From nobody Thu Jun 18 13:20:44 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1781689802; cv=none; d=zohomail.com; s=zohoarc; b=UqxJuNNwsn+22ffqUKzIshm2xu3Yw+C15eZ9NoAMbvf1BUtnSvKu095eGkuXjVzJnTNPfGMmfsYFvnp+lhKF50JkPKiQONjlLKJjOjBtOwA6V8yQ4Lw2t2zLiZb9ckE6WnPcOIDaQGcrvdPr52mbBf1khYR96OeD0RXsyN2pHzs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1781689802; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=sieWYaykj5ryM52Pmgpfk4hwLcr93k/YDn5QDFV187k=; b=BdfTrDfvK/+UQ52NEUx8uyWyv1BxFQaiWZ3Q6QeVOnHr1m/gWEkT03JEwZyrFb/K23Mrykf4W0VNgIu9ssLVfbAlmqjqUqZmX2MHBn1pSIS7GUmCKmkzlEMjnhH1j/fFpTZbJ6MaD6yf3Wdi0eko/+69j007R0DZX8Z0zYn2jm4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1781689802223246.83520909464494; Wed, 17 Jun 2026 02:50:02 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wZmst-00071J-2q; Wed, 17 Jun 2026 05:48:35 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmsr-0006zA-5P; Wed, 17 Jun 2026 05:48:33 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmsp-00036G-0L; Wed, 17 Jun 2026 05:48:32 -0400 Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 65H8mXMC4003191; Wed, 17 Jun 2026 09:48:26 GMT Received: from ppma22.wdc07v.mail.ibm.com (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eueqx28bf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:25 +0000 (GMT) Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1]) by ppma22.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 65H9Ycfh016263; Wed, 17 Jun 2026 09:48:25 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4eudvaahg1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:25 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 65H9mLUs14483794 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 17 Jun 2026 09:48:21 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 503AF20043; Wed, 17 Jun 2026 09:48:21 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 229FD2004E; Wed, 17 Jun 2026 09:48:21 +0000 (GMT) Received: from funtu2.ehn-de.ibm.com (unknown [9.224.92.54]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 17 Jun 2026 09:48:21 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=sieWYaykj5ryM52Pm gpfk4hwLcr93k/YDn5QDFV187k=; b=BIVp09eGL/gVAk5p+t+W3bXLzQh7IQCSw /400jQjIOtjhYt6tBCaozFKl3YthxjQ/6c7+DF/92xekAVu6iv9+/K3uFJf73vwb x5ICtRe8HRFTjGdegUdCiHgLJSmX6S+/2XQZYMEVxzzZ5WzlUii5m9qK0IH9yG7n qq3EigdyGbm3psymomfuKsT7J+jYKi8M3F0j98torhUXn2vp/9/Zghp3cdrJcyFF EAfgwH9GyEm4sN841jz/e3lbJOVQIPOx1khTbeKZfLMn9EB4NCBHMCX1yuannq/N qpDfDrwEbxll8pHWBD2bdJhAuFITO7mzHqBQ8rMU76LeBVEEjxJPw== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, linux390-list@tuxmaker.boeblingen.de.ibm.com, linux-s390@vger.kernel.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com, fcallies@linux.ibm.com, cohuck@redhat.com Subject: [PATCH v7 01/17] target/s390x: Rework s390 cpacf implementations Date: Wed, 17 Jun 2026 11:48:04 +0200 Message-ID: <20260617094820.34402-2-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260617094820.34402-1-freude@linux.ibm.com> References: <20260617094820.34402-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: sXMtuuxBO8xy0VGZYz3t_uPeQimFtnei X-Authority-Analysis: v=2.4 cv=Le0MLDfi c=1 sm=1 tr=0 ts=6a326d6a cx=c_pps a=5BHTudwdYE3Te8bg5FgnPg==:117 a=5BHTudwdYE3Te8bg5FgnPg==:17 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=RzCfie-kr_QcCd8fBx8p:22 a=VnNF1IyMAAAA:8 a=v0hsMmXGSI8d9nQ1oYgA:9 X-Proofpoint-Spam-Info: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfX2w8JlCkZO83O ouHxSSzbRuvlIKQeTcGpZSTN06aFO9IIkKGHaB70we/GQji/PIfJXhvPqjlIslOKFYkec5iIoEj kpw2LhIQ0ll4r9O7ZVG7edv/rRslbIE= X-Proofpoint-ORIG-GUID: sXMtuuxBO8xy0VGZYz3t_uPeQimFtnei X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfX713EZJPZn65L PGcEHb2k+uZy8JAja9oIUOvIiHHkynQaV1kJeeMJGWgN6DLXyZ7vLXh23ma0MKGUf0sB/8oxdzr I7dDa2Zck9eLlljAD02KRwT8v8QD9bFVbdOkvX8S/QwwANbp/tWJiSPoRU3g4sq1Gxw0SM7QQ4J GeO9sj5kfu4Q3XIlo7h+nYLNDLvAtBHWfvr6ZssDjB0Os0dPKIsbZsZGbP3D01mN7rBQbo/gXC9 0T4Dtl1UVtja0bD+eH27GxTNmr51FdDvzsZPKZY3MNZecXQkQ+iSs8WXLn1Wd7dEj1BM5HShJdL r7BrIsQPqWWp2Nx+603A0ssRBOzakC+JfYlA3ze+bA5bCc3iB2x+e2xOFgymnXGGbka/u/5iL6Q dfvSoRgb8xlFKw+jHHd9/16X7eENJW0rqeu9CymiXvRhmiqJ9uvYDEvYAeYNMz5YlQilm6k8Zfz fy2EuFLRKoVdtTzbXSQ== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-17_01,2026-06-16_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 priorityscore=1501 malwarescore=0 spamscore=0 suspectscore=0 impostorscore=0 phishscore=0 lowpriorityscore=0 bulkscore=0 adultscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2606150000 definitions=main-2606170092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1781689802615158500 Content-Type: text/plain; charset="utf-8" Fix missing parts for MSA 9 kdsa and rework the cpacf handling code so that further extensions can be made in a clean and structured way. Signed-off-by: Harald Freudenberger Reviewed-by: Holger Dengler Tested-by: Holger Dengler --- target/s390x/tcg/crypto_helper.c | 84 +++++++++++++++++++++++++++----- target/s390x/tcg/insn-data.h.inc | 1 + target/s390x/tcg/translate.c | 2 + 3 files changed, 74 insertions(+), 13 deletions(-) diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index ae392bce0e..35f0cc26a4 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -272,6 +272,57 @@ static void fill_buf_random(CPUS390XState *env, const = int mmu_idx, uintptr_t ra, } } =20 +static int cpacf_kimd(CPUS390XState *env, const int mmu_idx, const uintptr= _t ra, + uint32_t r1, uint32_t r2, uint32_t r3, uint8_t fc) +{ + int rc =3D 0; + + switch (fc) { + case 0x03: /* CPACF_KIMD_SHA_512 */ + rc =3D cpacf_sha512(env, mmu_idx, ra, env->regs[1], &env->regs[r2], + &env->regs[r2 + 1], S390_FEAT_TYPE_KIMD); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + +static int cpacf_klmd(CPUS390XState *env, const int mmu_idx, const uintptr= _t ra, + uint32_t r1, uint32_t r2, uint32_t r3, uint8_t fc) +{ + int rc =3D 0; + + switch (fc) { + case 0x03: /* CPACF_KLMD_SHA_512 */ + rc =3D cpacf_sha512(env, mmu_idx, ra, env->regs[1], &env->regs[r2], + &env->regs[r2 + 1], S390_FEAT_TYPE_KLMD); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + +static int cpacf_ppno(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint32_t r1, uint32_t r2, uint32_t r3, uint8_t fc) +{ + int rc =3D 0; + + switch (fc) { + case 0x72: /* CPACF_PRNO_TRNG */ + fill_buf_random(env, mmu_idx, ra, &env->regs[r1], &env->regs[r1 + = 1]); + fill_buf_random(env, mmu_idx, ra, &env->regs[r2], &env->regs[r2 + = 1]); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, uint32_t r2, uint32_= t r3, uint32_t type) { @@ -282,13 +333,15 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1,= uint32_t r2, uint32_t r3, uint8_t subfunc[16] =3D { 0 }; uint64_t param_addr; MemOpIdx oi; + int rc =3D 0; =20 switch (type) { - case S390_FEAT_TYPE_KMAC: + case S390_FEAT_TYPE_KDSA: case S390_FEAT_TYPE_KIMD: case S390_FEAT_TYPE_KLMD: - case S390_FEAT_TYPE_PCKMO: + case S390_FEAT_TYPE_KMAC: case S390_FEAT_TYPE_PCC: + case S390_FEAT_TYPE_PCKMO: if (mod) { tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); } @@ -300,25 +353,30 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1,= uint32_t r2, uint32_t r3, tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); } =20 - switch (fc) { - case 0: /* query subfunction */ + /* handle query subfunction */ + if (fc =3D=3D 0) { oi =3D make_memop_idx(MO_8, mmu_idx); - for (int i =3D 0; i < 16; i++) { + for (int i =3D 0; i < sizeof(subfunc); i++) { param_addr =3D wrap_address(env, env->regs[1] + i); cpu_stb_mmu(env, param_addr, subfunc[i], oi, ra); } + goto out; + } + + switch (type) { + case S390_FEAT_TYPE_KIMD: + rc =3D cpacf_kimd(env, mmu_idx, ra, r1, r2, r3, fc); break; - case 3: /* CPACF_*_SHA_512 */ - return cpacf_sha512(env, mmu_idx, ra, env->regs[1], &env->regs[r2], - &env->regs[r2 + 1], type); - case 114: /* CPACF_PRNO_TRNG */ - fill_buf_random(env, mmu_idx, ra, &env->regs[r1], &env->regs[r1 + = 1]); - fill_buf_random(env, mmu_idx, ra, &env->regs[r2], &env->regs[r2 + = 1]); + case S390_FEAT_TYPE_KLMD: + rc =3D cpacf_klmd(env, mmu_idx, ra, r1, r2, r3, fc); + break; + case S390_FEAT_TYPE_PPNO: + rc =3D cpacf_ppno(env, mmu_idx, ra, r1, r2, r3, fc); break; default: - /* we don't implement any other subfunction yet */ g_assert_not_reached(); } =20 - return 0; +out: + return rc; } diff --git a/target/s390x/tcg/insn-data.h.inc b/target/s390x/tcg/insn-data.= h.inc index 0d5392eac5..6a0a7aacda 100644 --- a/target/s390x/tcg/insn-data.h.inc +++ b/target/s390x/tcg/insn-data.h.inc @@ -1015,6 +1015,7 @@ D(0xb92e, KM, RRE, MSA, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_KM) D(0xb92f, KMC, RRE, MSA, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_KMC) D(0xb929, KMA, RRF_b, MSA8, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_KMA) + D(0xb93a, KDSA, RRE, MSA9, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_KDS= A) E(0xb93c, PPNO, RRE, MSA5, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_PPN= O, IF_IO) D(0xb93e, KIMD, RRE, MSA, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_KIM= D) D(0xb93f, KLMD, RRE, MSA, 0, 0, 0, 0, msa, 0, S390_FEAT_TYPE_KLM= D) diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c index 82165ac1ec..cef1b55149 100644 --- a/target/s390x/tcg/translate.c +++ b/target/s390x/tcg/translate.c @@ -2592,6 +2592,7 @@ static DisasJumpType op_msa(DisasContext *s, DisasOps= *o) /* FALL THROUGH */ case S390_FEAT_TYPE_PCKMO: case S390_FEAT_TYPE_PCC: + case S390_FEAT_TYPE_KDSA: break; default: g_assert_not_reached(); @@ -6046,6 +6047,7 @@ enum DisasInsnEnum { #define FAC_MSA4 S390_FEAT_MSA_EXT_4 /* msa-extension-4 facility */ #define FAC_MSA5 S390_FEAT_MSA_EXT_5 /* msa-extension-5 facility */ #define FAC_MSA8 S390_FEAT_MSA_EXT_8 /* msa-extension-8 facility */ +#define FAC_MSA9 S390_FEAT_MSA_EXT_9 /* msa-extension-9 facility */ #define FAC_ECT S390_FEAT_EXTRACT_CPU_TIME #define FAC_PCI S390_FEAT_ZPCI /* z/PCI facility */ #define FAC_AIS S390_FEAT_ADAPTER_INT_SUPPRESSION --=20 2.43.0 From nobody Thu Jun 18 13:20:44 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1781689724; cv=none; d=zohomail.com; s=zohoarc; b=I1UhOErxebAJWnvyJ+b5EdDaWgSFh0OkCjl+LoiG51tArp1eTn2pmNFUy3oaHbgo1sQwFLE/FieW/A+zmfsHqPkTMvN8EIMKAhc9NWvLcKLbrTbEsF/Jr015FTRJ6mQU8ogObX0vF4fOp45vce5rIq07ywO+ZwMg6Fkz9ZBu0GU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1781689724; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=byFgDfw334MXfi03de5ZqxQG8VQpjWq4RqiQfbC6UiU=; b=HdfJmYexwFVc5U5mrEeoa81jUPhIdBvd7QJnSwV4+9dR9EbwbIVY5AibSIddDic3sli3FQtkG6nPzI0SD3qczAN0smKIaHk1/YJ/UgOOvfrxRHwGgFC8iRSPQaLKGhR6joXZA+D7u1iwMzbdJxWM49H1+MPaZMAEQzuEHuBMHrM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 178168972436732.95524924333131; Wed, 17 Jun 2026 02:48:44 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wZmsw-000752-Ac; Wed, 17 Jun 2026 05:48:38 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmst-00072A-NV; Wed, 17 Jun 2026 05:48:35 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmsq-00037f-NW; Wed, 17 Jun 2026 05:48:35 -0400 Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 65H8mDlX4127420; Wed, 17 Jun 2026 09:48:27 GMT Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eueqtj9av-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:26 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 65H9YbNg028277; Wed, 17 Jun 2026 09:48:25 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 4eudvaahdr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:25 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 65H9mLmR24576666 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 17 Jun 2026 09:48:21 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9740F20043; Wed, 17 Jun 2026 09:48:21 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 54F202004B; Wed, 17 Jun 2026 09:48:21 +0000 (GMT) Received: from funtu2.ehn-de.ibm.com (unknown [9.224.92.54]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 17 Jun 2026 09:48:21 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=byFgDfw334MXfi03d e5ZqxQG8VQpjWq4RqiQfbC6UiU=; b=K+lheWAcftmNPR42CamniTMfxGngxG5gF hGWLp4djb+FfGAhE+1o7KY+zkqEv8y0b3PYg9FJBNFKHSBUwMfAXI9qYgRPUVvec cgCBiYslK1luuiiIH3KrgWC4wanTX8hw+a8/n2WgqnKgM2FNv1EJ0Nt2GrV9q9TV JTC4AnMOa0UCGUPIE74Py2CCul+sT8fNRE5wkEWkoCvJ8JwWdVYawRbA7GyveDmi WUonhxbu9vUbxGhkOCwlIs0cl6wyqJdxwb4ScRyIf874Z1HCk+h7uzxHXBaNQQ6P R2A29gZN1raFsQ0g13pZ3Yb2j1CjFykY9VZEzG5GO0ARdJFDyBwfA== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, linux390-list@tuxmaker.boeblingen.de.ibm.com, linux-s390@vger.kernel.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com, fcallies@linux.ibm.com, cohuck@redhat.com Subject: [PATCH v7 02/17] target/s390x: Move cpacf sha512 code into a new file Date: Wed, 17 Jun 2026 11:48:05 +0200 Message-ID: <20260617094820.34402-3-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260617094820.34402-1-freude@linux.ibm.com> References: <20260617094820.34402-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: rHd-FdTiDHaO44bTWA-epeO7K8abGFB9 X-Proofpoint-GUID: rHd-FdTiDHaO44bTWA-epeO7K8abGFB9 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfX+sk0hCqg1qLU LnJYYZjYAwGD/exSvIPjRB2NQQ35FFl7vHTN6cDYuFPbqEK1U2j0bLaIi+EY3G4nol7vd+s3m7c FSD3CbGwjnouRpim/9Ndc3uTIM3GL1gctJtsBUy9b322FTSAgf5+FZZugoR+gH0tK2+VNbqx+yS 1REj/hcM8IGijIxzxHYEh0uVCSbWdMqz1bbAxMlvQmftCGoW5KQ1KyvSNSvTuIXhZPMsx/CA1JF zLYnpioIn+rAJm5W57sp4vHjMaDNa/4VZVZHpOlURrQsJK3hje4pMy4R8YjreGnpmXeslRTphKS HA5Bh0hen3uzYXafwkL1hBR5hop1JLQuBz7IN61xrh9FoFPmyOWTaI5F6QkSuofjEDduE3H8ic0 BCY7adb9TWdn1dJop6TL9AYRRmDqEEGCDCfYpG/7/mJcGrDlHVfbsrEeQ18lvVfn21BEp5/96Q7 fiAtesKf/ykOmAZpweg== X-Proofpoint-Spam-Info: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfX8esy1oKcphTA PS4Z84NW6X6xc6+yfOfMyatQtUJNB+VeP+r6nJy0Kt6tAWQf5RlPO1RRTCyAlKt+Rp9TzeQNJBi WQQUSVvD08H7TLxr083Hyt0qdNbkhn8= X-Authority-Analysis: v=2.4 cv=B4KJFutM c=1 sm=1 tr=0 ts=6a326d6a cx=c_pps a=AfN7/Ok6k8XGzOShvHwTGQ==:117 a=AfN7/Ok6k8XGzOShvHwTGQ==:17 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=iQ6ETzBq9ecOQQE5vZCe:22 a=VnNF1IyMAAAA:8 a=UGG5zPGqAAAA:8 a=yMKeI-deMsSePwiaAVEA:9 a=17ibUXfGiVyGqR_YBevW:22 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-17_01,2026-06-16_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 adultscore=0 lowpriorityscore=0 suspectscore=0 priorityscore=1501 clxscore=1015 phishscore=0 spamscore=0 bulkscore=0 impostorscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2606150000 definitions=main-2606170092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=freude@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1781689726456158500 Content-Type: text/plain; charset="utf-8" Move the cpacf sha512 implementation into a new file cpacf_sha512.c. Add this new file to the build and add a new header file cpacf.h containing the prototypes for the s390 cpacf stuff. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler Reviewed-by: Finn Callies --- target/s390x/tcg/cpacf.h | 16 ++ target/s390x/tcg/cpacf_sha512.c | 245 +++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 227 +--------------------------- target/s390x/tcg/meson.build | 1 + 4 files changed, 263 insertions(+), 226 deletions(-) create mode 100644 target/s390x/tcg/cpacf.h create mode 100644 target/s390x/tcg/cpacf_sha512.c diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h new file mode 100644 index 0000000000..d27839ddd9 --- /dev/null +++ b/target/s390x/tcg/cpacf.h @@ -0,0 +1,16 @@ +/* + * s390x cpacf + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ + +#ifndef S390X_CPACF_H +#define S390X_CPACF_H + +/* from crypto_sha512.c */ +int cpacf_sha512(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *message_reg, uint64_t *len= _reg, + uint32_t type); + +#endif diff --git a/target/s390x/tcg/cpacf_sha512.c b/target/s390x/tcg/cpacf_sha51= 2.c new file mode 100644 index 0000000000..59b99e3a91 --- /dev/null +++ b/target/s390x/tcg/cpacf_sha512.c @@ -0,0 +1,245 @@ +/* + * s390 cpacf sha512 + * + * Copyright (C) 2022 Jason A. Donenfeld . All Rights Re= served. + * + * Authors: + * Jason A. Donenfeld + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" +#include "s390x-internal.h" +#include "tcg_s390x.h" +#include "exec/helper-proto.h" +#include "accel/tcg/cpu-ldst-common.h" +#include "accel/tcg/cpu-mmu-index.h" +#include "cpacf.h" + +static uint64_t R(uint64_t x, int c) +{ + return (x >> c) | (x << (64 - c)); +} +static uint64_t Ch(uint64_t x, uint64_t y, uint64_t z) +{ + return (x & y) ^ (~x & z); +} +static uint64_t Maj(uint64_t x, uint64_t y, uint64_t z) +{ + return (x & y) ^ (x & z) ^ (y & z); +} +static uint64_t Sigma0(uint64_t x) +{ + return R(x, 28) ^ R(x, 34) ^ R(x, 39); +} +static uint64_t Sigma1(uint64_t x) +{ + return R(x, 14) ^ R(x, 18) ^ R(x, 41); +} +static uint64_t sigma0(uint64_t x) +{ + return R(x, 1) ^ R(x, 8) ^ (x >> 7); +} +static uint64_t sigma1(uint64_t x) +{ + return R(x, 19) ^ R(x, 61) ^ (x >> 6); +} + +static const uint64_t K[80] =3D { + 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, + 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, + 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL, + 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, + 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL, + 0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, + 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL, + 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, + 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL, + 0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, + 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL, + 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, + 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL, + 0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, + 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL, + 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, + 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL, + 0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, + 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL, + 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, + 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL, + 0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, + 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL, + 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, + 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL, + 0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, + 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL +}; + +/* a is icv/ocv, w is a single message block. w will get reused internally= . */ +static void sha512_bda(uint64_t a[8], uint64_t w[16]) +{ + uint64_t t, z[8], b[8]; + int i, j; + + memcpy(z, a, sizeof(z)); + for (i =3D 0; i < 80; i++) { + memcpy(b, a, sizeof(b)); + + t =3D a[7] + Sigma1(a[4]) + Ch(a[4], a[5], a[6]) + K[i] + w[i % 16= ]; + b[7] =3D t + Sigma0(a[0]) + Maj(a[0], a[1], a[2]); + b[3] +=3D t; + for (j =3D 0; j < 8; ++j) { + a[(j + 1) % 8] =3D b[j]; + } + if (i % 16 =3D=3D 15) { + for (j =3D 0; j < 16; ++j) { + w[j] +=3D w[(j + 9) % 16] + sigma0(w[(j + 1) % 16]) + + sigma1(w[(j + 14) % 16]); + } + } + } + + for (i =3D 0; i < 8; i++) { + a[i] +=3D z[i]; + } +} + +/* a is icv/ocv, w is a single message block that needs be64 conversion. */ +static void sha512_bda_be64(uint64_t a[8], uint64_t w[16]) +{ + uint64_t t[16]; + int i; + + for (i =3D 0; i < 16; i++) { + t[i] =3D be64_to_cpu(w[i]); + } + sha512_bda(a, t); +} + +static void sha512_read_icv(CPUS390XState *env, const int mmu_idx, + uint64_t addr, uint64_t a[8], uintptr_t ra) +{ + const MemOpIdx oi =3D make_memop_idx(MO_BE | MO_64 | MO_UNALN, mmu_idx= ); + + for (int i =3D 0; i < 8; i++, addr +=3D 8) { + addr =3D wrap_address(env, addr); + a[i] =3D cpu_ldq_mmu(env, addr, oi, ra); + } +} + +static void sha512_write_ocv(CPUS390XState *env, const int mmu_idx, + uint64_t addr, uint64_t a[8], uintptr_t ra) +{ + const MemOpIdx oi =3D make_memop_idx(MO_BE | MO_64 | MO_UNALN, mmu_idx= ); + + for (int i =3D 0; i < 8; i++, addr +=3D 8) { + addr =3D wrap_address(env, addr); + cpu_stq_mmu(env, addr, a[i], oi, ra); + } +} + +static void sha512_read_block(CPUS390XState *env, const int mmu_idx, + uint64_t addr, uint64_t a[16], uintptr_t ra) +{ + const MemOpIdx oi =3D make_memop_idx(MO_BE | MO_64 | MO_UNALN, mmu_idx= ); + + for (int i =3D 0; i < 16; i++, addr +=3D 8) { + addr =3D wrap_address(env, addr); + a[i] =3D cpu_ldq_mmu(env, addr, oi, ra); + } +} + +static void sha512_read_mbl_be64(CPUS390XState *env, const int mmu_idx, + uint64_t addr, uint8_t a[16], uintptr_t r= a) +{ + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + + for (int i =3D 0; i < 16; i++, addr +=3D 1) { + addr =3D wrap_address(env, addr); + a[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } +} + +int cpacf_sha512(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *message_reg, uint64_t *len= _reg, + uint32_t type) +{ + enum { MAX_BLOCKS_PER_RUN =3D 64 }; /* Arbitrary: keep interactivity. = */ + uint64_t len =3D *len_reg, a[8], processed =3D 0; + int i, message_reg_len =3D 64; + + g_assert(type =3D=3D S390_FEAT_TYPE_KIMD || type =3D=3D S390_FEAT_TYPE= _KLMD); + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + message_reg_len =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* KIMD: length has to be properly aligned. */ + if (type =3D=3D S390_FEAT_TYPE_KIMD && !QEMU_IS_ALIGNED(len, 128)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + sha512_read_icv(env, mmu_idx, param_addr, a, ra); + + /* Process full blocks first. */ + for (; len >=3D 128; len -=3D 128, processed +=3D 128) { + uint64_t w[16]; + + if (processed >=3D MAX_BLOCKS_PER_RUN * 128) { + break; + } + + sha512_read_block(env, mmu_idx, *message_reg + processed, w, ra); + sha512_bda(a, w); + } + + /* KLMD: Process partial/empty block last. */ + if (type =3D=3D S390_FEAT_TYPE_KLMD && len < 128) { + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + uint8_t x[128]; + + /* Read the remainder of the message byte-per-byte. */ + for (i =3D 0; i < len; i++) { + uint64_t addr =3D wrap_address(env, *message_reg + processed += i); + + x[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + /* Pad the remainder with zero and set the top bit. */ + memset(x + len, 0, 128 - len); + x[len] =3D 128; + + /* + * Place the MBL either into this block (if there is space left), + * or use an additional one. + */ + if (len < 112) { + sha512_read_mbl_be64(env, mmu_idx, param_addr + 64, x + 112, r= a); + } + sha512_bda_be64(a, (uint64_t *)x); + + if (len >=3D 112) { + memset(x, 0, 112); + sha512_read_mbl_be64(env, mmu_idx, param_addr + 64, x + 112, r= a); + sha512_bda_be64(a, (uint64_t *)x); + } + + processed +=3D len; + len =3D 0; + } + + /* + * Modify memory after we read all inputs and modify registers only af= ter + * writing memory succeeded. + * + * TODO: if writing fails halfway through (e.g., when crossing page + * boundaries), we're in trouble. We'd need something like access_prep= are(). + */ + sha512_write_ocv(env, mmu_idx, param_addr, a, ra); + *message_reg =3D deposit64(*message_reg, 0, message_reg_len, + *message_reg + processed); + *len_reg -=3D processed; + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 35f0cc26a4..574a39258c 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -19,232 +19,7 @@ #include "exec/helper-proto.h" #include "accel/tcg/cpu-ldst-common.h" #include "accel/tcg/cpu-mmu-index.h" - -static uint64_t R(uint64_t x, int c) -{ - return (x >> c) | (x << (64 - c)); -} -static uint64_t Ch(uint64_t x, uint64_t y, uint64_t z) -{ - return (x & y) ^ (~x & z); -} -static uint64_t Maj(uint64_t x, uint64_t y, uint64_t z) -{ - return (x & y) ^ (x & z) ^ (y & z); -} -static uint64_t Sigma0(uint64_t x) -{ - return R(x, 28) ^ R(x, 34) ^ R(x, 39); -} -static uint64_t Sigma1(uint64_t x) -{ - return R(x, 14) ^ R(x, 18) ^ R(x, 41); -} -static uint64_t sigma0(uint64_t x) -{ - return R(x, 1) ^ R(x, 8) ^ (x >> 7); -} -static uint64_t sigma1(uint64_t x) -{ - return R(x, 19) ^ R(x, 61) ^ (x >> 6); -} - -static const uint64_t K[80] =3D { - 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, - 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, - 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL, - 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, - 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL, - 0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, - 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL, - 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, - 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL, - 0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, - 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL, - 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, - 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL, - 0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, - 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL, - 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, - 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL, - 0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, - 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL, - 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, - 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL, - 0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, - 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL, - 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, - 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL, - 0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, - 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL -}; - -/* a is icv/ocv, w is a single message block. w will get reused internally= . */ -static void sha512_bda(uint64_t a[8], uint64_t w[16]) -{ - uint64_t t, z[8], b[8]; - int i, j; - - memcpy(z, a, sizeof(z)); - for (i =3D 0; i < 80; i++) { - memcpy(b, a, sizeof(b)); - - t =3D a[7] + Sigma1(a[4]) + Ch(a[4], a[5], a[6]) + K[i] + w[i % 16= ]; - b[7] =3D t + Sigma0(a[0]) + Maj(a[0], a[1], a[2]); - b[3] +=3D t; - for (j =3D 0; j < 8; ++j) { - a[(j + 1) % 8] =3D b[j]; - } - if (i % 16 =3D=3D 15) { - for (j =3D 0; j < 16; ++j) { - w[j] +=3D w[(j + 9) % 16] + sigma0(w[(j + 1) % 16]) + - sigma1(w[(j + 14) % 16]); - } - } - } - - for (i =3D 0; i < 8; i++) { - a[i] +=3D z[i]; - } -} - -/* a is icv/ocv, w is a single message block that needs be64 conversion. */ -static void sha512_bda_be64(uint64_t a[8], uint64_t w[16]) -{ - uint64_t t[16]; - int i; - - for (i =3D 0; i < 16; i++) { - t[i] =3D be64_to_cpu(w[i]); - } - sha512_bda(a, t); -} - -static void sha512_read_icv(CPUS390XState *env, const int mmu_idx, - uint64_t addr, uint64_t a[8], uintptr_t ra) -{ - const MemOpIdx oi =3D make_memop_idx(MO_BE | MO_64 | MO_UNALN, mmu_idx= ); - - for (int i =3D 0; i < 8; i++, addr +=3D 8) { - addr =3D wrap_address(env, addr); - a[i] =3D cpu_ldq_mmu(env, addr, oi, ra); - } -} - -static void sha512_write_ocv(CPUS390XState *env, const int mmu_idx, - uint64_t addr, uint64_t a[8], uintptr_t ra) -{ - const MemOpIdx oi =3D make_memop_idx(MO_BE | MO_64 | MO_UNALN, mmu_idx= ); - - for (int i =3D 0; i < 8; i++, addr +=3D 8) { - addr =3D wrap_address(env, addr); - cpu_stq_mmu(env, addr, a[i], oi, ra); - } -} - -static void sha512_read_block(CPUS390XState *env, const int mmu_idx, - uint64_t addr, uint64_t a[16], uintptr_t ra) -{ - const MemOpIdx oi =3D make_memop_idx(MO_BE | MO_64 | MO_UNALN, mmu_idx= ); - - for (int i =3D 0; i < 16; i++, addr +=3D 8) { - addr =3D wrap_address(env, addr); - a[i] =3D cpu_ldq_mmu(env, addr, oi, ra); - } -} - -static void sha512_read_mbl_be64(CPUS390XState *env, const int mmu_idx, - uint64_t addr, uint8_t a[16], uintptr_t r= a) -{ - const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); - - for (int i =3D 0; i < 16; i++, addr +=3D 1) { - addr =3D wrap_address(env, addr); - a[i] =3D cpu_ldb_mmu(env, addr, oi, ra); - } -} - -static int cpacf_sha512(CPUS390XState *env, const int mmu_idx, uintptr_t r= a, - uint64_t param_addr, uint64_t *message_reg, - uint64_t *len_reg, uint32_t type) -{ - enum { MAX_BLOCKS_PER_RUN =3D 64 }; /* Arbitrary: keep interactivity. = */ - uint64_t len =3D *len_reg, a[8], processed =3D 0; - int i, message_reg_len =3D 64; - - g_assert(type =3D=3D S390_FEAT_TYPE_KIMD || type =3D=3D S390_FEAT_TYPE= _KLMD); - - if (!(env->psw.mask & PSW_MASK_64)) { - len =3D (uint32_t)len; - message_reg_len =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; - } - - /* KIMD: length has to be properly aligned. */ - if (type =3D=3D S390_FEAT_TYPE_KIMD && !QEMU_IS_ALIGNED(len, 128)) { - tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); - } - - sha512_read_icv(env, mmu_idx, param_addr, a, ra); - - /* Process full blocks first. */ - for (; len >=3D 128; len -=3D 128, processed +=3D 128) { - uint64_t w[16]; - - if (processed >=3D MAX_BLOCKS_PER_RUN * 128) { - break; - } - - sha512_read_block(env, mmu_idx, *message_reg + processed, w, ra); - sha512_bda(a, w); - } - - /* KLMD: Process partial/empty block last. */ - if (type =3D=3D S390_FEAT_TYPE_KLMD && len < 128) { - const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); - uint8_t x[128]; - - /* Read the remainder of the message byte-per-byte. */ - for (i =3D 0; i < len; i++) { - uint64_t addr =3D wrap_address(env, *message_reg + processed += i); - - x[i] =3D cpu_ldb_mmu(env, addr, oi, ra); - } - /* Pad the remainder with zero and set the top bit. */ - memset(x + len, 0, 128 - len); - x[len] =3D 128; - - /* - * Place the MBL either into this block (if there is space left), - * or use an additional one. - */ - if (len < 112) { - sha512_read_mbl_be64(env, mmu_idx, param_addr + 64, x + 112, r= a); - } - sha512_bda_be64(a, (uint64_t *)x); - - if (len >=3D 112) { - memset(x, 0, 112); - sha512_read_mbl_be64(env, mmu_idx, param_addr + 64, x + 112, r= a); - sha512_bda_be64(a, (uint64_t *)x); - } - - processed +=3D len; - len =3D 0; - } - - /* - * Modify memory after we read all inputs and modify registers only af= ter - * writing memory succeeded. - * - * TODO: if writing fails halfway through (e.g., when crossing page - * boundaries), we're in trouble. We'd need something like access_prep= are(). - */ - sha512_write_ocv(env, mmu_idx, param_addr, a, ra); - *message_reg =3D deposit64(*message_reg, 0, message_reg_len, - *message_reg + processed); - *len_reg -=3D processed; - return !len ? 0 : 3; -} +#include "cpacf.h" =20 static void fill_buf_random(CPUS390XState *env, const int mmu_idx, uintptr= _t ra, uint64_t *buf_reg, uint64_t *len_reg) diff --git a/target/s390x/tcg/meson.build b/target/s390x/tcg/meson.build index 36cb0e079e..54a87393a3 100644 --- a/target/s390x/tcg/meson.build +++ b/target/s390x/tcg/meson.build @@ -5,6 +5,7 @@ s390x_ss.add(when: 'CONFIG_TCG', if_true: files( )) s390x_common_ss.add(when: 'CONFIG_TCG', if_true: files( 'cc_helper.c', + 'cpacf_sha512.c', 'crypto_helper.c', 'excp_helper.c', 'fpu_helper.c', --=20 2.43.0 From nobody Thu Jun 18 13:20:44 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1781689794; cv=none; d=zohomail.com; s=zohoarc; b=AlCIg5SWA8G1lCY4jAvuIKq2x7EQ8Rnxk3EvhsljDnBhMQPLQBg4bqtIsAYL0okZ1sJYL9W0ELFmwX8C//W/23NpgHcD31bq9W2KpIKqbg9KtXGct/aMOZvIBIFzEso/LpiRtaDSuYZAo3xRnnQCZEQc154qGnVjM4YhrTfrLPs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1781689794; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=nlOibi4HPvjBP+TYkZte0kwsLjNKG+Cc8j6Slk32Q+Y=; b=hvwGstX5z6Aomir7n1fnLelPN++4BU1dz/xFuUx6aArOOxDEbv8hs8aG2K93ufz+kAdiC90B8iNW1DMWYg2IUwoAwm54S7ij0Mb0EUjYPNUYRKpdwedxyFsErGJUmd22y+2YnOsc0gp5soUlHA7etVpaoFVfx/p12O+xvQFkUpY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1781689794892336.57522599062986; Wed, 17 Jun 2026 02:49:54 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wZmst-00071T-7L; Wed, 17 Jun 2026 05:48:35 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmsr-0006zj-B2; Wed, 17 Jun 2026 05:48:33 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmsp-00036X-3W; Wed, 17 Jun 2026 05:48:33 -0400 Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 65H8n6BC4004309; Wed, 17 Jun 2026 09:48:26 GMT Received: from ppma22.wdc07v.mail.ibm.com (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eueqx28bh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:26 +0000 (GMT) Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1]) by ppma22.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 65H9Yirk016289; Wed, 17 Jun 2026 09:48:25 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4eudvaahg3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:25 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 65H9mLQT16843036 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 17 Jun 2026 09:48:22 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D407120043; Wed, 17 Jun 2026 09:48:21 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9BB9D2004E; Wed, 17 Jun 2026 09:48:21 +0000 (GMT) Received: from funtu2.ehn-de.ibm.com (unknown [9.224.92.54]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 17 Jun 2026 09:48:21 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=nlOibi4HPvjBP+TYk Zte0kwsLjNKG+Cc8j6Slk32Q+Y=; b=YwSpnB/csb2qfN5onF1JHQNue/mflRpbB M8S6vMB2ICuOkE5Z4fUCXkHaLe0k9ZHtBpAeznx0dVjinG6+RJF9Yc3ncxRj7aUV 92WQc7dunF2/2LuI90UiKFM6XpNBK8S5RoYNfUyVpwc/dgMTX22aCxYSWN3M2gsy BDVf9AZBWxxCWGB4zqz1j6MlqrGZivsm3uHw+0IhWql6jTMeqgwi1t5N6dHofi6c lIIZfiYJ2UaRyylOOXUa6JpfIDJqhIlGD3HKZDlhXcwCBlYo9K7gzjB1DIqot5cK HEfx8doq2d/CbkCDygX1lD/4O6l1DMibUYb1UHXdMebStwVvJ5y1w== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, linux390-list@tuxmaker.boeblingen.de.ibm.com, linux-s390@vger.kernel.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com, fcallies@linux.ibm.com, cohuck@redhat.com Subject: [PATCH v7 03/17] target/s390x: Support cpacf sha256 Date: Wed, 17 Jun 2026 11:48:06 +0200 Message-ID: <20260617094820.34402-4-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260617094820.34402-1-freude@linux.ibm.com> References: <20260617094820.34402-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: xhwP2IthdpmNeDIzJdE31-nCsQee-Qok X-Authority-Analysis: v=2.4 cv=Le0MLDfi c=1 sm=1 tr=0 ts=6a326d6a cx=c_pps a=5BHTudwdYE3Te8bg5FgnPg==:117 a=5BHTudwdYE3Te8bg5FgnPg==:17 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=RzCfie-kr_QcCd8fBx8p:22 a=VnNF1IyMAAAA:8 a=Oku5TADFz1XGWIWXx1gA:9 X-Proofpoint-Spam-Info: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfX7+eIIOAkUiqC WF065TJdSVeukuUWzl+9vmnVIdFGb8EJvYpnd0dxfZiNMYVfJnEuToj8HodKAyDl8OP7LTTIHZ2 7z96jaWoDckmVY/hBtqxEIbUL5NsTfw= X-Proofpoint-ORIG-GUID: xhwP2IthdpmNeDIzJdE31-nCsQee-Qok X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfX+ppJnKJjXlJS J60enK9UQGP0OsR0UXxACS3QIlbfff9pCCCmvQdi744BfIKiDVAFVHfGr9AM21HHIT+G4Y7EQ4K EhjO2G2zarWCrZdQ46yjrtshkDRNxWIEr025703ySLKBqpquxPpogGmmDjSneCXPKgbcBpyuDMG Tz4cPbi7fZ3aLkzYMOGvcny/57/K7FBnapoudkN0lT2vr7amjOO7juCgfHpHdg7fhAlxEoHrAAo /1Te0WgvJiEwaqo7j90uPdmcD+QaNGH2pqJaDDIzM5Uz3WEOhpZ1KUDTEQUGFdFHJ/kaLlHczBa JiUN9ZaBYYO7GU02++pIH9zP2PUUatDzoop8q4AqVzyXj5MjDJ9ZRJIopt+nMyKtOhU8BuS1h/F FOeqr5Oqg7+dVRQ3pMhYs0xwgVhNpTA33CTeV1C74xC+hbL5wlSYj5RHsYeavNAhTidln+X8F4g YASdOxxx8OHPN+WQZLA== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-17_01,2026-06-16_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 priorityscore=1501 malwarescore=0 spamscore=0 suspectscore=0 impostorscore=0 phishscore=0 lowpriorityscore=0 bulkscore=0 adultscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2606150000 definitions=main-2606170092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1781689796804158500 Content-Type: text/plain; charset="utf-8" Add a new file cpacf_sha256.c which implements sha256. Add support for the sha256 subfuction for CPACF kimd and klmd. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler Reviewed-by: Finn Callies --- target/s390x/gen-features.c | 2 + target/s390x/tcg/cpacf.h | 5 + target/s390x/tcg/cpacf_sha256.c | 232 +++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 8 ++ target/s390x/tcg/meson.build | 1 + 5 files changed, 248 insertions(+) create mode 100644 target/s390x/tcg/cpacf_sha256.c diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 8218e6470e..5cf5b92c37 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -916,7 +916,9 @@ static uint16_t qemu_V7_1[] =3D { */ static uint16_t qemu_MAX[] =3D { S390_FEAT_MSA_EXT_5, + S390_FEAT_KIMD_SHA_256, S390_FEAT_KIMD_SHA_512, + S390_FEAT_KLMD_SHA_256, S390_FEAT_KLMD_SHA_512, S390_FEAT_PRNO_TRNG, }; diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index d27839ddd9..e2c36306b2 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -8,6 +8,11 @@ #ifndef S390X_CPACF_H #define S390X_CPACF_H =20 +/* from crypto_sha256.c */ +int cpacf_sha256(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *message_reg, uint64_t *len= _reg, + uint32_t type); + /* from crypto_sha512.c */ int cpacf_sha512(CPUS390XState *env, const int mmu_idx, uintptr_t ra, uint64_t param_addr, uint64_t *message_reg, uint64_t *len= _reg, diff --git a/target/s390x/tcg/cpacf_sha256.c b/target/s390x/tcg/cpacf_sha25= 6.c new file mode 100644 index 0000000000..baffa2f44b --- /dev/null +++ b/target/s390x/tcg/cpacf_sha256.c @@ -0,0 +1,232 @@ +/* + * s390 cpacf sha256 + * + * Authors: + * Harald Freudenberger + * + * The sha256 implementation here is more or less a copy-and-paste + * from Jason A. Donenfeld's implementation of sha 512 with adaptions + * for sha 256. + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" +#include "s390x-internal.h" +#include "tcg_s390x.h" +#include "exec/helper-proto.h" +#include "accel/tcg/cpu-ldst-common.h" +#include "accel/tcg/cpu-mmu-index.h" +#include "cpacf.h" + +static uint32_t R(uint32_t x, int c) +{ + return (x >> c) | (x << (32 - c)); +} +static uint32_t Ch(uint32_t x, uint32_t y, uint32_t z) +{ + return (x & y) ^ (~x & z); +} +static uint32_t Maj(uint32_t x, uint32_t y, uint32_t z) +{ + return (x & y) ^ (x & z) ^ (y & z); +} +static uint32_t Sigma0(uint32_t x) +{ + return R(x, 2) ^ R(x, 13) ^ R(x, 22); +} +static uint32_t Sigma1(uint32_t x) +{ + return R(x, 6) ^ R(x, 11) ^ R(x, 25); +} +static uint32_t sigma0(uint32_t x) +{ + return R(x, 7) ^ R(x, 18) ^ (x >> 3); +} +static uint32_t sigma1(uint32_t x) +{ + return R(x, 17) ^ R(x, 19) ^ (x >> 10); +} + +static const uint32_t K[64] =3D { + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, + 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, + 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, + 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, + 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, + 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2, +}; + +/* a is icv/ocv, w is a single message block. w will get reused internally= . */ +static void sha256_bda(uint32_t a[8], uint32_t w[16]) +{ + uint32_t t, z[8], b[8]; + int i, j; + + memcpy(z, a, sizeof(z)); + for (i =3D 0; i < 64; i++) { + memcpy(b, a, sizeof(b)); + + t =3D a[7] + Sigma1(a[4]) + Ch(a[4], a[5], a[6]) + K[i] + w[i % 16= ]; + b[7] =3D t + Sigma0(a[0]) + Maj(a[0], a[1], a[2]); + b[3] +=3D t; + for (j =3D 0; j < 8; ++j) { + a[(j + 1) % 8] =3D b[j]; + } + if (i % 16 =3D=3D 15) { + for (j =3D 0; j < 16; ++j) { + w[j] +=3D w[(j + 9) % 16] + sigma0(w[(j + 1) % 16]) + + sigma1(w[(j + 14) % 16]); + } + } + } + + for (i =3D 0; i < 8; i++) { + a[i] +=3D z[i]; + } +} + +/* a is icv/ocv, w is a single message block that needs be32 conversion. */ +static void sha256_bda_be32(uint32_t a[8], uint32_t w[16]) +{ + uint32_t t[16]; + int i; + + for (i =3D 0; i < 16; i++) { + t[i] =3D be32_to_cpu(w[i]); + } + sha256_bda(a, t); +} + +static void sha256_read_icv(CPUS390XState *env, const int mmu_idx, + uint64_t addr, uint32_t a[8], uintptr_t ra) +{ + const MemOpIdx oi =3D make_memop_idx(MO_BE | MO_32 | MO_UNALN, mmu_idx= ); + + for (int i =3D 0; i < 8; i++, addr +=3D 4) { + addr =3D wrap_address(env, addr); + a[i] =3D cpu_ldl_mmu(env, addr, oi, ra); + } +} + +static void sha256_write_ocv(CPUS390XState *env, const int mmu_idx, + uint64_t addr, uint32_t a[8], uintptr_t ra) +{ + const MemOpIdx oi =3D make_memop_idx(MO_BE | MO_32 | MO_UNALN, mmu_idx= ); + + for (int i =3D 0; i < 8; i++, addr +=3D 4) { + addr =3D wrap_address(env, addr); + cpu_stl_mmu(env, addr, a[i], oi, ra); + } +} + +static void sha256_read_block(CPUS390XState *env, const int mmu_idx, + uint64_t addr, uint32_t a[16], uintptr_t ra) +{ + const MemOpIdx oi =3D make_memop_idx(MO_BE | MO_32 | MO_UNALN, mmu_idx= ); + + for (int i =3D 0; i < 16; i++, addr +=3D 4) { + addr =3D wrap_address(env, addr); + a[i] =3D cpu_ldl_mmu(env, addr, oi, ra); + } +} + +static void sha256_read_mbl_be32(CPUS390XState *env, const int mmu_idx, + uint64_t addr, uint8_t a[8], uintptr_t ra) +{ + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + + for (int i =3D 0; i < 8; i++, addr +=3D 1) { + addr =3D wrap_address(env, addr); + a[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } +} + +int cpacf_sha256(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *message_reg, uint64_t *len= _reg, + uint32_t type) +{ + enum { MAX_BLOCKS_PER_RUN =3D 128 }; /* 128 * 64 =3D 8K */ + uint64_t len =3D *len_reg, processed =3D 0; + int i, message_reg_len =3D 64; + uint32_t a[8]; + + g_assert(type =3D=3D S390_FEAT_TYPE_KIMD || type =3D=3D S390_FEAT_TYPE= _KLMD); + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + message_reg_len =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* KIMD: length has to be properly aligned. */ + if (type =3D=3D S390_FEAT_TYPE_KIMD && !QEMU_IS_ALIGNED(len, 64)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + sha256_read_icv(env, mmu_idx, param_addr, a, ra); + + /* Process full blocks first. */ + for (; len >=3D 64; len -=3D 64, processed +=3D 64) { + uint32_t w[16]; + + if (processed >=3D MAX_BLOCKS_PER_RUN * 64) { + break; + } + + sha256_read_block(env, mmu_idx, *message_reg + processed, w, ra); + sha256_bda(a, w); + } + + /* KLMD: Process partial/empty block last. */ + if (type =3D=3D S390_FEAT_TYPE_KLMD && len < 64) { + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + uint8_t x[64]; + + /* Read the remainder of the message byte-per-byte. */ + for (i =3D 0; i < len; i++) { + uint64_t addr =3D wrap_address(env, *message_reg + processed += i); + + x[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + /* Pad the remainder with zero and set the top bit. */ + memset(x + len, 0, 64 - len); + x[len] =3D 0x80; + + /* + * Place the MBL either into this block (if there is space left), + * or use an additional one. + */ + if (len < 56) { + sha256_read_mbl_be32(env, mmu_idx, param_addr + 32, x + 56, ra= ); + } + sha256_bda_be32(a, (uint32_t *)x); + + if (len >=3D 56) { + memset(x, 0, 56); + sha256_read_mbl_be32(env, mmu_idx, param_addr + 32, x + 56, ra= ); + sha256_bda_be32(a, (uint32_t *)x); + } + + processed +=3D len; + len =3D 0; + } + + /* + * Modify memory after we read all inputs and modify registers only af= ter + * writing memory succeeded. + * + * TODO: if writing fails halfway through (e.g., when crossing page + * boundaries), we're in trouble. We'd need something like access_prep= are(). + */ + sha256_write_ocv(env, mmu_idx, param_addr, a, ra); + *message_reg =3D deposit64(*message_reg, 0, message_reg_len, + *message_reg + processed); + *len_reg -=3D processed; + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 574a39258c..a701dd8c6f 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -53,6 +53,10 @@ static int cpacf_kimd(CPUS390XState *env, const int mmu_= idx, const uintptr_t ra, int rc =3D 0; =20 switch (fc) { + case 0x02: /* CPACF_KIMD_SHA_256 */ + rc =3D cpacf_sha256(env, mmu_idx, ra, env->regs[1], &env->regs[r2], + &env->regs[r2 + 1], S390_FEAT_TYPE_KIMD); + break; case 0x03: /* CPACF_KIMD_SHA_512 */ rc =3D cpacf_sha512(env, mmu_idx, ra, env->regs[1], &env->regs[r2], &env->regs[r2 + 1], S390_FEAT_TYPE_KIMD); @@ -70,6 +74,10 @@ static int cpacf_klmd(CPUS390XState *env, const int mmu_= idx, const uintptr_t ra, int rc =3D 0; =20 switch (fc) { + case 0x02: /* CPACF_KLMD_SHA_256 */ + rc =3D cpacf_sha256(env, mmu_idx, ra, env->regs[1], &env->regs[r2], + &env->regs[r2 + 1], S390_FEAT_TYPE_KLMD); + break; case 0x03: /* CPACF_KLMD_SHA_512 */ rc =3D cpacf_sha512(env, mmu_idx, ra, env->regs[1], &env->regs[r2], &env->regs[r2 + 1], S390_FEAT_TYPE_KLMD); diff --git a/target/s390x/tcg/meson.build b/target/s390x/tcg/meson.build index 54a87393a3..8ae8da9708 100644 --- a/target/s390x/tcg/meson.build +++ b/target/s390x/tcg/meson.build @@ -5,6 +5,7 @@ s390x_ss.add(when: 'CONFIG_TCG', if_true: files( )) s390x_common_ss.add(when: 'CONFIG_TCG', if_true: files( 'cc_helper.c', + 'cpacf_sha256.c', 'cpacf_sha512.c', 'crypto_helper.c', 'excp_helper.c', --=20 2.43.0 From nobody Thu Jun 18 13:20:44 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1781689840; cv=none; d=zohomail.com; s=zohoarc; b=TEByrkiIhfxcWwradHTA06cTsvrVxa+1pKXoToiSrN9DJYbGlqZ+WGSXxQlGxSWiL6XjIdwG+dq082o5s2BWoUC3d2Y9AU1WijuC9klDwdOuzQ9qyIs+iYC8QdTfFswVnA1WJGvh3QHm/Hh84Piv7qKssWoFt0qdICuxJsqliRw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1781689840; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=5QEzqbYULvvp8bcxzzys8AZt/rvqXneaK6TdDr8e0fE=; b=fDdM3qW1VPXRz6QRwuZpxpfaalRLg3mvra3/fRxNLR2yUHykeTCj0d9/tB6No1eC/L/6ZKrR3iuoL/CoUMV8/1MhZ8/K9z+LsS0OJ7nOK8oRyR5GjZ81R/WtoUP7ny9NvTY75jc8OB9K/OEq6hfXzsroB7A3F/hl5lW1YQ5+ca8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1781689840287795.5895865758049; Wed, 17 Jun 2026 02:50:40 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wZmt1-0007Ax-9h; Wed, 17 Jun 2026 05:48:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmsw-00075Q-Kz; Wed, 17 Jun 2026 05:48:38 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmst-00039o-Rh; Wed, 17 Jun 2026 05:48:38 -0400 Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 65H8mImV4041007; Wed, 17 Jun 2026 09:48:27 GMT Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eueqxa7xf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:26 +0000 (GMT) Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 65H9YcpF008171; Wed, 17 Jun 2026 09:48:26 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4eudvaags0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:26 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 65H9mMnT27197938 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 17 Jun 2026 09:48:22 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1B85720043; Wed, 17 Jun 2026 09:48:22 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D9B282004B; Wed, 17 Jun 2026 09:48:21 +0000 (GMT) Received: from funtu2.ehn-de.ibm.com (unknown [9.224.92.54]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 17 Jun 2026 09:48:21 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=5QEzqbYULvvp8bcxz zys8AZt/rvqXneaK6TdDr8e0fE=; b=fdYj57dK9Rr1ZR3jRJT8N6STNZC+lESDl Acz99aVCNXyVcl2fKvzeHrX3LiMVXigA0nLMVKqlT+xUTmHTzLm88J38BuPsQXTt eDXCyR2CQcenOCW9aLcsq7nJTAI8+dv1RB7ftgrqwRPwpBlvhV26C2dHes939Zaf 1PTPfg9Na7PJr1dj7yalaQePDmpt7Rem0QtQlIB33shnM8s4rhhp62qXmnQccG+8 T6XuC6bxEgiyZoGe4oEEYLSXk0FQgKzi/6xLuoM0qNDwgz2AI7QzWWxTMRKk6EkT ZrpemZeEVU6NuqSvHF0r/GFsLU/TAB8+sfJTEq5fKSKiclI9hwCbA== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, linux390-list@tuxmaker.boeblingen.de.ibm.com, linux-s390@vger.kernel.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com, fcallies@linux.ibm.com, cohuck@redhat.com Subject: [PATCH v7 04/17] target/s390x: Support AES ECB for cpacf km instruction Date: Wed, 17 Jun 2026 11:48:07 +0200 Message-ID: <20260617094820.34402-5-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260617094820.34402-1-freude@linux.ibm.com> References: <20260617094820.34402-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=OcSoyBTY c=1 sm=1 tr=0 ts=6a326d6a cx=c_pps a=GFwsV6G8L6GxiO2Y/PsHdQ==:117 a=GFwsV6G8L6GxiO2Y/PsHdQ==:17 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=V8glGbnc2Ofi9Qvn3v5h:22 a=VnNF1IyMAAAA:8 a=UeJqcyLMtA2A8E2_xXgA:9 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfX38O8HKZVLakK jmkJBnu1PAVYae2sANhQCWF1HTKGG4yffr0pKMtotJsJsJCoorAXge3TFgXo5RM9R7ZQb32feo7 XQJjxPyIOrKjaZ3e1JQplOmf3D/RbgdLFHs9nl9JNdFI5k1MyNJLZf1sTSVRF3QxAQgy02AP42F GToA2krEqybSl3mQLWwi2xq7XKaJxf22fym7qKdqXpR0oFEIU2y01y5Mk842ELdW5Gp7o66K8Lu 2VaYZoGBfl4ktdjNDiyb2EOr4lO5+N6bM1HfkTLXAc72vyo4mr8uK+k7NoA/5HpdoVSEkGMc+tT WUKIMJxHouGkbq1sr3TqWoCQmn4r2XZRnP3YtSX8Z33sUDWdMYUDjNWlQ0m26yDym1MhypkKOFN rBm6j/o0+YvFRO+wfiMNOINTcfTjtIkylhQ5TxgB6yULepY8hhptquaVrdg3Jsl7HqY1xxQhokG JxCnylcViaERv+X630g== X-Proofpoint-GUID: SpBwC9OZTsTfxBmUtXeYuuASorlAmBGu X-Proofpoint-Spam-Info: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfXxMYiDE2l5vut wwuFbRgJgtwx1syWUb36jFd0A5VbBLZKALbenjQH2U3d2G4ek0qUBr+RQR3kBb/gLKqzLGTBQG1 R8f9Q5dVqr7xHfHyxgdARzfqUGJEER4= X-Proofpoint-ORIG-GUID: SpBwC9OZTsTfxBmUtXeYuuASorlAmBGu X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-17_01,2026-06-16_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 phishscore=0 bulkscore=0 suspectscore=0 lowpriorityscore=0 impostorscore=0 malwarescore=0 spamscore=0 adultscore=0 clxscore=1015 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2606150000 definitions=main-2606170092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1781689840758158500 Content-Type: text/plain; charset="utf-8" Support the subfunctions CPACF_KM_AES_128, CPACF_KM_AES_192 and CPACF_KM_AES_256 for the cpacf km instruction. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler Reviewed-by: Finn Callies --- target/s390x/gen-features.c | 3 + target/s390x/tcg/cpacf.h | 6 ++ target/s390x/tcg/cpacf_aes.c | 113 +++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 24 +++++++ target/s390x/tcg/meson.build | 1 + 5 files changed, 147 insertions(+) create mode 100644 target/s390x/tcg/cpacf_aes.c diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 5cf5b92c37..a35d1fd2f9 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -921,6 +921,9 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KLMD_SHA_256, S390_FEAT_KLMD_SHA_512, S390_FEAT_PRNO_TRNG, + S390_FEAT_KM_AES_128, + S390_FEAT_KM_AES_192, + S390_FEAT_KM_AES_256, }; =20 /****** END FEATURE DEFS ******/ diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index e2c36306b2..36d0c81893 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -18,4 +18,10 @@ int cpacf_sha512(CPUS390XState *env, const int mmu_idx, = uintptr_t ra, uint64_t param_addr, uint64_t *message_reg, uint64_t *len= _reg, uint32_t type); =20 +/* from crypto_aes.c */ +int cpacf_aes_ecb(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint32_t type, uint8_t fc, uint8_t mod); + #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c new file mode 100644 index 0000000000..ba836f1473 --- /dev/null +++ b/target/s390x/tcg/cpacf_aes.c @@ -0,0 +1,113 @@ +/* + * s390 cpacf aes + * + * Authors: + * Harald Freudenberger + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" +#include "s390x-internal.h" +#include "tcg_s390x.h" +#include "accel/tcg/cpu-ldst-common.h" +#include "accel/tcg/cpu-mmu-index.h" +#include "crypto/aes.h" +#include "cpacf.h" + +static void aes_read_block(CPUS390XState *env, const int mmu_idx, + uint64_t addr, uint8_t *a, uintptr_t ra) +{ + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + uint64_t _addr; + + for (int i =3D 0; i < AES_BLOCK_SIZE; i++, addr +=3D 1) { + _addr =3D wrap_address(env, addr); + a[i] =3D cpu_ldb_mmu(env, _addr, oi, ra); + } +} + +static void aes_write_block(CPUS390XState *env, const int mmu_idx, + uint64_t addr, uint8_t *a, uintptr_t ra) +{ + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + uint64_t _addr; + + for (int i =3D 0; i < AES_BLOCK_SIZE; i++, addr +=3D 1) { + _addr =3D wrap_address(env, addr); + cpu_stb_mmu(env, _addr, a[i], oi, ra); + } +} + +int cpacf_aes_ecb(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint32_t type, uint8_t fc, uint8_t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; + uint64_t addr, len =3D *src_len_reg, done =3D 0; + int i, keysize, addr_reg_size =3D 64; + uint8_t key[32]; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KM); + switch (fc) { + case 0x12: /* CPACF_KM_AES_128 */ + keysize =3D 16; + break; + case 0x13: /* CPACF_KM_AES_192 */ + keysize =3D 24; + break; + case 0x14: /* CPACF_KM_AES_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + addr_reg_size =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + + /* expand key */ + if (mod) { + AES_set_decrypt_key(key, keysize * 8, &exkey); + } else { + AES_set_encrypt_key(key, keysize * 8, &exkey); + } + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); + if (mod) { + AES_decrypt(in, out, &exkey); + } else { + AES_encrypt(in, out, &exkey); + } + aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); + len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; + } + + *src_ptr_reg =3D deposit64(*src_ptr_reg, 0, addr_reg_size, + *src_ptr_reg + done); + *dst_ptr_reg =3D deposit64(*dst_ptr_reg, 0, addr_reg_size, + *dst_ptr_reg + done); + *src_len_reg -=3D done; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index a701dd8c6f..6585dfd4e7 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -89,6 +89,27 @@ static int cpacf_klmd(CPUS390XState *env, const int mmu_= idx, const uintptr_t ra, return rc; } =20 +static int cpacf_km(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint32_t r1, uint32_t r2, uint32_t r3, + uint8_t fc, uint8_t mod) +{ + int rc =3D 0; + + switch (fc) { + case 0x12: /* CPACF_KM_AES_128 */ + case 0x13: /* CPACF_KM_AES_192 */ + case 0x14: /* CPACF_KM_AES_256 */ + rc =3D cpacf_aes_ecb(env, mmu_idx, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], + S390_FEAT_TYPE_KM, fc, mod); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + static int cpacf_ppno(CPUS390XState *env, const int mmu_idx, uintptr_t ra, uint32_t r1, uint32_t r2, uint32_t r3, uint8_t fc) { @@ -156,6 +177,9 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, u= int32_t r2, uint32_t r3, case S390_FEAT_TYPE_PPNO: rc =3D cpacf_ppno(env, mmu_idx, ra, r1, r2, r3, fc); break; + case S390_FEAT_TYPE_KM: + rc =3D cpacf_km(env, mmu_idx, ra, r1, r2, r3, fc, mod); + break; default: g_assert_not_reached(); } diff --git a/target/s390x/tcg/meson.build b/target/s390x/tcg/meson.build index 8ae8da9708..6f2e75764b 100644 --- a/target/s390x/tcg/meson.build +++ b/target/s390x/tcg/meson.build @@ -5,6 +5,7 @@ s390x_ss.add(when: 'CONFIG_TCG', if_true: files( )) s390x_common_ss.add(when: 'CONFIG_TCG', if_true: files( 'cc_helper.c', + 'cpacf_aes.c', 'cpacf_sha256.c', 'cpacf_sha512.c', 'crypto_helper.c', --=20 2.43.0 From nobody Thu Jun 18 13:20:44 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1781689806; cv=none; d=zohomail.com; s=zohoarc; b=iChQTIZik0oQxBENWc7hAbucjh31kmwa2jcUrqjtJIp3O6GukYgCHggnFO1fD5Hog3IGsJ6XLxDI2qVdF6Jlv5SonhS9EL1SrFMRxdWqrbd0VT78nWDQ28O9oaAQeZrIRjS/3XnTcDC9tdMj+9a6TTp511KiYxViPXQZlpO2RrQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1781689806; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=/TTIoZJjMyVrnBAPlj9qOqPGCDyzP1uozw4zO+Q+dw0=; b=MfDYoSX7IuXHxdypQTk9VhnGolFBEpaETzwiHtZZVAlQWQK5PQh6+n8Vdyn52FF0k/V2twsKfl8goZlvXeou9iR7Krg+kEYubDQeXzPMWRfgLGbC5gvw3Q9MQEZwIHr03CKfn93KQJatEq3VZZZLG4k+WGRnz3uHMucz9PZ0TO4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1781689806890468.0578957419715; Wed, 17 Jun 2026 02:50:06 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wZmsx-00077K-ON; Wed, 17 Jun 2026 05:48:39 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmst-00072C-Po; Wed, 17 Jun 2026 05:48:35 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmsr-00038H-MD; Wed, 17 Jun 2026 05:48:35 -0400 Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 65H8mBtx4104780; Wed, 17 Jun 2026 09:48:27 GMT Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eueqvt90c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:27 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 65H9ZIEc011099; Wed, 17 Jun 2026 09:48:26 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4eudvajgv0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:26 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 65H9mM7A27197940 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 17 Jun 2026 09:48:22 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5041220043; Wed, 17 Jun 2026 09:48:22 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 206EA2004E; Wed, 17 Jun 2026 09:48:22 +0000 (GMT) Received: from funtu2.ehn-de.ibm.com (unknown [9.224.92.54]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 17 Jun 2026 09:48:22 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=/TTIoZJjMyVrnBAPl j9qOqPGCDyzP1uozw4zO+Q+dw0=; b=X/lx24OOJDrkQIBDwdUknhHpimLGjJxj7 pri5jKxbZSbaa+B/3q7wyrxeQE1cRvoT1O9FCXRzAztRRsTT/Diz6rhoZhcOM54e xW9qWdKTnihKGrn3IqZzzhL6BWP+ynf87FTMKULCtUZU1+Gn1Oz2pRxDAiNDZWAp Z3rDfA1mzo9SczJChVnAw6U7aN7C/rTs+Vg4Uws20hVJKGlgDAlWjD83WL+KJVSu 37w7rtnDDJQudw40cmSRq4weDO0JVad2qTqQk4Q+xrXVbLY27kZX5cAJvmDWqxje E3Ard4F9Twqko66ygd+hxY8WXfghre49RpQQagjlN3nbVpYkgZ29Q== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, linux390-list@tuxmaker.boeblingen.de.ibm.com, linux-s390@vger.kernel.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com, fcallies@linux.ibm.com, cohuck@redhat.com Subject: [PATCH v7 05/17] target/s390x: Support AES CBC for cpacf kmc instruction Date: Wed, 17 Jun 2026 11:48:08 +0200 Message-ID: <20260617094820.34402-6-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260617094820.34402-1-freude@linux.ibm.com> References: <20260617094820.34402-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Info: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfX351a+jY4d0pe HQVcSv7XOXhMpKHsPlYieJEBTWDFPQZrqmAZZqd1eMiFuAU/uhgW+TczlE7/cYRjqJGFW1X2R/m KFi9zaGk8FqtGjoHDpDeMjRzynywlRY= X-Proofpoint-GUID: ZKNzZ3Z_YNcBZAUSvjIwJQK4OgPn0kKK X-Authority-Analysis: v=2.4 cv=bMgm5v+Z c=1 sm=1 tr=0 ts=6a326d6b cx=c_pps a=3Bg1Hr4SwmMryq2xdFQyZA==:117 a=3Bg1Hr4SwmMryq2xdFQyZA==:17 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=U7nrCbtTmkRpXpFmAIza:22 a=VnNF1IyMAAAA:8 a=4s_zGP7M7QCs5o7xjogA:9 X-Proofpoint-ORIG-GUID: ZKNzZ3Z_YNcBZAUSvjIwJQK4OgPn0kKK X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfX3zKOSDr2WLnz TVYuk9LNutAdHUUJru+2gSvthRLgnJlEw3hJx/07RBTg79GV88BreBzvMcGdrSi0FpXwvOXxDkw LgforRIs/UnqffUQYMUA0DKqOAt1zGKJeKv7z4pETQpWcV9ndhjk0EyRQYDMIyUube0hs8FkTsZ zt81rXVb3uyD5su9H89ARjWsVf6Lu58QaIyDgv5G8a1cH0lUJPieTj3Er2tfIIau7536pB5LIhf Opb5Crw8CGdIqcsKH6W7Qpb8SeCINMUMeAModGVgKGoB079PVgmSHVA7ijfpfwphGpgQb7TM4+S sTmsn0sWKtqTBQsAot1wFZ2xs3dEgYES9niyqSSG2HZWxqPvPrClikvRlUFfyeucOGj3GW9Gey7 RBn495M7qQx3I5fkzcntTpKYHhd6FRDxBG1w2KdeT+fLpTTUBhEll+460i8scF60pVeaxtMnGRw xymZNQ7lKKS94k09bxQ== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-17_01,2026-06-16_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 impostorscore=0 malwarescore=0 adultscore=0 spamscore=0 bulkscore=0 priorityscore=1501 phishscore=0 clxscore=1015 lowpriorityscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2606150000 definitions=main-2606170092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=freude@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1781689808641158500 Content-Type: text/plain; charset="utf-8" Support the subfunctions CPACF_KMC_AES_128, CPACF_KMC_AES_192 and CPACF_KMC_AES_256 for the cpacf kmc instruction. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler Reviewed-by: Finn Callies --- target/s390x/gen-features.c | 3 + target/s390x/tcg/cpacf.h | 4 ++ target/s390x/tcg/cpacf_aes.c | 102 +++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 24 ++++++++ 4 files changed, 133 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index a35d1fd2f9..9c0c0b229f 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -924,6 +924,9 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KM_AES_128, S390_FEAT_KM_AES_192, S390_FEAT_KM_AES_256, + S390_FEAT_KMC_AES_128, + S390_FEAT_KMC_AES_192, + S390_FEAT_KMC_AES_256, }; =20 /****** END FEATURE DEFS ******/ diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 36d0c81893..8b21b16147 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -23,5 +23,9 @@ int cpacf_aes_ecb(CPUS390XState *env, const int mmu_idx, = uintptr_t ra, uint64_t param_addr, uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint32_t type, uint8_t fc, uint8_t mod); +int cpacf_aes_cbc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint32_t type, uint8_t fc, uint8_t mod); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index ba836f1473..6412cc187d 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -111,3 +111,105 @@ int cpacf_aes_ecb(CPUS390XState *env, const int mmu_i= dx, uintptr_t ra, =20 return !len ? 0 : 3; } + +static void aes_xor(const uint8_t *src1, const uint8_t *src2, uint8_t *dst) +{ + for (int i =3D 0; i < AES_BLOCK_SIZE; i++) { + dst[i] =3D src1[i] ^ src2[i]; + } +} + +int cpacf_aes_cbc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint32_t type, uint8_t fc, uint8_t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + uint64_t addr, len =3D *src_len_reg, done =3D 0; + int i, keysize, addr_reg_size =3D 64; + uint8_t key[32], iv[AES_BLOCK_SIZE]; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KMC); + + switch (fc) { + case 0x12: /* CPACF_KMC_AES_128 */ + keysize =3D 16; + break; + case 0x13: /* CPACF_KMC_AES_192 */ + keysize =3D 24; + break; + case 0x14: /* CPACF_KMC_AES_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + addr_reg_size =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch iv from param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + i); + iv[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + + /* fetch key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + AES_BLOCK_SIZE + i); + key[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + + /* expand key */ + if (mod) { + AES_set_decrypt_key(key, keysize * 8, &exkey); + } else { + AES_set_encrypt_key(key, keysize * 8, &exkey); + } + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); + if (mod) { + /* decrypt in =3D> buf */ + AES_decrypt(in, buf, &exkey); + /* buf xor iv =3D> out */ + aes_xor(buf, iv, out); + /* prep iv for next round */ + memcpy(iv, in, AES_BLOCK_SIZE); + } else { + /* in xor iv =3D> buf */ + aes_xor(in, iv, buf); + /* encrypt buf =3D> out */ + AES_encrypt(buf, out, &exkey); + /* prep iv for next round */ + memcpy(iv, out, AES_BLOCK_SIZE); + } + aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); + len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; + } + + /* update iv in param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + i); + cpu_stb_mmu(env, addr, iv[i], oi, ra); + } + + *src_ptr_reg =3D deposit64(*src_ptr_reg, 0, addr_reg_size, + *src_ptr_reg + done); + *dst_ptr_reg =3D deposit64(*dst_ptr_reg, 0, addr_reg_size, + *dst_ptr_reg + done); + *src_len_reg -=3D done; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 6585dfd4e7..b6f7696809 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -110,6 +110,27 @@ static int cpacf_km(CPUS390XState *env, const int mmu_= idx, uintptr_t ra, return rc; } =20 +static int cpacf_kmc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint32_t r1, uint32_t r2, uint32_t r3, + uint8_t fc, uint8_t mod) +{ + int rc =3D 0; + + switch (fc) { + case 0x12: /* CPACF_KMC_AES_128 */ + case 0x13: /* CPACF_KMC_AES_192 */ + case 0x14: /* CPACF_KMC_AES_256 */ + rc =3D cpacf_aes_cbc(env, mmu_idx, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], + S390_FEAT_TYPE_KMC, fc, mod); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + static int cpacf_ppno(CPUS390XState *env, const int mmu_idx, uintptr_t ra, uint32_t r1, uint32_t r2, uint32_t r3, uint8_t fc) { @@ -180,6 +201,9 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, u= int32_t r2, uint32_t r3, case S390_FEAT_TYPE_KM: rc =3D cpacf_km(env, mmu_idx, ra, r1, r2, r3, fc, mod); break; + case S390_FEAT_TYPE_KMC: + rc =3D cpacf_kmc(env, mmu_idx, ra, r1, r2, r3, fc, mod); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Thu Jun 18 13:20:44 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1781689826; cv=none; d=zohomail.com; s=zohoarc; b=M4xwbTuWOTTQQH98MfzSr7MOF35gDaX1jd6FkSmgiGd87ZsFUVEJ86srOTsJwagNoz7NgIDLQz/3J7qX5SXJUUWsMyCCJ9o+QsE0YYKjo1WCGIQ/QiIYPSxqxW1LknNugbC+HtfNvBKIe+WE3Cct/xaw3KdSq1rm1b1qlUV5SsU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1781689826; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=OeKr1D+NRHQZVeRBNcji4Qw0ZqTzZytuXqG+mvonh8o=; b=PKW2q+Puac75VgqRRTthvMHlrzvDSeSHEubQ7MjJ2cSd73FKzyeVITH1QJgA5Wx2hOwqGk08dbP/VIIe81ERBI+H1TltLiW1i73YMfPArfdptzcA5IkCn4nKmqKSy3OGbYaLMNS1H/Xf2KLNV96F9TbDB0DxolkoT0zRGuVnyzo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1781689826363118.9252562650264; Wed, 17 Jun 2026 02:50:26 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wZmt1-0007Cl-Kv; Wed, 17 Jun 2026 05:48:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmsv-00073n-7Z; Wed, 17 Jun 2026 05:48:37 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmss-00038Z-BB; Wed, 17 Jun 2026 05:48:36 -0400 Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 65H8mXGu4105269; Wed, 17 Jun 2026 09:48:27 GMT Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eueqvt90d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:27 +0000 (GMT) Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 65H9Ybve009172; Wed, 17 Jun 2026 09:48:26 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 4eudva2hjf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:26 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 65H9mMeu47841586 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 17 Jun 2026 09:48:22 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 82B6020043; Wed, 17 Jun 2026 09:48:22 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 546B12004B; Wed, 17 Jun 2026 09:48:22 +0000 (GMT) Received: from funtu2.ehn-de.ibm.com (unknown [9.224.92.54]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 17 Jun 2026 09:48:22 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=OeKr1D+NRHQZVeRBN cji4Qw0ZqTzZytuXqG+mvonh8o=; b=DD4Z//dFpT/3wNnf/NQ3m+uKAkImO8FzZ lE3c9ZZ4S9J24biJ1Rg6L23TxenocGNZVxBQBQweTiP742zNILYY3Ve6ZvN3JaJX 27dT9z+IftUMm2F1llNJv8BRCphRlg258XuaxgAuwvO59fuuoZuZTk6YHV3lVsQk hPpGtKTYUkFv1J61tlrFdEnMnk66WpA2f7+6vnG+dPL+jZSHJCnbmjmLKUwcJKK9 nVx/AS6Sgj9O492nR9pJmWG5fa4mZrheh3kEcC/uUjwD5gWvOn1PUCGSbUyfjKwb sU1ZAAfRdN0IluCG9RvFrzT40YsnAwNtGs2Vikt7TPhhKxZsAEt/g== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, linux390-list@tuxmaker.boeblingen.de.ibm.com, linux-s390@vger.kernel.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com, fcallies@linux.ibm.com, cohuck@redhat.com Subject: [PATCH v7 06/17] target/s390x: Support AES CTR for cpacf kmctr instruction Date: Wed, 17 Jun 2026 11:48:09 +0200 Message-ID: <20260617094820.34402-7-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260617094820.34402-1-freude@linux.ibm.com> References: <20260617094820.34402-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Info: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfXxUgTtf52Dwp+ 934ssj/ADTqUqVOR6NL+9hvsumtiyxhYrYRsOZ2fkAuxukTcaiusHDg6SahnlKdmwBfepRCzWU6 lQFMve0RqqS74q7KHnukeURexUhxlB8= X-Proofpoint-GUID: eRbqFpyHkP2XpEYUqZGjoYS3jJCBd2d_ X-Authority-Analysis: v=2.4 cv=bMgm5v+Z c=1 sm=1 tr=0 ts=6a326d6b cx=c_pps a=bLidbwmWQ0KltjZqbj+ezA==:117 a=bLidbwmWQ0KltjZqbj+ezA==:17 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=U7nrCbtTmkRpXpFmAIza:22 a=VnNF1IyMAAAA:8 a=LQnWXxm1RwZjr7XDrSkA:9 X-Proofpoint-ORIG-GUID: eRbqFpyHkP2XpEYUqZGjoYS3jJCBd2d_ X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfX2VnYtQS6cmwM KkQU68/eO7Zc1gnZ8Sf2Rl+lLpVaYLa8civc3BgFXINq6ZLTToLagVtIHvNQ9FAO1Dn5VwDyZJH g5JY0B4p/KPH1QcdI1ZJrKUDJLbiVjDWf/uZPPmuIXbzIMW9D5zr+hGgI73IhHJXiUyoeZElgEQ EVjpR3zTUgBJ5N5aUgs94Zmyw1lyfX0UZCimJ1wyZ5kTDltqTKNqn88Y01JX1rA8fsT4ztuY3Cu G2K98+dNniGuqeh++DTuFZ16uRzZAait5ARYg8DDc5g2zlFSbNl11J71LRJqNMOybP15xWQGCuT DMM6ny3oIERos2sKepYxrO0ZX3uX411UM3pqjbf4pm+4b4Jf/JFPaw6IDqM3b8/+c4jytWgzVws y/MmDSS5E+PsLEiIAodA3qcnognatTJxYTwHai+rsAAUor9e+Vr7qStN7vhZrPoEUiXYEmcgRM8 eb850oeWTsnwzuVDWWQ== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-17_01,2026-06-16_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 impostorscore=0 malwarescore=0 adultscore=0 spamscore=0 bulkscore=0 priorityscore=1501 phishscore=0 clxscore=1015 lowpriorityscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2606150000 definitions=main-2606170092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=freude@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1781689826733158500 Content-Type: text/plain; charset="utf-8" Support the subfunctions CPACF_KMCTR_AES_128, CPACF_KMCTR_AES_192 and CPACF_KMCTR_AES_256 for the cpacf kmctr instruction. Signed-off-by: Harald Freudenberger Reviewed-by: Finn Callies --- target/s390x/gen-features.c | 3 ++ target/s390x/tcg/cpacf.h | 5 +++ target/s390x/tcg/cpacf_aes.c | 76 ++++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 24 ++++++++++ 4 files changed, 108 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 9c0c0b229f..59c2a47539 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -927,6 +927,9 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KMC_AES_128, S390_FEAT_KMC_AES_192, S390_FEAT_KMC_AES_256, + S390_FEAT_KMCTR_AES_128, + S390_FEAT_KMCTR_AES_192, + S390_FEAT_KMCTR_AES_256, }; =20 /****** END FEATURE DEFS ******/ diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 8b21b16147..d73cb98c38 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -27,5 +27,10 @@ int cpacf_aes_cbc(CPUS390XState *env, const int mmu_idx,= uintptr_t ra, uint64_t param_addr, uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint32_t type, uint8_t fc, uint8_t mod); +int cpacf_aes_ctr(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint64_t *ctr_ptr_reg, uint32_t type, + uint8_t fc, uint8_t mod); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index 6412cc187d..e200a9a87a 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -213,3 +213,79 @@ int cpacf_aes_cbc(CPUS390XState *env, const int mmu_id= x, uintptr_t ra, =20 return !len ? 0 : 3; } + +int cpacf_aes_ctr(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint64_t *ctr_ptr_reg, uint32_t type, + uint8_t fc, uint8_t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + uint8_t ctr[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; + uint64_t addr, len =3D *src_len_reg, done =3D 0; + int i, keysize, addr_reg_size =3D 64; + uint8_t key[32]; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KMCTR); + + switch (fc) { + case 0x12: /* CPACF_KMCTR_AES_128 */ + keysize =3D 16; + break; + case 0x13: /* CPACF_KMCTR_AES_192 */ + keysize =3D 24; + break; + case 0x14: /* CPACF_KMCTR_AES_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + addr_reg_size =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + + /* expand key */ + AES_set_encrypt_key(key, keysize * 8, &exkey); + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + /* read in nonce/ctr =3D> ctr */ + aes_read_block(env, mmu_idx, *ctr_ptr_reg + done, ctr, ra); + /* encrypt ctr =3D> buf */ + AES_encrypt(ctr, buf, &exkey); + /* read in one block of input data =3D> in */ + aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); + /* exor input data with encrypted ctr =3D> out */ + aes_xor(in, buf, out); + /* write out the processed block */ + aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); + len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; + } + + *src_ptr_reg =3D deposit64(*src_ptr_reg, 0, addr_reg_size, + *src_ptr_reg + done); + *dst_ptr_reg =3D deposit64(*dst_ptr_reg, 0, addr_reg_size, + *dst_ptr_reg + done); + *ctr_ptr_reg =3D deposit64(*ctr_ptr_reg, 0, addr_reg_size, + *ctr_ptr_reg + done); + *src_len_reg -=3D done; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index b6f7696809..98dfa37185 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -131,6 +131,27 @@ static int cpacf_kmc(CPUS390XState *env, const int mmu= _idx, uintptr_t ra, return rc; } =20 +static int cpacf_kmctr(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint32_t r1, uint32_t r2, uint32_t r3, + uint8_t fc, uint8_t mod) +{ + int rc =3D 0; + + switch (fc) { + case 0x12: /* CPACF_KMCTR_AES_128 */ + case 0x13: /* CPACF_KMCTR_AES_192 */ + case 0x14: /* CPACF_KMCTR_AES_256 */ + rc =3D cpacf_aes_ctr(env, mmu_idx, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], + &env->regs[r3], S390_FEAT_TYPE_KMCTR, fc, mod); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + static int cpacf_ppno(CPUS390XState *env, const int mmu_idx, uintptr_t ra, uint32_t r1, uint32_t r2, uint32_t r3, uint8_t fc) { @@ -204,6 +225,9 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, u= int32_t r2, uint32_t r3, case S390_FEAT_TYPE_KMC: rc =3D cpacf_kmc(env, mmu_idx, ra, r1, r2, r3, fc, mod); break; + case S390_FEAT_TYPE_KMCTR: + rc =3D cpacf_kmctr(env, mmu_idx, ra, r1, r2, r3, fc, mod); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Thu Jun 18 13:20:44 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1781689799; cv=none; d=zohomail.com; s=zohoarc; b=DnJtz305ZE9uun2tj/PweMcIMdDZtlXLEO0QaUJ8fbDog81bXez2TPDCBZj98pZzVgQ81G/dFR30Z9SxdCtLVGmYdR9KUc41u9eFJK7NZsNITAq1E1RghPKH5yhunspaBYpsp1BYMwqYwcfk2wa6HdJW8bpMXaYMfmyNHu/npMU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1781689799; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=zSZ3VjdOEdZm4Cy5E7lbwQx6q36NPD32dnucX3IJVVU=; b=QvcZ27fMYuWEExnxWdgviiSFsxKfeADMJkgZsGGY0HHjB5kpEttORkMllei2LQwJsWvX3gsGULcj6J079DzWK86s06Bw+FxRGHB2K/K+9d846mmWehLxCm+FZTd96GO7oWpKPlTXa+l2tbJdZ6oXD/P0PbfHObTNl5CPGhB6Jk8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1781689799593554.4195965798214; Wed, 17 Jun 2026 02:49:59 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wZmsz-000797-S5; Wed, 17 Jun 2026 05:48:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmsu-00072n-G0; Wed, 17 Jun 2026 05:48:36 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmss-00038r-BC; Wed, 17 Jun 2026 05:48:36 -0400 Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 65H8mlGL4003754; Wed, 17 Jun 2026 09:48:28 GMT Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eueqx28bp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:28 +0000 (GMT) Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 65H9Yg84008365; Wed, 17 Jun 2026 09:48:27 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4eudvaags3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:27 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 65H9mNDx34210294 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 17 Jun 2026 09:48:23 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B483420040; Wed, 17 Jun 2026 09:48:22 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 858972004F; Wed, 17 Jun 2026 09:48:22 +0000 (GMT) Received: from funtu2.ehn-de.ibm.com (unknown [9.224.92.54]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 17 Jun 2026 09:48:22 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=zSZ3VjdOEdZm4Cy5E 7lbwQx6q36NPD32dnucX3IJVVU=; b=nuUk4WvY57Er82boYElG8zuWbGzVBvJaP zXWrK3kW/2jJwEQD36iaNQZ7XY+Lmw/6A96YZ4mAkrEJyTywxv8G3llw3zdFKKbN GGj9DuOEVgts+gWfxsfbcFqqUax2nNlgkcA1NyG1esufsYpBlaZf4XDFdZ28Y2UR 9wOKMjF1ETecggemF5KFmVJVMBAn4/st61HfQNNshs/IdWTHMfZtLi8/5WkIvaPE dftYWfzf1kIIrGeTfRWLo3RxwmBj1nYQkRGBTTU3WVzt6VxHkSr2Cq0M7oWTPf3s gjLDUwGSgAsovd5deQ60vcxtieaWgk0tZrOoTzr9Yc+RBRFocmUog== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, linux390-list@tuxmaker.boeblingen.de.ibm.com, linux-s390@vger.kernel.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com, fcallies@linux.ibm.com, cohuck@redhat.com Subject: [PATCH v7 07/17] target/s390x: Minimal AES XTS support for cpacf pcc instruction Date: Wed, 17 Jun 2026 11:48:10 +0200 Message-ID: <20260617094820.34402-8-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260617094820.34402-1-freude@linux.ibm.com> References: <20260617094820.34402-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: _zkdLLuC_cA-w9Qi6OErg1UYZz3Ai9h8 X-Authority-Analysis: v=2.4 cv=Le0MLDfi c=1 sm=1 tr=0 ts=6a326d6c cx=c_pps a=GFwsV6G8L6GxiO2Y/PsHdQ==:117 a=GFwsV6G8L6GxiO2Y/PsHdQ==:17 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=RzCfie-kr_QcCd8fBx8p:22 a=VnNF1IyMAAAA:8 a=gr50lgQh3SlUKNVXMSoA:9 X-Proofpoint-Spam-Info: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfX9b+Y7l1Bxcf1 5OSWqOWEbAfuyij6YgiUZbVySzaRNrGITIDEmY3RgvouV+eZNiXI0BPYfBfS9Z8daMT7Jm1Y/AC gopcLmO+qQLRHTmhuI8Rbddjgfu5m0w= X-Proofpoint-ORIG-GUID: _zkdLLuC_cA-w9Qi6OErg1UYZz3Ai9h8 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfX5JdyEuy6Aeph dsmdUYOVlqnegJdGtRHmcDEXXyf8TS9/fCfp+xW53MywAdNcjeYJ+fxmwjpncaSVnJ9A/IU+Wgw SreRkFvM0OB9Hx3onqMMJBBPMv5VHxUjFNB1Vt4VRETyUUiTMjqL7G2HJe0JFcy+bYxfLkvq+c3 P/OnT8UV9mJ22zZwv/V4ykr+Qtyrzg/tcRIymIzFv6OenLgsnRP0B1moJ5Ez/VRRGo4GvuD4p0y A7y8T+th8MQniKqY+Mx3E7dtxsiz8jGdqvoa1WKtghX8Soge/SasOAyewHz285WRGd4O+jJ/BhU l1/DAJqTKUrws8WiwY+1CSOEG+U/edRLZ1TmC9EzdglgWq5l1rVBQ2fqPU8RnBzohTBINP4PSpl NK+WkDRYlIE2hVR9cVkzzg84wwxm6JK1C/ArmU+VMbj3GdnPRIwSUfXyIfc5jfV2d02pNJMWqKx ubPdkqLDkmgCGopTXOA== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-17_01,2026-06-16_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 priorityscore=1501 malwarescore=0 spamscore=0 suspectscore=0 impostorscore=0 phishscore=0 lowpriorityscore=0 bulkscore=0 adultscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2606150000 definitions=main-2606170092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1781689800566158500 Content-Type: text/plain; charset="utf-8" Support CPACF pcc subfunctions PCC-Compute-XTS-Parameter-AES-128 and PCC-Compute-XTS-Parameter-AES-128 but only for the special case block sequential number is 0. However, this covers the s390 AES XTS implementation in the Linux kernel and Libica and thus also Opencryptoki clear key via Libica. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler --- target/s390x/gen-features.c | 2 + target/s390x/tcg/cpacf.h | 2 + target/s390x/tcg/cpacf_aes.c | 71 ++++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 20 +++++++++ 4 files changed, 95 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 59c2a47539..1b6a874b90 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -930,6 +930,8 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KMCTR_AES_128, S390_FEAT_KMCTR_AES_192, S390_FEAT_KMCTR_AES_256, + S390_FEAT_PCC_XTS_AES_128, + S390_FEAT_PCC_XTS_AES_256, }; =20 /****** END FEATURE DEFS ******/ diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index d73cb98c38..381a6c3ff1 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -32,5 +32,7 @@ int cpacf_aes_ctr(CPUS390XState *env, const int mmu_idx, = uintptr_t ra, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint64_t *ctr_ptr_reg, uint32_t type, uint8_t fc, uint8_t mod); +int cpacf_aes_pcc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint8_t fc); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index e200a9a87a..43c556f31b 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -16,6 +16,13 @@ #include "crypto/aes.h" #include "cpacf.h" =20 +/* #define DEBUG_HELPER */ +#ifdef DEBUG_HELPER +#define HELPER_LOG(x...) qemu_log(x) +#else +#define HELPER_LOG(x...) +#endif + static void aes_read_block(CPUS390XState *env, const int mmu_idx, uint64_t addr, uint8_t *a, uintptr_t ra) { @@ -289,3 +296,67 @@ int cpacf_aes_ctr(CPUS390XState *env, const int mmu_id= x, uintptr_t ra, =20 return !len ? 0 : 3; } + +int cpacf_aes_pcc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint8_t fc) +{ + uint8_t key[32], tweak[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + int keysize, i; + uint64_t addr; + AES_KEY exkey; + + switch (fc) { + case 0x32: /* CPACF_PCC compute XTS param AES-128 */ + keysize =3D 16; + break; + case 0x34: /* CPACF PCC compute XTS param AES-256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + /* fetch block sequence nr from param block into buf */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + AES_BLOCK_SIZE += i); + buf[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + + /* is the block sequence nr 0 ? */ + for (i =3D 0; i < AES_BLOCK_SIZE && !buf[i]; i++) { + ; + } + if (i < AES_BLOCK_SIZE) { + /* no, sorry handling of non zero block sequence is not implemente= d */ + cpu_abort(env_cpu(env), + "PCC-compute-XTS-param with non zero block sequence is n= ot implemented\n"); + return 1; + } + + /* fetch key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + + /* fetch tweak from param block into tweak */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + tweak[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + + /* expand key */ + AES_set_encrypt_key(key, keysize * 8, &exkey); + + /* encrypt tweak */ + AES_encrypt(tweak, buf, &exkey); + + /* store encrypted tweak into xts parameter field of the param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + 3 * AES_BLOCK_SI= ZE + i); + cpu_stb_mmu(env, addr, buf[i], oi, ra); + } + + return 0; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 98dfa37185..1a0a503844 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -169,6 +169,23 @@ static int cpacf_ppno(CPUS390XState *env, const int mm= u_idx, uintptr_t ra, return rc; } =20 +static int cpacf_pcc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint8_t fc) +{ + int rc =3D 0; + + switch (fc) { + case 0x32: /* CPACF_PCC compute XTS param AES-128 */ + case 0x34: /* CPACF PCC compute XTS param AES-256 */ + rc =3D cpacf_aes_pcc(env, mmu_idx, ra, env->regs[1], fc); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, uint32_t r2, uint32_= t r3, uint32_t type) { @@ -228,6 +245,9 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, u= int32_t r2, uint32_t r3, case S390_FEAT_TYPE_KMCTR: rc =3D cpacf_kmctr(env, mmu_idx, ra, r1, r2, r3, fc, mod); break; + case S390_FEAT_TYPE_PCC: + rc =3D cpacf_pcc(env, mmu_idx, ra, fc); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Thu Jun 18 13:20:44 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1781689822; cv=none; d=zohomail.com; s=zohoarc; b=delU2k/Y3DCO0sqxHl7fg5kEyIh+s8HXB7Jj9w3vj+si9kmDBmbA3hER8WqG+oLszJ9GWRp0G7SOOHeJsT97I49jsrxn47BNglWIJop6ChZnYfMG3D50ywKqhLmfII/ZJcD2I5rYWcx8VUF7Y3wFgpk96R2PA1fI6Fb3eNZP2ss= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1781689822; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=w1rgyq+KbgxdJ9SY5ewg/Ew7WgdmMKcT8Ugp1mWH7VE=; b=cZD89fsFaanu+TGUff2+/DfsrZ9z8YXqSVWktwh2IPHSW/2hIdBpiG0xSBwonsvDTt0yTFM++UWhWrAKgKC+1QhP7+yWP/ud1txzYZT5S2vQrEH/OuO+7ZlD9oucNCuspXCuw6ok4p+IYwIeprSbLU9NzoYvrVlpzZ4Ck184x2M= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1781689822063426.1527745563727; Wed, 17 Jun 2026 02:50:22 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wZmsw-00075R-NL; Wed, 17 Jun 2026 05:48:38 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmsu-00072g-D3; Wed, 17 Jun 2026 05:48:36 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmss-00038j-6V; Wed, 17 Jun 2026 05:48:36 -0400 Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 65H8nQ2H4023014; Wed, 17 Jun 2026 09:48:28 GMT Received: from ppma22.wdc07v.mail.ibm.com (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eueqx289u-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:27 +0000 (GMT) Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1]) by ppma22.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 65H9Ycfj016263; Wed, 17 Jun 2026 09:48:27 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4eudvaahg8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:27 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 65H9mNGu60621152 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 17 Jun 2026 09:48:23 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E4E0120043; Wed, 17 Jun 2026 09:48:22 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B8FEE2005A; Wed, 17 Jun 2026 09:48:22 +0000 (GMT) Received: from funtu2.ehn-de.ibm.com (unknown [9.224.92.54]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 17 Jun 2026 09:48:22 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=w1rgyq+KbgxdJ9SY5 ewg/Ew7WgdmMKcT8Ugp1mWH7VE=; b=My56e3hsVSyiJE48Wzn58hx4BXq4FdGu0 kIbQ2Gh2GfBv59rPPp/ImbBu/upBs0Bhu8eCGT6ZK31emFNZopxJwWyZNPmq9SHM SC0eK/j+7CKe6e8OXxwAoR7gKwPeyPqyIkbGx4JReCKhFXg+q0tVS5HEzmIy4NSm MW1HwQVI9ipCXtBMCd0ZLtEVtmV6UCQy1b7hyuN93R6+Zey/YIK9czJ5e4pXwdnJ QhbkSd7xHvHFAuHs+7eipZjs8tSNG95SaBonmiLSbXKehhp9E1rSoPq/gt077MnG 2lKq/+xZ2Sam6GvUOMWR6tK4/KlG05AXIAyHSIfGb+hBLQDajQuJQ== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, linux390-list@tuxmaker.boeblingen.de.ibm.com, linux-s390@vger.kernel.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com, fcallies@linux.ibm.com, cohuck@redhat.com Subject: [PATCH v7 08/17] target/s390x: Support AES XTS for cpacf km instruction Date: Wed, 17 Jun 2026 11:48:11 +0200 Message-ID: <20260617094820.34402-9-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260617094820.34402-1-freude@linux.ibm.com> References: <20260617094820.34402-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfX7ycrsUwO9PxO TmwOKgbEXNg2hRjDO88SX42ROC8NB0CPi3KtPuk6kf70OcQV15XepaNDwpkBWdQZM0D9RK+5R2A hxUT5DyNVmM55jopWljg4zgg76PGUuLz4/LRU7459FXS/JB1WW1EZnlCnI5jQFhwM84QvRMc6W7 lhndqxnY6r/ow2nR+r7SVb15XqAEDCHjLNdlDrfM8nz+0ZJgXpvToYjkyCmJLAcxT2cP9G7Wnds tbOid1l2GRHeaiqqS3KLg3MMBIeXc8CmRVS7k0gd8m8F7Gr4uTAiAW4td4APN3NzQSvnHurI/dD octNEGtcRK01v21b4jD3pW49qw4pty0DxBQmmVUrwwHOXEGAc1Sr8zd54BtRH0sI9nNhi7kJCbw aBAHYXO9xsdK6AWIwCDtctfLVxSTtz/iJtp8WGnnfM627BpjjbDAi3wOj7CctwtWNHXh9zmtZTn FWi7QjF8pSwQpJIt95w== X-Proofpoint-GUID: 3NsCyikCDjSoBd6wWxlR79eucCmSv5aN X-Proofpoint-Spam-Info: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfXypCFgXINut6T OOjPo1QRT/odMETvcPCYk0x1KZAeNT5sfW2yN9DFY6gAA+RkBLnZJRDf5E9wUvTFdY0spN53Lqs JNw4ZW2nTd2+i1xvCgddOCz5+fTCCeo= X-Proofpoint-ORIG-GUID: 3NsCyikCDjSoBd6wWxlR79eucCmSv5aN X-Authority-Analysis: v=2.4 cv=auGCzyZV c=1 sm=1 tr=0 ts=6a326d6b cx=c_pps a=5BHTudwdYE3Te8bg5FgnPg==:117 a=5BHTudwdYE3Te8bg5FgnPg==:17 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=Y2IxJ9c9Rs8Kov3niI8_:22 a=VnNF1IyMAAAA:8 a=eqHtp_S4Ax5_VAgAp9wA:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-17_01,2026-06-16_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 clxscore=1015 priorityscore=1501 suspectscore=0 impostorscore=0 spamscore=0 lowpriorityscore=0 adultscore=0 malwarescore=0 bulkscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2606150000 definitions=main-2606170092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1781689822707158501 Content-Type: text/plain; charset="utf-8" Support the subfunctions XTS-AES-128 and XTS-AES-256 for the cpacf km instruction. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler --- target/s390x/gen-features.c | 2 + target/s390x/tcg/cpacf.h | 4 ++ target/s390x/tcg/cpacf_aes.c | 107 +++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 6 ++ 4 files changed, 119 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 1b6a874b90..f9b1a40c7c 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -924,6 +924,8 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KM_AES_128, S390_FEAT_KM_AES_192, S390_FEAT_KM_AES_256, + S390_FEAT_KM_XTS_AES_128, + S390_FEAT_KM_XTS_AES_256, S390_FEAT_KMC_AES_128, S390_FEAT_KMC_AES_192, S390_FEAT_KMC_AES_256, diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 381a6c3ff1..7e53ce2a14 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -34,5 +34,9 @@ int cpacf_aes_ctr(CPUS390XState *env, const int mmu_idx, = uintptr_t ra, uint8_t fc, uint8_t mod); int cpacf_aes_pcc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, uint64_t param_addr, uint8_t fc); +int cpacf_aes_xts(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint32_t type, uint8_t fc, uint8_t mod); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index 43c556f31b..0312436c43 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -360,3 +360,110 @@ int cpacf_aes_pcc(CPUS390XState *env, const int mmu_i= dx, uintptr_t ra, =20 return 0; } + +static void aes_xts_prep_next_tweak(uint8_t tweak[AES_BLOCK_SIZE]) +{ + uint8_t carry; + int i; + + carry =3D tweak[AES_BLOCK_SIZE - 1] >> 7; + + for (i =3D AES_BLOCK_SIZE - 1; i > 0; i--) { + tweak[i] =3D (uint8_t)((tweak[i] << 1) | (tweak[i - 1] >> 7)); + } + + tweak[i] =3D (uint8_t)(tweak[i] << 1); + tweak[i] ^=3D (uint8_t)(0x87 & (uint8_t)(-(int8_t)carry)); +} + +int cpacf_aes_xts(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint32_t type, uint8_t fc, uint8_t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + uint8_t buf1[AES_BLOCK_SIZE], buf2[AES_BLOCK_SIZE]; + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + uint64_t addr, len =3D *src_len_reg, done =3D 0; + uint8_t key[32], tweak[AES_BLOCK_SIZE]; + int i, keysize, addr_reg_size =3D 64; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KM); + + switch (fc) { + case 0x32: /* CPACF_KM_XTS_128 */ + keysize =3D 16; + break; + case 0x34: /* CPACF_KM_XTS_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + addr_reg_size =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + + /* expand key */ + if (mod) { + AES_set_decrypt_key(key, keysize * 8, &exkey); + } else { + AES_set_encrypt_key(key, keysize * 8, &exkey); + } + + /* fetch tweak from param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + tweak[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + /* fetch one AES block into buf1 */ + aes_read_block(env, mmu_idx, *src_ptr_reg + done, buf1, ra); + /* buf1 xor tweak =3D> buf2 */ + aes_xor(buf1, tweak, buf2); + if (mod) { + /* decrypt buf2 =3D> buf1 */ + AES_decrypt(buf2, buf1, &exkey); + } else { + /* encrypt buf2 =3D> buf1 */ + AES_encrypt(buf2, buf1, &exkey); + } + /* buf1 xor tweak =3D> buf2 */ + aes_xor(buf1, tweak, buf2); + /* prep tweak for next round */ + aes_xts_prep_next_tweak(tweak); + /* write out this processed block from buf2 */ + aes_write_block(env, mmu_idx, *dst_ptr_reg + done, buf2, ra); + len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; + } + + /* update tweak in param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + cpu_stb_mmu(env, addr, tweak[i], oi, ra); + } + + *src_ptr_reg =3D deposit64(*src_ptr_reg, 0, addr_reg_size, + *src_ptr_reg + done); + *dst_ptr_reg =3D deposit64(*dst_ptr_reg, 0, addr_reg_size, + *dst_ptr_reg + done); + *src_len_reg -=3D done; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 1a0a503844..19d625f37f 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -103,6 +103,12 @@ static int cpacf_km(CPUS390XState *env, const int mmu_= idx, uintptr_t ra, &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], S390_FEAT_TYPE_KM, fc, mod); break; + case 0x32: /* CPACF_KM_XTS_128 */ + case 0x34: /* CPACF_KM_XTS_256 */ + rc =3D cpacf_aes_xts(env, mmu_idx, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], + S390_FEAT_TYPE_KM, fc, mod); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Thu Jun 18 13:20:44 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1781689735; cv=none; d=zohomail.com; s=zohoarc; b=BV7Vzli234VOSVN6Y9iZpX/8bVnGCyXbYkDgADokct1hBhYtRxiH9m6g0kWI0E7/5S64RyV870eJcS1AW0+RFRxVF/qUL02a+U/eAbnfX1RL1tCa6Z0vLfoXpZLhYSDId4ckEsgZvCCKFy6KDg61K6NZX330RtrJ66qEYeY4WJs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1781689735; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=UQE1RJsrMcPn7M+AG1mxjRbhMMn3csZqZ9UzCC7RhVA=; b=H1HmwapgPFhZdyj+k58q2pUxGW8bXPYKIGEufTNQJMYT9iFrIllgqSA3z3nq+oIdCohvlGUYk5CFATxum1sDCX42+Kw3dMYPOxH8wnNif0/+f16pprpsRiYNvtZk4FXDdHNdxeJnwZipFGdEAeloAqdkTX4WcBsNqIjDRhrQH5c= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1781689735596516.7672115331426; Wed, 17 Jun 2026 02:48:55 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wZmt3-0007FM-S9; Wed, 17 Jun 2026 05:48:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmsw-00075X-OQ; Wed, 17 Jun 2026 05:48:38 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmsu-00039i-1R; Wed, 17 Jun 2026 05:48:38 -0400 Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 65H8mDov4104791; Wed, 17 Jun 2026 09:48:28 GMT Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eueqvt90k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:28 +0000 (GMT) Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 65H9Yg83008365; Wed, 17 Jun 2026 09:48:27 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4eudvaags1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:27 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 65H9mN4t60621154 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 17 Jun 2026 09:48:23 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 29DCF20043; Wed, 17 Jun 2026 09:48:23 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id EBD122004E; Wed, 17 Jun 2026 09:48:22 +0000 (GMT) Received: from funtu2.ehn-de.ibm.com (unknown [9.224.92.54]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 17 Jun 2026 09:48:22 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=UQE1RJsrMcPn7M+AG 1mxjRbhMMn3csZqZ9UzCC7RhVA=; b=sPYCa9ZvtuXe7Q8WZfLlPtrECAzhuUiXa aYaGd8jRsQn+uh3Zus5lEsML0Cu7jzvfQ0xxNmWTMlVwtxMzeRdD9AYMTB0N4MLg hP52AV7k2JcXOGMow/tg9MYm3vJpzM/tcMZ0M2lNs9JbyHbSV/nUY55iifGAU3hN PHpJPfk7WkH2VnIFE0pOPsDa8lSIAsgjYZjEwJgxVVJmRFq3krqN6OeHHj+leAso 0RGzBKL2CZDYL3p4SYiIwwGyuA4qgdvZJJEjPXB1tQEdjF2W+zcV/522ytVu1Ex6 rKp9iAc/PqmbAMa559jioKyV5Gldl0qtgxWZGugVGbF/IMQHNtwnw== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, linux390-list@tuxmaker.boeblingen.de.ibm.com, linux-s390@vger.kernel.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com, fcallies@linux.ibm.com, cohuck@redhat.com Subject: [PATCH v7 09/17] target/s390x: Support pckmo encrypt AES subfunctions Date: Wed, 17 Jun 2026 11:48:12 +0200 Message-ID: <20260617094820.34402-10-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260617094820.34402-1-freude@linux.ibm.com> References: <20260617094820.34402-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Info: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfX1WKpvu/TibOJ 769ZjV1hC8x0Guym7UNt0nTaNb6mgEhs5/p4uiFQDQFYdPRzqn3H3IFuHvZo2UmiqCfkrfSaNhO D21gYyciWGR14ENGI5XQ86IZNNJetqo= X-Proofpoint-GUID: DrvbIl7ZnYr6zJ_54XkkzOciabOyviMu X-Authority-Analysis: v=2.4 cv=bMgm5v+Z c=1 sm=1 tr=0 ts=6a326d6c cx=c_pps a=GFwsV6G8L6GxiO2Y/PsHdQ==:117 a=GFwsV6G8L6GxiO2Y/PsHdQ==:17 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=U7nrCbtTmkRpXpFmAIza:22 a=VnNF1IyMAAAA:8 a=Z4AAViVgUL_E5abT2tgA:9 X-Proofpoint-ORIG-GUID: DrvbIl7ZnYr6zJ_54XkkzOciabOyviMu X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfXyLGr51MBGacJ bmSejIrHnkhXrUk2htN3CQJhrw0dv6FrIH4rCIv24Cbb5kB4PyXXLecyngOunOFfoQDZ+gsa9eg C332kFUKZqQPOP9N4xHj32n7hDbeQCF/pTzlw85RtbfWj2T6irTcHEV6zTk9GvJa3KKlDKmPOCF bOYEudC/zsVah5xApWJUrFpqTs8399tYzQVnyzOJu+Vij4G3xwldA8gvHJfJv+S4ufNcxmWERRS n13R0Ing2ghNKxxspoY5DBveCzykWcSD2m8kNNv674ux5tzHlMuoTnutgp0oRvasXpJuwkdizUw Z6GRTRkeF5aSNcGJOQlT3H7K176hpFEcPwJ9OloFut1nVQnbDDZ9M2OAwTq5E+oL5Phm37HHIYE 6h/URZtd0320jYV/mkWfPMTarvHEjgLLfQIHJ5HL446ZTQdPhgWzdFBZj5+cdNFM4+9+CG64u5A ll+k3fY8/tdOwFvJAUw== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-17_01,2026-06-16_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 impostorscore=0 malwarescore=0 adultscore=0 spamscore=0 bulkscore=0 priorityscore=1501 phishscore=0 clxscore=1015 lowpriorityscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2606150000 definitions=main-2606170092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=freude@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1781689736531158500 Content-Type: text/plain; charset="utf-8" Support the subfuctions PCKMO-Encrypt-AES-128-Key, PCKMO-Encrypt-AES-192-Key and PCKMO-Encrypt-AES-256-Key. These subfunctions derive a protected key from an AES clear key by encrypting it with an internal AES wrapping key. More details can be found in the "z/Architecture Prinziples of Operation" document. The qemu version provided here is only a fake indented to make protected key available for developing and testing purpose: * The protected key is 'derived' from the clear key by xoring the fixed pattern 0xAAAA... onto the key value. * The AES Wrapping Key Verification Pattern is a fixed value of 32 bytes 0xFACEFACE... Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler Reviewed-by: Finn Callies --- target/s390x/gen-features.c | 3 ++ target/s390x/tcg/cpacf.h | 2 + target/s390x/tcg/cpacf_aes.c | 66 ++++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 21 ++++++++++ 4 files changed, 92 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index f9b1a40c7c..d3e69aaca6 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -934,6 +934,9 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KMCTR_AES_256, S390_FEAT_PCC_XTS_AES_128, S390_FEAT_PCC_XTS_AES_256, + S390_FEAT_PCKMO_AES_128, + S390_FEAT_PCKMO_AES_192, + S390_FEAT_PCKMO_AES_256, }; =20 /****** END FEATURE DEFS ******/ diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 7e53ce2a14..5588e2bdec 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -38,5 +38,7 @@ int cpacf_aes_xts(CPUS390XState *env, const int mmu_idx, = uintptr_t ra, uint64_t param_addr, uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint32_t type, uint8_t fc, uint8_t mod); +int cpacf_aes_pckmo(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint8_t fc); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index 0312436c43..5a0a3473d5 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -467,3 +467,69 @@ int cpacf_aes_xts(CPUS390XState *env, const int mmu_id= x, uintptr_t ra, =20 return !len ? 0 : 3; } + +/* + * Hard coded pattern xored with the AES clear key + * to 'produce' the protected key. + */ +static const uint8_t protkey_xor_pattern[32] =3D { + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA }; + +/* + * Hard coded wkvp ("Wrapping Key Verification Pattern") + */ +static const uint8_t protkey_wkvp[32] =3D { + 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E, + 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E, + 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E, + 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E }; + +int cpacf_aes_pckmo(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint8_t fc) +{ + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + uint8_t key[32]; + int keysize, i; + uint64_t addr; + + switch (fc) { + case 0x12: /* CPACF_PCKMO_ENC_AES_128_KEY */ + keysize =3D 16; + break; + case 0x13: /* CPACF_PCKMO_ENC_AES_192_KEY */ + keysize =3D 24; + break; + case 0x14: /* CPACF_PCKMO_ENC_AES_256_KEY */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + /* fetch key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + + /* 'derive' the protected key */ + for (i =3D 0; i < keysize; i++) { + key[i] ^=3D protkey_xor_pattern[i]; + } + + /* store the protected key into param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + cpu_stb_mmu(env, addr, key[i], oi, ra); + } + /* followed by the fake wkvp */ + for (i =3D 0; i < sizeof(protkey_wkvp); i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + cpu_stb_mmu(env, addr, protkey_wkvp[i], oi, ra); + } + + return 0; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 19d625f37f..e1952ae4bc 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -192,6 +192,24 @@ static int cpacf_pcc(CPUS390XState *env, const int mmu= _idx, uintptr_t ra, return rc; } =20 +static int cpacf_pckmo(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint8_t fc) +{ + int rc =3D 0; + + switch (fc) { + case 0x12: /* CPACF_PCKMO_ENC_AES_128_KEY */ + case 0x13: /* CPACF_PCKMO_ENC_AES_192_KEY */ + case 0x14: /* CPACF_PCKMO_ENC_AES_256_KEY */ + rc =3D cpacf_aes_pckmo(env, mmu_idx, ra, env->regs[1], fc); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, uint32_t r2, uint32_= t r3, uint32_t type) { @@ -254,6 +272,9 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, u= int32_t r2, uint32_t r3, case S390_FEAT_TYPE_PCC: rc =3D cpacf_pcc(env, mmu_idx, ra, fc); break; + case S390_FEAT_TYPE_PCKMO: + rc =3D cpacf_pckmo(env, mmu_idx, ra, fc); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Thu Jun 18 13:20:44 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1781689823; cv=none; d=zohomail.com; s=zohoarc; b=jy1oeHftBwRDPYfhdpMcMVM4WZsi0HJnvdf+6mza+8NDJWrQDlA4Jm/6uBfupOXKK+28kL0SMd2KFPuMqjeyjn9nUqlrTlP57cMk3eW6yphg8HIzTH+iu9Sylv/y5qLqAwzjuDgzz2PjcDZeeXrZJwlnklXCKzaAAVU+eem+1G4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1781689823; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Qp2TxYo1HJc1FR7jiAzWmbFxd9yeN+gKCgOOZSVsAc8=; b=VN15H0pWGQQWZGKhyakpgbAi4jRoOUh59d1CgX9PRv9Wdr7lei95pgxxoOQouGRmvHDi+kkpAWLqBcyR+yA6/5EEHkOc1TBbjstN8hkVbN8XYleAh0uAS0O/ye9hljMht0TPjDM2zFSEcDYmMh12EwxTPhJaEeW0MwpavbDoGqg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1781689823268585.6152748780862; Wed, 17 Jun 2026 02:50:23 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wZmsw-00075n-Um; Wed, 17 Jun 2026 05:48:38 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmsv-00073r-AO; Wed, 17 Jun 2026 05:48:37 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmss-000395-Im; Wed, 17 Jun 2026 05:48:37 -0400 Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 65H8mQT44041213; Wed, 17 Jun 2026 09:48:28 GMT Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eueqxa7xh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:28 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 65H9YacE021530; Wed, 17 Jun 2026 09:48:27 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 4eudva2h5s-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:27 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 65H9mNNA40305130 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 17 Jun 2026 09:48:23 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5BED820043; Wed, 17 Jun 2026 09:48:23 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 304C72004F; Wed, 17 Jun 2026 09:48:23 +0000 (GMT) Received: from funtu2.ehn-de.ibm.com (unknown [9.224.92.54]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 17 Jun 2026 09:48:23 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=Qp2TxYo1HJc1FR7ji AzWmbFxd9yeN+gKCgOOZSVsAc8=; b=HffdFnvFPelsdr2RbXRH3WgM5RWkOMCr8 zc59+aAWdI9ld7ZgwV/OFvk/GSkyMfs8mr8sc2nprbSdmMLZuOqjQETlX10sMplz aXE9mYmANs1QKtA3W+5Ng4Iw9SuCx+YIaLV1ivpo785tXjlWYVtEybpNTLLFh4Y/ UyZK2KlTTjFr/RS4tPQQmqiGZCehc+088lOnZpfWeZvOFhZlra7ER76hxG3/BVww DQb00BRY0mPmyMJysQ45eCWUzEGCFzmhcwfBgxIrIH+COUcdkSkBQaoIvmwX/oB7 1Dd9pck5cY1xa/4WXYArm4o7qPJ6T4TndQ0U56w1Mxez2Zu+40kYQ== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, linux390-list@tuxmaker.boeblingen.de.ibm.com, linux-s390@vger.kernel.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com, fcallies@linux.ibm.com, cohuck@redhat.com Subject: [PATCH v7 10/17] target/s390x: Support protected key AES ECB for cpacf km instruction Date: Wed, 17 Jun 2026 11:48:13 +0200 Message-ID: <20260617094820.34402-11-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260617094820.34402-1-freude@linux.ibm.com> References: <20260617094820.34402-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=OcSoyBTY c=1 sm=1 tr=0 ts=6a326d6c cx=c_pps a=aDMHemPKRhS1OARIsFnwRA==:117 a=aDMHemPKRhS1OARIsFnwRA==:17 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=V8glGbnc2Ofi9Qvn3v5h:22 a=VnNF1IyMAAAA:8 a=kMBD09bGjcw6kBLitfwA:9 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfX4AD66IgaJAK5 ZSdVkToqYpsjiwLFuf6A9i+GKX5fQEzKFtM2Vr9eIW//t91LlDORiOX1AhHFgJU9rkdpQV2ZHKf 4Z2NA0w3msLtj0ipWn4JoNExGPz8mRCv4l9tHSEkt5T9+a9Z3wmow1GW7M9SqfSYex9u7iyv5g7 YAb/6BMqDualots26id/ewZq30wP4azoKSV+9WhK/QYrfpeY1DGP2a2NkTF7A5fFDwU/AiWxlv2 16pJpd+rR4q+BsSzpwBT65HR1zspPhYPwJns2NEF0y2vQ6yvAjYnppJnksH9mc5J2+TIUyhXat/ I/uCFZA2+6JBFS15fxVzrtBzW+hHetYPDfz3XMy0sy58tAhquMHjwSup+U7958v2TA9tH0UlNyz YTNpKnYLh8wYa/IJtJUYV/dG3cXxoNI6iw3pk8LZt9D4kRHmgbqV4y2u1k3nH1PrO1XMPoofqR7 pMJJK7hTWxLFbUaZD0A== X-Proofpoint-GUID: UGzNMQWcKigWzx_IelduVX4L4uoO1wxO X-Proofpoint-Spam-Info: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfX+KmCvIAidAFH 5rhHdfUieB9Oezgo+ZDVHJF7lgFYRLTy/QzZCIpXo8Z/RQuCxL1kY+jnQdmEyXcdXtTI81TAih+ 0qiRj9jpF2THnt33C/M0UXvjGx+MqM4= X-Proofpoint-ORIG-GUID: UGzNMQWcKigWzx_IelduVX4L4uoO1wxO X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-17_01,2026-06-16_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 phishscore=0 bulkscore=0 suspectscore=0 lowpriorityscore=0 impostorscore=0 malwarescore=0 spamscore=0 adultscore=0 clxscore=1015 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2606150000 definitions=main-2606170092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1781689824693158500 Content-Type: text/plain; charset="utf-8" Support the subfunctions CPACF_KM_PAES_128, CPACF_KM_PAES_192 and CPACF_KM_PAES_256 for the cpacf km instruction. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler Reviewed-by: Finn Callies --- target/s390x/gen-features.c | 3 ++ target/s390x/tcg/cpacf.h | 4 ++ target/s390x/tcg/cpacf_aes.c | 87 ++++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 7 +++ 4 files changed, 101 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index d3e69aaca6..71e0e41d6e 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -924,6 +924,9 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KM_AES_128, S390_FEAT_KM_AES_192, S390_FEAT_KM_AES_256, + S390_FEAT_KM_EAES_128, + S390_FEAT_KM_EAES_192, + S390_FEAT_KM_EAES_256, S390_FEAT_KM_XTS_AES_128, S390_FEAT_KM_XTS_AES_256, S390_FEAT_KMC_AES_128, diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 5588e2bdec..7cf739e7a4 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -40,5 +40,9 @@ int cpacf_aes_xts(CPUS390XState *env, const int mmu_idx, = uintptr_t ra, uint32_t type, uint8_t fc, uint8_t mod); int cpacf_aes_pckmo(CPUS390XState *env, const int mmu_idx, uintptr_t ra, uint64_t param_addr, uint8_t fc); +int cpacf_paes_ecb(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint32_t type, uint8_t fc, uint8_t mod); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index 5a0a3473d5..bcfcf3b660 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -533,3 +533,90 @@ int cpacf_aes_pckmo(CPUS390XState *env, const int mmu_= idx, uintptr_t ra, =20 return 0; } + +int cpacf_paes_ecb(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint32_t type, uint8_t fc, uint8_t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; + uint64_t addr, len =3D *src_len_reg, done =3D 0; + int i, keysize, addr_reg_size =3D 64; + uint8_t key[32], wkvp[32]; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KM); + + switch (fc) { + case 0x1a: /* CPACF_KM_PAES_128 */ + keysize =3D 16; + break; + case 0x1b: /* CPACF_KM_PAES_192 */ + keysize =3D 24; + break; + case 0x1c: /* CPACF_KM_PAES_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + addr_reg_size =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch and check wkvp from param block */ + for (i =3D 0; i < sizeof(wkvp); i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + wkvp[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + if (memcmp(wkvp, protkey_wkvp, sizeof(wkvp))) { + /* wkvp mismatch -> return with cc 1 */ + return 1; + } + + /* fetch protected key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + /* 'decrypt' the protected key */ + for (i =3D 0; i < keysize; i++) { + key[i] ^=3D protkey_xor_pattern[i]; + } + + /* expand key */ + if (mod) { + AES_set_decrypt_key(key, keysize * 8, &exkey); + } else { + AES_set_encrypt_key(key, keysize * 8, &exkey); + } + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); + if (mod) { + AES_decrypt(in, out, &exkey); + } else { + AES_encrypt(in, out, &exkey); + } + aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); + len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; + } + + *src_ptr_reg =3D deposit64(*src_ptr_reg, 0, addr_reg_size, + *src_ptr_reg + done); + *dst_ptr_reg =3D deposit64(*dst_ptr_reg, 0, addr_reg_size, + *dst_ptr_reg + done); + *src_len_reg -=3D done; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index e1952ae4bc..988226338d 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -103,6 +103,13 @@ static int cpacf_km(CPUS390XState *env, const int mmu_= idx, uintptr_t ra, &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], S390_FEAT_TYPE_KM, fc, mod); break; + case 0x1a: /* CPACF_KM_PAES_128 */ + case 0x1b: /* CPACF_KM_PAES_192 */ + case 0x1c: /* CPACF_KM_PAES_256 */ + rc =3D cpacf_paes_ecb(env, mmu_idx, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 = + 1], + S390_FEAT_TYPE_KM, fc, mod); + break; case 0x32: /* CPACF_KM_XTS_128 */ case 0x34: /* CPACF_KM_XTS_256 */ rc =3D cpacf_aes_xts(env, mmu_idx, ra, env->regs[1], --=20 2.43.0 From nobody Thu Jun 18 13:20:44 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1781689766; cv=none; d=zohomail.com; s=zohoarc; b=CNfow7h0cIDbUZxcP33kV4UqXv8HNH1HviKOHUrJJtONHJe5WzTB4pGw/XTkbv22fWMZG6pm4srs66xV1Pf0SP3JosRwsi+MIT1YD1gp3kQQ3Qq47jmfFr6/i+SVlUJwF7yP+ATM9AVVCeah+LDFbzXoKJkSTmAniEtRLK37H/U= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1781689766; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=5WSxuqwlknn4ZHqj8YRaf8gIGA2ogrmyZvmlU/MzUMc=; b=CCambXDd7ljsoG5YodcTIWzZsPhpn5JkHkX4mT1RQT6gcFhMJq5g4qPnCq1RhtbLNBC2AzTAlwWTqocnxHvWC9UnzSbU2oZsqNqSyXYeJswVI5HGCn1c9aTlm0sen7M2FP+NU/RpzT4smKcV8iUWsPgBSXkYn9Gc49ETzQxI6Pk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1781689766396187.29876961040725; Wed, 17 Jun 2026 02:49:26 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wZmsu-00072S-5Y; Wed, 17 Jun 2026 05:48:36 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmst-00071I-06; Wed, 17 Jun 2026 05:48:35 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmsr-00037z-0b; Wed, 17 Jun 2026 05:48:34 -0400 Received: from pps.filterd (m0353729.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 65H8mDQY079987; Wed, 17 Jun 2026 09:48:28 GMT Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4euequ2908-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:27 +0000 (GMT) Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 65H9YcGO009187; Wed, 17 Jun 2026 09:48:27 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 4eudva2hjj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:27 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 65H9mNdx40305132 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 17 Jun 2026 09:48:23 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8CF9D20043; Wed, 17 Jun 2026 09:48:23 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 60E062004E; Wed, 17 Jun 2026 09:48:23 +0000 (GMT) Received: from funtu2.ehn-de.ibm.com (unknown [9.224.92.54]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 17 Jun 2026 09:48:23 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=5WSxuqwlknn4ZHqj8 YRaf8gIGA2ogrmyZvmlU/MzUMc=; b=ouDJhapf86TGgSU4Yq33OMPxebkDDnxFs Ls8tewtLJLRWixseO0YnaGajw1YOWVm/kcuwRGiOKIuakzbw+9Nf+w11f9knIME9 KViNdu99ntCAkpZ+ubwxCaVJtnG2wZGGVHVMmW4qGJaw7+46fpnNqbNc2wesqpU2 cMMMqra1EM/lpQyYSLmicNprCn48evta2YdibyadltL4uCU9y9DlgfSPL91yWO/b KAjSBqSt1wS8YsP+femVo557AFkcxTmTa+OkgZ9fHydaWg3W+EdEWiS/zOp3f9HE IQz8VyCC6nX4JbTmwh6FExBpVO6kgFN26OLqa7MpOYwpyJOh49v6w== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, linux390-list@tuxmaker.boeblingen.de.ibm.com, linux-s390@vger.kernel.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com, fcallies@linux.ibm.com, cohuck@redhat.com Subject: [PATCH v7 11/17] target/s390x: Support protected key AES CBC for cpacf kmc instruction Date: Wed, 17 Jun 2026 11:48:14 +0200 Message-ID: <20260617094820.34402-12-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260617094820.34402-1-freude@linux.ibm.com> References: <20260617094820.34402-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Info: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfXx3oXrYTdgOHR a7KtSHv5Nao3yMHiuLqR4bICxh2B9nrHw/teNgwfEZWBH+7RX70dDFHKKJOM3YaaWi6lulc/7NW wwXNiLzkxSJbskfAh4mx7A4Fm8L+yIg= X-Proofpoint-ORIG-GUID: aWkXkMQev3eeknIYWYya2MJD1aKUsiIT X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfX91ZI9mizRgPA Kr09xEOlV9rPf5W/S/IgF3sg7lhfLDkLHbmgEj+f2A71qAhBwT6UxWxreMcVStRsM6yOQew5n29 7x8pA+OFkEirFdM7PjPxeDnvbafPMNL9fjGfH2hsVySoKF/XhYxkm8WgzNrObJ81uTPf2L/Jtg+ LVozDFzfyBWB3sG5HKGJTgj3vholX8bWpZuGQSDFGpk54N5Cpoxe8+65Tq41gCDL7UZKFQtr7VT D6odhelSvdg1jxfmUuNjjJYG5aOiyr6IbznnRR2pplKG8GjLdNV5t1rGQBZWEagIjPWhG+/eQ0N FMKcQiuRxpYVMM3mht9KV/zyRaPGFwVFvTgZ657IO6deXOJnJg/ZCf7QF8D59v/tUpICsV6b7A3 rcH2CHs4ZULR3iHjx4Rq8GCNa5sFmaRHwayaZ+hi6O2QRSKzFaSTkZ5M+ylj3QRsUSmEBw7pX5b PTSoo/QcquacNnURuGQ== X-Proofpoint-GUID: aWkXkMQev3eeknIYWYya2MJD1aKUsiIT X-Authority-Analysis: v=2.4 cv=L9gtheT8 c=1 sm=1 tr=0 ts=6a326d6c cx=c_pps a=bLidbwmWQ0KltjZqbj+ezA==:117 a=bLidbwmWQ0KltjZqbj+ezA==:17 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=uAbxVGIbfxUO_5tXvNgY:22 a=VnNF1IyMAAAA:8 a=1XR5bUzyU_lZOmb26nMA:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-17_01,2026-06-16_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 impostorscore=0 malwarescore=0 clxscore=1015 adultscore=0 phishscore=0 lowpriorityscore=0 suspectscore=0 priorityscore=1501 spamscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2606150000 definitions=main-2606170092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=freude@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1781689768408158500 Content-Type: text/plain; charset="utf-8" Support the subfunctions CPACF_KMC_PAES_128, CPACF_KMC_PAES_192 and CPACF_KMC_PAES_256 for the cpacf kmc instruction. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler Reviewed-by: Finn Callies --- target/s390x/gen-features.c | 3 + target/s390x/tcg/cpacf.h | 4 ++ target/s390x/tcg/cpacf_aes.c | 109 +++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 7 ++ 4 files changed, 123 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 71e0e41d6e..074c53aecd 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -932,6 +932,9 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KMC_AES_128, S390_FEAT_KMC_AES_192, S390_FEAT_KMC_AES_256, + S390_FEAT_KMC_EAES_128, + S390_FEAT_KMC_EAES_192, + S390_FEAT_KMC_EAES_256, S390_FEAT_KMCTR_AES_128, S390_FEAT_KMCTR_AES_192, S390_FEAT_KMCTR_AES_256, diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 7cf739e7a4..e302c17a2f 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -44,5 +44,9 @@ int cpacf_paes_ecb(CPUS390XState *env, const int mmu_idx,= uintptr_t ra, uint64_t param_addr, uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint32_t type, uint8_t fc, uint8_t mod); +int cpacf_paes_cbc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint32_t type, uint8_t fc, uint8_t mod); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index bcfcf3b660..a6487261e1 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -620,3 +620,112 @@ int cpacf_paes_ecb(CPUS390XState *env, const int mmu_= idx, uintptr_t ra, =20 return !len ? 0 : 3; } + +int cpacf_paes_cbc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint32_t type, uint8_t fc, uint8_t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + uint8_t key[32], wkvp[32], iv[AES_BLOCK_SIZE]; + uint64_t addr, len =3D *src_len_reg, done =3D 0; + int i, keysize, addr_reg_size =3D 64; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KMC); + + switch (fc) { + case 0x1a: /* CPACF_KMC_PAES_128 */ + keysize =3D 16; + break; + case 0x1b: /* CPACF_KMC_PAES_192 */ + keysize =3D 24; + break; + case 0x1c: /* CPACF_KMC_PAES_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + addr_reg_size =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch and check wkvp from param block */ + for (i =3D 0; i < sizeof(wkvp); i++) { + addr =3D wrap_address(env, param_addr + AES_BLOCK_SIZE + keysize += i); + wkvp[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + if (memcmp(wkvp, protkey_wkvp, sizeof(wkvp))) { + /* wkvp mismatch -> return with cc 1 */ + return 1; + } + + /* fetch iv from param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + i); + iv[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + + /* fetch protected key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + AES_BLOCK_SIZE + i); + key[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + /* 'decrypt' the protected key */ + for (i =3D 0; i < keysize; i++) { + key[i] ^=3D protkey_xor_pattern[i]; + } + + /* expand key */ + if (mod) { + AES_set_decrypt_key(key, keysize * 8, &exkey); + } else { + AES_set_encrypt_key(key, keysize * 8, &exkey); + } + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); + if (mod) { + /* decrypt in =3D> buf */ + AES_decrypt(in, buf, &exkey); + /* buf xor iv =3D> out */ + aes_xor(buf, iv, out); + /* prep iv for next round */ + memcpy(iv, in, AES_BLOCK_SIZE); + } else { + /* in xor iv =3D> buf */ + aes_xor(in, iv, buf); + /* encrypt buf =3D> out */ + AES_encrypt(buf, out, &exkey); + /* prep iv for next round */ + memcpy(iv, out, AES_BLOCK_SIZE); + } + aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); + len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; + } + + /* update iv in param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + i); + cpu_stb_mmu(env, addr, iv[i], oi, ra); + } + + *src_ptr_reg =3D deposit64(*src_ptr_reg, 0, addr_reg_size, + *src_ptr_reg + done); + *dst_ptr_reg =3D deposit64(*dst_ptr_reg, 0, addr_reg_size, + *dst_ptr_reg + done); + *src_len_reg -=3D done; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 988226338d..3fc48bc9a1 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -137,6 +137,13 @@ static int cpacf_kmc(CPUS390XState *env, const int mmu= _idx, uintptr_t ra, &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], S390_FEAT_TYPE_KMC, fc, mod); break; + case 0x1a: /* CPACF_KMC_PAES_128 */ + case 0x1b: /* CPACF_KMC_PAES_192 */ + case 0x1c: /* CPACF_KMC_PAES_256 */ + rc =3D cpacf_paes_cbc(env, mmu_idx, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 = + 1], + S390_FEAT_TYPE_KMC, fc, mod); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Thu Jun 18 13:20:44 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1781689841; cv=none; d=zohomail.com; s=zohoarc; b=FsLFTXNUGfXCPxj2M0SnmOpdUogbMzU1GETr6fMPqnjUYR2zLpo/4dlZfwdagNcI9X1AF5U9rPzQ/FEtT+5Pb6KAp1wIzx+kk4MinWniGfEwUI8CmrMaS1aWovOFnUk+Be98Uk9Y/biYs0ghsoqi4Wc3ymaEMcC0n5GxRCuYLKs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1781689841; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=xo7pvH/X4yi+gCUPrGrW2XBKdW8exQ2xAF/cbSvA7oU=; b=BA+lz6wTb90AAX+5J+3VfRZD40nC7qAaCPgkhoDm2rr2AJOx6SopCv4hdnW9baADJX60phBeHjth9/JYUOxgeOpklbsOPKDG+O/Vtk+MyeWlcWEOjldOmIuo9tJ9dM+1yZW6LblMosRdLMn6y+QgEGakFzTL085aQjB6S/kkAEo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1781689841647113.47761241811725; Wed, 17 Jun 2026 02:50:41 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wZmsx-00076J-7I; Wed, 17 Jun 2026 05:48:39 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmsv-00074h-UQ; Wed, 17 Jun 2026 05:48:37 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmst-00039Z-GX; Wed, 17 Jun 2026 05:48:37 -0400 Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 65H8nMZ24042648; Wed, 17 Jun 2026 09:48:28 GMT Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eueqxa7xj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:28 +0000 (GMT) Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 65H9Yf8t008357; Wed, 17 Jun 2026 09:48:27 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4eudvaags2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:27 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 65H9mNf440305134 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 17 Jun 2026 09:48:23 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BFD6920043; Wed, 17 Jun 2026 09:48:23 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 91F362004F; Wed, 17 Jun 2026 09:48:23 +0000 (GMT) Received: from funtu2.ehn-de.ibm.com (unknown [9.224.92.54]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 17 Jun 2026 09:48:23 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=xo7pvH/X4yi+gCUPr GrW2XBKdW8exQ2xAF/cbSvA7oU=; b=fdhn/VWoJvgBmBNH0L28OTO9WnFjPP6jV PG/BeK5zqBtDlEXYlZPnmJo5SLnVZHxA4szZsTRb9X8yZNv7YCL4g7ggnj1kxX8H x2lBJE/QumSRQFo4mkBRXB7LLKmS4kA4vdFPNrTkP7qijlkZQMy542bEnEbNPQoz WYaSWUkH/a6dSWwFo2ULPtUZsgGE8USWQSphh8QLbKF5KvwK/HmXEqZ5YQi/9VeU /V+2ffwCGhxfSjJMyZpYgVzYhscm033vVm8Mex7O3yy6ysSnv1pNMeJD93DRe/a9 fuVW5eD/9x/OiOyoOB2GxVFW+/nqMDH3V2IJEwqyk4HRR5PsK0yHQ== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, linux390-list@tuxmaker.boeblingen.de.ibm.com, linux-s390@vger.kernel.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com, fcallies@linux.ibm.com, cohuck@redhat.com Subject: [PATCH v7 12/17] target/s390x: Support protected key AES CTR for cpacf kmctr instruction Date: Wed, 17 Jun 2026 11:48:15 +0200 Message-ID: <20260617094820.34402-13-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260617094820.34402-1-freude@linux.ibm.com> References: <20260617094820.34402-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=OcSoyBTY c=1 sm=1 tr=0 ts=6a326d6c cx=c_pps a=GFwsV6G8L6GxiO2Y/PsHdQ==:117 a=GFwsV6G8L6GxiO2Y/PsHdQ==:17 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=V8glGbnc2Ofi9Qvn3v5h:22 a=VnNF1IyMAAAA:8 a=f59o6tnjY-_5Ge3baHwA:9 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfXwuCv0uFN4IgS 1foreO5ETzEEpaA50ITgYwP/Vsexmk+g23xoreQpTYOzY8d6WFf8Rx3UmKGpZ3DNx38eMfsg7oW N2ncrMqTaW+9RUGVJZZpvQFotrPS8oyu/gN7iRb9dn1JCl/LS6TGhkWWIYYNpk+b/ZmkMgfyu41 pCq+a5ls1nHxX4tyAew7BnB/KkK8a4XJ3Oo9v156/6zKwT5xmRXxjeQu/uwV4bbNXho1vJGyWZL 1zObxCxfEHkgvbrUWaJHTPtA0n9mKrrjj21lDe/lmuDV57PHEwNrR2vCAarvqHMCxJJP6PAHZgs 9P9OYii6/YEO6tRisqe6BcopE+uixdYy5k1S+jja1cZFuW/+Ad9p7JQOvR0IFuK3YLbxbZBsVdQ BE7my0+m2G8gEpESTWSyQvaVBkokVTLj8wcvIgH7vffcTkxHI4YWkGPRB1y/5y/HsR5ftl7JHR/ TEpd/m/fy2AkV1LH+HA== X-Proofpoint-GUID: GRbGu_rxwjPl2RkF3nYbH4xFbgspwzn0 X-Proofpoint-Spam-Info: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfX5cidD09JS0kt 1VqzkPKrDOZ71Sl/xXYqsuXeL5b2TkebEWu5dTVPGhZVJyThwlZJLVN0iTriiaZVLCNNZ7stg86 WcJhW4o+CBHgdVqtbeIiqy1wxPEnkdQ= X-Proofpoint-ORIG-GUID: GRbGu_rxwjPl2RkF3nYbH4xFbgspwzn0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-17_01,2026-06-16_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 phishscore=0 bulkscore=0 suspectscore=0 lowpriorityscore=0 impostorscore=0 malwarescore=0 spamscore=0 adultscore=0 clxscore=1015 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2606150000 definitions=main-2606170092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1781689842805158500 Content-Type: text/plain; charset="utf-8" Support the subfunctions CPACF_KMCTR_PAES_128, CPACF_KMCTR_PAES_192 and CPACF_KMCTR_PAES_256 for the cpacf kmctr instruction. Signed-off-by: Harald Freudenberger --- target/s390x/gen-features.c | 3 ++ target/s390x/tcg/cpacf.h | 5 ++ target/s390x/tcg/cpacf_aes.c | 90 ++++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 7 +++ 4 files changed, 105 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 074c53aecd..4a131dc191 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -938,6 +938,9 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KMCTR_AES_128, S390_FEAT_KMCTR_AES_192, S390_FEAT_KMCTR_AES_256, + S390_FEAT_KMCTR_EAES_128, + S390_FEAT_KMCTR_EAES_192, + S390_FEAT_KMCTR_EAES_256, S390_FEAT_PCC_XTS_AES_128, S390_FEAT_PCC_XTS_AES_256, S390_FEAT_PCKMO_AES_128, diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index e302c17a2f..223bada622 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -48,5 +48,10 @@ int cpacf_paes_cbc(CPUS390XState *env, const int mmu_idx= , uintptr_t ra, uint64_t param_addr, uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint32_t type, uint8_t fc, uint8_t mod); +int cpacf_paes_ctr(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint64_t *ctr_ptr_reg, uint32_t type, + uint8_t fc, uint8_t mod); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index a6487261e1..ffa286d422 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -729,3 +729,93 @@ int cpacf_paes_cbc(CPUS390XState *env, const int mmu_i= dx, uintptr_t ra, =20 return !len ? 0 : 3; } + +int cpacf_paes_ctr(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint64_t *ctr_ptr_reg, uint32_t type, + uint8_t fc, uint8_t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + uint8_t ctr[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; + uint64_t addr, len =3D *src_len_reg, done =3D 0; + int i, keysize, addr_reg_size =3D 64; + uint8_t key[32], wkvp[32]; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KMCTR); + + switch (fc) { + case 0x1a: /* CPACF_KMCTR_PAES_128 */ + keysize =3D 16; + break; + case 0x1b: /* CPACF_KMCTR_PAES_192 */ + keysize =3D 24; + break; + case 0x1c: /* CPACF_KMCTR_PAES_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + addr_reg_size =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch and check wkvp from param block */ + for (i =3D 0; i < sizeof(wkvp); i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + wkvp[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + if (memcmp(wkvp, protkey_wkvp, sizeof(wkvp))) { + /* wkvp mismatch -> return with cc 1 */ + return 1; + } + + /* fetch protected key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + /* 'decrypt' the protected key */ + for (i =3D 0; i < keysize; i++) { + key[i] ^=3D protkey_xor_pattern[i]; + } + + /* expand key */ + AES_set_encrypt_key(key, keysize * 8, &exkey); + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + /* read in nonce/ctr =3D> ctr */ + aes_read_block(env, mmu_idx, *ctr_ptr_reg + done, ctr, ra); + /* encrypt ctr =3D> buf */ + AES_encrypt(ctr, buf, &exkey); + /* read in one block of input data =3D> in */ + aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); + /* exor input data with encrypted ctr =3D> out */ + aes_xor(in, buf, out); + /* write out the processed block */ + aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); + len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; + } + + *src_ptr_reg =3D deposit64(*src_ptr_reg, 0, addr_reg_size, + *src_ptr_reg + done); + *dst_ptr_reg =3D deposit64(*dst_ptr_reg, 0, addr_reg_size, + *dst_ptr_reg + done); + *ctr_ptr_reg =3D deposit64(*ctr_ptr_reg, 0, addr_reg_size, + *ctr_ptr_reg + done); + *src_len_reg -=3D done; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 3fc48bc9a1..60c3ebd79e 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -165,6 +165,13 @@ static int cpacf_kmctr(CPUS390XState *env, const int m= mu_idx, uintptr_t ra, &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], &env->regs[r3], S390_FEAT_TYPE_KMCTR, fc, mod); break; + case 0x1a: /* CPACF_KMCTR_PAES_128 */ + case 0x1b: /* CPACF_KMCTR_PAES_192 */ + case 0x1c: /* CPACF_KMCTR_PAES_256 */ + rc =3D cpacf_paes_ctr(env, mmu_idx, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 = + 1], + &env->regs[r3], S390_FEAT_TYPE_KMCTR, fc, mod); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Thu Jun 18 13:20:44 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1781689766; cv=none; d=zohomail.com; s=zohoarc; b=U7DR+56SsdGF1bt8IoSQcJilbFY95rAGD7GqKUN3tvwObmVQa8jg9ZH0qU4C9mTHlAr1svHeg51gRJ5njO5tATDYH1NMxM4BzLMRvlxrGRMJG1R3m+VJt7tow6QM6P++e8TqcM2vnBFUCcrsN785gAsxbG/J29hW2VHfvixsdHA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1781689766; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=D0VTBmwG+lNkTQBnaRhIO6fTpKHA1rPxk3P40axmOxE=; b=CHhSOMaJQSeqjtSTo2Us77rzjUS0cT0PnbtNY6wiVlW5VW7p9kayoV9NIl2tc+qH9/xaR+xZRedpMU6v/+jSArmDMA+UmHoAKIzFvninok9qneN3c/zu4b8ZtSVhSUoVL8I56SEMmK09W64zl4No2RBSwoi5BhG6QN5hfqEDMGo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1781689766163319.4595123890009; Wed, 17 Jun 2026 02:49:26 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wZmt1-0007Ai-4X; Wed, 17 Jun 2026 05:48:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmsx-00076s-Dp; Wed, 17 Jun 2026 05:48:39 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmsu-0003AR-U7; Wed, 17 Jun 2026 05:48:39 -0400 Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 65H8mCll4127403; Wed, 17 Jun 2026 09:48:28 GMT Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eueqtj9b7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:28 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 65H9YrUR022641; Wed, 17 Jun 2026 09:48:27 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 4eudva2h5u-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:27 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 65H9mOAJ50332056 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 17 Jun 2026 09:48:24 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id F1D4120040; Wed, 17 Jun 2026 09:48:23 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C4FC12004E; Wed, 17 Jun 2026 09:48:23 +0000 (GMT) Received: from funtu2.ehn-de.ibm.com (unknown [9.224.92.54]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 17 Jun 2026 09:48:23 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=D0VTBmwG+lNkTQBna RhIO6fTpKHA1rPxk3P40axmOxE=; b=cWBOjDmlJPezth3qAJ1lzhsF2frVLwUpS z1myRejc0IkbxINBwWNi8QzhXssMld/8yIy6WtDlSV3ZdvuEWx16eVh36GRH/kOF ggF98Hp9KmgK4ieZ3BZHkGRl14oCJERjNLIh+zlrejsml3Up34pb71aRbEby9etO 5aBcqe+kW4N5ssVbQRGpvZE5Et7Oc24lFaZcZcHeApKxsKtU6YjnZBqAZfyU541R FUUFdwcr3VlZOk7gCZGsWnYGnbO/1kikLt+sIdUDHfNt3lP3DSSQE+7eazNhOqzW pCBx+AXdtE5/xAfcMesYTm4nk9T8FLid+O3mlyYTzaMyqv6WHDfaA== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, linux390-list@tuxmaker.boeblingen.de.ibm.com, linux-s390@vger.kernel.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com, fcallies@linux.ibm.com, cohuck@redhat.com Subject: [PATCH v7 13/17] target/s390x: Minimal protected key AES XTS support for cpacf pcc instruction Date: Wed, 17 Jun 2026 11:48:16 +0200 Message-ID: <20260617094820.34402-14-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260617094820.34402-1-freude@linux.ibm.com> References: <20260617094820.34402-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: WBLSxx6GLsMhqf9QEG3OpmrDfR-RpuhO X-Proofpoint-GUID: WBLSxx6GLsMhqf9QEG3OpmrDfR-RpuhO X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfX+sely0I1b6+G dzqqutBw/84nU3ku0zg7bRp2+WORlpOAPCS8ImoAVH+qlFyAXyw80Dfzwbin6ZzuUXvWb9W3q7L c5HgggOX98w4nw+nZTAiiFTd06eWSUzFWwPWJM4D1GRlov7UEYy8HZoEpeAeTSyP2+0qEDVDWkg McB/KPCp7lBADXsbIbOtdeIph5Fn1C2xy+W9kBgUbMKlIwlT3PwH3vDTYj/pQoNctBZ3ZoHpLPB tgI5dGQ3gE9Ks462Gej2HoPlzQ+XmZACXw2PJZIs1rGVKCtoThKK8Q/iCqw4qL5r/tgmzo9cfBj Bh3hS63D+3JdxcqJr1l19XLiO8TtH30wcSMCzCps3jIo0MnBF4Y2IyEdzGpxgNAsEGohZqDuwsY WPnaYif7GgVC+sQgRPq0Cg1swy7TvXU6lufXgTzwyGp7E7s6h8b2K8zlZ4qmUAHGwq/aSASQyYd SCgTfO1XMSH+YIbwaMg== X-Proofpoint-Spam-Info: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfXzGS429GvU9wN pmPngxJDTNP7KDgUzt0WIRAU6mcJRiA/vS9g5K3OAKWbX7Ab0Esjd8WGfOPBnkCAk6JpoBT4gOO kVJwVBoysrVF5/yO7nUD5TqwJb4t4n8= X-Authority-Analysis: v=2.4 cv=B4KJFutM c=1 sm=1 tr=0 ts=6a326d6c cx=c_pps a=aDMHemPKRhS1OARIsFnwRA==:117 a=aDMHemPKRhS1OARIsFnwRA==:17 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=iQ6ETzBq9ecOQQE5vZCe:22 a=VnNF1IyMAAAA:8 a=zQyVPUQHs5nwjg34eLYA:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-17_01,2026-06-16_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 adultscore=0 lowpriorityscore=0 suspectscore=0 priorityscore=1501 clxscore=1015 phishscore=0 spamscore=0 bulkscore=0 impostorscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2606150000 definitions=main-2606170092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=freude@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1781689766662158500 Content-Type: text/plain; charset="utf-8" Support CPACF pcc subfunctions PCC-Compute-XTS-Parameter-Encrypted-AES-128 and PCC-Compute-XTS-Parameter-Encrypted-AES-128 but only for the special case block sequential number is 0. However, this covers the s390 PAES XTS implementation in the Linux kernel. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler Reviewed-by: Finn Callies --- target/s390x/gen-features.c | 2 + target/s390x/tcg/cpacf.h | 2 + target/s390x/tcg/cpacf_aes.c | 80 ++++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 4 ++ 4 files changed, 88 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 4a131dc191..126bacb281 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -943,6 +943,8 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KMCTR_EAES_256, S390_FEAT_PCC_XTS_AES_128, S390_FEAT_PCC_XTS_AES_256, + S390_FEAT_PCC_XTS_EAES_128, + S390_FEAT_PCC_XTS_EAES_256, S390_FEAT_PCKMO_AES_128, S390_FEAT_PCKMO_AES_192, S390_FEAT_PCKMO_AES_256, diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 223bada622..6df474fbc8 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -53,5 +53,7 @@ int cpacf_paes_ctr(CPUS390XState *env, const int mmu_idx,= uintptr_t ra, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint64_t *ctr_ptr_reg, uint32_t type, uint8_t fc, uint8_t mod); +int cpacf_paes_pcc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint8_t fc); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index ffa286d422..d454d6f302 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -819,3 +819,83 @@ int cpacf_paes_ctr(CPUS390XState *env, const int mmu_i= dx, uintptr_t ra, =20 return !len ? 0 : 3; } + +int cpacf_paes_pcc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint8_t fc) +{ + uint8_t key[32], wkvp[32], tweak[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + int keysize, i; + uint64_t addr; + AES_KEY exkey; + + switch (fc) { + case 0x3a: /* CPACF_PCC compute XTS param Encrypted AES-128 */ + keysize =3D 16; + break; + case 0x3c: /* CPACF PCC compute XTS param Encrypted AES-256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + /* fetch and check wkvp from param block */ + for (i =3D 0; i < sizeof(wkvp); i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + wkvp[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + if (memcmp(wkvp, protkey_wkvp, sizeof(wkvp))) { + /* wkvp mismatch -> return with cc 1 */ + return 1; + } + + /* fetch block sequence nr from param block into buf */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + + sizeof(wkvp) + AES_BLOCK_SIZE + i); + buf[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + + /* is the block sequence nr 0 ? */ + for (i =3D 0; i < AES_BLOCK_SIZE && !buf[i]; i++) { + ; + } + if (i < AES_BLOCK_SIZE) { + /* no, sorry handling of non zero block sequence is not implemente= d */ + cpu_abort(env_cpu(env), + "PCC-compute-XTS-param (encrypted) with non zero block s= eq nr is not implemented\n"); + return 1; + } + + /* fetch protected key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + /* 'decrypt' the protected key */ + for (i =3D 0; i < keysize; i++) { + key[i] ^=3D protkey_xor_pattern[i]; + } + + /* fetch tweak from param block into tweak */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + sizeof(wkvp) + i= ); + tweak[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + + /* expand key */ + AES_set_encrypt_key(key, keysize * 8, &exkey); + + /* encrypt tweak */ + AES_encrypt(tweak, buf, &exkey); + + /* store encrypted tweak into xts parameter field of the param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + + sizeof(wkvp) + 3 * AES_BLOCK_SIZE + i); + cpu_stb_mmu(env, addr, buf[i], oi, ra); + } + + return 0; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 60c3ebd79e..38f7d900fa 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -206,6 +206,10 @@ static int cpacf_pcc(CPUS390XState *env, const int mmu= _idx, uintptr_t ra, case 0x34: /* CPACF PCC compute XTS param AES-256 */ rc =3D cpacf_aes_pcc(env, mmu_idx, ra, env->regs[1], fc); break; + case 0x3a: /* CPACF_PCC compute XTS param Encrypted AES-128 */ + case 0x3c: /* CPACF PCC compute XTS param Encrypted AES-256 */ + rc =3D cpacf_paes_pcc(env, mmu_idx, ra, env->regs[1], fc); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Thu Jun 18 13:20:44 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1781689827; cv=none; d=zohomail.com; s=zohoarc; b=V6gPTrhEZhPsFkc8hfjMFtHRTKvBVZYFjoy8VS0sNHQfVQoEXGqPT5MpQa4WsKz7uNBGDpGYtP+OiSf2hpw7vXVAY1qRUCbDPjUzotw5FQH7+qkfbLUmvGu6eV5kW1aGNphua9e9AXnD7Hxdorpm7a1q0W7OpHX2az9U0y+cPW8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1781689827; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=ZsIjjeAQFfLyvMoazto1Fitd9pLSREAy3KRl8ILTld8=; b=IyqIp2gA0Qq8X+2+QqhGN75s5ZwJiZk8uFRJ4DSbSCnv+r4o0MaMqRhctBAEF2FxJNx1dBUmI8Wbu6Bt6/qvaXJyV20brsNNXuBoqC2kFFfcYsvpBgIGbD6V2cXegnauQbBSm5+n2z5lPUqsM3ua+3KgnHCwVBj3VtKMQxHak8E= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1781689827296270.8360496293192; Wed, 17 Jun 2026 02:50:27 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wZmtH-0007KF-EO; Wed, 17 Jun 2026 05:48:59 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmtG-0007Jg-5t; Wed, 17 Jun 2026 05:48:58 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmtE-0003A6-BH; Wed, 17 Jun 2026 05:48:57 -0400 Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 65H8mYvE4021966; Wed, 17 Jun 2026 09:48:28 GMT Received: from ppma22.wdc07v.mail.ibm.com (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eueqx289v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:28 +0000 (GMT) Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1]) by ppma22.wdc07v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 65H9YcVr016259; Wed, 17 Jun 2026 09:48:28 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4eudvaahgc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:27 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 65H9mOFh50332060 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 17 Jun 2026 09:48:24 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2E05320040; Wed, 17 Jun 2026 09:48:24 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 026DD20043; Wed, 17 Jun 2026 09:48:24 +0000 (GMT) Received: from funtu2.ehn-de.ibm.com (unknown [9.224.92.54]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 17 Jun 2026 09:48:23 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=ZsIjjeAQFfLyvMoaz to1Fitd9pLSREAy3KRl8ILTld8=; b=fXPlkmgUlF1KOpTFM9CJ7tC1L23HHsx39 A+K747ICVjeCX7SlP+pxAPG3Gbrb3v6U4KQeydw1x+zgKpAR1RHcbm6Mpu3VoAep P5qcJBYK8pDZDDBvLjlJwM9f9quR8ygOVIrJvNDVX0MrSMLwrwJzaq1TXUdWQFYZ nU9UvsPAK6UJ8rG1J+XPI5yVKuqjLo6+hV/jLKcQtM7tSDmOQ8Kq/ljC6pWbEnzG wIzoexLxLO0Fq8Izr/H6Zcj+Jh67WTOQOF5qU0ufgBs31ZIkxtIFBT4+PzO/8zYh H046Z7LIqijNeI2iyU5c62FEUbxQipCJbG5rCq0aAdhmdp7/78BNQ== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, linux390-list@tuxmaker.boeblingen.de.ibm.com, linux-s390@vger.kernel.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com, fcallies@linux.ibm.com, cohuck@redhat.com Subject: [PATCH v7 14/17] target/s390x: Support protected key AES XTS for cpacf km instruction Date: Wed, 17 Jun 2026 11:48:17 +0200 Message-ID: <20260617094820.34402-15-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260617094820.34402-1-freude@linux.ibm.com> References: <20260617094820.34402-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfX4X2ZsO5p8QX1 4IcLT9Tv0FkaeGmOr5GWKDHyvt8a08iU/+TBdccm/AKcjvlimlenwe7Lu8q3zxzSjCusg5EIMQK JHFiMz+V9aX1bzfbwLJJn7fRrt3O8bFEoi9SqKsIqD7tMnAe4gtI5GgVC5OM4MeO25I6Hsk/Jga 5tnvDXAn+RphIYIxnjAZxLUOmj7LLZqSrDATigGULWVBiWmRaMiqNjSnO/gOMeAyYgQ1zmzUcnq KfDe75U9VD4LpVy/qMmoa7tNcqWRQHJ2+V4UXgOlBM66bnABwYVOc2xQxGCk5jF55Jl1RroBs+o gm3Zd7qPU9sH4tC37h5nyyxdlZTqAWJ7zVfmbLwviPX0RUsJOz5heT2YzdwAgOTBNqNFmeEFato exkd6vOf1iLz5oiRoe/9URa80Fw1JVZZLF1jbwE9q0VIeHCOQJmYq2Jn8f+zAqxeMpwImgckwcL uIaGWpoHzPuQWs8g5nA== X-Proofpoint-GUID: Iayjf4t35qADdoLmmD2odh3z1GQlZDVP X-Proofpoint-Spam-Info: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfXxLO7a1+fUr9p a3v0Q3VLbBnOBcwD3ipjF1akP7xZULTHTajTkHGJ/w0MfS7C1x3twkDI4B+C4nKCSwCc9yHc3IU udc0gKB9uGG41R/3Lrk4RhHaPCxEI0E= X-Proofpoint-ORIG-GUID: Iayjf4t35qADdoLmmD2odh3z1GQlZDVP X-Authority-Analysis: v=2.4 cv=auGCzyZV c=1 sm=1 tr=0 ts=6a326d6c cx=c_pps a=5BHTudwdYE3Te8bg5FgnPg==:117 a=5BHTudwdYE3Te8bg5FgnPg==:17 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=Y2IxJ9c9Rs8Kov3niI8_:22 a=VnNF1IyMAAAA:8 a=ub7L66Qb16_Canke32oA:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-17_01,2026-06-16_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 clxscore=1015 priorityscore=1501 suspectscore=0 impostorscore=0 spamscore=0 lowpriorityscore=0 adultscore=0 malwarescore=0 bulkscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2606150000 definitions=main-2606170092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1781689828642158500 Content-Type: text/plain; charset="utf-8" Support the subfunctions CPACF_KM_PXTS_128 and CPACF_KM_PAES_256 for the cpacf km instruction. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler Reviewed-by: Finn Callies --- target/s390x/gen-features.c | 2 + target/s390x/tcg/cpacf.h | 4 ++ target/s390x/tcg/cpacf_aes.c | 106 +++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 6 ++ 4 files changed, 118 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 126bacb281..c4c59c3504 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -929,6 +929,8 @@ static uint16_t qemu_MAX[] =3D { S390_FEAT_KM_EAES_256, S390_FEAT_KM_XTS_AES_128, S390_FEAT_KM_XTS_AES_256, + S390_FEAT_KM_XTS_EAES_128, + S390_FEAT_KM_XTS_EAES_256, S390_FEAT_KMC_AES_128, S390_FEAT_KMC_AES_192, S390_FEAT_KMC_AES_256, diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 6df474fbc8..25990c2df6 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -55,5 +55,9 @@ int cpacf_paes_ctr(CPUS390XState *env, const int mmu_idx,= uintptr_t ra, uint8_t fc, uint8_t mod); int cpacf_paes_pcc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, uint64_t param_addr, uint8_t fc); +int cpacf_paes_xts(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint32_t type, uint8_t fc, uint8_t mod); =20 #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index d454d6f302..98d5134d5f 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -899,3 +899,109 @@ int cpacf_paes_pcc(CPUS390XState *env, const int mmu_= idx, uintptr_t ra, =20 return 0; } + +int cpacf_paes_xts(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint32_t type, uint8_t fc, uint8_t mod) +{ + enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; + uint8_t buf1[AES_BLOCK_SIZE], buf2[AES_BLOCK_SIZE]; + const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); + uint8_t key[32], wkvp[32], tweak[AES_BLOCK_SIZE]; + uint64_t addr, len =3D *src_len_reg, done =3D 0; + int i, keysize, addr_reg_size =3D 64; + AES_KEY exkey; + + g_assert(type =3D=3D S390_FEAT_TYPE_KM); + + switch (fc) { + case 0x3a: /* CPACF_KM_PXTS_128 */ + keysize =3D 16; + break; + case 0x3c: /* CPACF_KM_PXTS_256 */ + keysize =3D 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len =3D (uint32_t)len; + addr_reg_size =3D (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch and check wkvp from param block */ + for (i =3D 0; i < sizeof(wkvp); i++) { + addr =3D wrap_address(env, param_addr + keysize + i); + wkvp[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + if (memcmp(wkvp, protkey_wkvp, sizeof(wkvp))) { + /* wkvp mismatch -> return with cc 1 */ + return 1; + } + + /* fetch protected key from param block */ + for (i =3D 0; i < keysize; i++) { + addr =3D wrap_address(env, param_addr + i); + key[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + /* 'decrypt' the protected key */ + for (i =3D 0; i < keysize; i++) { + key[i] ^=3D protkey_xor_pattern[i]; + } + + /* expand key */ + if (mod) { + AES_set_decrypt_key(key, keysize * 8, &exkey); + } else { + AES_set_encrypt_key(key, keysize * 8, &exkey); + } + + /* fetch tweak from param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + sizeof(wkvp) + i= ); + tweak[i] =3D cpu_ldb_mmu(env, addr, oi, ra); + } + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { + /* fetch one AES block into buf1 */ + aes_read_block(env, mmu_idx, *src_ptr_reg + done, buf1, ra); + /* buf1 xor tweak =3D> buf2 */ + aes_xor(buf1, tweak, buf2); + if (mod) { + /* decrypt buf2 =3D> buf1 */ + AES_decrypt(buf2, buf1, &exkey); + } else { + /* encrypt buf2 =3D> buf1 */ + AES_encrypt(buf2, buf1, &exkey); + } + /* buf1 xor tweak =3D> buf2 */ + aes_xor(buf1, tweak, buf2); + /* prep tweak for next round */ + aes_xts_prep_next_tweak(tweak); + /* write out this processed block from buf2 */ + aes_write_block(env, mmu_idx, *dst_ptr_reg + done, buf2, ra); + len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; + } + + /* update tweak in param block */ + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + addr =3D wrap_address(env, param_addr + keysize + sizeof(wkvp) + i= ); + cpu_stb_mmu(env, addr, tweak[i], oi, ra); + } + + *src_ptr_reg =3D deposit64(*src_ptr_reg, 0, addr_reg_size, + *src_ptr_reg + done); + *dst_ptr_reg =3D deposit64(*dst_ptr_reg, 0, addr_reg_size, + *dst_ptr_reg + done); + *src_len_reg -=3D done; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_hel= per.c index 38f7d900fa..8054e4facd 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -116,6 +116,12 @@ static int cpacf_km(CPUS390XState *env, const int mmu_= idx, uintptr_t ra, &env->regs[r1], &env->regs[r2], &env->regs[r2 += 1], S390_FEAT_TYPE_KM, fc, mod); break; + case 0x3a: /* CPACF_KM_PXTS_128 */ + case 0x3c: /* CPACF_KM_PXTS_256 */ + rc =3D cpacf_paes_xts(env, mmu_idx, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 = + 1], + S390_FEAT_TYPE_KM, fc, mod); + break; default: g_assert_not_reached(); } --=20 2.43.0 From nobody Thu Jun 18 13:20:44 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1781689760; cv=none; d=zohomail.com; s=zohoarc; b=OsfesRrjEmZd5YV9C4x4AJz1+KpP9GGWH2QihfJXaIabde3MDQtH12kDkBvLtL5CcOWZKVhp1yV597EoASY1AAKSMssq6lhfdV1DGRmfm1mBNZhbwyMKQtdAY7n6Ez7vyKjoU1eBhPHRV8D1tzCuo+bPdyVNthCjs9UPyfKWgJA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1781689760; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=tun5NYFOsftXK46/URD4ae+acA1hTWaly0US/HOM/R4=; b=BLUw+1FeK4v1ZveAgPPtzC3SWKn01v2rx3xURXzqSKPfXvv7961bXlvWV5yKoIFcqJWTXzxGNnhM9IPMQPatgnuyCko4QxRP/rsR2jA3xazwZQsSJlYtsVdKsu9jVHYq94myI5E67zNTaTQ8njh8gMelxSrXcsJwI+8gziyRE1I= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1781689760411770.7841051294456; Wed, 17 Jun 2026 02:49:20 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wZmt4-0007FO-05; Wed, 17 Jun 2026 05:48:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmsw-00075Z-Pe; Wed, 17 Jun 2026 05:48:38 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmst-00039t-US; Wed, 17 Jun 2026 05:48:38 -0400 Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 65H8mti04042154; Wed, 17 Jun 2026 09:48:29 GMT Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eueqxa7xm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:28 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 65H9Ye2x022006; Wed, 17 Jun 2026 09:48:27 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 4eudva2h5v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:27 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 65H9mO6L46465512 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 17 Jun 2026 09:48:24 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5F57920043; Wed, 17 Jun 2026 09:48:24 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 33F162004E; Wed, 17 Jun 2026 09:48:24 +0000 (GMT) Received: from funtu2.ehn-de.ibm.com (unknown [9.224.92.54]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 17 Jun 2026 09:48:24 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=tun5NYFOsftXK46/U RD4ae+acA1hTWaly0US/HOM/R4=; b=SsWK/QkYcCB67K5g2ihsDHxDHuftAvi31 oK6UMN5vo2UtCqcNmFCzWllwuR2W1e/hH+gl3mXYRIWodEfTZVuOzhlyS7n+eqzS /halcCXbJr4OVBpcY8S19eGfSI1al7E1+EMI49AFwOUvF9+C0kY4sYdUQGv4EgwB 9zR1ZOAvZTc8EvXmwlLb67rMaMw0z7XZ/mZ7aY6wUW8NmrL2xMzDd2Ii6GcFkuZt uiZj0qfsqSvYgIVmukKwQjx7r6RlkdZ1mWZQhWKAXlUOz7DGVry8X8WlBfGyg6Wa vjqNPggN/Cm5jwR4SVaGX5Rr5o/b2FI8uoE0wAK3EwJXBqX/VMGqg== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, linux390-list@tuxmaker.boeblingen.de.ibm.com, linux-s390@vger.kernel.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com, fcallies@linux.ibm.com, cohuck@redhat.com Subject: [PATCH v7 15/17] docs/s390: Document CPACF instructions support Date: Wed, 17 Jun 2026 11:48:18 +0200 Message-ID: <20260617094820.34402-16-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260617094820.34402-1-freude@linux.ibm.com> References: <20260617094820.34402-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Authority-Analysis: v=2.4 cv=OcSoyBTY c=1 sm=1 tr=0 ts=6a326d6c cx=c_pps a=aDMHemPKRhS1OARIsFnwRA==:117 a=aDMHemPKRhS1OARIsFnwRA==:17 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=V8glGbnc2Ofi9Qvn3v5h:22 a=VnNF1IyMAAAA:8 a=yFZ0Su8qAlDFIkEhSqQA:9 a=5wi_FRADO1KgGG3s:21 a=O8hF6Hzn-FEA:10 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfX0QC0dd0Lq6q0 e1ppgAnRcldp4AbSRbiDmuwstsSR1TkrT0ShshIe/3d2f1cGK1DztySTdILfCgnecKTh6v4BMmX wqlPXeMJYMz9tlPSjQeDv4My/Ps/uYsJlMW9vfA80qRz1Tm6AncSK9n+TUc5iqmg55VlOFrcgqZ AZquevEcKQ7/oBlTM4rngyTdJV3bK755S14go1jNq4T+84fFcS4NCdj3UCF27EUTulSmlxtqhE8 RXzUJZ14SRtYwmxwPcJzIL1wMWn8UGuVuplKbGi8FZlHWOdDz/YIrJKqCwI7JstNAa6BkyyWSi3 eZa6bT+0asxtdGYnk0woueMGs4R0D/AWFylLMmSX1T1099i0XbRjODf6IHNaX4D//BnOKjZYUen KxFHDtRBApCnGo96LRjj5t9zWAoMYtWP2JaRtH2S+Ppk6ZTDykipEUlwVk0yzFa8Z9xKa5ROCYT Hw73OSIloU0HsD+xjEg== X-Proofpoint-GUID: sa6fKmT46F8-35g2JtmvgmU5mEdVMk3N X-Proofpoint-Spam-Info: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfX8u6t4g1Vt6GC +VPSskN63vHHcTKvIYH4judjW1OuW0le1LgxC4AjrnwdqtgQm1ZP7wC3NU9bOqnqfHN/U0w6ENF L0faWsaHrOi5kbOQZuUAivtjaL6/Lw4= X-Proofpoint-ORIG-GUID: sa6fKmT46F8-35g2JtmvgmU5mEdVMk3N X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-17_01,2026-06-16_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 phishscore=0 bulkscore=0 suspectscore=0 lowpriorityscore=0 impostorscore=0 malwarescore=0 spamscore=0 adultscore=0 clxscore=1015 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2606150000 definitions=main-2606170092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1781689762470158500 Content-Type: text/plain; charset="utf-8" Add a first document covering the Qemu s390 CPACF instructions and functions supported. Signed-off-by: Harald Freudenberger Reviewed-by: Finn Callies --- docs/system/s390x/cpacf.rst | 116 +++++++++++++++++++++++++++++++++++ docs/system/target-s390x.rst | 1 + 2 files changed, 117 insertions(+) create mode 100644 docs/system/s390x/cpacf.rst diff --git a/docs/system/s390x/cpacf.rst b/docs/system/s390x/cpacf.rst new file mode 100644 index 0000000000..85f35b4e9c --- /dev/null +++ b/docs/system/s390x/cpacf.rst @@ -0,0 +1,116 @@ +CPACF Support +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +CPACF +----- + +CP Assist for Cryptographic Function (CPACF) is a hardware-integrated +coprocessor feature built into every processor core of IBM Z and +LinuxONE mainframes (s390x architecture). It provides high-speed, +hardware-accelerated encryption and hashing directly on the CPU. + +CPACF provides a set of z/Architecture instructions (known as Message +Security Assist or MSA) that execute cryptographic operations +synchronously with the main processor. + +- Symmetric Encryption: Support for AES (128, 192, 256-bit), DES, and + Triple-DES (TDES). +- Hashing: Acceleration for SHA-1, SHA-2 (up to SHA-512), SHA-3 and + SHAKE. +- Random Number Generation: Pseudo Random Number Generator (PRNG) and + a hardware-based True Random Number Generator (TRNG). +- Asymmetric Support: Elliptic Curve Cryptography (ECC) primitives + P-256, P-384, P-521, Montgomery/Edwards curves (e.g., Ed25519). + +Documentation about CPACF instructions is public available and +can be found in the "z/Architecture Principles of Operation" +accessible at the IBM documentation hub https://www.ibm.com/docs/en. +For example the latest version as a pdf is available here: +https://www.ibm.com/support/pages/zvm/library/other/22783214.pdf + + +CPACF instructions +------------------ + +Here is a list of implemented CPACF instructions and the supported +functions for each instruction: + +KDSA (COMPUTE DIGITAL SIGNATURE AUTHENTICATION) +- Function code 0x00 - Function Query + +KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST) +- Function code 0x00 - Function Query +- Function code 0x02 - CPACF_KIMD_SHA_256 +- Function code 0x03 - CPACF_KIMD_SHA_512 + +KLMD (COMPUTE LAST MESSAGE DIGEST) +- Function code 0x00 - Function Query +- Function code 0x02 - CPACF_KLMD_SHA_256 +- Function code 0x03 - CPACF_KLMD_SHA_512 + +KM (CIPHER MESSAGE) +- Function code 0x00 - Function Query +- Function code 0x12 - CPACF_KM_AES_128 +- Function code 0x13 - CPACF_KM_AES_192 +- Function code 0x14 - CPACF_KM_AES_256 +- Function code 0x1a - CPACF_KM_PAES_128 +- Function code 0x1b - CPACF_KM_PAES_192 +- Function code 0x1c - CPACF_KM_PAES_256 +- Function code 0x32 - CPACF_KM_XTS_128 +- Function code 0x34 - CPACF_KM_XTS_256 +- Function code 0x3a - CPACF_KM_PXTS_128 +- Function code 0x3c - CPACF_KM_PXTS_256 + +KMAC (COMPUTE MESSAGE AUTHENTICATION CODE) +- Function code 0x00 - Function Query + +KMC (CIPHER MESSAGE WITH CHAINING) +- Function code 0x00 - Function Query +- Function code 0x12 - CPACF_KMC_AES_128 +- Function code 0x13 - CPACF_KMC_AES_192 +- Function code 0x14 - CPACF_KMC_AES_256 +- Function code 0x1a - CPACF_KMC_PAES_128 +- Function code 0x1b - CPACF_KMC_PAES_192 +- Function code 0x1c - CPACF_KMC_PAES_256 + +KMCTR (CIPHER MESSAGE WITH COUNTER) +- Function code 0x00 - Function Query +- Function code 0x12 - CPACF_KMCTR_AES_128 +- Function code 0x13 - CPACF_KMCTR_AES_192 +- Function code 0x14 - CPACF_KMCTR_AES_256 +- Function code 0x1a - CPACF_KMCTR_PAES_128 +- Function code 0x1b - CPACF_KMCTR_PAES_192 +- Function code 0x1c - CPACF_KMCTR_PAES_256 + +KMF (CIPHER MESSAGE WITH CIPHER FEEDBACK) +- not supported + +KMO (CIPHER MESSAGE WITH OUTPUT FEEDBACK) +- not supported + +PCC (PERFORM CRYPTOGRAPHIC COMPUTATION) +- Function code 0x00 - Function Query +- Function code 0x32 - compute XTS param AES-128 +- Function code 0x34 - compute XTS param AES-256 +- Function code 0x3a - compute XTS param Encrypted AES-128 +- Function code 0x3c - compute XTS param Encrypted AES-256 + +PCKMO (PERFORM CRYPTOGRAPHIC KEY MANAGEMENT OPERATION) +- Function code 0x00 - Function Query +- Function code 0x12 - CPACF_PCKMO_ENC_AES_128_KEY +- Function code 0x13 - CPACF_PCKMO_ENC_AES_192_KEY +- Function code 0x14 - CPACF_PCKMO_ENC_AES_256_KEY + +PRNO (PERFORM RANDOM NUMBER OPERATION) +- Function code 0x00 - Function Query +- Function code 0x72 - CPACF_PRNO_TRNG + +Note that the use of a not supported CPACF instruction (KMF and KMO) +or invocation of a not listed function will result in a Specification +Exception. + +Not listed CPACF instructions (KMF, KMO) cause an Operation Exception +when used. Not listed functions cause a Specification Exception when +called. If only the query function is listed (KDSA), then the query +function will return a function status word with all but the query +function bit set to 0. diff --git a/docs/system/target-s390x.rst b/docs/system/target-s390x.rst index 94c981e732..49159826eb 100644 --- a/docs/system/target-s390x.rst +++ b/docs/system/target-s390x.rst @@ -35,3 +35,4 @@ Architectural features s390x/bootdevices s390x/protvirt s390x/cpu-topology + s390x/cpacf --=20 2.43.0 From nobody Thu Jun 18 13:20:44 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1781689794; cv=none; d=zohomail.com; s=zohoarc; b=doSLOir7bIQ/pGgpH4/jDffhViZWyU0Clt15O3ltuU0nnlQnzrt6J+eDKvX8YkmhBaH/XupqxkITyLLsh0Z25gz/R/HSsLFCdboH2fBeP0LRFlOIc7b57CI7oihqUMTfb2ZCe8DacRscZugZCS9yMvwbas6OM4k8P9EeHsPT+lE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1781689794; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=5WPZHN4nipLaxbAucTQ0zsQgbxsrfj7ZHum/FNMXkFk=; b=bzXlUNY65BFCOG3vtSAThYPzTLTATRFfu1dLTcOeefrt0YgyEgmiXtOVKHIz/BEYntfygQTGKQUp5GLcc+QT9IOEjU7BHQPFXFtzlphcZOq0gkG56Ps5ARTz3RIdOnhOR1H7pvmb76BtoA1V7Ed4CESywQH+gTtI2LveqV5VH6I= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 178168979472169.4327318059303; Wed, 17 Jun 2026 02:49:54 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wZmt0-00079d-AS; Wed, 17 Jun 2026 05:48:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmsy-000786-5S; Wed, 17 Jun 2026 05:48:40 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmsv-0003B2-Px; Wed, 17 Jun 2026 05:48:39 -0400 Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 65H8mLVN4127632; Wed, 17 Jun 2026 09:48:29 GMT Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eueqtj9bb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:28 +0000 (GMT) Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 65H9YdK7009201; Wed, 17 Jun 2026 09:48:28 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 4eudva2hjm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:27 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 65H9mO4G48300376 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 17 Jun 2026 09:48:24 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 902C120043; Wed, 17 Jun 2026 09:48:24 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6528620040; Wed, 17 Jun 2026 09:48:24 +0000 (GMT) Received: from funtu2.ehn-de.ibm.com (unknown [9.224.92.54]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 17 Jun 2026 09:48:24 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=5WPZHN4nipLaxbAuc TQ0zsQgbxsrfj7ZHum/FNMXkFk=; b=QM86ZQ8ZN89nM+CzL63mn9nLMtAP2imXi qwAv1kBNcCiDovWAgCRPMVGw80MkvUymVGGT//nMTDOeMKOhFf9MAdw3LVjRj0YZ ElyDYshJFZgyBBYgNooFoFyWLOH1H7MjEcH3WHuO8Lk46TuEXFmGJON67Nl3gW1v 56HKij0qxGJih78xIGdVuMmCYSv9fR4oSb/jXqX1WDR0fj6nuZ83Otb11hnH875O o+kvaTTtWXxjSHgjs8+06qio7WyzOvvRauLgvF5phjinufX0ICFUK1c+Mgy43Ewd 4xZ2RUolqq0TzaYUaLjZDit1D3W+0wmwYaq7zHIA+CeLvtm7hXYrw== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, linux390-list@tuxmaker.boeblingen.de.ibm.com, linux-s390@vger.kernel.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com, fcallies@linux.ibm.com, cohuck@redhat.com Subject: [PATCH v7 16/17] crypto: Add aes-helpers file to support some AES modes Date: Wed, 17 Jun 2026 11:48:19 +0200 Message-ID: <20260617094820.34402-17-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260617094820.34402-1-freude@linux.ibm.com> References: <20260617094820.34402-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: wTX4iAWadAPlnFGNykOj2Ik03n7czm0E X-Proofpoint-GUID: wTX4iAWadAPlnFGNykOj2Ik03n7czm0E X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfX7vz908zvBctL 2jx02ZvTGTvEyoVndJ8WQ8p3FcbXHseHHMSwp1VMm/KJvNSu2nP6hAsOHvz5TwtINQUjSO/DUpM /GroFcSfhFZ4G0/S1GOK/eNt38OlAKD/beqy08xb51QkuUB7drnN+GK26HTPl1G6CcGE/zD1rEV wrbSM/91Bw2FzYUD18qwVkXjFwIb2a9qpUCQYS/rDYO2yw+GSRdjY7LkMl/BOAhILfEDNNp+iyS CyMm231JhhOAOqQLni5LY9MbCEBpqGgslWLlMcqP3m5/UCaFD2v5nPEfIccT8h1KdBssu9vvioT uO/RZe/Xm1JHtyQR3A3lb2azqDPVCd0Q4qdif2OEz4XHwBDMg07dg/vf18/RaYVDfVapSFuHKtF M1dFLsq51y/EZsV/r/QVkPMzDapcN3aiRsTfuIUBZgvWVnGbMwNwu1IOsFcoZvvVd4ARaZKlDvy IOMQ74VBRjc7CqS9UpA== X-Proofpoint-Spam-Info: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfXzd/1ZabfaQl0 /lB22mSjtD4/b9dU8R2b6Rz10gLFicgY+/Vpj/C1NXFY/cTClmvbUuP/KL6TXejENtMzZjHEFXe XGffamhAHiMnv6qIrCLpvaJZVhtBamA= X-Authority-Analysis: v=2.4 cv=B4KJFutM c=1 sm=1 tr=0 ts=6a326d6d cx=c_pps a=bLidbwmWQ0KltjZqbj+ezA==:117 a=bLidbwmWQ0KltjZqbj+ezA==:17 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=iQ6ETzBq9ecOQQE5vZCe:22 a=VnNF1IyMAAAA:8 a=DMI8xbQNiVaRte-C14sA:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-17_01,2026-06-16_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 adultscore=0 lowpriorityscore=0 suspectscore=0 priorityscore=1501 clxscore=1015 phishscore=0 spamscore=0 bulkscore=0 impostorscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2606150000 definitions=main-2606170092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=freude@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1781689796768158500 Content-Type: text/plain; charset="utf-8" Add a new file crypto/aes-helpers.c with simple functions to support some AES modes: - AES cbc: AES_cbc_encrypt() AES_cbc_decrypt() - AES ctr: AES_ctr_encrypt() - AES xts: AES_xts_encrypt() AES_xts_decrypt() and some AES related helpers: - AES_xor() - AES_xts_prep_next_tweak() Signed-off-by: Harald Freudenberger Reviewed-by: Finn Callies --- crypto/aes-helpers.c | 101 +++++++++++++++++++++++++++++++++++++++++++ crypto/meson.build | 1 + include/crypto/aes.h | 14 ++++++ 3 files changed, 116 insertions(+) create mode 100644 crypto/aes-helpers.c diff --git a/crypto/aes-helpers.c b/crypto/aes-helpers.c new file mode 100644 index 0000000000..8ad3c5132a --- /dev/null +++ b/crypto/aes-helpers.c @@ -0,0 +1,101 @@ +/* + * AES helper functions and mode implementations + * + * Authors: + * Harald Freudenberger + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ + +#include +#include +#include "crypto/aes.h" + +void AES_xor(const unsigned char *src1, const unsigned char *src2, + unsigned char *dst) +{ + int i; + + for (i =3D 0; i < AES_BLOCK_SIZE; i++) { + dst[i] =3D src1[i] ^ src2[i]; + } +} + +void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, + unsigned char *iv, const AES_KEY *key) +{ + unsigned char buf[AES_BLOCK_SIZE]; + + /* in xor iv =3D> buf */ + AES_xor(in, iv, buf); + /* encrypt buf =3D> out */ + AES_encrypt(buf, out, key); + /* prep iv for next round */ + memcpy(iv, out, AES_BLOCK_SIZE); +} + +void AES_cbc_decrypt(const unsigned char *in, unsigned char *out, + unsigned char *iv, const AES_KEY *key) +{ + unsigned char buf[AES_BLOCK_SIZE]; + + /* decrypt in =3D> buf */ + AES_decrypt(in, buf, key); + /* buf xor iv =3D> out */ + AES_xor(buf, iv, out); + /* prep iv for next round */ + memcpy(iv, in, AES_BLOCK_SIZE); +} + +void AES_ctr_encrypt(const unsigned char *in, unsigned char *out, + const unsigned char *ctr, const AES_KEY *key) +{ + unsigned char buf[AES_BLOCK_SIZE]; + + /* encrypt ctr =3D> buf */ + AES_encrypt(ctr, buf, key); + /* exor input data with encrypted ctr =3D> out */ + AES_xor(in, buf, out); +} + +void AES_xts_prep_next_tweak(unsigned char *tweak) +{ + unsigned char carry; + int i; + + carry =3D tweak[AES_BLOCK_SIZE - 1] >> 7; + + for (i =3D AES_BLOCK_SIZE - 1; i > 0; i--) { + tweak[i] =3D (unsigned char)((tweak[i] << 1) | (tweak[i - 1] >> 7)= ); + } + + tweak[i] =3D (unsigned char)(tweak[i] << 1); + tweak[i] ^=3D (unsigned char)(0x87 & (unsigned char)(-(unsigned char)c= arry)); +} + +void AES_xts_encrypt(const unsigned char *in, unsigned char *out, + const unsigned char *tweak, const AES_KEY *key) +{ + unsigned char buf1[AES_BLOCK_SIZE], buf2[AES_BLOCK_SIZE]; + + /* in xor tweak =3D> buf1 */ + AES_xor(in, tweak, buf1); + /* encrypt buf1 =3D> buf2 */ + AES_encrypt(buf1, buf2, key); + /* buf2 xor tweak =3D> out */ + AES_xor(buf2, tweak, out); +} + +void AES_xts_decrypt(const unsigned char *in, unsigned char *out, + const unsigned char *tweak, const AES_KEY *key) +{ + unsigned char buf1[AES_BLOCK_SIZE], buf2[AES_BLOCK_SIZE]; + + /* in xor tweak =3D> buf1 */ + AES_xor(in, tweak, buf1); + /* encrypt buf1 =3D> buf2 */ + AES_decrypt(buf1, buf2, key); + /* buf2 xor tweak =3D> out */ + AES_xor(buf2, tweak, out); +} diff --git a/crypto/meson.build b/crypto/meson.build index b51597a879..675f27311c 100644 --- a/crypto/meson.build +++ b/crypto/meson.build @@ -55,6 +55,7 @@ system_ss.add(when: gnutls, if_true: files('tls-cipher-su= ites.c')) =20 util_ss.add(files( 'aes.c', + 'aes-helpers.c', 'clmul.c', 'init.c', 'sm4.c', diff --git a/include/crypto/aes.h b/include/crypto/aes.h index 381f24c902..df6239cb9c 100644 --- a/include/crypto/aes.h +++ b/include/crypto/aes.h @@ -37,4 +37,18 @@ AES_Td0[x] =3D Si[x].[0e, 09, 0d, 0b]; =20 extern const uint32_t AES_Te0[256], AES_Td0[256]; =20 +void AES_xor(const unsigned char *src1, const unsigned char *src2, + unsigned char *dst); +void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, + unsigned char *iv, const AES_KEY *key); +void AES_cbc_decrypt(const unsigned char *in, unsigned char *out, + unsigned char *iv, const AES_KEY *key); +void AES_ctr_encrypt(const unsigned char *in, unsigned char *out, + const unsigned char *ctr, const AES_KEY *key); +void AES_xts_prep_next_tweak(unsigned char *tweak); +void AES_xts_encrypt(const unsigned char *in, unsigned char *out, + const unsigned char *tweak, const AES_KEY *key); +void AES_xts_decrypt(const unsigned char *in, unsigned char *out, + const unsigned char *tweak, const AES_KEY *key); + #endif --=20 2.43.0 From nobody Thu Jun 18 13:20:44 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1781689807; cv=none; d=zohomail.com; s=zohoarc; b=mL+kK2jNsBK4/LFFzHT5EtRQijGgnkb0j4VPrmMiOfrwvIAL8/02x9Gm7thffE9+/+j1YOeJWzHbYJYwKK/XpDsGJH78p+k13kSZlrmPHfSwWFgVkq7PxbhgPU1NJkRAAnSCHuMUnpqoYRr2I7viuD3xE0oeEEcKyK7nYiE6l8A= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1781689807; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=xhf4zyh8REkyXlzHgCgt2vTzhO6jP+fD3+QUkpYT8mU=; b=KEq/fz2pWeDjbUYXmv8PJHI3kt5gZ9CwZVJxMz9kVBsljXACJny3uCyT7ay1F/CF50mjjD5xc5txZWBF3KOPuVZ0fBGroaMxq5QUzGXWGUJISi955ftaHyCNA4q23L6rEhLpd9muIgrGnFtU/YpJrdqWHk2nUzE9ulRmYqNxUPM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 178168980701996.58309031749263; Wed, 17 Jun 2026 02:50:07 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wZmt0-0007AO-SA; Wed, 17 Jun 2026 05:48:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmsw-000751-9H; Wed, 17 Jun 2026 05:48:38 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wZmst-00039V-DI; Wed, 17 Jun 2026 05:48:37 -0400 Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 65H8mToO4003130; Wed, 17 Jun 2026 09:48:29 GMT Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4eueqx28bq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:29 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 65H9YaTR028270; Wed, 17 Jun 2026 09:48:28 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 4eudvaahdv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Jun 2026 09:48:28 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 65H9mODf48300380 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 17 Jun 2026 09:48:25 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CCFA620040; Wed, 17 Jun 2026 09:48:24 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 94E0B2004E; Wed, 17 Jun 2026 09:48:24 +0000 (GMT) Received: from funtu2.ehn-de.ibm.com (unknown [9.224.92.54]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 17 Jun 2026 09:48:24 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=xhf4zyh8REkyXlzHg Cgt2vTzhO6jP+fD3+QUkpYT8mU=; b=p1+knW8rmCwxoIvKBxXk3VmmRAB5AANMV Fp5+gtnyP4wsuKEbqiN4b+i4WiQGMRcY4+ziFAePx6BeR1r2NOiIBMLmrJ5wfs+O 57F2PocB98lLIzAq91AaxEmJcYhMO4qWGYYVAPe64Aq9dnujZ1pquzkVw5JVB/Br +Zw28n/F/lCc5Y7sllVy43a7W9SV0LsGqXyvpkz89cWqLPSU+M7WFlOvV+vtU8GZ RoCFf6A9bzufoDV732RsqoNoTaBkT8KnYyHiMgaGxI3ix2NLI7Z563VM28DwzJpE JmrLo/0/7IkduS+v+rrLNNaTwozt/kR25B8ZSj1vL+ewkHgcwCenw== From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, linux390-list@tuxmaker.boeblingen.de.ibm.com, linux-s390@vger.kernel.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com, fcallies@linux.ibm.com, cohuck@redhat.com Subject: [PATCH v7 17/17] target/s390x: Use generic AES helper functions Date: Wed, 17 Jun 2026 11:48:20 +0200 Message-ID: <20260617094820.34402-18-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260617094820.34402-1-freude@linux.ibm.com> References: <20260617094820.34402-1-freude@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: Uw7SZeYd5012zPXZPq2m0q_3ZKF4nnFV X-Authority-Analysis: v=2.4 cv=Le0MLDfi c=1 sm=1 tr=0 ts=6a326d6d cx=c_pps a=AfN7/Ok6k8XGzOShvHwTGQ==:117 a=AfN7/Ok6k8XGzOShvHwTGQ==:17 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=RzCfie-kr_QcCd8fBx8p:22 a=VnNF1IyMAAAA:8 a=g6vVTg3iDwn42Crx3gMA:9 X-Proofpoint-Spam-Info: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfX0W/pULkyliH9 YgXotheddvXTIEJW3J3sqtNrN4CEEb1YJkIsVZM5rnfWQPkknCNBI/4I6pRIgiIwJks/CkGQPW0 IdKS/sCHJLC1myEU7DsqyNTMtenH2Ks= X-Proofpoint-ORIG-GUID: Uw7SZeYd5012zPXZPq2m0q_3ZKF4nnFV X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjE3MDA5MiBTYWx0ZWRfX3imXPVVmmbXa 8RNdyJbpu/DbKGtgSxQjAepfknioo1m4dnQKf+ADdC6fYAZeH8CGiIZmUwFX2xjJSL/34SDZm8X 7zmDpci6Myq1L6m3Cb/YgKMg11Y6GByOwUixPtwEOdxJg+ssbgweUc63Sv0YR8UkwngaGRUXo8B H3jLBSt1FpoUZ5Xbxb9aHIrkSu1+f0MnvkXDT5jHx0MDcHHu+Qm8f3K/xuRDA2hh2zno0oVSCAE IRqBHrTtnUz7bSAauIqTZ/n6nc1FAXOeNYUZD1Ys18lu8EoN3jEIrJ6kDNSWUTCmJEaQkHOTQGP GRn7KeCoIjoY7LYPc79giAqDytu7W7m0mrSxfq1cqR8/HoCqP2I5Gm819/ug8Uy4lpzJqhVqoWH pkHSQabwmp3AYpxQkTqO3fh0jdnet5vmzswq35m1GHXuCtgezaTcoO1dSPTf3ZnUw47VL10vdBK yXO9OvSo7W3FpxSRSZg== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-17_01,2026-06-16_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 priorityscore=1501 malwarescore=0 spamscore=0 suspectscore=0 impostorscore=0 phishscore=0 lowpriorityscore=0 bulkscore=0 adultscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2606150000 definitions=main-2606170092 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=freude@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1781689808550158500 Content-Type: text/plain; charset="utf-8" Rewrite the cpacf implementations to use the generic AES helper functions from crypto/aes-helpers.c Signed-off-by: Harald Freudenberger --- target/s390x/tcg/cpacf_aes.c | 124 ++++++++++------------------------- 1 file changed, 36 insertions(+), 88 deletions(-) diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index 98d5134d5f..9935b6b39c 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -119,20 +119,13 @@ int cpacf_aes_ecb(CPUS390XState *env, const int mmu_i= dx, uintptr_t ra, return !len ? 0 : 3; } =20 -static void aes_xor(const uint8_t *src1, const uint8_t *src2, uint8_t *dst) -{ - for (int i =3D 0; i < AES_BLOCK_SIZE; i++) { - dst[i] =3D src1[i] ^ src2[i]; - } -} - int cpacf_aes_cbc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, uint64_t param_addr, uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint32_t type, uint8_t fc, uint8_t mod) { enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; - uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); uint64_t addr, len =3D *src_len_reg, done =3D 0; int i, keysize, addr_reg_size =3D 64; @@ -188,19 +181,11 @@ int cpacf_aes_cbc(CPUS390XState *env, const int mmu_i= dx, uintptr_t ra, for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); if (mod) { - /* decrypt in =3D> buf */ - AES_decrypt(in, buf, &exkey); - /* buf xor iv =3D> out */ - aes_xor(buf, iv, out); - /* prep iv for next round */ - memcpy(iv, in, AES_BLOCK_SIZE); + /* decrypt in =3D> out */ + AES_cbc_decrypt(in, out, iv, &exkey); } else { - /* in xor iv =3D> buf */ - aes_xor(in, iv, buf); - /* encrypt buf =3D> out */ - AES_encrypt(buf, out, &exkey); - /* prep iv for next round */ - memcpy(iv, out, AES_BLOCK_SIZE); + /* encrypt in =3D> out */ + AES_cbc_encrypt(in, out, iv, &exkey); } aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; @@ -229,11 +214,10 @@ int cpacf_aes_ctr(CPUS390XState *env, const int mmu_i= dx, uintptr_t ra, { enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); - uint8_t ctr[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; uint64_t addr, len =3D *src_len_reg, done =3D 0; + uint8_t ctr[AES_BLOCK_SIZE], key[32]; int i, keysize, addr_reg_size =3D 64; - uint8_t key[32]; AES_KEY exkey; =20 g_assert(type =3D=3D S390_FEAT_TYPE_KMCTR); @@ -275,12 +259,10 @@ int cpacf_aes_ctr(CPUS390XState *env, const int mmu_i= dx, uintptr_t ra, for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { /* read in nonce/ctr =3D> ctr */ aes_read_block(env, mmu_idx, *ctr_ptr_reg + done, ctr, ra); - /* encrypt ctr =3D> buf */ - AES_encrypt(ctr, buf, &exkey); /* read in one block of input data =3D> in */ aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); - /* exor input data with encrypted ctr =3D> out */ - aes_xor(in, buf, out); + /* encrypt ctr and xor with in =3D> out */ + AES_ctr_encrypt(in, out, ctr, &exkey); /* write out the processed block */ aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; @@ -361,28 +343,13 @@ int cpacf_aes_pcc(CPUS390XState *env, const int mmu_i= dx, uintptr_t ra, return 0; } =20 -static void aes_xts_prep_next_tweak(uint8_t tweak[AES_BLOCK_SIZE]) -{ - uint8_t carry; - int i; - - carry =3D tweak[AES_BLOCK_SIZE - 1] >> 7; - - for (i =3D AES_BLOCK_SIZE - 1; i > 0; i--) { - tweak[i] =3D (uint8_t)((tweak[i] << 1) | (tweak[i - 1] >> 7)); - } - - tweak[i] =3D (uint8_t)(tweak[i] << 1); - tweak[i] ^=3D (uint8_t)(0x87 & (uint8_t)(-(int8_t)carry)); -} - int cpacf_aes_xts(CPUS390XState *env, const int mmu_idx, uintptr_t ra, uint64_t param_addr, uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint32_t type, uint8_t fc, uint8_t mod) { enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; - uint8_t buf1[AES_BLOCK_SIZE], buf2[AES_BLOCK_SIZE]; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); uint64_t addr, len =3D *src_len_reg, done =3D 0; uint8_t key[32], tweak[AES_BLOCK_SIZE]; @@ -433,23 +400,19 @@ int cpacf_aes_xts(CPUS390XState *env, const int mmu_i= dx, uintptr_t ra, =20 /* process up to MAX_BLOCKS_PER_RUN aes blocks */ for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { - /* fetch one AES block into buf1 */ - aes_read_block(env, mmu_idx, *src_ptr_reg + done, buf1, ra); - /* buf1 xor tweak =3D> buf2 */ - aes_xor(buf1, tweak, buf2); + /* fetch one AES block into in */ + aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); if (mod) { - /* decrypt buf2 =3D> buf1 */ - AES_decrypt(buf2, buf1, &exkey); + /* decrypt in =3D> out */ + AES_xts_decrypt(in, out, tweak, &exkey); } else { - /* encrypt buf2 =3D> buf1 */ - AES_encrypt(buf2, buf1, &exkey); + /* encrypt in =3D> out */ + AES_xts_encrypt(in, out, tweak, &exkey); } - /* buf1 xor tweak =3D> buf2 */ - aes_xor(buf1, tweak, buf2); /* prep tweak for next round */ - aes_xts_prep_next_tweak(tweak); - /* write out this processed block from buf2 */ - aes_write_block(env, mmu_idx, *dst_ptr_reg + done, buf2, ra); + AES_xts_prep_next_tweak(tweak); + /* write out this processed block from out */ + aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; } =20 @@ -627,7 +590,7 @@ int cpacf_paes_cbc(CPUS390XState *env, const int mmu_id= x, uintptr_t ra, uint32_t type, uint8_t fc, uint8_t mod) { enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; - uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); uint8_t key[32], wkvp[32], iv[AES_BLOCK_SIZE]; uint64_t addr, len =3D *src_len_reg, done =3D 0; @@ -697,19 +660,11 @@ int cpacf_paes_cbc(CPUS390XState *env, const int mmu_= idx, uintptr_t ra, for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); if (mod) { - /* decrypt in =3D> buf */ - AES_decrypt(in, buf, &exkey); - /* buf xor iv =3D> out */ - aes_xor(buf, iv, out); - /* prep iv for next round */ - memcpy(iv, in, AES_BLOCK_SIZE); + /* decrypt in =3D> out */ + AES_cbc_decrypt(in, out, iv, &exkey); } else { - /* in xor iv =3D> buf */ - aes_xor(in, iv, buf); - /* encrypt buf =3D> out */ - AES_encrypt(buf, out, &exkey); - /* prep iv for next round */ - memcpy(iv, out, AES_BLOCK_SIZE); + /* encrypt in =3D> out */ + AES_cbc_encrypt(in, out, iv, &exkey); } aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; @@ -738,11 +693,10 @@ int cpacf_paes_ctr(CPUS390XState *env, const int mmu_= idx, uintptr_t ra, { enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); - uint8_t ctr[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; + uint8_t ctr[AES_BLOCK_SIZE], key[32], wkvp[32]; uint64_t addr, len =3D *src_len_reg, done =3D 0; int i, keysize, addr_reg_size =3D 64; - uint8_t key[32], wkvp[32]; AES_KEY exkey; =20 g_assert(type =3D=3D S390_FEAT_TYPE_KMCTR); @@ -798,12 +752,10 @@ int cpacf_paes_ctr(CPUS390XState *env, const int mmu_= idx, uintptr_t ra, for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { /* read in nonce/ctr =3D> ctr */ aes_read_block(env, mmu_idx, *ctr_ptr_reg + done, ctr, ra); - /* encrypt ctr =3D> buf */ - AES_encrypt(ctr, buf, &exkey); /* read in one block of input data =3D> in */ aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); - /* exor input data with encrypted ctr =3D> out */ - aes_xor(in, buf, out); + /* encrypt ctr and xor with in =3D> out */ + AES_ctr_encrypt(in, out, ctr, &exkey); /* write out the processed block */ aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; @@ -906,7 +858,7 @@ int cpacf_paes_xts(CPUS390XState *env, const int mmu_id= x, uintptr_t ra, uint32_t type, uint8_t fc, uint8_t mod) { enum { MAX_BLOCKS_PER_RUN =3D 8192 / AES_BLOCK_SIZE }; - uint8_t buf1[AES_BLOCK_SIZE], buf2[AES_BLOCK_SIZE]; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; const MemOpIdx oi =3D make_memop_idx(MO_8, mmu_idx); uint8_t key[32], wkvp[32], tweak[AES_BLOCK_SIZE]; uint64_t addr, len =3D *src_len_reg, done =3D 0; @@ -971,23 +923,19 @@ int cpacf_paes_xts(CPUS390XState *env, const int mmu_= idx, uintptr_t ra, =20 /* process up to MAX_BLOCKS_PER_RUN aes blocks */ for (i =3D 0; i < MAX_BLOCKS_PER_RUN && len >=3D AES_BLOCK_SIZE; i++) { - /* fetch one AES block into buf1 */ - aes_read_block(env, mmu_idx, *src_ptr_reg + done, buf1, ra); - /* buf1 xor tweak =3D> buf2 */ - aes_xor(buf1, tweak, buf2); + /* fetch one AES block into in */ + aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); if (mod) { - /* decrypt buf2 =3D> buf1 */ - AES_decrypt(buf2, buf1, &exkey); + /* decrypt in =3D> out */ + AES_xts_decrypt(in, out, tweak, &exkey); } else { - /* encrypt buf2 =3D> buf1 */ - AES_encrypt(buf2, buf1, &exkey); + /* encrypt in =3D> out */ + AES_xts_encrypt(in, out, tweak, &exkey); } - /* buf1 xor tweak =3D> buf2 */ - aes_xor(buf1, tweak, buf2); /* prep tweak for next round */ - aes_xts_prep_next_tweak(tweak); - /* write out this processed block from buf2 */ - aes_write_block(env, mmu_idx, *dst_ptr_reg + done, buf2, ra); + AES_xts_prep_next_tweak(tweak); + /* write out this processed block from out */ + aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); len -=3D AES_BLOCK_SIZE, done +=3D AES_BLOCK_SIZE; } =20 --=20 2.43.0