Linux s390 Architecture development
 help / color / mirror / Atom feed
From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Harald Freudenberger <freude@linux.ibm.com>
Cc: richard.henderson@linaro.org, iii@linux.ibm.com,
	david@kernel.org, thuth@redhat.com, qemu-s390x@nongnu.org,
	qemu-devel@nongnu.org, linux-s390@vger.kernel.org,
	dengler@linux.ibm.com, borntraeger@linux.ibm.com,
	fcallies@linux.ibm.com, cohuck@redhat.com
Subject: Re: [PATCH v11 18/21] crypto: Add aes-helpers file to support some AES modes
Date: Wed, 8 Jul 2026 17:52:35 +0100	[thread overview]
Message-ID: <ak6AUxKNGquGyHoC@redhat.com> (raw)
In-Reply-To: <20260707161815.40919-19-freude@linux.ibm.com>

On Tue, Jul 07, 2026 at 06:18:05PM +0200, Harald Freudenberger wrote:
> Add a new file crypto/aes-helpers.c with simple functions
> to support some AES modes:
> - AES cbc: AES_cbc_encrypt() AES_cbc_decrypt()
> - AES ctr: AES_ctr_encrypt()
> - AES xts: AES_xts_encrypt() AES_xts_decrypt()
> and some AES related helpers:
> - AES_xor()
> - AES_xts_prep_next_tweak()
> 
> Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
> Reviewed-by: Finn Callies <fcallies@linux.ibm.com>
> ---
>  crypto/aes-helpers.c | 106 +++++++++++++++++++++++++++++++++++++++++++
>  crypto/meson.build   |   1 +
>  include/crypto/aes.h |  14 ++++++

This should be aes-helpers.h, to match the ases-helpers.c
file naming.

>  3 files changed, 121 insertions(+)
>  create mode 100644 crypto/aes-helpers.c
> 
> diff --git a/crypto/aes-helpers.c b/crypto/aes-helpers.c
> new file mode 100644
> index 0000000000..39ca153737
> --- /dev/null
> +++ b/crypto/aes-helpers.c
> @@ -0,0 +1,106 @@
> +/*
> + * SPDX-License-Identifier: GPL-2.0-or-later
> + *
> + * AES helper functions and mode implementations
> + *
> + * Authors:
> + *   Harald Freudenberger <freude@linux.ibm.com>
> + */
> +
> +#include <stdint.h>
> +#include <string.h>

Neither of these should be used, instead this should be
including qemu/osdep.h

> +#include "crypto/aes.h"
> +
> +void AES_xor(const unsigned char *src1, const unsigned char *src2,
> +             unsigned char *dst)
> +{
> +    int i;
> +
> +    for (i = 0; i < AES_BLOCK_SIZE; i++) {
> +        dst[i] = src1[i] ^ src2[i];
> +    }
> +}
> +
> +void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
> +                     unsigned char *iv, const AES_KEY *key)
> +{
> +    unsigned char buf[AES_BLOCK_SIZE];
> +
> +    /* in xor iv => buf */
> +    AES_xor(in, iv, buf);
> +    /* encrypt buf => out */
> +    AES_encrypt(buf, out, key);
> +    /* prep iv for next round */
> +    memcpy(iv, out, AES_BLOCK_SIZE);
> +}
> +
> +void AES_cbc_decrypt(const unsigned char *in, unsigned char *out,
> +                     unsigned char *iv, const AES_KEY *key)
> +{
> +    unsigned char buf[AES_BLOCK_SIZE];
> +
> +    /* decrypt in => buf */
> +    AES_decrypt(in, buf, key);
> +    /* buf xor iv => out */
> +    AES_xor(buf, iv, out);
> +    /* prep iv for next round */
> +    memcpy(iv, in, AES_BLOCK_SIZE);
> +}
> +
> +void AES_ctr_encrypt(const unsigned char *in, unsigned char *out,
> +                     const unsigned char *ctr, const AES_KEY *key)
> +{
> +    unsigned char buf[AES_BLOCK_SIZE];
> +
> +    /* encrypt ctr => buf */
> +    AES_encrypt(ctr, buf, key);
> +    /* exor input data with encrypted ctr => out */
> +    AES_xor(in, buf, out);
> +}
> +
> +/*
> + * Tweak calculation for AES XTS.
> + * Multiply tweak by α (x) in GF(2^128) per IEEE 1619-2007. The tweak
> + * is a 128-bit little-endian integer (tweak[0]=LSB, tweak[15]=MSB).
> + * This implementation has been verified on litte and big endian.
> + */
> +void AES_xts_prep_next_tweak(unsigned char *tweak)
> +{
> +    unsigned char carry;
> +    int i;
> +
> +    carry = tweak[AES_BLOCK_SIZE - 1] >> 7;
> +
> +    for (i = AES_BLOCK_SIZE - 1; i > 0; i--) {
> +        tweak[i] = (unsigned char)((tweak[i] << 1) | (tweak[i - 1] >> 7));
> +    }
> +
> +    tweak[i] = (unsigned char)(tweak[i] << 1);
> +    tweak[i] ^= (unsigned char)(0x87 & (unsigned char)(-(unsigned char)carry));
> +}
> +
> +void AES_xts_encrypt(const unsigned char *in, unsigned char *out,
> +                     const unsigned char *tweak, const AES_KEY *key)
> +{
> +    unsigned char buf1[AES_BLOCK_SIZE], buf2[AES_BLOCK_SIZE];
> +
> +    /* in xor tweak => buf1 */
> +    AES_xor(in, tweak, buf1);
> +    /* encrypt buf1 => buf2 */
> +    AES_encrypt(buf1, buf2, key);
> +    /* buf2 xor tweak => out */
> +    AES_xor(buf2, tweak, out);
> +}
> +
> +void AES_xts_decrypt(const unsigned char *in, unsigned char *out,
> +                     const unsigned char *tweak, const AES_KEY *key)
> +{
> +    unsigned char buf1[AES_BLOCK_SIZE], buf2[AES_BLOCK_SIZE];
> +
> +    /* in xor tweak => buf1 */
> +    AES_xor(in, tweak, buf1);
> +    /* encrypt buf1 => buf2 */
> +    AES_decrypt(buf1, buf2, key);
> +    /* buf2 xor tweak => out */
> +    AES_xor(buf2, tweak, out);
> +}
> diff --git a/crypto/meson.build b/crypto/meson.build
> index b51597a879..675f27311c 100644
> --- a/crypto/meson.build
> +++ b/crypto/meson.build
> @@ -55,6 +55,7 @@ system_ss.add(when: gnutls, if_true: files('tls-cipher-suites.c'))
>  
>  util_ss.add(files(
>    'aes.c',
> +  'aes-helpers.c',
>    'clmul.c',
>    'init.c',
>    'sm4.c',
> diff --git a/include/crypto/aes.h b/include/crypto/aes.h
> index 381f24c902..df6239cb9c 100644
> --- a/include/crypto/aes.h
> +++ b/include/crypto/aes.h
> @@ -37,4 +37,18 @@ AES_Td0[x] = Si[x].[0e, 09, 0d, 0b];
>  
>  extern const uint32_t AES_Te0[256], AES_Td0[256];
>  
> +void AES_xor(const unsigned char *src1, const unsigned char *src2,
> +             unsigned char *dst);
> +void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
> +                     unsigned char *iv, const AES_KEY *key);
> +void AES_cbc_decrypt(const unsigned char *in, unsigned char *out,
> +                     unsigned char *iv, const AES_KEY *key);
> +void  AES_ctr_encrypt(const unsigned char *in, unsigned char *out,
> +                      const unsigned char *ctr, const AES_KEY *key);
> +void AES_xts_prep_next_tweak(unsigned char *tweak);
> +void AES_xts_encrypt(const unsigned char *in, unsigned char *out,
> +                     const unsigned char *tweak, const AES_KEY *key);
> +void AES_xts_decrypt(const unsigned char *in, unsigned char *out,
> +                     const unsigned char *tweak, const AES_KEY *key);

Aside from putting them in aes-helpers.h can you also provide
basic API docs for them inline in the header.

With regards,
Daniel
-- 
|: https://berrange.com       ~~        https://hachyderm.io/@berrange :|
|: https://libvirt.org          ~~          https://entangle-photo.org :|
|: https://pixelfed.art/berrange   ~~    https://fstop138.berrange.com :|


  reply	other threads:[~2026-07-08 16:52 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-07 16:17 [PATCH v11 00/21] target/s390x: Extend qemu CPACF support Harald Freudenberger
2026-07-07 16:17 ` [PATCH v11 01/21] target/s390x: Fix wrong address handling in address loops Harald Freudenberger
2026-07-08 10:37   ` Michael Tokarev
2026-07-08 11:18     ` Michael Tokarev
2026-07-08 14:03       ` Harald Freudenberger
2026-07-08 14:16         ` Cornelia Huck
2026-07-08 14:57           ` Harald Freudenberger
2026-07-07 16:17 ` [PATCH v11 02/21] target/s390x: Rework s390 cpacf implementations Harald Freudenberger
2026-07-07 16:17 ` [PATCH v11 03/21] target/s390x: Move cpacf sha512 code into a new file Harald Freudenberger
2026-07-08 12:51   ` Holger Dengler
2026-07-07 16:17 ` [PATCH v11 04/21] target/s390x: Support cpacf sha256 Harald Freudenberger
2026-07-07 16:17 ` [PATCH v11 05/21] target/s390x: Support AES ECB for cpacf km instruction Harald Freudenberger
2026-07-07 16:17 ` [PATCH v11 06/21] target/s390x: Support AES CBC for cpacf kmc instruction Harald Freudenberger
2026-07-07 16:17 ` [PATCH v11 07/21] target/s390x: Support AES CTR for cpacf kmctr instruction Harald Freudenberger
2026-07-07 16:17 ` [PATCH v11 08/21] target/s390x: Minimal AES XTS support for cpacf pcc instruction Harald Freudenberger
2026-07-07 16:17 ` [PATCH v11 09/21] target/s390x: Support AES XTS for cpacf km instruction Harald Freudenberger
2026-07-07 16:17 ` [PATCH v11 10/21] target/s390x: Base support for cpacf protected keys Harald Freudenberger
2026-07-07 16:17 ` [PATCH v11 11/21] target/s390x: Support pckmo encrypt AES subfunctions Harald Freudenberger
2026-07-07 16:17 ` [PATCH v11 12/21] target/s390x: Support protected key AES ECB for cpacf km instruction Harald Freudenberger
2026-07-07 16:18 ` [PATCH v11 13/21] target/s390x: Support protected key AES CBC for cpacf kmc instruction Harald Freudenberger
2026-07-07 16:18 ` [PATCH v11 14/21] target/s390x: Support protected key AES CTR for cpacf kmctr instruction Harald Freudenberger
2026-07-07 16:18 ` [PATCH v11 15/21] target/s390x: Minimal protected key AES XTS support for cpacf pcc instruction Harald Freudenberger
2026-07-07 16:18 ` [PATCH v11 16/21] target/s390x: Support protected key AES XTS for cpacf km instruction Harald Freudenberger
2026-07-07 16:18 ` [PATCH v11 17/21] docs/s390: Document CPACF instructions support Harald Freudenberger
2026-07-07 16:18 ` [PATCH v11 18/21] crypto: Add aes-helpers file to support some AES modes Harald Freudenberger
2026-07-08 16:52   ` Daniel P. Berrangé [this message]
2026-07-07 16:18 ` [PATCH v11 19/21] target/s390x: Use generic AES helper functions Harald Freudenberger
2026-07-08 16:53   ` Daniel P. Berrangé
2026-07-09  9:28     ` Harald Freudenberger
2026-07-07 16:18 ` [PATCH v11 20/21] target/s390x: Improve fetch and store mem from and to guest Harald Freudenberger
2026-07-07 16:18 ` [PATCH v11 21/21] tests/tcg/s390x: Add tests for CPACF instructions Harald Freudenberger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ak6AUxKNGquGyHoC@redhat.com \
    --to=berrange@redhat.com \
    --cc=borntraeger@linux.ibm.com \
    --cc=cohuck@redhat.com \
    --cc=david@kernel.org \
    --cc=dengler@linux.ibm.com \
    --cc=fcallies@linux.ibm.com \
    --cc=freude@linux.ibm.com \
    --cc=iii@linux.ibm.com \
    --cc=linux-s390@vger.kernel.org \
    --cc=qemu-devel@nongnu.org \
    --cc=qemu-s390x@nongnu.org \
    --cc=richard.henderson@linaro.org \
    --cc=thuth@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox