU RAgIVhPXyHO1klaXTl1TfDKGV+EvGI/o2GwjRMCPkojBtqz8ODmaI1yqS1baU+z4 TXUkrvnlGVn8pMxcZM8LUz0KOlRnQesYRkWKRueL5uHA2ubPyzn5+M6TzJ44jNyh qCUp9dsaY3tfEuYamaOSEnI7SIgc2Zzq8uex+1AnQQALHR+OU6JRInFjz8n/SgMZ FkvAVWY705lFjlLh5awCsjRpfXIfSwGmLsD32sKj3JzWNJBYWJ7XK+sDRMT4G2jv eXDZv1UB2Q9v7nSkYssFPPPoCXmUVP4cVlo6Ps7AbxXiPAtc0DAZw== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v6 12/17] target/s390x: Support protected key AES CTR for cpacf kmctr instruction Date: Tue, 26 May 2026 14:15:44 +0200 Message-ID: <20260526121550.5296-13-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260526121550.5296-1-freude@linux.ibm.com> References: <20260526121550.5296-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTI2MDEwNSBTYWx0ZWRfX5tjhBG+ONBeD kwIiz1C3j1AvNu5VjEi4YK6AI3m1mgoXNHrrpk6aS2riV90ZXREZXzS6XcUERyGN/Oa/lAyeSo6 IUJo/U3JqvjcRBocpGW7BDVLEhXBlnllcD9DryM8vNrKbWChUW7u17fBGbeGhFHnA9MimBIQWGW USTjh+wYUZ6oekQenNIawxeYieh1l2qE8mGjPXdBk/+QctKLR+CIyExPo5W3ELdtYwRDcrswZgi O81HIjtjydANWJJ4ksQRi56L57loAkQ/ep7W0sGdwnp49rHk3O2tQcbaP+i9ivr7G7KFRrcWQ5o pI2WXVU4dUc2eqoIBVjb9EtOQqO/JauHhdzj4F9zLpJAi3FCGfsZnkuVHYI8VXL449hXLcckG0s p0xroi2V4rzDIJjGc6tmF3RaqSrlmp8IuMYlialQqW93tpWIl9R4E59NUdBIA+Dh+87gGNLHoIU Ck0sah33j+bpPJYkNDg== X-Authority-Analysis: v=2.4 cv=UtJT8ewB c=1 sm=1 tr=0 ts=6a158efe cx=c_pps a=5BHTudwdYE3Te8bg5FgnPg==:117 a=5BHTudwdYE3Te8bg5FgnPg==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=iQ6ETzBq9ecOQQE5vZCe:22 a=VnNF1IyMAAAA:8 a=f59o6tnjY-_5Ge3baHwA:9 X-Proofpoint-ORIG-GUID: D2wANfh4psZOiqeUIPK63WGWWFXwO0Hb X-Proofpoint-GUID: D2wANfh4psZOiqeUIPK63WGWWFXwO0Hb X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-05-26_02,2026-05-26_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 adultscore=0 clxscore=1015 bulkscore=0 phishscore=0 impostorscore=0 malwarescore=0 lowpriorityscore=0 priorityscore=1501 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605260105 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=freude@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779797808098154100 Content-Type: text/plain; charset="utf-8" Support the subfunctions CPACF_KMCTR_PAES_128, CPACF_KMCTR_PAES_192 and CPACF_KMCTR_PAES_256 for the cpacf kmctr instruction. Signed-off-by: Harald Freudenberger --- target/s390x/gen-features.c | 3 ++ target/s390x/tcg/cpacf.h | 5 ++ target/s390x/tcg/cpacf_aes.c | 90 ++++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 7 +++ 4 files changed, 105 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 074c53aecd..4a131dc191 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -938,6 +938,9 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KMCTR_AES_128, S390_FEAT_KMCTR_AES_192, S390_FEAT_KMCTR_AES_256, + S390_FEAT_KMCTR_EAES_128, + S390_FEAT_KMCTR_EAES_192, + S390_FEAT_KMCTR_EAES_256, S390_FEAT_PCC_XTS_AES_128, S390_FEAT_PCC_XTS_AES_256, S390_FEAT_PCKMO_AES_128, diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index e302c17a2f..223bada622 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -48,5 +48,10 @@ int cpacf_paes_cbc(CPUS390XState *env, const int mmu_idx= , uintptr_t ra, uint64_t param_addr, uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint32_t type, uint8_t fc, uint8_t mod); +int cpacf_paes_ctr(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint64_t *ctr_ptr_reg, uint32_t type, + uint8_t fc, uint8_t mod); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index a6487261e1..ffa286d422 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -729,3 +729,93 @@ int cpacf_paes_cbc(CPUS390XState *env, const int mmu_i= dx, uintptr_t ra, =20 return !len ? 0 : 3; } + +int cpacf_paes_ctr(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint64_t *ctr_ptr_reg, uint32_t type, + uint8_t fc, uint8_t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + uint8_t ctr[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; + uint64_t addr, len =3D *src_len_reg, done =3D 0; + int i, keysize, addr_reg_size =3D 64; + uint8_t key[32], wkvp[32]; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KMCTR); + + switch (fc) { + case 0x1a: /* CPACF_KMCTR_PAES_128 */ + keysize =3D 16; + break; + case 0x1b: /* CPACF_KMCTR_PAES_192 */ + keysize =3D 24; + break; + case 0x1c: /* CPACF_KMCTR_PAES_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + addr_reg_size =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch and check wkvp from param block */ + for (i =3D 0; i < sizeof(wkvp); i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + wkvp[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + if (memcmp(wkvp, protkey_wkvp, sizeof(wkvp))) { + /* wkvp mismatch -> return with cc 1 */ + return 1; + } + + /* fetch protected key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + /* 'decrypt' the protected key */ + for (i =3D 0; i < keysize; i++) { + key[i] ^=3D protkey_xor_pattern[i]; + } + + /* expand key */ + AES_set_encrypt_key(key, keysize * 8, &exkey); + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + /* read in nonce/ctr =3D> ctr */ + aes_read_block(env, mmu_idx, *ctr_ptr_reg + done, ctr, ra); + /* encrypt ctr =3D> buf */ + AES_encrypt(ctr, buf, &exkey); + /* read in one block of input data =3D> in */ + aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); + /* exor input data with encrypted ctr =3D> out */ + aes_xor(in, buf, out); + /* write out the processed block */ + aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); + len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; + } + + *src_ptr_reg =3D deposit64(*src_ptr_reg, 0, addr_reg_size, + *src_ptr_reg + done); + *dst_ptr_reg =3D deposit64(*dst_ptr_reg, 0, addr_reg_size, + *dst_ptr_reg + done); + *ctr_ptr_reg =3D deposit64(*ctr_ptr_reg, 0, addr_reg_size, + *ctr_ptr_reg + done); + *src_len_reg -=3D done; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 3fc48bc9a1..60c3ebd79e 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -165,6 +165,13 @@ static int cpacf_kmctr(CPUS390XState *env, const int m= mu_idx, uintptr_t ra, &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], &env->regs[r3], S390_FEAT_TYPE_KMCTR, fc, mod); break; + case 0x1a: /* CPACF_KMCTR_PAES_128 */ + case 0x1b: /* CPACF_KMCTR_PAES_192 */ + case 0x1c: /* CPACF_KMCTR_PAES_256 */ + rc =3D cpacf_paes_ctr(env, mmu_idx, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 = + 1], + &env->regs[r3], S390_FEAT_TYPE_KMCTR, fc, mod); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Sat May 30 17:43:37 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779797900; cv=none; d=zohomail.com; s=zohoarc; b=LfMQDRcdjgsqSS06EXsR/FDXkjoVAx73P9Wlo9sIk6wgVkxkfN3vMfYR1E0kPZlF3rX9+fu/d9myXWRE1QnCoV+hqMr8YLXHseFNmTRSoChpcMMOeoalmEvg0smIuu4s3ESfuKQEU0XdxO958h2cWxEbFMGH3AsMcbrTm7KY82c= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779797900; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=D0VTBmwG+lNkTQBnaRhIO6fTpKHA1rPxk3P40axmOxE=; b=ds8V55LB58HYbhv8b5TY2XeayTTsVwqCxBg7lcEHVY5WWIzL0LaJFmPMckTUZk2XH9eYEeVaTxSvdKQy38dHzwr5b83Tu0d3G4ZfcWi1WgY55y0va1AmJzIF/f5iPJ7xZXIZCYa366g89WIXKGZLNttmdIwwgDkmB702bjeTwd0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779797900846726.5715019109379; Tue, 26 May 2026 05:18:20 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wRqhe-0006Pw-VW; Tue, 26 May 2026 08:16:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhc-0006OQ-SB; Tue, 26 May 2026 08:16:08 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhX-0006XO-Si; Tue, 26 May 2026 08:16:08 -0400 Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64QAYXVM3239667; Tue, 26 May 2026 12:15:58 GMT Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eb4nc3076-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:58 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64QC9xTk012834; Tue, 26 May 2026 12:15:57 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4ebr2h157r-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:57 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64QCFr2J30605988 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 26 May 2026 12:15:53 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A6AF820040; Tue, 26 May 2026 12:15:53 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4557B20043; Tue, 26 May 2026 12:15:53 +0000 (GMT) Received: from funtu2.aag-de.ibm.com (unknown [9.52.218.240]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 26 May 2026 12:15:53 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=D0VTBmwG+lNkTQBna RhIO6fTpKHA1rPxk3P40axmOxE=; b=nDII9TI8eMW0OeRmqX9sB67DgBLL86EvV 7Q71r2l5dV0RyCkj5ugeC0mSW23+E40PIcjx6e9jQM8ckUuxhEOQDY/Ff1+68PYi /uL5S2Rbi9R7D3dPPJq+Y8sKUEFLWldEfUb02VCHMV1x9ReYgQc1hdVu2tdJ3ham l6BL/52B3Gp8ljl+roXrUwbALAx8uMC85k7NhkeOiX/Fo72Qc42Jb/2lcQhoLiOM Z8cfY23oGZcO836H701pebsCOsKqSCLrxdiDzB2G7+z/pmPz38tZ8Vn7d6zcC748 VdA30vPkfgVuAFSk5RyaGqRzM+JRBST6etfeS8QhONebM3pshOHDg== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v6 13/17] target/s390x: Minimal protected key AES XTS support for cpacf pcc instruction Date: Tue, 26 May 2026 14:15:45 +0200 Message-ID: <20260526121550.5296-14-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260526121550.5296-1-freude@linux.ibm.com> References: <20260526121550.5296-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=VvYTxe2n c=1 sm=1 tr=0 ts=6a158efe cx=c_pps a=3Bg1Hr4SwmMryq2xdFQyZA==:117 a=3Bg1Hr4SwmMryq2xdFQyZA==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=V8glGbnc2Ofi9Qvn3v5h:22 a=VnNF1IyMAAAA:8 a=zQyVPUQHs5nwjg34eLYA:9 X-Proofpoint-ORIG-GUID: AOeLtjnLsPKQHZqR3mHyk_zBnhBE5tmS X-Proofpoint-GUID: AOeLtjnLsPKQHZqR3mHyk_zBnhBE5tmS X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTI2MDEwNSBTYWx0ZWRfXwFN0lQoh+S5K gug+cvaXHz9MRrP6mnbSlYRbX77M1ARbrDii8nHhIztQZDSLZK+6HkpRcf1mShzFPSMKjZ5SRVm dzknZWMbHQ66rSgYQyufxf7GkxSWVeKrCV97R4/bT4uNcV7V9U2U349sSohNSzLBtPCW4F/Q9Ct sA1Q9r8JAaKjI+xqjHZ8HkPhe7xhaozPh4r1J6bCUmZcbhPYfMZ7upkxPs0f6+gRA+umQiOh3oy hmO++4lVcR56L89+4RrkSci1THV9SccGQ0ywA9ixqFMhOI1ni4A7QHt2QflR5LyW+slnyAnKouD zmxciJ5Am6rQFCSDTSB32F/3jMeSFw4bOPFzW0+GOagiqrLmck/n7OeuUzgg2Wk5zUO7X3CFDpI f5J8x/Thg7Zd6YRVQ69880YbvE+5+EkitQzgdF9OQRRkCSVQopyGduZG6WVsBZITlpONBTIYMea q45BMHWJ/y5I7MfIC6g== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-05-26_02,2026-05-26_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 phishscore=0 priorityscore=1501 spamscore=0 adultscore=0 lowpriorityscore=0 malwarescore=0 impostorscore=0 clxscore=1015 bulkscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605260105 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779797903391154100 Content-Type: text/plain; charset="utf-8" Support CPACF pcc subfunctions PCC-Compute-XTS-Parameter-Encrypted-AES-128 and PCC-Compute-XTS-Parameter-Encrypted-AES-128 but only for the special case block sequential number is 0. However, this covers the s390 PAES XTS implementation in the Linux kernel. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler --- target/s390x/gen-features.c | 2 + target/s390x/tcg/cpacf.h | 2 + target/s390x/tcg/cpacf_aes.c | 80 ++++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 4 ++ 4 files changed, 88 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 4a131dc191..126bacb281 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -943,6 +943,8 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KMCTR_EAES_256, S390_FEAT_PCC_XTS_AES_128, S390_FEAT_PCC_XTS_AES_256, + S390_FEAT_PCC_XTS_EAES_128, + S390_FEAT_PCC_XTS_EAES_256, S390_FEAT_PCKMO_AES_128, S390_FEAT_PCKMO_AES_192, S390_FEAT_PCKMO_AES_256, diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 223bada622..6df474fbc8 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -53,5 +53,7 @@ int cpacf_paes_ctr(CPUS390XState *env, const int mmu_idx,= uintptr_t ra, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint64_t *ctr_ptr_reg, uint32_t type, uint8_t fc, uint8_t mod); +int cpacf_paes_pcc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint8_t fc); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index ffa286d422..d454d6f302 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -819,3 +819,83 @@ int cpacf_paes_ctr(CPUS390XState *env, const int mmu_i= dx, uintptr_t ra, =20 return !len ? 0 : 3; } + +int cpacf_paes_pcc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint8_t fc) +{ + uint8_t key[32], wkvp[32], tweak[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + int keysize, i; + uint64_t addr; + AES_KEY exkey; + + switch (fc) { + case 0x3a: /* CPACF_PCC compute XTS param Encrypted AES-128 */ + keysize =3D 16; + break; + case 0x3c: /* CPACF PCC compute XTS param Encrypted AES-256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + /* fetch and check wkvp from param block */ + for (i =3D 0; i < sizeof(wkvp); i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + wkvp[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + if (memcmp(wkvp, protkey_wkvp, sizeof(wkvp))) { + /* wkvp mismatch -> return with cc 1 */ + return 1; + } + + /* fetch block sequence nr from param block into buf */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + + sizeof(wkvp) + AES_BLOCK_SIZE + i); + buf[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + + /* is the block sequence nr 0 ? */ + for (i =3D 0; i < AES_BLOCK_SIZE && !buf[i]; i++) { + ; + } + if (i < AES_BLOCK_SIZE) { + /* no, sorry handling of non zero block sequence is not implemente= d */ + cpu_abort(env_cpu(env), + "PCC-compute-XTS-param (encrypted) with non zero block s= eq nr is not implemented\n"); + return 1; + } + + /* fetch protected key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + /* 'decrypt' the protected key */ + for (i =3D 0; i < keysize; i++) { + key[i] ^=3D protkey_xor_pattern[i]; + } + + /* fetch tweak from param block into tweak */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + sizeof(wkvp) + i= ); + tweak[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + + /* expand key */ + AES_set_encrypt_key(key, keysize * 8, &exkey); + + /* encrypt tweak */ + AES_encrypt(tweak, buf, &exkey); + + /* store encrypted tweak into xts parameter field of the param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + + sizeof(wkvp) + 3 * AES_BLOCK_SIZE + i); + cpu_stb_mmu(env, addr, buf[i], oi, ra); + } + + return 0; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 60c3ebd79e..38f7d900fa 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -206,6 +206,10 @@ static int cpacf_pcc(CPUS390XState *env, const int mmu= _idx, uintptr_t ra, case 0x34: /* CPACF PCC compute XTS param AES-256 */ rc =3D cpacf_aes_pcc(env, mmu_idx, ra, env->regs[1], fc); break; + case 0x3a: /* CPACF_PCC compute XTS param Encrypted AES-128 */ + case 0x3c: /* CPACF PCC compute XTS param Encrypted AES-256 */ + rc =3D cpacf_paes_pcc(env, mmu_idx, ra, env->regs[1], fc); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Sat May 30 17:43:37 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779797956; cv=none; d=zohomail.com; s=zohoarc; b=jNMGCAX5HwpNBDoGD9erk6RdpbBMJ1f3bhXcm9gz9YQY5DYf1b296oppRxv2/0RcwU40M/I6X3wg++DTACdEB0kGwSU+NfSnlzM7GnLS1fj3iLDIrzMy+oeisVxuDx/C8lu1H+i+245fAuZuzRWv5CiJbJ1qJpwJ7mTafN+fwFM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779797956; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=ZsIjjeAQFfLyvMoazto1Fitd9pLSREAy3KRl8ILTld8=; b=enlToUnP2+jXhbCLMJn7qXvcuk9Xa1az9oVjHcCoVh0USqXoSPZRNbOq4ZYCnQGid4R383mDP80TDj9TeXJkGYM+G4Geu3EeWJGVDJ91W9pT3U0lUup5xHHp6HJGmAOShp8lo+YqKuT9pq7NslbxPUtaHnob6D3FQau5QMpimd0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 17797979569571013.6446974121957; Tue, 26 May 2026 05:19:16 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wRqhj-0006St-EN; Tue, 26 May 2026 08:16:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhd-0006Ob-9k; Tue, 26 May 2026 08:16:09 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhY-0006XZ-4X; Tue, 26 May 2026 08:16:08 -0400 Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64PKP4jV4180069; Tue, 26 May 2026 12:15:59 GMT Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eb4pdb1t5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:58 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64QC9t59021267; Tue, 26 May 2026 12:15:58 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 4ebs8y8yps-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:58 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64QCFsBA40829318 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 26 May 2026 12:15:54 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1CB8820043; Tue, 26 May 2026 12:15:54 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AC2122004B; Tue, 26 May 2026 12:15:53 +0000 (GMT) Received: from funtu2.aag-de.ibm.com (unknown [9.52.218.240]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 26 May 2026 12:15:53 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=ZsIjjeAQFfLyvMoaz to1Fitd9pLSREAy3KRl8ILTld8=; b=D2K79ax6r8tse5NK/MkCw+Ze6fgc0y4q9 dgImZNxLELUo91U5IE7cR5pfojBczw1VB+w0AcugdTMEKaQLUrbLI91Hptz8N3md PdOglyi4tfv1rifyJBfDTpDCFUD4UaLDNHs1yQ5ujFGvkq+u06vrHs5qQq77PIYr 9e9crFThgiPaRXL1AoOadV1fQqmIHxen+enqrvZ6ZPyOtcDvkGV1w5m1J6UBHXS+ 6mdZkDJdlV6ur+22b5N1B8z0jireHc5Q46/x5INkqUyiUXvyPGNl0HuDZBX2wDJq pSaSjpzorOcxcqTZiPmMOP7h2xi8E1kQuxFzhjRY25EAoYdokJSpQ== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v6 14/17] target/s390x: Support protected key AES XTS for cpacf km instruction Date: Tue, 26 May 2026 14:15:46 +0200 Message-ID: <20260526121550.5296-15-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260526121550.5296-1-freude@linux.ibm.com> References: <20260526121550.5296-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=OdqoyBTY c=1 sm=1 tr=0 ts=6a158eff cx=c_pps a=aDMHemPKRhS1OARIsFnwRA==:117 a=aDMHemPKRhS1OARIsFnwRA==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=RzCfie-kr_QcCd8fBx8p:22 a=VnNF1IyMAAAA:8 a=ub7L66Qb16_Canke32oA:9 X-Proofpoint-GUID: XZU2o1OnYw-HnJymmz2VBur7q4MCLqCG X-Proofpoint-ORIG-GUID: XZU2o1OnYw-HnJymmz2VBur7q4MCLqCG X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTI2MDEwNSBTYWx0ZWRfX4WeJlMhgJVe7 h4O6vi4ciTQt011Djh1P+0R/Sz81zJhOQkvDxaH5mexUpsPSvDyRHBme88WAqCb3plxPOsuw7uP orZS/Tia/5K5NfoHCoA00ttmAu6O/lScznDH3a5zGqVY3yxC1VHbZX8aqKNSgbA83ELZmxBpaGc a2fngx0lSgwCnLOkiivPlWZHntjvXviN9DUb3w9nVDUE9lYkcGCe3i1H1gEgtZQ8ZetOkjEqIgB wPBdBVqqenvfPCGViCJ+AfkjoQFuyJizVRZhswgOf97T8mb8U0049JfxjiwWLx2LIT9X6oJtyBb j+Ywl/geMVD1Cr4a5xrHAJ7TaOEsQNnYiwNYZqOvJOl8DP+UISOh5vwbUgBv6f7N4ctLAmPGkA/ N2tjqBnN/8kGdq5fWxIO5kXIrH3oHZSi4le6YFfvmFiveQKPEBn2/wUVgH+LeOZoimY/vCcJVSI /vCNmZoE9OyyixY6cPw== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-05-26_02,2026-05-26_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 impostorscore=0 clxscore=1015 malwarescore=0 lowpriorityscore=0 bulkscore=0 suspectscore=0 adultscore=0 spamscore=0 phishscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605260105 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779797958243154100 Content-Type: text/plain; charset="utf-8" Support the subfunctions CPACF_KM_PXTS_128 and CPACF_KM_PAES_256 for the cpacf km instruction. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler --- target/s390x/gen-features.c | 2 + target/s390x/tcg/cpacf.h | 4 ++ target/s390x/tcg/cpacf_aes.c | 106 +++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 6 ++ 4 files changed, 118 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 126bacb281..c4c59c3504 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -929,6 +929,8 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KM_EAES_256, S390_FEAT_KM_XTS_AES_128, S390_FEAT_KM_XTS_AES_256, + S390_FEAT_KM_XTS_EAES_128, + S390_FEAT_KM_XTS_EAES_256, S390_FEAT_KMC_AES_128, S390_FEAT_KMC_AES_192, S390_FEAT_KMC_AES_256, diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 6df474fbc8..25990c2df6 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -55,5 +55,9 @@ int cpacf_paes_ctr(CPUS390XState *env, const int mmu_idx,= uintptr_t ra, uint8_t fc, uint8_t mod); int cpacf_paes_pcc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, uint64_t param_addr, uint8_t fc); +int cpacf_paes_xts(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint32_t type, uint8_t fc, uint8_t mod); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index d454d6f302..98d5134d5f 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -899,3 +899,109 @@ int cpacf_paes_pcc(CPUS390XState *env, const int mmu_= idx, uintptr_t ra, =20 return 0; } + +int cpacf_paes_xts(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint32_t type, uint8_t fc, uint8_t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + uint8_t buf1[AES_BLOCK_SIZE], buf2[AES_BLOCK_SIZE]; + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + uint8_t key[32], wkvp[32], tweak[AES_BLOCK_SIZE]; + uint64_t addr, len =3D *src_len_reg, done =3D 0; + int i, keysize, addr_reg_size =3D 64; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KM); + + switch (fc) { + case 0x3a: /* CPACF_KM_PXTS_128 */ + keysize =3D 16; + break; + case 0x3c: /* CPACF_KM_PXTS_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + addr_reg_size =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch and check wkvp from param block */ + for (i =3D 0; i < sizeof(wkvp); i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + wkvp[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + if (memcmp(wkvp, protkey_wkvp, sizeof(wkvp))) { + /* wkvp mismatch -> return with cc 1 */ + return 1; + } + + /* fetch protected key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + /* 'decrypt' the protected key */ + for (i =3D 0; i < keysize; i++) { + key[i] ^=3D protkey_xor_pattern[i]; + } + + /* expand key */ + if (mod) { + AES_set_decrypt_key(key, keysize * 8, &exkey); + } else { + AES_set_encrypt_key(key, keysize * 8, &exkey); + } + + /* fetch tweak from param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + sizeof(wkvp) + i= ); + tweak[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + /* fetch one AES block into buf1 */ + aes_read_block(env, mmu_idx, *src_ptr_reg + done, buf1, ra); + /* buf1 xor tweak =3D> buf2 */ + aes_xor(buf1, tweak, buf2); + if (mod) { + /* decrypt buf2 =3D> buf1 */ + AES_decrypt(buf2, buf1, &exkey); + } else { + /* encrypt buf2 =3D> buf1 */ + AES_encrypt(buf2, buf1, &exkey); + } + /* buf1 xor tweak =3D> buf2 */ + aes_xor(buf1, tweak, buf2); + /* prep tweak for next round */ + aes_xts_prep_next_tweak(tweak); + /* write out this processed block from buf2 */ + aes_write_block(env, mmu_idx, *dst_ptr_reg + done, buf2, ra); + len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; + } + + /* update tweak in param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + sizeof(wkvp) + i= ); + cpu_stb_mmu(env, addr, tweak[i], oi, ra); + } + + *src_ptr_reg =3D deposit64(*src_ptr_reg, 0, addr_reg_size, + *src_ptr_reg + done); + *dst_ptr_reg =3D deposit64(*dst_ptr_reg, 0, addr_reg_size, + *dst_ptr_reg + done); + *src_len_reg -=3D done; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 38f7d900fa..8054e4facd 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -116,6 +116,12 @@ static int cpacf_km(CPUS390XState *env, const int mmu_= idx, uintptr_t ra, &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], S390_FEAT_TYPE_KM, fc, mod); break; + case 0x3a: /* CPACF_KM_PXTS_128 */ + case 0x3c: /* CPACF_KM_PXTS_256 */ + rc =3D cpacf_paes_xts(env, mmu_idx, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 = + 1], + S390_FEAT_TYPE_KM, fc, mod); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Sat May 30 17:43:37 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779797900; cv=none; d=zohomail.com; s=zohoarc; b=Y/6lwrg0dVHxHy1G2JPT+B/kCnf2FW1SXE9SX0+IM08Fmd3T6u8gX4Xu0qYy7eVlV7j8GFEKhL9BBSmgcVmjKzQcRgOwoLPvmw+wkfBmZD9szmgw2fUtWiER8+QVqewxAgl5no/AD9K+3rhp17ofKSs8X79DVvJ+6Yb4IiYn7UQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779797900; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=0NyvyuXZdgVo4wgDJjoVS4c+2Q9A6V9ip/knst0VCDo=; b=KGqEjCO0HHq7Yk/r/EEYTTXqs7dym4Je9xqF/VC5GLtziZWRoh/vbzWKdqET2qJXXC2w8mIPXJ6bbFJEw/xhiFTSj0Y4WdBp7bO6i3DAyubzz8lIRuBQXOKiw6j4fkbYW+/naJjr8Ya1HjW7LfoRhLZ7sHBMA8Lm7dg+a3dVDeA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779797900811599.7668650756999; Tue, 26 May 2026 05:18:20 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wRqhk-0006V3-K3; Tue, 26 May 2026 08:16:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhf-0006QF-48; Tue, 26 May 2026 08:16:11 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhY-0006YK-DL; Tue, 26 May 2026 08:16:10 -0400 Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64QA0WVe2395565; Tue, 26 May 2026 12:16:00 GMT Received: from ppma22.wdc07v.mail.ibm.com (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eb4num1pk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:16:00 +0000 (GMT) Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1]) by ppma22.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64QC9ruw029354; Tue, 26 May 2026 12:15:59 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4ebpxw1bku-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:59 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64QCFs5M40829326 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 26 May 2026 12:15:54 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5B71520043; Tue, 26 May 2026 12:15:54 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 280B32004D; Tue, 26 May 2026 12:15:54 +0000 (GMT) Received: from funtu2.aag-de.ibm.com (unknown [9.52.218.240]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 26 May 2026 12:15:54 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=0NyvyuXZdgVo4wgDJ joVS4c+2Q9A6V9ip/knst0VCDo=; b=mLqaxojvLbB7rvTvc36RXw4dgSF+9J3f1 /U/4p1zaHSNh8L1ETK2ZqY9Rgiiwe5aPFu3FXeado8KLAyPbP7kMTBw7D7j0GbNH 3KPQ98MtlW+c8c+HqfADvf8n0eGCPjDYvZ6I4cK96P+5ljNwTwD3bzniAL67q18D 1j6bWAShKMyJbP/QXjZJNZlZEPQEMyIfrVCdMDLNI///UG94nVGgs2+dJ4X4eJpc 3eCB9jDyxaZYF1FKIUNX0wFDb3KY6envy5gUnduAF4bmiJiXJA4/+6qrlI/u8JKs zDIZMIw6ujvNmCVRJdyj5FkQT4yBRMqPew+JtFhILok1IkADELX3g== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v6 15/17] docs/s390: Document CPACF instructions support Date: Tue, 26 May 2026 14:15:47 +0200 Message-ID: <20260526121550.5296-16-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260526121550.5296-1-freude@linux.ibm.com> References: <20260526121550.5296-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTI2MDEwNSBTYWx0ZWRfX+BvQfudvxWdG FLl9vLRWCcuCfDjs9w5ot4LclYDr4q/N9tkqn9qAiTfnW7OHHBHNHQ5L6qlqzBxMPWl6Cq9KiUn aog5x9uF2d+8xO7JEOezAhnHaosQtW+cx+5oT+N2Y0fjeUKe69dZ/yuj4nXbxhpRiWQmc6JDSa6 PY7XXaWbDsoEvaqlylSwXzZQyO2dsBw/UG/rdPu7MXcb7UXsWyuDJiY6b1w7oT68a0ToKsfcM06 ziniospeoLt06WfuYLHVAkzDMfjIHH0MOYaLsnWW1t/Z8k+wCh0R5bw7UHAuRWSJpuaroLJDflZ 7NwdNNizU4Lr14FgEly6uiG5KRLp6vc96kjTq9gGWfX3zwdjw19E3GF8FXyA+HYJjlcLHlXwp4Y 4Tj9DGvk5ky8cWPar7doUJtkEjNXBR+HjtJ054xQUXrrMnqXimrhzGZB/OJGYqsyytZbx5KPQxy HpE/waFjx3s40CwkaIA== X-Authority-Analysis: v=2.4 cv=UtJT8ewB c=1 sm=1 tr=0 ts=6a158f00 cx=c_pps a=5BHTudwdYE3Te8bg5FgnPg==:117 a=5BHTudwdYE3Te8bg5FgnPg==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=iQ6ETzBq9ecOQQE5vZCe:22 a=VnNF1IyMAAAA:8 a=0leUbG1rbJNNX_27dkMA:9 a=5wi_FRADO1KgGG3s:21 a=O8hF6Hzn-FEA:10 X-Proofpoint-ORIG-GUID: tJmNKZPSdYVF7D6d-98J3hI4fuEesLk8 X-Proofpoint-GUID: tJmNKZPSdYVF7D6d-98J3hI4fuEesLk8 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-05-26_02,2026-05-26_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 adultscore=0 clxscore=1015 bulkscore=0 phishscore=0 impostorscore=0 malwarescore=0 lowpriorityscore=0 priorityscore=1501 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605260105 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=freude@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779797903400154100 Content-Type: text/plain; charset="utf-8" Add a first document covering the Qemu s390 CPACF instructions and functions supported. Signed-off-by: Harald Freudenberger --- docs/system/s390x/cpacf.rst | 109 +++++++++++++++++++++++++++++++++++ docs/system/target-s390x.rst | 1 + 2 files changed, 110 insertions(+) create mode 100644 docs/system/s390x/cpacf.rst diff --git a/docs/system/s390x/cpacf.rst b/docs/system/s390x/cpacf.rst new file mode 100644 index 0000000000..fd9a38fd02 --- /dev/null +++ b/docs/system/s390x/cpacf.rst @@ -0,0 +1,109 @@ +CPACF Support +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +CPACF +----- + +CP Assist for Cryptographic Function (CPACF) is a hardware-integrated +coprocessor feature built into every processor core of IBM Z and +LinuxONE mainframes (s390x architecture). It provides high-speed, +hardware-accelerated encryption and hashing directly on the CPU. + +CPACF provides a set of z/Architecture instructions (known as Message +Security Assist or MSA) that execute cryptographic operations +synchronously with the main processor. + +- Symmetric Encryption: Support for AES (128, 192, 256-bit), DES, and + Triple-DES (TDES). +- Hashing: Acceleration for SHA-1, SHA-2 (up to SHA-512), SHA-3 and + SHAKE. +- Random Number Generation: Pseudo Random Number Generator (PRNG) and + a hardware-based True Random Number Generator (TRNG). +- Asymmetric Support: Elliptic Curve Cryptography (ECC) primitives + P-256, P-384, P-521, Montgomery/Edwards curves (e.g., Ed25519). + +CPACF instructions +------------------ + +Here is a list of implemented CPACF instructions and the supported +functions for each instruction: + +KDSA (COMPUTE DIGITAL SIGNATURE AUTHENTICATION) +- Function code 0x00 - Function Query + +KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST) +- Function code 0x00 - Function Query +- Function code 0x02 - CPACF_KIMD_SHA_256 +- Function code 0x03 - CPACF_KIMD_SHA_512 + +KLMD (COMPUTE LAST MESSAGE DIGEST) +- Function code 0x00 - Function Query +- Function code 0x02 - CPACF_KLMD_SHA_256 +- Function code 0x03 - CPACF_KLMD_SHA_512 + +KM (CIPHER MESSAGE) +- Function code 0x00 - Function Query +- Function code 0x12 - CPACF_KM_AES_128 +- Function code 0x13 - CPACF_KM_AES_192 +- Function code 0x14 - CPACF_KM_AES_256 +- Function code 0x1a - CPACF_KM_PAES_128 +- Function code 0x1b - CPACF_KM_PAES_192 +- Function code 0x1c - CPACF_KM_PAES_256 +- Function code 0x32 - CPACF_KM_XTS_128 +- Function code 0x34 - CPACF_KM_XTS_256 +- Function code 0x3a - CPACF_KM_PXTS_128 +- Function code 0x3c - CPACF_KM_PXTS_256 + +KMAC (COMPUTE MESSAGE AUTHENTICATION CODE) +- Function code 0x00 - Function Query + +KMC (CIPHER MESSAGE WITH CHAINING) +- Function code 0x00 - Function Query +- Function code 0x12 - CPACF_KMC_AES_128 +- Function code 0x13 - CPACF_KMC_AES_192 +- Function code 0x14 - CPACF_KMC_AES_256 +- Function code 0x1a - CPACF_KMC_PAES_128 +- Function code 0x1b - CPACF_KMC_PAES_192 +- Function code 0x1c - CPACF_KMC_PAES_256 + +KMCTR (CIPHER MESSAGE WITH COUNTER) +- Function code 0x00 - Function Query +- Function code 0x12 - CPACF_KMCTR_AES_128 +- Function code 0x13 - CPACF_KMCTR_AES_192 +- Function code 0x14 - CPACF_KMCTR_AES_256 +- Function code 0x1a - CPACF_KMCTR_PAES_128 +- Function code 0x1b - CPACF_KMCTR_PAES_192 +- Function code 0x1c - CPACF_KMCTR_PAES_256 + +KMF (CIPHER MESSAGE WITH CIPHER FEEDBACK) +- not supported + +KMO (CIPHER MESSAGE WITH OUTPUT FEEDBACK) +- not supported + +PCC (PERFORM CRYPTOGRAPHIC COMPUTATION) +- Function code 0x00 - Function Query +- Function code 0x32 - compute XTS param AES-128 +- Function code 0x34 - compute XTS param AES-256 +- Function code 0x3a - compute XTS param Encrypted AES-128 +- Function code 0x3c - compute XTS param Encrypted AES-256 + +PCKMO (PERFORM CRYPTOGRAPHIC KEY MANAGEMENT OPERATION) +- Function code 0x00 - Function Query +- Function code 0x12 - CPACF_PCKMO_ENC_AES_128_KEY +- Function code 0x13 - CPACF_PCKMO_ENC_AES_192_KEY +- Function code 0x14 - CPACF_PCKMO_ENC_AES_256_KEY + +PRNO (PERFORM RANDOM NUMBER OPERATION) +- Function code 0x00 - Function Query +- Function code 0x72 - CPACF_PRNO_TRNG + +Note that the use of a not supported CPACF instruction (KMF and KMO) +or invocation of a not listed function will result in a Specification +Exception. + +Not listed CPACF instructions (KMF, KMO) cause an Operation Exception +when used. Not listed functions cause a Specification Exception when +called. If only the query function is listed (KDSA), then the query +function will return a function status word with all but the query +function bit set to 0. diff --git a/docs/system/target-s390x.rst b/docs/system/target-s390x.rst index 94c981e732..49159826eb 100644 --- a/docs/system/target-s390x.rst +++ b/docs/system/target-s390x.rst @@ -35,3 +35,4 @@ Architectural features s390x/bootdevices s390x/protvirt s390x/cpu-topology + s390x/cpacf --=20 2.43.0 From nobody Sat May 30 17:43:37 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779797805; cv=none; d=zohomail.com; s=zohoarc; b=HPOOITxuy+b6CySG+NijED+Jj8te7g2DiR1zZY3u1cwtOlAB1VXzGg2jOCQDBhQmC8EkmzivVFaLtxVu5AeVh6OKHioJBxsJjgx2Nnf2JLdVk0RPIAynRda8Bwqhp8pLsBGNfcl/Ai67fS4xyf+UObuorTHpOoDaBCw+Sxrp19k= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779797805; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=5WPZHN4nipLaxbAucTQ0zsQgbxsrfj7ZHum/FNMXkFk=; b=eTB7nc4QOKxpCUf5OoGBx+4DNgD6o4WLGy6xUD6Pg386rillei6CCtvq7ZX/QGhTFzsLDuipX48Lmgwpv4mvRInxGiqMFTW+eS+cpx1xlSWoNGGiY9qlmrhNUlaJT9zlJIqgtWUV9U8GGHMDgBBX9POOeuLGUVyfPIvxlBD7in0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779797805567754.7234857984105; Tue, 26 May 2026 05:16:45 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wRqhb-0006N0-1V; Tue, 26 May 2026 08:16:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhZ-0006MZ-S3; Tue, 26 May 2026 08:16:05 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhX-0006Y8-NM; Tue, 26 May 2026 08:16:05 -0400 Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64QANTcB2102282; Tue, 26 May 2026 12:15:59 GMT Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eb4pdb1t6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:59 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64QC9th0012806; Tue, 26 May 2026 12:15:58 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4ebr2h157t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:58 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64QCFsHq48693582 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 26 May 2026 12:15:54 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AE44320040; Tue, 26 May 2026 12:15:54 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 680422004B; Tue, 26 May 2026 12:15:54 +0000 (GMT) Received: from funtu2.aag-de.ibm.com (unknown [9.52.218.240]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 26 May 2026 12:15:54 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=5WPZHN4nipLaxbAuc TQ0zsQgbxsrfj7ZHum/FNMXkFk=; b=S7Cvx4vPF7n0Rwlggl0OY9Vpdt8/MnmoJ NuNTshrg8l7/k8/VGa6EUyw8Y+N6TLY7d9kGVyncvBY02TwWozwGAllyzcNTSCf5 QwV78oWgykMb7dGqE17h4j53Yq4SgWXXjzZq8Wx7QKaHyvZ05G7EGNV6CZKXta3/ QIMl+BhuqJvfVl0cKKc0E/Fkzukjos7jAiW//LXmPSE/K8/llRbJLXKod6+Yr6HJ tQE/omPxi/72HbEPigxyLdWVEvbijjh2haaz5vpfujfjZJ3jfWJyaD9K4CY5/5Qp Tgk3GYZJwL2/uc2sd6nMmWk7jXGJjpOeoZCCIBEqvkc/ElSm3A+MA== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v6 16/17] crypto: Add aes-helpers file to support some AES modes Date: Tue, 26 May 2026 14:15:48 +0200 Message-ID: <20260526121550.5296-17-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260526121550.5296-1-freude@linux.ibm.com> References: <20260526121550.5296-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=OdqoyBTY c=1 sm=1 tr=0 ts=6a158eff cx=c_pps a=3Bg1Hr4SwmMryq2xdFQyZA==:117 a=3Bg1Hr4SwmMryq2xdFQyZA==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=RzCfie-kr_QcCd8fBx8p:22 a=VnNF1IyMAAAA:8 a=DMI8xbQNiVaRte-C14sA:9 X-Proofpoint-GUID: Vro63xNwk59b7SjRumhFnIa3b9RNYS0d X-Proofpoint-ORIG-GUID: Vro63xNwk59b7SjRumhFnIa3b9RNYS0d X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTI2MDEwNSBTYWx0ZWRfX3/5XZ5FSI1gi tKrHm/LD4/Xgln7IvDi0WlzyMXRjj9vC7s77sb44uuo24VYQ1ANGENljWkuCeaVH8r7Rra/qPwe i9SWfrNGX1KiH1YQaYR0OA71KWleqPE3ZjEk64n54TmsdoDXIsxdt2V/jfF5bimD+GvuQg/X0oa x89pJQmYJFqeucwa0GsQwyZWnSvp+mRr/cR9VeRXqMBZzEGgCUwExdU0IlWeRwgbzPhLRm8419p 540wrwBwtOFemVZPRaBcbJ0wjehYCYuAoCdaizklLGioiLH/YejdJXX52yP5BWKbQE3kuUX8U3Z 8kGDcwx6ZzucNEgId0kBJWtAcRF2KkgOsERc+i3GNUWOhfCn0jPUUipUxzHDcX/I6Qh/6i+02fh f97wFqv75UbpdGhWU/mkQYablQ+KkjCTsGuFA7AqomLRZzV4C3LOFM4IRvxwhbPGqX/qf7OyQ0U V8uN0D6bgT8VPG9TScA== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-05-26_02,2026-05-26_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 impostorscore=0 clxscore=1015 malwarescore=0 lowpriorityscore=0 bulkscore=0 suspectscore=0 adultscore=0 spamscore=0 phishscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605260105 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779797807055158500 Content-Type: text/plain; charset="utf-8" Add a new file crypto/aes-helpers.c with simple functions to support some AES modes: - AES cbc: AES_cbc_encrypt() AES_cbc_decrypt() - AES ctr: AES_ctr_encrypt() - AES xts: AES_xts_encrypt() AES_xts_decrypt() and some AES related helpers: - AES_xor() - AES_xts_prep_next_tweak() Signed-off-by: Harald Freudenberger --- crypto/aes-helpers.c | 101 +++++++++++++++++++++++++++++++++++++++++++ crypto/meson.build | 1 + include/crypto/aes.h | 14 ++++++ 3 files changed, 116 insertions(+) create mode 100644 crypto/aes-helpers.c diff --git a/crypto/aes-helpers.c b/crypto/aes-helpers.c new file mode 100644 index 0000000000..8ad3c5132a --- /dev/null +++ b/crypto/aes-helpers.c @@ -0,0 +1,101 @@ +/* + * AES helper functions and mode implementations + * + * Authors: + * Harald Freudenberger + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ + +#include +#include +#include "crypto/aes.h" + +void AES_xor(const unsigned char *src1, const unsigned char *src2, + unsigned char *dst) +{ + int i; + + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + dst[i] =3D src1[i] ^ src2[i]; + } +} + +void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, + unsigned char *iv, const AES_KEY *key) +{ + unsigned char buf[AES_BLOCK_SIZE]; + + /* in xor iv =3D> buf */ + AES_xor(in, iv, buf); + /* encrypt buf =3D> out */ + AES_encrypt(buf, out, key); + /* prep iv for next round */ + memcpy(iv, out, AES_BLOCK_SIZE); +} + +void AES_cbc_decrypt(const unsigned char *in, unsigned char *out, + unsigned char *iv, const AES_KEY *key) +{ + unsigned char buf[AES_BLOCK_SIZE]; + + /* decrypt in =3D> buf */ + AES_decrypt(in, buf, key); + /* buf xor iv =3D> out */ + AES_xor(buf, iv, out); + /* prep iv for next round */ + memcpy(iv, in, AES_BLOCK_SIZE); +} + +void AES_ctr_encrypt(const unsigned char *in, unsigned char *out, + const unsigned char *ctr, const AES_KEY *key) +{ + unsigned char buf[AES_BLOCK_SIZE]; + + /* encrypt ctr =3D> buf */ + AES_encrypt(ctr, buf, key); + /* exor input data with encrypted ctr =3D> out */ + AES_xor(in, buf, out); +} + +void AES_xts_prep_next_tweak(unsigned char *tweak) +{ + unsigned char carry; + int i; + + carry =3D tweak[AES_BLOCK_SIZE - 1] >> 7; + + for (i =3D AES_BLOCK_SIZE - 1; i > 0; i--) { + tweak[i] =3D (unsigned char)((tweak[i] << 1) | (tweak[i - 1] >> 7)= ); + } + + tweak[i] =3D (unsigned char)(tweak[i] << 1); + tweak[i] ^=3D (unsigned char)(0x87 & (unsigned char)(-(unsigned char)c= arry)); +} + +void AES_xts_encrypt(const unsigned char *in, unsigned char *out, + const unsigned char *tweak, const AES_KEY *key) +{ + unsigned char buf1[AES_BLOCK_SIZE], buf2[AES_BLOCK_SIZE]; + + /* in xor tweak =3D> buf1 */ + AES_xor(in, tweak, buf1); + /* encrypt buf1 =3D> buf2 */ + AES_encrypt(buf1, buf2, key); + /* buf2 xor tweak =3D> out */ + AES_xor(buf2, tweak, out); +} + +void AES_xts_decrypt(const unsigned char *in, unsigned char *out, + const unsigned char *tweak, const AES_KEY *key) +{ + unsigned char buf1[AES_BLOCK_SIZE], buf2[AES_BLOCK_SIZE]; + + /* in xor tweak =3D> buf1 */ + AES_xor(in, tweak, buf1); + /* encrypt buf1 =3D> buf2 */ + AES_decrypt(buf1, buf2, key); + /* buf2 xor tweak =3D> out */ + AES_xor(buf2, tweak, out); +} diff --git a/crypto/meson.build b/crypto/meson.build index b51597a879..675f27311c 100644 --- a/crypto/meson.build +++ b/crypto/meson.build @@ -55,6 +55,7 @@ system_ss.add(when: gnutls, if_true: files('tls-cipher-su= ites.c')) =20 util_ss.add(files( 'aes.c', + 'aes-helpers.c', 'clmul.c', 'init.c', 'sm4.c', diff --git a/include/crypto/aes.h b/include/crypto/aes.h index 381f24c902..df6239cb9c 100644 --- a/include/crypto/aes.h +++ b/include/crypto/aes.h @@ -37,4 +37,18 @@ AES_Td0[x] =3D Si[x].[0e, 09, 0d, 0b]; =20 extern const uint32_t AES_Te0[256], AES_Td0[256]; =20 +void AES_xor(const unsigned char *src1, const unsigned char *src2, + unsigned char *dst); +void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, + unsigned char *iv, const AES_KEY *key); +void AES_cbc_decrypt(const unsigned char *in, unsigned char *out, + unsigned char *iv, const AES_KEY *key); +void AES_ctr_encrypt(const unsigned char *in, unsigned char *out, + const unsigned char *ctr, const AES_KEY *key); +void AES_xts_prep_next_tweak(unsigned char *tweak); +void AES_xts_encrypt(const unsigned char *in, unsigned char *out, + const unsigned char *tweak, const AES_KEY *key); +void AES_xts_decrypt(const unsigned char *in, unsigned char *out, + const unsigned char *tweak, const AES_KEY *key); + #endif --=20 2.43.0 From nobody Sat May 30 17:43:37 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1779797961; cv=none; d=zohomail.com; s=zohoarc; b=QDS6hcNnzUkGwOxZnIJcWzNVDJuPVCsvPIpgFb7hyiRtRyH7e6tvQRGbrAOVsTFzaYfECyIatEZC/ifOF7NSKDV9+4z24gciMlqgvLsojr3h21PzoZ7LoYtmJqhL8Q2uGloD3IOIn+FlJyJOLjTGqR7KohlWyy6fQjv1B+YjHMc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779797961; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=xhf4zyh8REkyXlzHgCgt2vTzhO6jP+fD3+QUkpYT8mU=; b=jVfuCNjZS54DzXI+y7YHYgN8zTiXUIGoSuc+euMwTBEbno1Au5GdfdKm/a11s8MiUFU4oYSdufzg7qO++vv26RL/cFXnpoFniHXAxoTJWeQj5aDr+MbkK4gYvB062xkepLNLhAx+BFP6X8L1yVbVS7pnTlp94km7oCh3ybUXsMg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 177979796180630.192774701671738; Tue, 26 May 2026 05:19:21 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wRqhm-0006Z5-Dx; Tue, 26 May 2026 08:16:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhh-0006SE-25; Tue, 26 May 2026 08:16:13 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wRqhZ-0006Yk-0q; Tue, 26 May 2026 08:16:12 -0400 Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64QBJfim2678824; Tue, 26 May 2026 12:16:00 GMT Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eb4num1pf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:59 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 64QCA14r012888; Tue, 26 May 2026 12:15:58 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4ebr2h157u-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 May 2026 12:15:58 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 64QCFtqF15204840 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 26 May 2026 12:15:55 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id F0D7520040; Tue, 26 May 2026 12:15:54 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B398420043; Tue, 26 May 2026 12:15:54 +0000 (GMT) Received: from funtu2.aag-de.ibm.com (unknown [9.52.218.240]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 26 May 2026 12:15:54 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=xhf4zyh8REkyXlzHg Cgt2vTzhO6jP+fD3+QUkpYT8mU=; b=lwyR4SEjGmYoUoykLDCV6VUcYLnn2GNN9 DiUJpL41OEhDV9i2qrZDPSfeP1+7HskB4ceNWEcpBZ/AoT1aWSRCE8I6IfhNGz1l CwfuaDqETrWKsRS5xT8tK3LryZPgZYoBLwF3ipO9YAawpja61nq5eRynxGdKKqZ8 2xshbkIu1b0oLGimdqRkeMiQdJyprxHxTvEnUnDQpjLTT4IDQWfqlczxhVYznUlX wXTCTSuMeoIWKhGUu/bQEfjb7iLiwCuu5xLnGu16WrT8+cumPJABxB14nPZhhHSi Ng8J4cfAUqw4Ls674A3ZSunno3JEF979pLn27TTfwbOGPTbRQJH7Q== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com Subject: [PATCH v6 17/17] target/s390x: Use generic AES helper functions Date: Tue, 26 May 2026 14:15:49 +0200 Message-ID: <20260526121550.5296-18-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260526121550.5296-1-freude@linux.ibm.com> References: <20260526121550.5296-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTI2MDEwNSBTYWx0ZWRfXwEDfzSorKooI kQj5c49cjaN6a64BAW+D6FOSmBtgI+4sPDV58TANWUWUFZVinrY51ofDq3ab4NTCTAlh4BlhYYn 4HwshUEv2vGMZvGKMvshTHx2TVtDnlDV5OQaRubb1b6IzX2okcevmXGXvo0EGMDjNF9wsASqqCt gD/2thsUxvKtURfZ5F17tC4zCwm6fHaEEhwrFoId7qU5y1VLQYnJ5HYrsN1r7SxDMCkLeNRbhcJ GIj20oWGkojL7UHOnsipbUTSeIPWH9Bkt+66L8pzL0m9PXr+LOnK2t5tRfbCuzXAbgmpcKlMFrC wTZflH+XREFdMDiEbsC7q+KGEhdN7kIrhGlR64oYsX6VFcMNilDhvhld/0n9pO3G/m4jSTf7wpR 1aKIkOUhbuGw8GaSVN0Cs5U1P7vEjP36wcSedINwKy+ImGKM9lTodTWxf3ngrVe5tkqDeob5cqO 8HwC3ew0pFJRdK5500A== X-Authority-Analysis: v=2.4 cv=UtJT8ewB c=1 sm=1 tr=0 ts=6a158f00 cx=c_pps a=3Bg1Hr4SwmMryq2xdFQyZA==:117 a=3Bg1Hr4SwmMryq2xdFQyZA==:17 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=iQ6ETzBq9ecOQQE5vZCe:22 a=VnNF1IyMAAAA:8 a=g6vVTg3iDwn42Crx3gMA:9 X-Proofpoint-ORIG-GUID: kFOyPsyDBKEVsHaJmy0EKAnCdPkCJbBw X-Proofpoint-GUID: kFOyPsyDBKEVsHaJmy0EKAnCdPkCJbBw X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-05-26_02,2026-05-26_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 adultscore=0 clxscore=1015 bulkscore=0 phishscore=0 impostorscore=0 malwarescore=0 lowpriorityscore=0 priorityscore=1501 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605260105 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=freude@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1779797963965158500 Content-Type: text/plain; charset="utf-8" Rewrite the cpacf implementations to use the generic AES helper functions from crypto/aes-helpers.c Signed-off-by: Harald Freudenberger --- target/s390x/tcg/cpacf_aes.c | 124 ++++++++++------------------------- 1 file changed, 36 insertions(+), 88 deletions(-) diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index 98d5134d5f..9935b6b39c 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -119,20 +119,13 @@ int cpacf_aes_ecb(CPUS390XState *env, const int mmu_i= dx, uintptr_t ra, return !len ? 0 : 3; } =20 -static void aes_xor(const uint8_t *src1, const uint8_t *src2, uint8_t *dst) -{ - for (int i =3D 0; i < AES_BLOCK_SIZE; i++) { - dst[i] =3D src1[i] ^ src2[i]; - } -} - int cpacf_aes_cbc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, uint64_t param_addr, uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint32_t type, uint8_t fc, uint8_t mod) { enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; - uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); uint64_t addr, len =3D *src_len_reg, done =3D 0; int i, keysize, addr_reg_size =3D 64; @@ -188,19 +181,11 @@ int cpacf_aes_cbc(CPUS390XState *env, const int mmu_i= dx, uintptr_t ra, for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); if (mod) { - /* decrypt in =3D> buf */ - AES_decrypt(in, buf, &exkey); - /* buf xor iv =3D> out */ - aes_xor(buf, iv, out); - /* prep iv for next round */ - memcpy(iv, in, AES_BLOCK_SIZE); + /* decrypt in =3D> out */ + AES_cbc_decrypt(in, out, iv, &exkey); } else { - /* in xor iv =3D> buf */ - aes_xor(in, iv, buf); - /* encrypt buf =3D> out */ - AES_encrypt(buf, out, &exkey); - /* prep iv for next round */ - memcpy(iv, out, AES_BLOCK_SIZE); + /* encrypt in =3D> out */ + AES_cbc_encrypt(in, out, iv, &exkey); } aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; @@ -229,11 +214,10 @@ int cpacf_aes_ctr(CPUS390XState *env, const int mmu_i= dx, uintptr_t ra, { enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); - uint8_t ctr[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; uint64_t addr, len =3D *src_len_reg, done =3D 0; + uint8_t ctr[AES_BLOCK_SIZE], key[32]; int i, keysize, addr_reg_size =3D 64; - uint8_t key[32]; AES_KEY exkey; =20 g_assert(type =3D=3D S390_FEAT_TYPE_KMCTR); @@ -275,12 +259,10 @@ int cpacf_aes_ctr(CPUS390XState *env, const int mmu_i= dx, uintptr_t ra, for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { /* read in nonce/ctr =3D> ctr */ aes_read_block(env, mmu_idx, *ctr_ptr_reg + done, ctr, ra); - /* encrypt ctr =3D> buf */ - AES_encrypt(ctr, buf, &exkey); /* read in one block of input data =3D> in */ aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); - /* exor input data with encrypted ctr =3D> out */ - aes_xor(in, buf, out); + /* encrypt ctr and xor with in =3D> out */ + AES_ctr_encrypt(in, out, ctr, &exkey); /* write out the processed block */ aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; @@ -361,28 +343,13 @@ int cpacf_aes_pcc(CPUS390XState *env, const int mmu_i= dx, uintptr_t ra, return 0; } =20 -static void aes_xts_prep_next_tweak(uint8_t tweak[AES_BLOCK_SIZE]) -{ - uint8_t carry; - int i; - - carry =3D tweak[AES_BLOCK_SIZE - 1] >> 7; - - for (i =3D AES_BLOCK_SIZE - 1; i > 0; i--) { - tweak[i] =3D (uint8_t)((tweak[i] << 1) | (tweak[i - 1] >> 7)); - } - - tweak[i] =3D (uint8_t)(tweak[i] << 1); - tweak[i] ^=3D (uint8_t)(0x87 & (uint8_t)(-(int8_t)carry)); -} - int cpacf_aes_xts(CPUS390XState *env, const int mmu_idx, uintptr_t ra, uint64_t param_addr, uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint32_t type, uint8_t fc, uint8_t mod) { enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; - uint8_t buf1[AES_BLOCK_SIZE], buf2[AES_BLOCK_SIZE]; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); uint64_t addr, len =3D *src_len_reg, done =3D 0; uint8_t key[32], tweak[AES_BLOCK_SIZE]; @@ -433,23 +400,19 @@ int cpacf_aes_xts(CPUS390XState *env, const int mmu_i= dx, uintptr_t ra, =20 /* process up to MAX_BLOCKS_PER_RUN aes blocks */ for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { - /* fetch one AES block into buf1 */ - aes_read_block(env, mmu_idx, *src_ptr_reg + done, buf1, ra); - /* buf1 xor tweak =3D> buf2 */ - aes_xor(buf1, tweak, buf2); + /* fetch one AES block into in */ + aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); if (mod) { - /* decrypt buf2 =3D> buf1 */ - AES_decrypt(buf2, buf1, &exkey); + /* decrypt in =3D> out */ + AES_xts_decrypt(in, out, tweak, &exkey); } else { - /* encrypt buf2 =3D> buf1 */ - AES_encrypt(buf2, buf1, &exkey); + /* encrypt in =3D> out */ + AES_xts_encrypt(in, out, tweak, &exkey); } - /* buf1 xor tweak =3D> buf2 */ - aes_xor(buf1, tweak, buf2); /* prep tweak for next round */ - aes_xts_prep_next_tweak(tweak); - /* write out this processed block from buf2 */ - aes_write_block(env, mmu_idx, *dst_ptr_reg + done, buf2, ra); + AES_xts_prep_next_tweak(tweak); + /* write out this processed block from out */ + aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; } =20 @@ -627,7 +590,7 @@ int cpacf_paes_cbc(CPUS390XState *env, const int mmu_id= x, uintptr_t ra, uint32_t type, uint8_t fc, uint8_t mod) { enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; - uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); uint8_t key[32], wkvp[32], iv[AES_BLOCK_SIZE]; uint64_t addr, len =3D *src_len_reg, done =3D 0; @@ -697,19 +660,11 @@ int cpacf_paes_cbc(CPUS390XState *env, const int mmu_= idx, uintptr_t ra, for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); if (mod) { - /* decrypt in =3D> buf */ - AES_decrypt(in, buf, &exkey); - /* buf xor iv =3D> out */ - aes_xor(buf, iv, out); - /* prep iv for next round */ - memcpy(iv, in, AES_BLOCK_SIZE); + /* decrypt in =3D> out */ + AES_cbc_decrypt(in, out, iv, &exkey); } else { - /* in xor iv =3D> buf */ - aes_xor(in, iv, buf); - /* encrypt buf =3D> out */ - AES_encrypt(buf, out, &exkey); - /* prep iv for next round */ - memcpy(iv, out, AES_BLOCK_SIZE); + /* encrypt in =3D> out */ + AES_cbc_encrypt(in, out, iv, &exkey); } aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; @@ -738,11 +693,10 @@ int cpacf_paes_ctr(CPUS390XState *env, const int mmu_= idx, uintptr_t ra, { enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); - uint8_t ctr[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; + uint8_t ctr[AES_BLOCK_SIZE], key[32], wkvp[32]; uint64_t addr, len =3D *src_len_reg, done =3D 0; int i, keysize, addr_reg_size =3D 64; - uint8_t key[32], wkvp[32]; AES_KEY exkey; =20 g_assert(type =3D=3D S390_FEAT_TYPE_KMCTR); @@ -798,12 +752,10 @@ int cpacf_paes_ctr(CPUS390XState *env, const int mmu_= idx, uintptr_t ra, for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { /* read in nonce/ctr =3D> ctr */ aes_read_block(env, mmu_idx, *ctr_ptr_reg + done, ctr, ra); - /* encrypt ctr =3D> buf */ - AES_encrypt(ctr, buf, &exkey); /* read in one block of input data =3D> in */ aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); - /* exor input data with encrypted ctr =3D> out */ - aes_xor(in, buf, out); + /* encrypt ctr and xor with in =3D> out */ + AES_ctr_encrypt(in, out, ctr, &exkey); /* write out the processed block */ aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; @@ -906,7 +858,7 @@ int cpacf_paes_xts(CPUS390XState *env, const int mmu_id= x, uintptr_t ra, uint32_t type, uint8_t fc, uint8_t mod) { enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; - uint8_t buf1[AES_BLOCK_SIZE], buf2[AES_BLOCK_SIZE]; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); uint8_t key[32], wkvp[32], tweak[AES_BLOCK_SIZE]; uint64_t addr, len =3D *src_len_reg, done =3D 0; @@ -971,23 +923,19 @@ int cpacf_paes_xts(CPUS390XState *env, const int mmu_= idx, uintptr_t ra, =20 /* process up to MAX_BLOCKS_PER_RUN aes blocks */ for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { - /* fetch one AES block into buf1 */ - aes_read_block(env, mmu_idx, *src_ptr_reg + done, buf1, ra); - /* buf1 xor tweak =3D> buf2 */ - aes_xor(buf1, tweak, buf2); + /* fetch one AES block into in */ + aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); if (mod) { - /* decrypt buf2 =3D> buf1 */ - AES_decrypt(buf2, buf1, &exkey); + /* decrypt in =3D> out */ + AES_xts_decrypt(in, out, tweak, &exkey); } else { - /* encrypt buf2 =3D> buf1 */ - AES_encrypt(buf2, buf1, &exkey); + /* encrypt in =3D> out */ + AES_xts_encrypt(in, out, tweak, &exkey); } - /* buf1 xor tweak =3D> buf2 */ - aes_xor(buf1, tweak, buf2); /* prep tweak for next round */ - aes_xts_prep_next_tweak(tweak); - /* write out this processed block from buf2 */ - aes_write_block(env, mmu_idx, *dst_ptr_reg + done, buf2, ra); + AES_xts_prep_next_tweak(tweak); + /* write out this processed block from out */ + aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; } =20 --=20 2.43.0