From: Harald Freudenberger <freude@linux.ibm.com>
To: richard.henderson@linaro.org, iii@linux.ibm.com,
david@kernel.org, thuth@redhat.com, berrange@redhat.com
Cc: qemu-s390x@nongnu.org, qemu-devel@nongnu.org,
linux-s390@vger.kernel.org, dengler@linux.ibm.com,
borntraeger@linux.ibm.com, fcallies@linux.ibm.com,
cohuck@redhat.com
Subject: [PATCH v12 10/17] target/s390x: Base support for cpacf protected keys and pckmo
Date: Fri, 10 Jul 2026 17:28:56 +0200 [thread overview]
Message-ID: <20260710152906.80207-11-freude@linux.ibm.com> (raw)
In-Reply-To: <20260710152906.80207-1-freude@linux.ibm.com>
Add base support for cpacf protected key handling.
Add support for the pckmo subfunctions PCKMO-Encrypt-AES-128-Key,
PCKMO-Encrypt-AES-192-Key and PCKMO-Encrypt-AES-256-Key which deal
with protected keys. These pckmo subfunctions derive a protected key
from an AES clear key by encrypting it with an internal AES wrapping
key. More details about protected keys can be found in the
"z/Architecture Prinziples of Operation" document.
The qemu version provided here is only a fake intended to make
protected key available for developing and testing purpose:
* The protected key is 'derived' from the clear key by xoring
the fixed pattern 0xAAAA... onto the key value.
* The AES Wrapping Key Verification Pattern is a fixed
value of 32 bytes 0xFACEFACE...
Add preprocessor defines for the xor pattern and wkvp used to
construct ('encrypt') a protected key from a clear key value with
this implementation. Also add some static functions to 'encrypt'
from clear key to protected key and 'decrypt' back to cpacf_aes.c.
The preprocessor defines shall be used later in testcases to
construct and decode protected keys.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Tested-by: Holger Dengler <dengler@linux.ibm.com>
---
target/s390x/gen-features.c | 3 ++
target/s390x/tcg/cpacf.h | 29 +++++++++++++++
target/s390x/tcg/cpacf_aes.c | 64 ++++++++++++++++++++++++++++++++
target/s390x/tcg/crypto_helper.c | 21 +++++++++++
target/s390x/tcg/translate.c | 9 ++++-
5 files changed, 124 insertions(+), 2 deletions(-)
diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c
index 078aeddb36..c5fd578d92 100644
--- a/target/s390x/gen-features.c
+++ b/target/s390x/gen-features.c
@@ -935,6 +935,9 @@ static uint16_t qemu_MAX[] = {
S390_FEAT_KMCTR_AES_256,
S390_FEAT_PCC_XTS_AES_128,
S390_FEAT_PCC_XTS_AES_256,
+ S390_FEAT_PCKMO_AES_128,
+ S390_FEAT_PCKMO_AES_192,
+ S390_FEAT_PCKMO_AES_256,
};
/****** END FEATURE DEFS ******/
diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h
index 61ce71476b..1d7d9baf0c 100644
--- a/target/s390x/tcg/cpacf.h
+++ b/target/s390x/tcg/cpacf.h
@@ -254,4 +254,33 @@ int cpacf_aes_xts(CPUS390XState *env, const int mmu_idx, uintptr_t ra,
uint64_t *src_ptr_reg, uint64_t *src_len_reg,
uint32_t type, uint8_t fc, uint8_t mod);
+/*
+ * Support for protected key cpacf functions. Note that this is
+ * a fake implementation intended for debugging and development.
+ * Do not use for production load !
+ */
+
+/*
+ * Hard coded pattern xored with the AES clear key
+ * to 'produce' the protected key.
+ */
+#define PROTKEY_XOR_PATTERN { \
+ 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, \
+ 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, \
+ 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, \
+ 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA }
+
+/*
+ * Hard coded wkvp ("Wrapping Key Verification Pattern")
+ */
+#define PROTKEY_WKVP { \
+ 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E, \
+ 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E, \
+ 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E, \
+ 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E }
+
+/* from cpacf_aes.c */
+int cpacf_aes_pckmo(CPUS390XState *env, const int mmu_idx, uintptr_t ra,
+ uint64_t param_addr, uint8_t fc);
+
#endif /* S390X_CPACF_H */
diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c
index 13d5cdff42..bc92884ff9 100644
--- a/target/s390x/tcg/cpacf_aes.c
+++ b/target/s390x/tcg/cpacf_aes.c
@@ -418,3 +418,67 @@ int cpacf_aes_xts(CPUS390XState *env, const int mmu_idx, uintptr_t ra,
return !len ? 0 : 3;
}
+
+/*
+ * Support for protected key cpacf functions. Note that this is
+ * a fake implementation intended for debugging and development.
+ * Do not use for production load !
+ */
+
+/*
+ * Hard coded pattern xored with the AES clear key
+ * to 'produce' the protected key.
+ */
+static const uint8_t protkey_xor_pattern[32] = PROTKEY_XOR_PATTERN;
+
+/*
+ * Hard coded wkvp ("Wrapping Key Verification Pattern")
+ */
+static const uint8_t protkey_wkvp[32] = PROTKEY_WKVP;
+
+/*
+ * 'encrypt' the clear key value into a protected key
+ * by xor-ing the protkey_xor_pattern onto it.
+ */
+static void encrypt_clrkey(uint8_t *key, int keysize)
+{
+ for (int i = 0; i < keysize; i++) {
+ key[i] ^= protkey_xor_pattern[i];
+ }
+}
+
+int cpacf_aes_pckmo(CPUS390XState *env, const int mmu_idx, uintptr_t ra,
+ uint64_t param_addr, uint8_t fc)
+{
+ uint8_t key[32];
+ int keysize;
+
+ switch (fc) {
+ case CPACF_PCKMO_ENC_AES_128_KEY:
+ keysize = 16;
+ break;
+ case CPACF_PCKMO_ENC_AES_192_KEY:
+ keysize = 24;
+ break;
+ case CPACF_PCKMO_ENC_AES_256_KEY:
+ keysize = 32;
+ break;
+ default:
+ g_assert_not_reached();
+ }
+
+ /* fetch key from param block */
+ copy_from_guest_wrap(env, mmu_idx, ra, param_addr, key, keysize);
+
+ /* 'derive' the protected key from the clear key */
+ encrypt_clrkey(key, keysize);
+
+ /* store the protected key into param block */
+ copy_to_guest_wrap(env, mmu_idx, ra, param_addr, key, keysize);
+ /* followed by the fake wkvp */
+ copy_to_guest_wrap(env, mmu_idx, ra,
+ param_addr + keysize,
+ protkey_wkvp, sizeof(protkey_wkvp));
+
+ return 0;
+}
diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_helper.c
index 564f7fa243..08151e916f 100644
--- a/target/s390x/tcg/crypto_helper.c
+++ b/target/s390x/tcg/crypto_helper.c
@@ -192,6 +192,24 @@ static int cpacf_pcc(CPUS390XState *env, const int mmu_idx, uintptr_t ra,
return rc;
}
+static int cpacf_pckmo(CPUS390XState *env, const int mmu_idx, uintptr_t ra,
+ uint8_t fc)
+{
+ int rc = 0;
+
+ switch (fc) {
+ case CPACF_PCKMO_ENC_AES_128_KEY:
+ case CPACF_PCKMO_ENC_AES_192_KEY:
+ case CPACF_PCKMO_ENC_AES_256_KEY:
+ rc = cpacf_aes_pckmo(env, mmu_idx, ra, env->regs[1], fc);
+ break;
+ default:
+ tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra);
+ }
+
+ return rc;
+}
+
uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, uint32_t r2, uint32_t r3,
uint32_t type)
{
@@ -251,6 +269,9 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, uint32_t r2, uint32_t r3,
case S390_FEAT_TYPE_PCC:
rc = cpacf_pcc(env, mmu_idx, ra, fc);
break;
+ case S390_FEAT_TYPE_PCKMO:
+ rc = cpacf_pckmo(env, mmu_idx, ra, fc);
+ break;
case S390_FEAT_TYPE_PPNO:
rc = cpacf_ppno(env, mmu_idx, ra, r1, r2, r3, fc);
break;
diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
index cef1b55149..d7a99e6c1e 100644
--- a/target/s390x/tcg/translate.c
+++ b/target/s390x/tcg/translate.c
@@ -2558,6 +2558,7 @@ static DisasJumpType op_msa(DisasContext *s, DisasOps *o)
int r2 = have_field(s, r2) ? get_field(s, r2) : 0;
int r3 = have_field(s, r3) ? get_field(s, r3) : 0;
TCGv_i32 t_r1, t_r2, t_r3, type;
+ bool update_cc = true;
switch (s->insn->data) {
case S390_FEAT_TYPE_KMA:
@@ -2589,8 +2590,10 @@ static DisasJumpType op_msa(DisasContext *s, DisasOps *o)
gen_program_exception(s, PGM_SPECIFICATION);
return DISAS_NORETURN;
}
- /* FALL THROUGH */
+ break;
case S390_FEAT_TYPE_PCKMO:
+ update_cc = false;
+ /* FALL THROUGH */
case S390_FEAT_TYPE_PCC:
case S390_FEAT_TYPE_KDSA:
break;
@@ -2603,7 +2606,9 @@ static DisasJumpType op_msa(DisasContext *s, DisasOps *o)
t_r3 = tcg_constant_i32(r3);
type = tcg_constant_i32(s->insn->data);
gen_helper_msa(cc_op, tcg_env, t_r1, t_r2, t_r3, type);
- set_cc_static(s);
+ if (update_cc) {
+ set_cc_static(s);
+ }
return DISAS_NEXT;
}
--
2.43.0
next prev parent reply other threads:[~2026-07-10 15:29 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-10 15:28 [PATCH v12 00/17] target/s390x: Extend qemu CPACF support Harald Freudenberger
2026-07-10 15:28 ` [PATCH v12 01/17] target/s390x: Rework s390 cpacf implementations Harald Freudenberger
2026-07-10 15:28 ` [PATCH v12 02/17] target/s390x: Move cpacf sha512 code into a new file Harald Freudenberger
2026-07-10 15:28 ` [PATCH v12 03/17] target/s390x: Support cpacf sha256 Harald Freudenberger
2026-07-10 15:28 ` [PATCH v12 04/17] crypto: Add aes-helpers file to support some AES modes Harald Freudenberger
2026-07-10 15:28 ` [PATCH v12 05/17] target/s390x: Support AES ECB for cpacf km instruction Harald Freudenberger
2026-07-10 15:28 ` [PATCH v12 06/17] target/s390x: Support AES CBC for cpacf kmc instruction Harald Freudenberger
2026-07-10 15:28 ` [PATCH v12 07/17] target/s390x: Support AES CTR for cpacf kmctr instruction Harald Freudenberger
2026-07-10 15:28 ` [PATCH v12 08/17] target/s390x: Minimal AES XTS support for cpacf pcc instruction Harald Freudenberger
2026-07-10 15:28 ` [PATCH v12 09/17] target/s390x: Support AES XTS for cpacf km instruction Harald Freudenberger
2026-07-10 15:28 ` Harald Freudenberger [this message]
2026-07-10 15:28 ` [PATCH v12 11/17] target/s390x: Support protected key AES ECB " Harald Freudenberger
2026-07-10 15:28 ` [PATCH v12 12/17] target/s390x: Support protected key AES CBC for cpacf kmc instruction Harald Freudenberger
2026-07-10 15:28 ` [PATCH v12 13/17] target/s390x: Support protected key AES CTR for cpacf kmctr instruction Harald Freudenberger
2026-07-10 15:29 ` [PATCH v12 14/17] target/s390x: Minimal protected key AES XTS support for cpacf pcc instruction Harald Freudenberger
2026-07-10 15:29 ` [PATCH v12 15/17] target/s390x: Support protected key AES XTS for cpacf km instruction Harald Freudenberger
2026-07-10 15:29 ` [PATCH v12 16/17] docs/s390: Document CPACF instructions support Harald Freudenberger
2026-07-10 15:29 ` [PATCH v12 17/17] tests/tcg/s390x: Add tests for CPACF instructions Harald Freudenberger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260710152906.80207-11-freude@linux.ibm.com \
--to=freude@linux.ibm.com \
--cc=berrange@redhat.com \
--cc=borntraeger@linux.ibm.com \
--cc=cohuck@redhat.com \
--cc=david@kernel.org \
--cc=dengler@linux.ibm.com \
--cc=fcallies@linux.ibm.com \
--cc=iii@linux.ibm.com \
--cc=linux-s390@vger.kernel.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox