From: Harald Freudenberger <freude@linux.ibm.com>
To: Ilya Leoshkevich <iii@linux.ibm.com>
Cc: richard.henderson@linaro.org, david@kernel.org, thuth@redhat.com,
berrange@redhat.com, qemu-s390x@nongnu.org,
qemu-devel@nongnu.org,
linux390-list@tuxmaker.boeblingen.de.ibm.com,
linux-s390@vger.kernel.org, dengler@linux.ibm.com,
borntraeger@linux.ibm.com, fcallies@linux.ibm.com,
cohuck@redhat.com
Subject: Re: [PATCH v8 07/18] target/s390x: Support AES CTR for cpacf kmctr instruction
Date: Thu, 25 Jun 2026 09:17:54 +0200 [thread overview]
Message-ID: <e6a894618afbc5e45e66fafb3373de74@linux.ibm.com> (raw)
In-Reply-To: <a948d24d-f9cb-4d67-bf46-007d6de3c523@linux.ibm.com>
On 2026-06-24 19:26, Ilya Leoshkevich wrote:
> On 6/24/26 10:10, Harald Freudenberger wrote:
>> Support the subfunctions CPACF_KMCTR_AES_128, CPACF_KMCTR_AES_192
>> and CPACF_KMCTR_AES_256 for the cpacf kmctr instruction.
>>
>> Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
>> Reviewed-by: Finn Callies <fcallies@linux.ibm.com>
>> ---
>> target/s390x/gen-features.c | 3 ++
>> target/s390x/tcg/cpacf.h | 5 +++
>> target/s390x/tcg/cpacf_aes.c | 76
>> ++++++++++++++++++++++++++++++++
>> target/s390x/tcg/crypto_helper.c | 24 ++++++++++
>> 4 files changed, 108 insertions(+)
>
> [...]
>
>> --- a/target/s390x/tcg/cpacf_aes.c
>> +++ b/target/s390x/tcg/cpacf_aes.c
>> @@ -213,3 +213,79 @@ int cpacf_aes_cbc(CPUS390XState *env, const int
>> mmu_idx, uintptr_t ra,
>> return !len ? 0 : 3;
>> }
>> +
>> +int cpacf_aes_ctr(CPUS390XState *env, const int mmu_idx, uintptr_t
>> ra,
>> + uint64_t param_addr, uint64_t *dst_ptr_reg,
>> + uint64_t *src_ptr_reg, uint64_t *src_len_reg,
>> + uint64_t *ctr_ptr_reg, uint32_t type,
>> + uint8_t fc, uint8_t mod)
>> +{
>> + enum { MAX_BLOCKS_PER_RUN = 8192 / AES_BLOCK_SIZE };
>> + const MemOpIdx oi = make_memop_idx(MO_8, mmu_idx);
>> + uint8_t ctr[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE];
>> + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE];
>> + uint64_t addr, len = *src_len_reg, done = 0;
>> + int i, keysize, addr_reg_size = 64;
>> + uint8_t key[32];
>> + AES_KEY exkey;
>> +
>> + g_assert(type == S390_FEAT_TYPE_KMCTR);
>> +
>> + switch (fc) {
>> + case 0x12: /* CPACF_KMCTR_AES_128 */
>> + keysize = 16;
>> + break;
>> + case 0x13: /* CPACF_KMCTR_AES_192 */
>> + keysize = 24;
>> + break;
>> + case 0x14: /* CPACF_KMCTR_AES_256 */
>> + keysize = 32;
>> + break;
>> + default:
>> + g_assert_not_reached();
>> + }
>
> A general comment; I think I've seen this in previous patches as well.
> Would it make sense to properly define constants like
> CPACF_KMCTR_AES_128 and drop comments? Or, if the goal is easier
> cross-checking with POp, hardcode decimal numbers, since POp specifies
> them in decimal?
>
As I am about to write some tests for all this CPACF support there would
be a benefit in having all this as constants or defines in a header file
instead of hardcoded values on every switch statement. So I am about to
introduce a some cpacf.h with all these values for the next version.
>> +
>> + if (!(env->psw.mask & PSW_MASK_64)) {
>> + len = (uint32_t)len;
>> + addr_reg_size = (env->psw.mask & PSW_MASK_32) ? 32 : 24;
>> + }
>> +
>> + /* length has to be properly aligned. */
>> + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) {
>> + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra);
>> + }
>> +
>> + /* fetch key from param block */
>> + for (i = 0; i < keysize; i++) {
>> + addr = wrap_address(env, param_addr + i);
>> + key[i] = cpu_ldb_mmu(env, addr, oi, ra);
>> + }
>> +
>> + /* expand key */
>> + AES_set_encrypt_key(key, keysize * 8, &exkey);
>> +
>> + /* process up to MAX_BLOCKS_PER_RUN aes blocks */
>> + for (i = 0; i < MAX_BLOCKS_PER_RUN && len >= AES_BLOCK_SIZE; i++)
>> {
>> + /* read in nonce/ctr => ctr */
>> + aes_read_block(env, mmu_idx, *ctr_ptr_reg + done, ctr, ra);
>> + /* encrypt ctr => buf */
>> + AES_encrypt(ctr, buf, &exkey);
>> + /* read in one block of input data => in */
>> + aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra);
>> + /* xor input data with encrypted ctr => out */
>> + aes_xor(in, buf, out);
>> + /* write out the processed block */
>> + aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra);
>> + len -= AES_BLOCK_SIZE, done += AES_BLOCK_SIZE;
>
> Same comment as in the previous patch.
>
>
> Otherwise:
>
> Reviewed-by: Ilya Leoshkevich <iii@linux.ibm.com>
>
> [...]
next prev parent reply other threads:[~2026-06-25 7:18 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-24 8:09 [PATCH v8 00/18] target/s390x: Extend qemu CPACF support Harald Freudenberger
2026-06-24 8:09 ` [PATCH v8 01/18] target/s390x: Fix wrong address handling in address loops Harald Freudenberger
2026-06-24 10:05 ` Philippe Mathieu-Daudé
2026-06-25 7:31 ` Harald Freudenberger
2026-06-25 10:37 ` Philippe Mathieu-Daudé
2026-06-24 12:56 ` Ilya Leoshkevich
2026-06-24 8:09 ` [PATCH v8 02/18] target/s390x: Rework s390 cpacf implementations Harald Freudenberger
2026-06-24 14:27 ` Ilya Leoshkevich
2026-06-24 8:10 ` [PATCH v8 03/18] target/s390x: Move cpacf sha512 code into a new file Harald Freudenberger
2026-06-24 10:07 ` Philippe Mathieu-Daudé
2026-06-24 14:30 ` Ilya Leoshkevich
2026-06-24 8:10 ` [PATCH v8 04/18] target/s390x: Support cpacf sha256 Harald Freudenberger
2026-06-24 14:39 ` Ilya Leoshkevich
2026-06-24 8:10 ` [PATCH v8 05/18] target/s390x: Support AES ECB for cpacf km instruction Harald Freudenberger
2026-06-24 17:13 ` Ilya Leoshkevich
2026-06-24 8:10 ` [PATCH v8 06/18] target/s390x: Support AES CBC for cpacf kmc instruction Harald Freudenberger
2026-06-24 17:22 ` Ilya Leoshkevich
2026-06-24 8:10 ` [PATCH v8 07/18] target/s390x: Support AES CTR for cpacf kmctr instruction Harald Freudenberger
2026-06-24 17:26 ` Ilya Leoshkevich
2026-06-25 7:17 ` Harald Freudenberger [this message]
2026-06-24 8:10 ` [PATCH v8 08/18] target/s390x: Minimal AES XTS support for cpacf pcc instruction Harald Freudenberger
2026-06-24 8:10 ` [PATCH v8 09/18] target/s390x: Support AES XTS for cpacf km instruction Harald Freudenberger
2026-06-24 8:10 ` [PATCH v8 10/18] target/s390x: Support pckmo encrypt AES subfunctions Harald Freudenberger
2026-06-24 8:10 ` [PATCH v8 11/18] target/s390x: Support protected key AES ECB for cpacf km instruction Harald Freudenberger
2026-06-24 8:10 ` [PATCH v8 12/18] target/s390x: Support protected key AES CBC for cpacf kmc instruction Harald Freudenberger
2026-06-24 8:10 ` [PATCH v8 13/18] target/s390x: Support protected key AES CTR for cpacf kmctr instruction Harald Freudenberger
2026-06-24 8:10 ` [PATCH v8 14/18] target/s390x: Minimal protected key AES XTS support for cpacf pcc instruction Harald Freudenberger
2026-06-24 8:10 ` [PATCH v8 15/18] target/s390x: Support protected key AES XTS for cpacf km instruction Harald Freudenberger
2026-06-24 8:10 ` [PATCH v8 16/18] docs/s390: Document CPACF instructions support Harald Freudenberger
2026-06-24 8:10 ` [PATCH v8 17/18] crypto: Add aes-helpers file to support some AES modes Harald Freudenberger
2026-06-24 8:10 ` [PATCH v8 18/18] target/s390x: Use generic AES helper functions Harald Freudenberger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e6a894618afbc5e45e66fafb3373de74@linux.ibm.com \
--to=freude@linux.ibm.com \
--cc=berrange@redhat.com \
--cc=borntraeger@linux.ibm.com \
--cc=cohuck@redhat.com \
--cc=david@kernel.org \
--cc=dengler@linux.ibm.com \
--cc=fcallies@linux.ibm.com \
--cc=iii@linux.ibm.com \
--cc=linux-s390@vger.kernel.org \
--cc=linux390-list@tuxmaker.boeblingen.de.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.