From: Harald Freudenberger <freude@linux.ibm.com>
To: richard.henderson@linaro.org, iii@linux.ibm.com,
david@kernel.org, thuth@redhat.com, berrange@redhat.com
Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org,
linux390-list@tuxmaker.boeblingen.de.ibm.com,
linux-s390@vger.kernel.org, dengler@linux.ibm.com,
borntraeger@linux.ibm.com, fcallies@linux.ibm.com,
cohuck@redhat.com
Subject: [PATCH v9 08/21] target/s390x: Minimal AES XTS support for cpacf pcc instruction
Date: Wed, 1 Jul 2026 18:46:31 +0200 [thread overview]
Message-ID: <20260701164650.95760-9-freude@linux.ibm.com> (raw)
In-Reply-To: <20260701164650.95760-1-freude@linux.ibm.com>
Support CPACF pcc subfunctions PCC-Compute-XTS-Parameter-AES-128
and PCC-Compute-XTS-Parameter-AES-128 but only for the special
case block sequential number is 0. However, this covers the s390
AES XTS implementation in the Linux kernel and Libica and thus
also Opencryptoki clear key via Libica.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Tested-by: Holger Dengler <dengler@linux.ibm.com>
---
target/s390x/gen-features.c | 2 +
target/s390x/tcg/cpacf.h | 2 +
target/s390x/tcg/cpacf_aes.c | 63 ++++++++++++++++++++++++++++++++
target/s390x/tcg/crypto_helper.c | 20 ++++++++++
4 files changed, 87 insertions(+)
diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c
index 59c2a47539..1b6a874b90 100644
--- a/target/s390x/gen-features.c
+++ b/target/s390x/gen-features.c
@@ -930,6 +930,8 @@ static uint16_t qemu_MAX[] = {
S390_FEAT_KMCTR_AES_128,
S390_FEAT_KMCTR_AES_192,
S390_FEAT_KMCTR_AES_256,
+ S390_FEAT_PCC_XTS_AES_128,
+ S390_FEAT_PCC_XTS_AES_256,
};
/****** END FEATURE DEFS ******/
diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h
index 3707308661..2e8ed72758 100644
--- a/target/s390x/tcg/cpacf.h
+++ b/target/s390x/tcg/cpacf.h
@@ -247,5 +247,7 @@ int cpacf_aes_ctr(CPUS390XState *env, const int mmu_idx, uintptr_t ra,
uint64_t *src_ptr_reg, uint64_t *src_len_reg,
uint64_t *ctr_ptr_reg, uint32_t type,
uint8_t fc, uint8_t mod);
+int cpacf_aes_pcc(CPUS390XState *env, const int mmu_idx, uintptr_t ra,
+ uint64_t param_addr, uint8_t fc);
#endif /* S390X_CPACF_H */
diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c
index 3d6aa19df2..f41b7dc541 100644
--- a/target/s390x/tcg/cpacf_aes.c
+++ b/target/s390x/tcg/cpacf_aes.c
@@ -290,3 +290,66 @@ int cpacf_aes_ctr(CPUS390XState *env, const int mmu_idx, uintptr_t ra,
return !len ? 0 : 3;
}
+
+int cpacf_aes_pcc(CPUS390XState *env, const int mmu_idx, uintptr_t ra,
+ uint64_t param_addr, uint8_t fc)
+{
+ uint8_t key[32], tweak[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE];
+ const MemOpIdx oi = make_memop_idx(MO_8, mmu_idx);
+ int keysize, i;
+ uint64_t addr;
+ AES_KEY exkey;
+
+ switch (fc) {
+ case CPACF_PCC_XTS_AES_128:
+ keysize = 16;
+ break;
+ case CPACF_PCC_XTS_AES_256:
+ keysize = 32;
+ break;
+ default:
+ g_assert_not_reached();
+ }
+
+ /* fetch block sequence nr from param block into buf */
+ for (i = 0; i < AES_BLOCK_SIZE; i++) {
+ addr = wrap_address(env, param_addr + keysize + AES_BLOCK_SIZE + i);
+ buf[i] = cpu_ldb_mmu(env, addr, oi, ra);
+ }
+
+ /* is the block sequence nr 0 ? */
+ for (i = 0; i < AES_BLOCK_SIZE && !buf[i]; i++) {
+ ;
+ }
+ if (i < AES_BLOCK_SIZE) {
+ /* no, sorry handling of non zero block sequence is not implemented */
+ tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra);
+ return 1;
+ }
+
+ /* fetch key from param block */
+ for (i = 0; i < keysize; i++) {
+ addr = wrap_address(env, param_addr + i);
+ key[i] = cpu_ldb_mmu(env, addr, oi, ra);
+ }
+
+ /* fetch tweak from param block into tweak */
+ for (i = 0; i < AES_BLOCK_SIZE; i++) {
+ addr = wrap_address(env, param_addr + keysize + i);
+ tweak[i] = cpu_ldb_mmu(env, addr, oi, ra);
+ }
+
+ /* expand key */
+ AES_set_encrypt_key(key, keysize * 8, &exkey);
+
+ /* encrypt tweak */
+ AES_encrypt(tweak, buf, &exkey);
+
+ /* store encrypted tweak into xts parameter field of the param block */
+ for (i = 0; i < AES_BLOCK_SIZE; i++) {
+ addr = wrap_address(env, param_addr + keysize + 3 * AES_BLOCK_SIZE + i);
+ cpu_stb_mmu(env, addr, buf[i], oi, ra);
+ }
+
+ return 0;
+}
diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_helper.c
index 9be8a14a80..1d447cef30 100644
--- a/target/s390x/tcg/crypto_helper.c
+++ b/target/s390x/tcg/crypto_helper.c
@@ -169,6 +169,23 @@ static int cpacf_ppno(CPUS390XState *env, const int mmu_idx, uintptr_t ra,
return rc;
}
+static int cpacf_pcc(CPUS390XState *env, const int mmu_idx, uintptr_t ra,
+ uint8_t fc)
+{
+ int rc = 0;
+
+ switch (fc) {
+ case CPACF_PCC_XTS_AES_128:
+ case CPACF_PCC_XTS_AES_256:
+ rc = cpacf_aes_pcc(env, mmu_idx, ra, env->regs[1], fc);
+ break;
+ default:
+ tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra);
+ }
+
+ return rc;
+}
+
uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, uint32_t r2, uint32_t r3,
uint32_t type)
{
@@ -225,6 +242,9 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, uint32_t r2, uint32_t r3,
case S390_FEAT_TYPE_KMCTR:
rc = cpacf_kmctr(env, mmu_idx, ra, r1, r2, r3, fc, mod);
break;
+ case S390_FEAT_TYPE_PCC:
+ rc = cpacf_pcc(env, mmu_idx, ra, fc);
+ break;
case S390_FEAT_TYPE_PPNO:
rc = cpacf_ppno(env, mmu_idx, ra, r1, r2, r3, fc);
break;
--
2.43.0
next prev parent reply other threads:[~2026-07-01 16:47 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-01 16:46 [PATCH v9 00/21] target/s390x: Extend qemu CPACF support Harald Freudenberger
2026-07-01 16:46 ` [PATCH v9 01/21] target/s390x: Fix wrong address handling in address loops Harald Freudenberger
2026-07-01 16:46 ` [PATCH v9 02/21] target/s390x: Rework s390 cpacf implementations Harald Freudenberger
2026-07-01 16:46 ` [PATCH v9 03/21] target/s390x: Move cpacf sha512 code into a new file Harald Freudenberger
2026-07-01 16:46 ` [PATCH v9 04/21] target/s390x: Support cpacf sha256 Harald Freudenberger
2026-07-01 16:46 ` [PATCH v9 05/21] target/s390x: Support AES ECB for cpacf km instruction Harald Freudenberger
2026-07-01 16:46 ` [PATCH v9 06/21] target/s390x: Support AES CBC for cpacf kmc instruction Harald Freudenberger
2026-07-01 16:46 ` [PATCH v9 07/21] target/s390x: Support AES CTR for cpacf kmctr instruction Harald Freudenberger
2026-07-01 16:46 ` Harald Freudenberger [this message]
2026-07-01 16:46 ` [PATCH v9 09/21] target/s390x: Support AES XTS for cpacf km instruction Harald Freudenberger
2026-07-01 16:46 ` [PATCH v9 10/21] target/s390x: Base support for cpacf protected keys Harald Freudenberger
2026-07-01 16:46 ` [PATCH v9 11/21] target/s390x: Support pckmo encrypt AES subfunctions Harald Freudenberger
2026-07-01 16:46 ` [PATCH v9 12/21] target/s390x: Support protected key AES ECB for cpacf km instruction Harald Freudenberger
2026-07-01 16:46 ` [PATCH v9 13/21] target/s390x: Support protected key AES CBC for cpacf kmc instruction Harald Freudenberger
2026-07-01 16:46 ` [PATCH v9 14/21] target/s390x: Support protected key AES CTR for cpacf kmctr instruction Harald Freudenberger
2026-07-01 16:46 ` [PATCH v9 15/21] target/s390x: Minimal protected key AES XTS support for cpacf pcc instruction Harald Freudenberger
2026-07-01 16:46 ` [PATCH v9 16/21] target/s390x: Support protected key AES XTS for cpacf km instruction Harald Freudenberger
2026-07-01 16:46 ` [PATCH v9 17/21] docs/s390: Document CPACF instructions support Harald Freudenberger
2026-07-01 16:46 ` [PATCH v9 18/21] crypto: Add aes-helpers file to support some AES modes Harald Freudenberger
2026-07-01 16:46 ` [PATCH v9 19/21] target/s390x: Use generic AES helper functions Harald Freudenberger
2026-07-01 16:46 ` [PATCH v9 20/21] target/s390x: Improve fetch and store mem from and to guest Harald Freudenberger
2026-07-01 16:46 ` [PATCH v9 21/21] tests/tcg/s390x: Add tests for CPACF instructions Harald Freudenberger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260701164650.95760-9-freude@linux.ibm.com \
--to=freude@linux.ibm.com \
--cc=berrange@redhat.com \
--cc=borntraeger@linux.ibm.com \
--cc=cohuck@redhat.com \
--cc=david@kernel.org \
--cc=dengler@linux.ibm.com \
--cc=fcallies@linux.ibm.com \
--cc=iii@linux.ibm.com \
--cc=linux-s390@vger.kernel.org \
--cc=linux390-list@tuxmaker.boeblingen.de.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox