From: Harald Freudenberger <freude@linux.ibm.com>
To: Ilya Leoshkevich <iii@linux.ibm.com>
Cc: richard.henderson@linaro.org, david@kernel.org, thuth@redhat.com,
berrange@redhat.com, qemu-s390x@nongnu.org,
qemu-devel@nongnu.org,
linux390-list@tuxmaker.boeblingen.de.ibm.com,
linux-s390@vger.kernel.org, dengler@linux.ibm.com,
borntraeger@linux.ibm.com, fcallies@linux.ibm.com,
cohuck@redhat.com
Subject: Re: [PATCH v8 07/18] target/s390x: Support AES CTR for cpacf kmctr instruction
Date: Thu, 25 Jun 2026 09:17:54 +0200 [thread overview]
Message-ID: <e6a894618afbc5e45e66fafb3373de74@linux.ibm.com> (raw)
In-Reply-To: <a948d24d-f9cb-4d67-bf46-007d6de3c523@linux.ibm.com>
On 2026-06-24 19:26, Ilya Leoshkevich wrote:
> On 6/24/26 10:10, Harald Freudenberger wrote:
>> Support the subfunctions CPACF_KMCTR_AES_128, CPACF_KMCTR_AES_192
>> and CPACF_KMCTR_AES_256 for the cpacf kmctr instruction.
>>
>> Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
>> Reviewed-by: Finn Callies <fcallies@linux.ibm.com>
>> ---
>> target/s390x/gen-features.c | 3 ++
>> target/s390x/tcg/cpacf.h | 5 +++
>> target/s390x/tcg/cpacf_aes.c | 76
>> ++++++++++++++++++++++++++++++++
>> target/s390x/tcg/crypto_helper.c | 24 ++++++++++
>> 4 files changed, 108 insertions(+)
>
> [...]
>
>> --- a/target/s390x/tcg/cpacf_aes.c
>> +++ b/target/s390x/tcg/cpacf_aes.c
>> @@ -213,3 +213,79 @@ int cpacf_aes_cbc(CPUS390XState *env, const int
>> mmu_idx, uintptr_t ra,
>> return !len ? 0 : 3;
>> }
>> +
>> +int cpacf_aes_ctr(CPUS390XState *env, const int mmu_idx, uintptr_t
>> ra,
>> + uint64_t param_addr, uint64_t *dst_ptr_reg,
>> + uint64_t *src_ptr_reg, uint64_t *src_len_reg,
>> + uint64_t *ctr_ptr_reg, uint32_t type,
>> + uint8_t fc, uint8_t mod)
>> +{
>> + enum { MAX_BLOCKS_PER_RUN = 8192 / AES_BLOCK_SIZE };
>> + const MemOpIdx oi = make_memop_idx(MO_8, mmu_idx);
>> + uint8_t ctr[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE];
>> + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE];
>> + uint64_t addr, len = *src_len_reg, done = 0;
>> + int i, keysize, addr_reg_size = 64;
>> + uint8_t key[32];
>> + AES_KEY exkey;
>> +
>> + g_assert(type == S390_FEAT_TYPE_KMCTR);
>> +
>> + switch (fc) {
>> + case 0x12: /* CPACF_KMCTR_AES_128 */
>> + keysize = 16;
>> + break;
>> + case 0x13: /* CPACF_KMCTR_AES_192 */
>> + keysize = 24;
>> + break;
>> + case 0x14: /* CPACF_KMCTR_AES_256 */
>> + keysize = 32;
>> + break;
>> + default:
>> + g_assert_not_reached();
>> + }
>
> A general comment; I think I've seen this in previous patches as well.
> Would it make sense to properly define constants like
> CPACF_KMCTR_AES_128 and drop comments? Or, if the goal is easier
> cross-checking with POp, hardcode decimal numbers, since POp specifies
> them in decimal?
>
As I am about to write some tests for all this CPACF support there would
be a benefit in having all this as constants or defines in a header file
instead of hardcoded values on every switch statement. So I am about to
introduce a some cpacf.h with all these values for the next version.
>> +
>> + if (!(env->psw.mask & PSW_MASK_64)) {
>> + len = (uint32_t)len;
>> + addr_reg_size = (env->psw.mask & PSW_MASK_32) ? 32 : 24;
>> + }
>> +
>> + /* length has to be properly aligned. */
>> + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) {
>> + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra);
>> + }
>> +
>> + /* fetch key from param block */
>> + for (i = 0; i < keysize; i++) {
>> + addr = wrap_address(env, param_addr + i);
>> + key[i] = cpu_ldb_mmu(env, addr, oi, ra);
>> + }
>> +
>> + /* expand key */
>> + AES_set_encrypt_key(key, keysize * 8, &exkey);
>> +
>> + /* process up to MAX_BLOCKS_PER_RUN aes blocks */
>> + for (i = 0; i < MAX_BLOCKS_PER_RUN && len >= AES_BLOCK_SIZE; i++)
>> {
>> + /* read in nonce/ctr => ctr */
>> + aes_read_block(env, mmu_idx, *ctr_ptr_reg + done, ctr, ra);
>> + /* encrypt ctr => buf */
>> + AES_encrypt(ctr, buf, &exkey);
>> + /* read in one block of input data => in */
>> + aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra);
>> + /* xor input data with encrypted ctr => out */
>> + aes_xor(in, buf, out);
>> + /* write out the processed block */
>> + aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra);
>> + len -= AES_BLOCK_SIZE, done += AES_BLOCK_SIZE;
>
> Same comment as in the previous patch.
>
>
> Otherwise:
>
> Reviewed-by: Ilya Leoshkevich <iii@linux.ibm.com>
>
> [...]
next prev parent reply other threads:[~2026-06-25 7:18 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-24 8:09 [PATCH v8 00/18] target/s390x: Extend qemu CPACF support Harald Freudenberger
2026-06-24 8:09 ` [PATCH v8 01/18] target/s390x: Fix wrong address handling in address loops Harald Freudenberger
2026-06-24 10:05 ` Philippe Mathieu-Daudé
2026-06-25 7:31 ` Harald Freudenberger
2026-06-25 10:37 ` Philippe Mathieu-Daudé
2026-06-24 12:56 ` Ilya Leoshkevich
2026-06-24 8:09 ` [PATCH v8 02/18] target/s390x: Rework s390 cpacf implementations Harald Freudenberger
2026-06-24 14:27 ` Ilya Leoshkevich
2026-06-24 8:10 ` [PATCH v8 03/18] target/s390x: Move cpacf sha512 code into a new file Harald Freudenberger
2026-06-24 10:07 ` Philippe Mathieu-Daudé
2026-06-24 14:30 ` Ilya Leoshkevich
2026-06-24 8:10 ` [PATCH v8 04/18] target/s390x: Support cpacf sha256 Harald Freudenberger
2026-06-24 14:39 ` Ilya Leoshkevich
2026-06-24 8:10 ` [PATCH v8 05/18] target/s390x: Support AES ECB for cpacf km instruction Harald Freudenberger
2026-06-24 17:13 ` Ilya Leoshkevich
2026-06-24 8:10 ` [PATCH v8 06/18] target/s390x: Support AES CBC for cpacf kmc instruction Harald Freudenberger
2026-06-24 17:22 ` Ilya Leoshkevich
2026-06-24 8:10 ` [PATCH v8 07/18] target/s390x: Support AES CTR for cpacf kmctr instruction Harald Freudenberger
2026-06-24 17:26 ` Ilya Leoshkevich
2026-06-25 7:17 ` Harald Freudenberger [this message]
2026-06-24 8:10 ` [PATCH v8 08/18] target/s390x: Minimal AES XTS support for cpacf pcc instruction Harald Freudenberger
2026-06-24 8:10 ` [PATCH v8 09/18] target/s390x: Support AES XTS for cpacf km instruction Harald Freudenberger
2026-06-24 8:10 ` [PATCH v8 10/18] target/s390x: Support pckmo encrypt AES subfunctions Harald Freudenberger
2026-06-24 8:10 ` [PATCH v8 11/18] target/s390x: Support protected key AES ECB for cpacf km instruction Harald Freudenberger
2026-06-24 8:10 ` [PATCH v8 12/18] target/s390x: Support protected key AES CBC for cpacf kmc instruction Harald Freudenberger
2026-06-24 8:10 ` [PATCH v8 13/18] target/s390x: Support protected key AES CTR for cpacf kmctr instruction Harald Freudenberger
2026-06-24 8:10 ` [PATCH v8 14/18] target/s390x: Minimal protected key AES XTS support for cpacf pcc instruction Harald Freudenberger
2026-06-24 8:10 ` [PATCH v8 15/18] target/s390x: Support protected key AES XTS for cpacf km instruction Harald Freudenberger
2026-06-24 8:10 ` [PATCH v8 16/18] docs/s390: Document CPACF instructions support Harald Freudenberger
2026-06-24 8:10 ` [PATCH v8 17/18] crypto: Add aes-helpers file to support some AES modes Harald Freudenberger
2026-06-24 8:10 ` [PATCH v8 18/18] target/s390x: Use generic AES helper functions Harald Freudenberger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e6a894618afbc5e45e66fafb3373de74@linux.ibm.com \
--to=freude@linux.ibm.com \
--cc=berrange@redhat.com \
--cc=borntraeger@linux.ibm.com \
--cc=cohuck@redhat.com \
--cc=david@kernel.org \
--cc=dengler@linux.ibm.com \
--cc=fcallies@linux.ibm.com \
--cc=iii@linux.ibm.com \
--cc=linux-s390@vger.kernel.org \
--cc=linux390-list@tuxmaker.boeblingen.de.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox