From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CD0BD379C42 for ; Wed, 1 Jul 2026 16:47:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782924436; cv=none; b=ugNHDBnvK7a2LMZSmlzFIUf4QV/nhh1oOsC9EBmctSpueOwJHUMflyLnPtPi5/7obgBLBkrxJHgMo3Iop14Z1IxubdvTl4sGLv6P5neTLnpxKD6jpqjNUd3+NKHxoekgPA00YlzVdWgqQkLqP67u9KcO+2AW4L+X+xBXvCy2xbU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782924436; c=relaxed/simple; bh=2o2KjB0ayKgF0dXdLhdXz5Zay0nskSi/tkkpxwWH/x4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=RAxyaFXvUNyCCChBCFYYr157f1svD4+c2hDiJLbt41zIViwZqjmgWiCx9Z60wf4MRFta/ghnMEB27zM/USzGCI7puMA0HVJCockT8RBHVWbATIt4tDkKEt50L+ix5LZXJdLUBZYEYcxxblDrHh5Nmx28vs3c51usp01XF6NR7cA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=UAvXusMI; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="UAvXusMI" Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 661AIei5493061; Wed, 1 Jul 2026 16:46:58 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=6K2/aGKo4zl5Q0Q1X 6JKN0MRm24eGYnHs0LZDXPvgYk=; b=UAvXusMI2nvVAJoEgNPi0wrZAQKvbS0EY L46MGTWpB0vKhxDEEuNYc5Jrh5NLKF9F7LX/ajCwp6X/NFzbPNSjvQDrRxQKYneA nLlWoVwil0gw/vPCLuXPw1bgpMkJitHvWEB0V2q0B9uquGK9OqmnuixRy/pzhB8/ msfBiNmuK6TpYVLnU94F0JHMqfX1d5KKHULz2EAGS0yW2CLSkWr8QaHlcIPDsDYO 2JRjBipUH7bOH1LpoW0byoC2E8D0tOju0uWQbGXdaCr8QEYqziz4tKhFxkfp6izJ QXQk8rDrWh7HBLeaQxOHNbX882Sneu5Dk11gNixp4SrCbYAEtfW+Q== Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4f26qa59tw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Jul 2026 16:46:58 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.7/8.18.1.7) with ESMTP id 661GYda6015589; Wed, 1 Jul 2026 16:46:57 GMT Received: from smtprelay07.fra02v.mail.ibm.com ([9.218.2.229]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 4f2u2gg1tm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Jul 2026 16:46:57 +0000 (GMT) Received: from smtpav07.fra02v.mail.ibm.com (smtpav07.fra02v.mail.ibm.com [10.20.54.106]) by smtprelay07.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 661GkrDV49152408 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 1 Jul 2026 16:46:53 GMT Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 93C9F2005A; Wed, 1 Jul 2026 16:46:53 +0000 (GMT) Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7591A2004F; Wed, 1 Jul 2026 16:46:53 +0000 (GMT) Received: from funtu2.ibm.com (unknown [9.111.187.249]) by smtpav07.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 1 Jul 2026 16:46:53 +0000 (GMT) From: Harald Freudenberger To: richard.henderson@linaro.org, iii@linux.ibm.com, david@kernel.org, thuth@redhat.com, berrange@redhat.com Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org, linux390-list@tuxmaker.boeblingen.de.ibm.com, linux-s390@vger.kernel.org, dengler@linux.ibm.com, borntraeger@linux.ibm.com, fcallies@linux.ibm.com, cohuck@redhat.com Subject: [PATCH v9 08/21] target/s390x: Minimal AES XTS support for cpacf pcc instruction Date: Wed, 1 Jul 2026 18:46:31 +0200 Message-ID: <20260701164650.95760-9-freude@linux.ibm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260701164650.95760-1-freude@linux.ibm.com> References: <20260701164650.95760-1-freude@linux.ibm.com> Precedence: bulk X-Mailing-List: linux-s390@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNzAxMDE3MyBTYWx0ZWRfX1ghVV1jc1vNM ScIxu4c6CLSA10wKGS0/W6I703VjF7pO70IminfhofhGAWRy+p3riC+AeJ73ha/BDVRL9XB3l2d K3qtBIGBv9XBJ2Lb0K6Huy2X0sl9wXYh4C7Ic/K5BLNFUlpPAmsWYAXMXRMHJNmZ8L+qF8cJffM xeeazRGOKkuk7UffJqPPiL6ORUpFShm94YYi9shYkOgF429v6nWQGjyxLNgO8n15nmfr7D4OGr7 N9VHXmJev6ELTy6XQTc98sBptSRkf+oFLAF21FvJZIt4kXcu1D7wdLKSyGJf75bDOYvC/LbGmbK 2bs/OZUUbl33l+qpxj4NbLvZUIgwqE1GoxoBxPz4dKSdrtUn7+C47t1ycsEXstEQs2g7QzliS23 FGFGYEiZRE4Iul+BgONqGCV8GsYYuZEtsAlusS4D+tczeoHBsyAikiXd1eSkccMSc4JNJ1p4P8V +u8u/WwuQWKjJKVXBlQ== X-Proofpoint-Spam-Info: AW1haW4tMjYwNzAxMDE3MyBTYWx0ZWRfX2Iy1ONenuIvR pOVLQsv5TclgRdT+02W5KMJZv6Uq5rjkGKEsK1tGasDZci2F2QxhNZyccNGIyWma6NLOArXVOz6 LW+iswZK/xM+al8V/rXFNQjcjx8gxmc= X-Proofpoint-GUID: Y2Wl9z2LlyCuIExLlG_iWNKY_0-YHR9A X-Proofpoint-ORIG-GUID: Y2Wl9z2LlyCuIExLlG_iWNKY_0-YHR9A X-Authority-Analysis: v=2.4 cv=WZ88rUhX c=1 sm=1 tr=0 ts=6a454482 cx=c_pps a=AfN7/Ok6k8XGzOShvHwTGQ==:117 a=AfN7/Ok6k8XGzOShvHwTGQ==:17 a=RAioF0-LDSMA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RnoormkPH1_aCDwRdu11:22 a=Y2IxJ9c9Rs8Kov3niI8_:22 a=VnNF1IyMAAAA:8 a=gr50lgQh3SlUKNVXMSoA:9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-07-01_03,2026-06-26_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 adultscore=0 phishscore=0 clxscore=1015 bulkscore=0 impostorscore=0 priorityscore=1501 lowpriorityscore=0 suspectscore=0 malwarescore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2606150000 definitions=main-2607010173 Support CPACF pcc subfunctions PCC-Compute-XTS-Parameter-AES-128 and PCC-Compute-XTS-Parameter-AES-128 but only for the special case block sequential number is 0. However, this covers the s390 AES XTS implementation in the Linux kernel and Libica and thus also Opencryptoki clear key via Libica. Signed-off-by: Harald Freudenberger Tested-by: Holger Dengler --- target/s390x/gen-features.c | 2 + target/s390x/tcg/cpacf.h | 2 + target/s390x/tcg/cpacf_aes.c | 63 ++++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 20 ++++++++++ 4 files changed, 87 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 59c2a47539..1b6a874b90 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -930,6 +930,8 @@ static uint16_t qemu_MAX[] = { S390_FEAT_KMCTR_AES_128, S390_FEAT_KMCTR_AES_192, S390_FEAT_KMCTR_AES_256, + S390_FEAT_PCC_XTS_AES_128, + S390_FEAT_PCC_XTS_AES_256, }; /****** END FEATURE DEFS ******/ diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 3707308661..2e8ed72758 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -247,5 +247,7 @@ int cpacf_aes_ctr(CPUS390XState *env, const int mmu_idx, uintptr_t ra, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint64_t *ctr_ptr_reg, uint32_t type, uint8_t fc, uint8_t mod); +int cpacf_aes_pcc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint8_t fc); #endif /* S390X_CPACF_H */ diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index 3d6aa19df2..f41b7dc541 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -290,3 +290,66 @@ int cpacf_aes_ctr(CPUS390XState *env, const int mmu_idx, uintptr_t ra, return !len ? 0 : 3; } + +int cpacf_aes_pcc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint8_t fc) +{ + uint8_t key[32], tweak[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + const MemOpIdx oi = make_memop_idx(MO_8, mmu_idx); + int keysize, i; + uint64_t addr; + AES_KEY exkey; + + switch (fc) { + case CPACF_PCC_XTS_AES_128: + keysize = 16; + break; + case CPACF_PCC_XTS_AES_256: + keysize = 32; + break; + default: + g_assert_not_reached(); + } + + /* fetch block sequence nr from param block into buf */ + for (i = 0; i < AES_BLOCK_SIZE; i++) { + addr = wrap_address(env, param_addr + keysize + AES_BLOCK_SIZE + i); + buf[i] = cpu_ldb_mmu(env, addr, oi, ra); + } + + /* is the block sequence nr 0 ? */ + for (i = 0; i < AES_BLOCK_SIZE && !buf[i]; i++) { + ; + } + if (i < AES_BLOCK_SIZE) { + /* no, sorry handling of non zero block sequence is not implemented */ + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + return 1; + } + + /* fetch key from param block */ + for (i = 0; i < keysize; i++) { + addr = wrap_address(env, param_addr + i); + key[i] = cpu_ldb_mmu(env, addr, oi, ra); + } + + /* fetch tweak from param block into tweak */ + for (i = 0; i < AES_BLOCK_SIZE; i++) { + addr = wrap_address(env, param_addr + keysize + i); + tweak[i] = cpu_ldb_mmu(env, addr, oi, ra); + } + + /* expand key */ + AES_set_encrypt_key(key, keysize * 8, &exkey); + + /* encrypt tweak */ + AES_encrypt(tweak, buf, &exkey); + + /* store encrypted tweak into xts parameter field of the param block */ + for (i = 0; i < AES_BLOCK_SIZE; i++) { + addr = wrap_address(env, param_addr + keysize + 3 * AES_BLOCK_SIZE + i); + cpu_stb_mmu(env, addr, buf[i], oi, ra); + } + + return 0; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_helper.c index 9be8a14a80..1d447cef30 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -169,6 +169,23 @@ static int cpacf_ppno(CPUS390XState *env, const int mmu_idx, uintptr_t ra, return rc; } +static int cpacf_pcc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint8_t fc) +{ + int rc = 0; + + switch (fc) { + case CPACF_PCC_XTS_AES_128: + case CPACF_PCC_XTS_AES_256: + rc = cpacf_aes_pcc(env, mmu_idx, ra, env->regs[1], fc); + break; + default: + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + return rc; +} + uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, uint32_t r2, uint32_t r3, uint32_t type) { @@ -225,6 +242,9 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, uint32_t r2, uint32_t r3, case S390_FEAT_TYPE_KMCTR: rc = cpacf_kmctr(env, mmu_idx, ra, r1, r2, r3, fc, mod); break; + case S390_FEAT_TYPE_PCC: + rc = cpacf_pcc(env, mmu_idx, ra, fc); + break; case S390_FEAT_TYPE_PPNO: rc = cpacf_ppno(env, mmu_idx, ra, r1, r2, r3, fc); break; -- 2.43.0