From: Harald Freudenberger <freude@linux.ibm.com>
To: "Daniel P. Berrangé" <berrange@redhat.com>
Cc: richard.henderson@linaro.org, iii@linux.ibm.com,
david@kernel.org, thuth@redhat.com, qemu-s390x@nongnu.org,
qemu-devel@nongnu.org, linux-s390@vger.kernel.org,
dengler@linux.ibm.com, borntraeger@linux.ibm.com,
fcallies@linux.ibm.com, cohuck@redhat.com
Subject: Re: [PATCH v11 19/21] target/s390x: Use generic AES helper functions
Date: Thu, 09 Jul 2026 11:28:44 +0200 [thread overview]
Message-ID: <21c30b3d8d79f9833d1df7b2874c3b11@linux.ibm.com> (raw)
In-Reply-To: <ak6AoBLuS5PZmOB6@redhat.com>
On 2026-07-08 18:53, Daniel P. Berrangé wrote:
> On Tue, Jul 07, 2026 at 06:18:06PM +0200, Harald Freudenberger wrote:
>> Rewrite the cpacf implementations to use the generic
>> AES helper functions from crypto/aes-helpers.c
>
> The aes-helper.c addition should be done at the start of this series,
> and then the impls can use the AES helpers right from the start.
>
> This avoids the reviewers having to review code that is never merged
> due to being replaced in this patch.
>
>>
>> Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
>> Reviewed-by: Finn Callies <fcallies@linux.ibm.com>
>> ---
>> target/s390x/tcg/cpacf_aes.c | 124
>> ++++++++++-------------------------
>> 1 file changed, 36 insertions(+), 88 deletions(-)
>>
>> diff --git a/target/s390x/tcg/cpacf_aes.c
>> b/target/s390x/tcg/cpacf_aes.c
>> index 4449bbc0d2..e9f0db2b5a 100644
>> --- a/target/s390x/tcg/cpacf_aes.c
>> +++ b/target/s390x/tcg/cpacf_aes.c
>> @@ -110,20 +110,13 @@ int cpacf_aes_ecb(CPUS390XState *env, const int
>> mmu_idx, uintptr_t ra,
>> return !len ? 0 : 3;
>> }
>>
>> -static void aes_xor(const uint8_t *src1, const uint8_t *src2, uint8_t
>> *dst)
>> -{
>> - for (int i = 0; i < AES_BLOCK_SIZE; i++) {
>> - dst[i] = src1[i] ^ src2[i];
>> - }
>> -}
>> -
>> int cpacf_aes_cbc(CPUS390XState *env, const int mmu_idx, uintptr_t
>> ra,
>> uint64_t param_addr, uint64_t *dst_ptr_reg,
>> uint64_t *src_ptr_reg, uint64_t *src_len_reg,
>> uint32_t type, uint8_t fc, uint8_t mod)
>> {
>> enum { MAX_BLOCKS_PER_RUN = 8192 / AES_BLOCK_SIZE };
>> - uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE],
>> buf[AES_BLOCK_SIZE];
>> + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE];
>> const MemOpIdx oi = make_memop_idx(MO_8, mmu_idx);
>> uint64_t addr, len = *src_len_reg, done = 0;
>> int i, keysize, addr_reg_size = 64;
>> @@ -179,19 +172,11 @@ int cpacf_aes_cbc(CPUS390XState *env, const int
>> mmu_idx, uintptr_t ra,
>> for (i = 0; i < MAX_BLOCKS_PER_RUN && len >= AES_BLOCK_SIZE; i++)
>> {
>> aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra);
>> if (mod) {
>> - /* decrypt in => buf */
>> - AES_decrypt(in, buf, &exkey);
>> - /* buf xor iv => out */
>> - aes_xor(buf, iv, out);
>> - /* prep iv for next round */
>> - memcpy(iv, in, AES_BLOCK_SIZE);
>> + /* decrypt in => out */
>> + AES_cbc_decrypt(in, out, iv, &exkey);
>> } else {
>> - /* in xor iv => buf */
>> - aes_xor(in, iv, buf);
>> - /* encrypt buf => out */
>> - AES_encrypt(buf, out, &exkey);
>> - /* prep iv for next round */
>> - memcpy(iv, out, AES_BLOCK_SIZE);
>> + /* encrypt in => out */
>> + AES_cbc_encrypt(in, out, iv, &exkey);
>> }
>> aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra);
>> len -= AES_BLOCK_SIZE;
>> @@ -221,11 +206,10 @@ int cpacf_aes_ctr(CPUS390XState *env, const int
>> mmu_idx, uintptr_t ra,
>> {
>> enum { MAX_BLOCKS_PER_RUN = 8192 / AES_BLOCK_SIZE };
>> const MemOpIdx oi = make_memop_idx(MO_8, mmu_idx);
>> - uint8_t ctr[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE];
>> uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE];
>> uint64_t addr, len = *src_len_reg, done = 0;
>> + uint8_t ctr[AES_BLOCK_SIZE], key[32];
>> int i, keysize, addr_reg_size = 64;
>> - uint8_t key[32];
>> AES_KEY exkey;
>>
>> g_assert(type == S390_FEAT_TYPE_KMCTR);
>> @@ -267,12 +251,10 @@ int cpacf_aes_ctr(CPUS390XState *env, const int
>> mmu_idx, uintptr_t ra,
>> for (i = 0; i < MAX_BLOCKS_PER_RUN && len >= AES_BLOCK_SIZE; i++)
>> {
>> /* read in nonce/ctr => ctr */
>> aes_read_block(env, mmu_idx, *ctr_ptr_reg + done, ctr, ra);
>> - /* encrypt ctr => buf */
>> - AES_encrypt(ctr, buf, &exkey);
>> /* read in one block of input data => in */
>> aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra);
>> - /* xor input data with encrypted ctr => out */
>> - aes_xor(in, buf, out);
>> + /* encrypt ctr and xor with in => out */
>> + AES_ctr_encrypt(in, out, ctr, &exkey);
>> /* write out the processed block */
>> aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra);
>> len -= AES_BLOCK_SIZE;
>> @@ -353,28 +335,13 @@ int cpacf_aes_pcc(CPUS390XState *env, const int
>> mmu_idx, uintptr_t ra,
>> return 0;
>> }
>>
>> -static void aes_xts_prep_next_tweak(uint8_t tweak[AES_BLOCK_SIZE])
>> -{
>> - uint8_t carry;
>> - int i;
>> -
>> - carry = tweak[AES_BLOCK_SIZE - 1] >> 7;
>> -
>> - for (i = AES_BLOCK_SIZE - 1; i > 0; i--) {
>> - tweak[i] = (uint8_t)((tweak[i] << 1) | (tweak[i - 1] >> 7));
>> - }
>> -
>> - tweak[i] = (uint8_t)(tweak[i] << 1);
>> - tweak[i] ^= (uint8_t)(0x87 & (uint8_t)(-(int8_t)carry));
>> -}
>> -
>> int cpacf_aes_xts(CPUS390XState *env, const int mmu_idx, uintptr_t
>> ra,
>> uint64_t param_addr, uint64_t *dst_ptr_reg,
>> uint64_t *src_ptr_reg, uint64_t *src_len_reg,
>> uint32_t type, uint8_t fc, uint8_t mod)
>> {
>> enum { MAX_BLOCKS_PER_RUN = 8192 / AES_BLOCK_SIZE };
>> - uint8_t buf1[AES_BLOCK_SIZE], buf2[AES_BLOCK_SIZE];
>> + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE];
>> const MemOpIdx oi = make_memop_idx(MO_8, mmu_idx);
>> uint64_t addr, len = *src_len_reg, done = 0;
>> uint8_t key[32], tweak[AES_BLOCK_SIZE];
>> @@ -425,23 +392,19 @@ int cpacf_aes_xts(CPUS390XState *env, const int
>> mmu_idx, uintptr_t ra,
>>
>> /* process up to MAX_BLOCKS_PER_RUN aes blocks */
>> for (i = 0; i < MAX_BLOCKS_PER_RUN && len >= AES_BLOCK_SIZE; i++)
>> {
>> - /* fetch one AES block into buf1 */
>> - aes_read_block(env, mmu_idx, *src_ptr_reg + done, buf1, ra);
>> - /* buf1 xor tweak => buf2 */
>> - aes_xor(buf1, tweak, buf2);
>> + /* fetch one AES block into in */
>> + aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra);
>> if (mod) {
>> - /* decrypt buf2 => buf1 */
>> - AES_decrypt(buf2, buf1, &exkey);
>> + /* decrypt in => out */
>> + AES_xts_decrypt(in, out, tweak, &exkey);
>> } else {
>> - /* encrypt buf2 => buf1 */
>> - AES_encrypt(buf2, buf1, &exkey);
>> + /* encrypt in => out */
>> + AES_xts_encrypt(in, out, tweak, &exkey);
>> }
>> - /* buf1 xor tweak => buf2 */
>> - aes_xor(buf1, tweak, buf2);
>> /* prep tweak for next round */
>> - aes_xts_prep_next_tweak(tweak);
>> - /* write out this processed block from buf2 */
>> - aes_write_block(env, mmu_idx, *dst_ptr_reg + done, buf2, ra);
>> + AES_xts_prep_next_tweak(tweak);
>> + /* write out this processed block from out */
>> + aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra);
>> len -= AES_BLOCK_SIZE;
>> done += AES_BLOCK_SIZE;
>> }
>> @@ -637,7 +600,7 @@ int cpacf_paes_cbc(CPUS390XState *env, const int
>> mmu_idx, uintptr_t ra,
>> uint32_t type, uint8_t fc, uint8_t mod)
>> {
>> enum { MAX_BLOCKS_PER_RUN = 8192 / AES_BLOCK_SIZE };
>> - uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE],
>> buf[AES_BLOCK_SIZE];
>> + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE];
>> const MemOpIdx oi = make_memop_idx(MO_8, mmu_idx);
>> uint8_t key[32], wkvp[32], iv[AES_BLOCK_SIZE];
>> uint64_t addr, len = *src_len_reg, done = 0;
>> @@ -705,19 +668,11 @@ int cpacf_paes_cbc(CPUS390XState *env, const int
>> mmu_idx, uintptr_t ra,
>> for (i = 0; i < MAX_BLOCKS_PER_RUN && len >= AES_BLOCK_SIZE; i++)
>> {
>> aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra);
>> if (mod) {
>> - /* decrypt in => buf */
>> - AES_decrypt(in, buf, &exkey);
>> - /* buf xor iv => out */
>> - aes_xor(buf, iv, out);
>> - /* prep iv for next round */
>> - memcpy(iv, in, AES_BLOCK_SIZE);
>> + /* decrypt in => out */
>> + AES_cbc_decrypt(in, out, iv, &exkey);
>> } else {
>> - /* in xor iv => buf */
>> - aes_xor(in, iv, buf);
>> - /* encrypt buf => out */
>> - AES_encrypt(buf, out, &exkey);
>> - /* prep iv for next round */
>> - memcpy(iv, out, AES_BLOCK_SIZE);
>> + /* encrypt in => out */
>> + AES_cbc_encrypt(in, out, iv, &exkey);
>> }
>> aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra);
>> len -= AES_BLOCK_SIZE;
>> @@ -747,11 +702,10 @@ int cpacf_paes_ctr(CPUS390XState *env, const int
>> mmu_idx, uintptr_t ra,
>> {
>> enum { MAX_BLOCKS_PER_RUN = 8192 / AES_BLOCK_SIZE };
>> const MemOpIdx oi = make_memop_idx(MO_8, mmu_idx);
>> - uint8_t ctr[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE];
>> uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE];
>> + uint8_t ctr[AES_BLOCK_SIZE], key[32], wkvp[32];
>> uint64_t addr, len = *src_len_reg, done = 0;
>> int i, keysize, addr_reg_size = 64;
>> - uint8_t key[32], wkvp[32];
>> AES_KEY exkey;
>>
>> g_assert(type == S390_FEAT_TYPE_KMCTR);
>> @@ -805,12 +759,10 @@ int cpacf_paes_ctr(CPUS390XState *env, const int
>> mmu_idx, uintptr_t ra,
>> for (i = 0; i < MAX_BLOCKS_PER_RUN && len >= AES_BLOCK_SIZE; i++)
>> {
>> /* read in nonce/ctr => ctr */
>> aes_read_block(env, mmu_idx, *ctr_ptr_reg + done, ctr, ra);
>> - /* encrypt ctr => buf */
>> - AES_encrypt(ctr, buf, &exkey);
>> /* read in one block of input data => in */
>> aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra);
>> - /* exor input data with encrypted ctr => out */
>> - aes_xor(in, buf, out);
>> + /* encrypt ctr and xor with in => out */
>> + AES_ctr_encrypt(in, out, ctr, &exkey);
>> /* write out the processed block */
>> aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra);
>> len -= AES_BLOCK_SIZE;
>> @@ -911,7 +863,7 @@ int cpacf_paes_xts(CPUS390XState *env, const int
>> mmu_idx, uintptr_t ra,
>> uint32_t type, uint8_t fc, uint8_t mod)
>> {
>> enum { MAX_BLOCKS_PER_RUN = 8192 / AES_BLOCK_SIZE };
>> - uint8_t buf1[AES_BLOCK_SIZE], buf2[AES_BLOCK_SIZE];
>> + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE];
>> const MemOpIdx oi = make_memop_idx(MO_8, mmu_idx);
>> uint8_t key[32], wkvp[32], tweak[AES_BLOCK_SIZE];
>> uint64_t addr, len = *src_len_reg, done = 0;
>> @@ -974,23 +926,19 @@ int cpacf_paes_xts(CPUS390XState *env, const int
>> mmu_idx, uintptr_t ra,
>>
>> /* process up to MAX_BLOCKS_PER_RUN aes blocks */
>> for (i = 0; i < MAX_BLOCKS_PER_RUN && len >= AES_BLOCK_SIZE; i++)
>> {
>> - /* fetch one AES block into buf1 */
>> - aes_read_block(env, mmu_idx, *src_ptr_reg + done, buf1, ra);
>> - /* buf1 xor tweak => buf2 */
>> - aes_xor(buf1, tweak, buf2);
>> + /* fetch one AES block into in */
>> + aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra);
>> if (mod) {
>> - /* decrypt buf2 => buf1 */
>> - AES_decrypt(buf2, buf1, &exkey);
>> + /* decrypt in => out */
>> + AES_xts_decrypt(in, out, tweak, &exkey);
>> } else {
>> - /* encrypt buf2 => buf1 */
>> - AES_encrypt(buf2, buf1, &exkey);
>> + /* encrypt in => out */
>> + AES_xts_encrypt(in, out, tweak, &exkey);
>> }
>> - /* buf1 xor tweak => buf2 */
>> - aes_xor(buf1, tweak, buf2);
>> /* prep tweak for next round */
>> - aes_xts_prep_next_tweak(tweak);
>> - /* write out this processed block from buf2 */
>> - aes_write_block(env, mmu_idx, *dst_ptr_reg + done, buf2, ra);
>> + AES_xts_prep_next_tweak(tweak);
>> + /* write out this processed block from out */
>> + aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra);
>> len -= AES_BLOCK_SIZE;
>> done += AES_BLOCK_SIZE;
>> }
>> --
>> 2.43.0
>>
>
> With regards,
> Daniel
I'll do this. Thanks for your feedback
next prev parent reply other threads:[~2026-07-09 9:28 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-07 16:17 [PATCH v11 00/21] target/s390x: Extend qemu CPACF support Harald Freudenberger
2026-07-07 16:17 ` [PATCH v11 01/21] target/s390x: Fix wrong address handling in address loops Harald Freudenberger
2026-07-08 10:37 ` Michael Tokarev
2026-07-08 11:18 ` Michael Tokarev
2026-07-08 14:03 ` Harald Freudenberger
2026-07-08 14:16 ` Cornelia Huck
2026-07-08 14:57 ` Harald Freudenberger
2026-07-07 16:17 ` [PATCH v11 02/21] target/s390x: Rework s390 cpacf implementations Harald Freudenberger
2026-07-07 16:17 ` [PATCH v11 03/21] target/s390x: Move cpacf sha512 code into a new file Harald Freudenberger
2026-07-08 12:51 ` Holger Dengler
2026-07-07 16:17 ` [PATCH v11 04/21] target/s390x: Support cpacf sha256 Harald Freudenberger
2026-07-07 16:17 ` [PATCH v11 05/21] target/s390x: Support AES ECB for cpacf km instruction Harald Freudenberger
2026-07-07 16:17 ` [PATCH v11 06/21] target/s390x: Support AES CBC for cpacf kmc instruction Harald Freudenberger
2026-07-07 16:17 ` [PATCH v11 07/21] target/s390x: Support AES CTR for cpacf kmctr instruction Harald Freudenberger
2026-07-07 16:17 ` [PATCH v11 08/21] target/s390x: Minimal AES XTS support for cpacf pcc instruction Harald Freudenberger
2026-07-07 16:17 ` [PATCH v11 09/21] target/s390x: Support AES XTS for cpacf km instruction Harald Freudenberger
2026-07-07 16:17 ` [PATCH v11 10/21] target/s390x: Base support for cpacf protected keys Harald Freudenberger
2026-07-07 16:17 ` [PATCH v11 11/21] target/s390x: Support pckmo encrypt AES subfunctions Harald Freudenberger
2026-07-07 16:17 ` [PATCH v11 12/21] target/s390x: Support protected key AES ECB for cpacf km instruction Harald Freudenberger
2026-07-07 16:18 ` [PATCH v11 13/21] target/s390x: Support protected key AES CBC for cpacf kmc instruction Harald Freudenberger
2026-07-07 16:18 ` [PATCH v11 14/21] target/s390x: Support protected key AES CTR for cpacf kmctr instruction Harald Freudenberger
2026-07-07 16:18 ` [PATCH v11 15/21] target/s390x: Minimal protected key AES XTS support for cpacf pcc instruction Harald Freudenberger
2026-07-07 16:18 ` [PATCH v11 16/21] target/s390x: Support protected key AES XTS for cpacf km instruction Harald Freudenberger
2026-07-07 16:18 ` [PATCH v11 17/21] docs/s390: Document CPACF instructions support Harald Freudenberger
2026-07-07 16:18 ` [PATCH v11 18/21] crypto: Add aes-helpers file to support some AES modes Harald Freudenberger
2026-07-08 16:52 ` Daniel P. Berrangé
2026-07-07 16:18 ` [PATCH v11 19/21] target/s390x: Use generic AES helper functions Harald Freudenberger
2026-07-08 16:53 ` Daniel P. Berrangé
2026-07-09 9:28 ` Harald Freudenberger [this message]
2026-07-07 16:18 ` [PATCH v11 20/21] target/s390x: Improve fetch and store mem from and to guest Harald Freudenberger
2026-07-07 16:18 ` [PATCH v11 21/21] tests/tcg/s390x: Add tests for CPACF instructions Harald Freudenberger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=21c30b3d8d79f9833d1df7b2874c3b11@linux.ibm.com \
--to=freude@linux.ibm.com \
--cc=berrange@redhat.com \
--cc=borntraeger@linux.ibm.com \
--cc=cohuck@redhat.com \
--cc=david@kernel.org \
--cc=dengler@linux.ibm.com \
--cc=fcallies@linux.ibm.com \
--cc=iii@linux.ibm.com \
--cc=linux-s390@vger.kernel.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox