From: Harald Freudenberger <freude@linux.ibm.com>
To: Finn Callies <fcallies@linux.ibm.com>
Cc: richard.henderson@linaro.org, iii@linux.ibm.com,
david@kernel.org, thuth@redhat.com, berrange@redhat.com,
qemu-s390x@nongnu.org, qemu-devel@nongnu.org,
linux390-list@tuxmaker.boeblingen.de.ibm.com,
linux-s390@vger.kernel.org, dengler@linux.ibm.com,
borntraeger@linux.ibm.com, cohuck@redhat.com
Subject: Re: [PATCH v7 09/17] target/s390x: Support pckmo encrypt AES subfunctions
Date: Mon, 22 Jun 2026 16:34:19 +0200 [thread overview]
Message-ID: <3a2169d3ca127e02427217f28c9f8e2e@linux.ibm.com> (raw)
In-Reply-To: <d0678c75-68b1-48da-aaf6-c846b48c02e3@linux.ibm.com>
On 2026-06-18 07:50, Finn Callies wrote:
> On 17.06.26 11:48, Harald Freudenberger wrote:
>> Support the subfuctions PCKMO-Encrypt-AES-128-Key,
>> PCKMO-Encrypt-AES-192-Key and PCKMO-Encrypt-AES-256-Key.
>>
>> These subfunctions derive a protected key from an AES clear key
>> by encrypting it with an internal AES wrapping key. More
>> details can be found in the "z/Architecture Prinziples of
>> Operation" document.
>>
>> The qemu version provided here is only a fake indented to make
>
> typo: indeted -> intended
>
>> protected key available for developing and testing purpose:
>> * The protected key is 'derived' from the clear key by xoring
>> the fixed pattern 0xAAAA... onto the key value.
>> * The AES Wrapping Key Verification Pattern is a fixed
>> value of 32 bytes 0xFACEFACE...
>>
>> Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
>> Tested-by: Holger Dengler <dengler@linux.ibm.com>
>
> With the typo fixed and the other comments at least considered:
>
> Reviewed-by: Finn Callies <fcallies@linux.ibm.com>
>
>> ---
>> target/s390x/gen-features.c | 3 ++
>> target/s390x/tcg/cpacf.h | 2 +
>> target/s390x/tcg/cpacf_aes.c | 66
>> ++++++++++++++++++++++++++++++++
>> target/s390x/tcg/crypto_helper.c | 21 ++++++++++
>> 4 files changed, 92 insertions(+)
>
> [ snip ]
>
>> diff --git a/target/s390x/tcg/cpacf_aes.c
>> b/target/s390x/tcg/cpacf_aes.c
>> index 0312436c43..5a0a3473d5 100644
>> --- a/target/s390x/tcg/cpacf_aes.c
>> +++ b/target/s390x/tcg/cpacf_aes.c
>> @@ -467,3 +467,69 @@ int cpacf_aes_xts(CPUS390XState *env, const int
>> mmu_idx, uintptr_t ra,
>> return !len ? 0 : 3;
>> }
>> +
>> +/*
>> + * Hard coded pattern xored with the AES clear key
>> + * to 'produce' the protected key.
>> + */
>> +static const uint8_t protkey_xor_pattern[32] = {
>
> the wrapping key for protected keys is called virtual server master
> key if I recall correctly. Maybe name this accordingly or at least
> something with master or wrapping key in it as this describes the
> purpose better I think.
>
But honestly I don't want to call this a key - neither a wrapping nor
a virtual server master key. This is a simple xor pattern to be applied
to the clear key value. I don't want to call this a key in any way.
If I would label this a key someone (or AI) would immediately raise
a security finding - hard coded key / weak key / key in code ...
>> + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
>> + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
>> + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
>> + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA };
>> +
>> +/*
>> + * Hard coded wkvp ("Wrapping Key Verification Pattern")
>> + */
>> +static const uint8_t protkey_wkvp[32] = {
>
> Since you call this protkey_wkvp you could call the wrapping key
> protkey_wk.
>
>> + 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E,
>> + 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E,
>> + 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E,
>> + 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E };
>
> [ snip ]
next prev parent reply other threads:[~2026-06-22 14:34 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-17 9:48 [PATCH v7 00/17] target/s390x: Extend qemu CPACF support Harald Freudenberger
2026-06-17 9:48 ` [PATCH v7 01/17] target/s390x: Rework s390 cpacf implementations Harald Freudenberger
2026-06-17 9:48 ` [PATCH v7 02/17] target/s390x: Move cpacf sha512 code into a new file Harald Freudenberger
2026-06-18 4:54 ` Finn Callies
2026-06-17 9:48 ` [PATCH v7 03/17] target/s390x: Support cpacf sha256 Harald Freudenberger
2026-06-18 5:18 ` Finn Callies
2026-06-17 9:48 ` [PATCH v7 04/17] target/s390x: Support AES ECB for cpacf km instruction Harald Freudenberger
2026-06-18 5:22 ` Finn Callies
2026-06-17 9:48 ` [PATCH v7 05/17] target/s390x: Support AES CBC for cpacf kmc instruction Harald Freudenberger
2026-06-18 5:27 ` Finn Callies
2026-06-17 9:48 ` [PATCH v7 06/17] target/s390x: Support AES CTR for cpacf kmctr instruction Harald Freudenberger
2026-06-18 5:31 ` Finn Callies
2026-06-17 9:48 ` [PATCH v7 07/17] target/s390x: Minimal AES XTS support for cpacf pcc instruction Harald Freudenberger
2026-06-18 5:35 ` Finn Callies
2026-06-17 9:48 ` [PATCH v7 08/17] target/s390x: Support AES XTS for cpacf km instruction Harald Freudenberger
2026-06-18 5:45 ` Finn Callies
2026-06-22 14:25 ` Harald Freudenberger
2026-06-17 9:48 ` [PATCH v7 09/17] target/s390x: Support pckmo encrypt AES subfunctions Harald Freudenberger
2026-06-18 5:50 ` Finn Callies
2026-06-22 14:34 ` Harald Freudenberger [this message]
2026-06-17 9:48 ` [PATCH v7 10/17] target/s390x: Support protected key AES ECB for cpacf km instruction Harald Freudenberger
2026-06-18 5:57 ` Finn Callies
2026-06-22 15:05 ` Harald Freudenberger
2026-06-22 15:41 ` Hendrik Brueckner
2026-06-18 6:05 ` Finn Callies
2026-06-17 9:48 ` [PATCH v7 11/17] target/s390x: Support protected key AES CBC for cpacf kmc instruction Harald Freudenberger
2026-06-18 6:08 ` Finn Callies
2026-06-17 9:48 ` [PATCH v7 12/17] target/s390x: Support protected key AES CTR for cpacf kmctr instruction Harald Freudenberger
2026-06-18 6:10 ` Finn Callies
2026-06-17 9:48 ` [PATCH v7 13/17] target/s390x: Minimal protected key AES XTS support for cpacf pcc instruction Harald Freudenberger
2026-06-18 6:18 ` Finn Callies
2026-06-18 6:21 ` Finn Callies
2026-06-17 9:48 ` [PATCH v7 14/17] target/s390x: Support protected key AES XTS for cpacf km instruction Harald Freudenberger
2026-06-18 6:22 ` Finn Callies
2026-06-17 9:48 ` [PATCH v7 15/17] docs/s390: Document CPACF instructions support Harald Freudenberger
2026-06-18 6:28 ` Finn Callies
2026-06-17 9:48 ` [PATCH v7 16/17] crypto: Add aes-helpers file to support some AES modes Harald Freudenberger
2026-06-18 6:31 ` Finn Callies
2026-06-17 9:48 ` [PATCH v7 17/17] target/s390x: Use generic AES helper functions Harald Freudenberger
2026-06-18 6:35 ` Finn Callies
2026-06-18 5:37 ` [PATCH v7 00/17] target/s390x: Extend qemu CPACF support Finn Callies
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3a2169d3ca127e02427217f28c9f8e2e@linux.ibm.com \
--to=freude@linux.ibm.com \
--cc=berrange@redhat.com \
--cc=borntraeger@linux.ibm.com \
--cc=cohuck@redhat.com \
--cc=david@kernel.org \
--cc=dengler@linux.ibm.com \
--cc=fcallies@linux.ibm.com \
--cc=iii@linux.ibm.com \
--cc=linux-s390@vger.kernel.org \
--cc=linux390-list@tuxmaker.boeblingen.de.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.