From: Harald Freudenberger <freude@linux.ibm.com>
To: Finn Callies <fcallies@linux.ibm.com>
Cc: richard.henderson@linaro.org, iii@linux.ibm.com,
david@kernel.org, thuth@redhat.com, berrange@redhat.com,
qemu-s390x@nongnu.org, qemu-devel@nongnu.org,
linux390-list@tuxmaker.boeblingen.de.ibm.com,
linux-s390@vger.kernel.org, dengler@linux.ibm.com,
borntraeger@linux.ibm.com, cohuck@redhat.com
Subject: Re: [PATCH v7 09/17] target/s390x: Support pckmo encrypt AES subfunctions
Date: Mon, 22 Jun 2026 16:34:19 +0200 [thread overview]
Message-ID: <3a2169d3ca127e02427217f28c9f8e2e@linux.ibm.com> (raw)
In-Reply-To: <d0678c75-68b1-48da-aaf6-c846b48c02e3@linux.ibm.com>
On 2026-06-18 07:50, Finn Callies wrote:
> On 17.06.26 11:48, Harald Freudenberger wrote:
>> Support the subfuctions PCKMO-Encrypt-AES-128-Key,
>> PCKMO-Encrypt-AES-192-Key and PCKMO-Encrypt-AES-256-Key.
>>
>> These subfunctions derive a protected key from an AES clear key
>> by encrypting it with an internal AES wrapping key. More
>> details can be found in the "z/Architecture Prinziples of
>> Operation" document.
>>
>> The qemu version provided here is only a fake indented to make
>
> typo: indeted -> intended
>
>> protected key available for developing and testing purpose:
>> * The protected key is 'derived' from the clear key by xoring
>> the fixed pattern 0xAAAA... onto the key value.
>> * The AES Wrapping Key Verification Pattern is a fixed
>> value of 32 bytes 0xFACEFACE...
>>
>> Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
>> Tested-by: Holger Dengler <dengler@linux.ibm.com>
>
> With the typo fixed and the other comments at least considered:
>
> Reviewed-by: Finn Callies <fcallies@linux.ibm.com>
>
>> ---
>> target/s390x/gen-features.c | 3 ++
>> target/s390x/tcg/cpacf.h | 2 +
>> target/s390x/tcg/cpacf_aes.c | 66
>> ++++++++++++++++++++++++++++++++
>> target/s390x/tcg/crypto_helper.c | 21 ++++++++++
>> 4 files changed, 92 insertions(+)
>
> [ snip ]
>
>> diff --git a/target/s390x/tcg/cpacf_aes.c
>> b/target/s390x/tcg/cpacf_aes.c
>> index 0312436c43..5a0a3473d5 100644
>> --- a/target/s390x/tcg/cpacf_aes.c
>> +++ b/target/s390x/tcg/cpacf_aes.c
>> @@ -467,3 +467,69 @@ int cpacf_aes_xts(CPUS390XState *env, const int
>> mmu_idx, uintptr_t ra,
>> return !len ? 0 : 3;
>> }
>> +
>> +/*
>> + * Hard coded pattern xored with the AES clear key
>> + * to 'produce' the protected key.
>> + */
>> +static const uint8_t protkey_xor_pattern[32] = {
>
> the wrapping key for protected keys is called virtual server master
> key if I recall correctly. Maybe name this accordingly or at least
> something with master or wrapping key in it as this describes the
> purpose better I think.
>
But honestly I don't want to call this a key - neither a wrapping nor
a virtual server master key. This is a simple xor pattern to be applied
to the clear key value. I don't want to call this a key in any way.
If I would label this a key someone (or AI) would immediately raise
a security finding - hard coded key / weak key / key in code ...
>> + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
>> + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
>> + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
>> + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA };
>> +
>> +/*
>> + * Hard coded wkvp ("Wrapping Key Verification Pattern")
>> + */
>> +static const uint8_t protkey_wkvp[32] = {
>
> Since you call this protkey_wkvp you could call the wrapping key
> protkey_wk.
>
>> + 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E,
>> + 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E,
>> + 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E,
>> + 0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E };
>
> [ snip ]
next prev parent reply other threads:[~2026-06-22 14:34 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-17 9:48 [PATCH v7 00/17] target/s390x: Extend qemu CPACF support Harald Freudenberger
2026-06-17 9:48 ` [PATCH v7 01/17] target/s390x: Rework s390 cpacf implementations Harald Freudenberger
2026-06-17 9:48 ` [PATCH v7 02/17] target/s390x: Move cpacf sha512 code into a new file Harald Freudenberger
2026-06-18 4:54 ` Finn Callies
2026-06-17 9:48 ` [PATCH v7 03/17] target/s390x: Support cpacf sha256 Harald Freudenberger
2026-06-18 5:18 ` Finn Callies
2026-06-17 9:48 ` [PATCH v7 04/17] target/s390x: Support AES ECB for cpacf km instruction Harald Freudenberger
2026-06-18 5:22 ` Finn Callies
2026-06-17 9:48 ` [PATCH v7 05/17] target/s390x: Support AES CBC for cpacf kmc instruction Harald Freudenberger
2026-06-18 5:27 ` Finn Callies
2026-06-17 9:48 ` [PATCH v7 06/17] target/s390x: Support AES CTR for cpacf kmctr instruction Harald Freudenberger
2026-06-18 5:31 ` Finn Callies
2026-06-17 9:48 ` [PATCH v7 07/17] target/s390x: Minimal AES XTS support for cpacf pcc instruction Harald Freudenberger
2026-06-18 5:35 ` Finn Callies
2026-06-17 9:48 ` [PATCH v7 08/17] target/s390x: Support AES XTS for cpacf km instruction Harald Freudenberger
2026-06-18 5:45 ` Finn Callies
2026-06-22 14:25 ` Harald Freudenberger
2026-06-17 9:48 ` [PATCH v7 09/17] target/s390x: Support pckmo encrypt AES subfunctions Harald Freudenberger
2026-06-18 5:50 ` Finn Callies
2026-06-22 14:34 ` Harald Freudenberger [this message]
2026-06-17 9:48 ` [PATCH v7 10/17] target/s390x: Support protected key AES ECB for cpacf km instruction Harald Freudenberger
2026-06-18 5:57 ` Finn Callies
2026-06-22 15:05 ` Harald Freudenberger
2026-06-22 15:41 ` Hendrik Brueckner
2026-06-18 6:05 ` Finn Callies
2026-06-17 9:48 ` [PATCH v7 11/17] target/s390x: Support protected key AES CBC for cpacf kmc instruction Harald Freudenberger
2026-06-18 6:08 ` Finn Callies
2026-06-17 9:48 ` [PATCH v7 12/17] target/s390x: Support protected key AES CTR for cpacf kmctr instruction Harald Freudenberger
2026-06-18 6:10 ` Finn Callies
2026-06-17 9:48 ` [PATCH v7 13/17] target/s390x: Minimal protected key AES XTS support for cpacf pcc instruction Harald Freudenberger
2026-06-18 6:18 ` Finn Callies
2026-06-18 6:21 ` Finn Callies
2026-06-17 9:48 ` [PATCH v7 14/17] target/s390x: Support protected key AES XTS for cpacf km instruction Harald Freudenberger
2026-06-18 6:22 ` Finn Callies
2026-06-17 9:48 ` [PATCH v7 15/17] docs/s390: Document CPACF instructions support Harald Freudenberger
2026-06-18 6:28 ` Finn Callies
2026-06-17 9:48 ` [PATCH v7 16/17] crypto: Add aes-helpers file to support some AES modes Harald Freudenberger
2026-06-18 6:31 ` Finn Callies
2026-06-17 9:48 ` [PATCH v7 17/17] target/s390x: Use generic AES helper functions Harald Freudenberger
2026-06-18 6:35 ` Finn Callies
2026-06-18 5:37 ` [PATCH v7 00/17] target/s390x: Extend qemu CPACF support Finn Callies
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3a2169d3ca127e02427217f28c9f8e2e@linux.ibm.com \
--to=freude@linux.ibm.com \
--cc=berrange@redhat.com \
--cc=borntraeger@linux.ibm.com \
--cc=cohuck@redhat.com \
--cc=david@kernel.org \
--cc=dengler@linux.ibm.com \
--cc=fcallies@linux.ibm.com \
--cc=iii@linux.ibm.com \
--cc=linux-s390@vger.kernel.org \
--cc=linux390-list@tuxmaker.boeblingen.de.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox