Support the subfunctions CPACF_KMCTR_AES_128, CPACF_KMCTR_AES_192 and CPACF_KMCTR_AES_256 for the cpacf kmctr instruction.
Signed-off-by: Harald Freudenberger <[email protected]> --- target/s390x/gen-features.c | 3 ++ target/s390x/tcg/cpacf.h | 5 +++ target/s390x/tcg/cpacf_aes.c | 76 ++++++++++++++++++++++++++++++++ target/s390x/tcg/crypto_helper.c | 24 ++++++++++ 4 files changed, 108 insertions(+) diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c index 9c0c0b229f..59c2a47539 100644 --- a/target/s390x/gen-features.c +++ b/target/s390x/gen-features.c @@ -927,6 +927,9 @@ static uint16_t qemu_MAX[] = { S390_FEAT_KMC_AES_128, S390_FEAT_KMC_AES_192, S390_FEAT_KMC_AES_256, + S390_FEAT_KMCTR_AES_128, + S390_FEAT_KMCTR_AES_192, + S390_FEAT_KMCTR_AES_256, }; /****** END FEATURE DEFS ******/ diff --git a/target/s390x/tcg/cpacf.h b/target/s390x/tcg/cpacf.h index 8b21b16147..d73cb98c38 100644 --- a/target/s390x/tcg/cpacf.h +++ b/target/s390x/tcg/cpacf.h @@ -27,5 +27,10 @@ int cpacf_aes_cbc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, uint64_t param_addr, uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint32_t type, uint8_t fc, uint8_t mod); +int cpacf_aes_ctr(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint64_t *ctr_ptr_reg, uint32_t type, + uint8_t fc, uint8_t mod); #endif diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index 6412cc187d..e200a9a87a 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -213,3 +213,79 @@ int cpacf_aes_cbc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, return !len ? 0 : 3; } + +int cpacf_aes_ctr(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint64_t param_addr, uint64_t *dst_ptr_reg, + uint64_t *src_ptr_reg, uint64_t *src_len_reg, + uint64_t *ctr_ptr_reg, uint32_t type, + uint8_t fc, uint8_t mod) +{ + enum { MAX_BLOCKS_PER_RUN = 8192 / AES_BLOCK_SIZE }; + const MemOpIdx oi = make_memop_idx(MO_8, mmu_idx); + uint8_t ctr[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; + uint64_t addr, len = *src_len_reg, done = 0; + int i, keysize, addr_reg_size = 64; + uint8_t key[32]; + AES_KEY exkey; + + g_assert(type == S390_FEAT_TYPE_KMCTR); + + switch (fc) { + case 0x12: /* CPACF_KMCTR_AES_128 */ + keysize = 16; + break; + case 0x13: /* CPACF_KMCTR_AES_192 */ + keysize = 24; + break; + case 0x14: /* CPACF_KMCTR_AES_256 */ + keysize = 32; + break; + default: + g_assert_not_reached(); + } + + if (!(env->psw.mask & PSW_MASK_64)) { + len = (uint32_t)len; + addr_reg_size = (env->psw.mask & PSW_MASK_32) ? 32 : 24; + } + + /* length has to be properly aligned. */ + if (!QEMU_IS_ALIGNED(len, AES_BLOCK_SIZE)) { + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra); + } + + /* fetch key from param block */ + for (i = 0; i < keysize; i++) { + addr = wrap_address(env, param_addr + i); + key[i] = cpu_ldb_mmu(env, addr, oi, ra); + } + + /* expand key */ + AES_set_encrypt_key(key, keysize * 8, &exkey); + + /* process up to MAX_BLOCKS_PER_RUN aes blocks */ + for (i = 0; i < MAX_BLOCKS_PER_RUN && len >= AES_BLOCK_SIZE; i++) { + /* read in nonce/ctr => ctr */ + aes_read_block(env, mmu_idx, *ctr_ptr_reg + done, ctr, ra); + /* encrypt ctr => buf */ + AES_encrypt(ctr, buf, &exkey); + /* read in one block of input data => in */ + aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); + /* exor input data with encrypted ctr => out */ + aes_xor(in, buf, out); + /* write out the processed block */ + aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); + len -= AES_BLOCK_SIZE, done += AES_BLOCK_SIZE; + } + + *src_ptr_reg = deposit64(*src_ptr_reg, 0, addr_reg_size, + *src_ptr_reg + done); + *dst_ptr_reg = deposit64(*dst_ptr_reg, 0, addr_reg_size, + *dst_ptr_reg + done); + *ctr_ptr_reg = deposit64(*ctr_ptr_reg, 0, addr_reg_size, + *ctr_ptr_reg + done); + *src_len_reg -= done; + + return !len ? 0 : 3; +} diff --git a/target/s390x/tcg/crypto_helper.c b/target/s390x/tcg/crypto_helper.c index b6f7696809..98dfa37185 100644 --- a/target/s390x/tcg/crypto_helper.c +++ b/target/s390x/tcg/crypto_helper.c @@ -131,6 +131,27 @@ static int cpacf_kmc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, return rc; } +static int cpacf_kmctr(CPUS390XState *env, const int mmu_idx, uintptr_t ra, + uint32_t r1, uint32_t r2, uint32_t r3, + uint8_t fc, uint8_t mod) +{ + int rc = 0; + + switch (fc) { + case 0x12: /* CPACF_KMCTR_AES_128 */ + case 0x13: /* CPACF_KMCTR_AES_192 */ + case 0x14: /* CPACF_KMCTR_AES_256 */ + rc = cpacf_aes_ctr(env, mmu_idx, ra, env->regs[1], + &env->regs[r1], &env->regs[r2], &env->regs[r2 + 1], + &env->regs[r3], S390_FEAT_TYPE_KMCTR, fc, mod); + break; + default: + g_assert_not_reached(); + } + + return rc; +} + static int cpacf_ppno(CPUS390XState *env, const int mmu_idx, uintptr_t ra, uint32_t r1, uint32_t r2, uint32_t r3, uint8_t fc) { @@ -204,6 +225,9 @@ uint32_t HELPER(msa)(CPUS390XState *env, uint32_t r1, uint32_t r2, uint32_t r3, case S390_FEAT_TYPE_KMC: rc = cpacf_kmc(env, mmu_idx, ra, r1, r2, r3, fc, mod); break; + case S390_FEAT_TYPE_KMCTR: + rc = cpacf_kmctr(env, mmu_idx, ra, r1, r2, r3, fc, mod); + break; default: g_assert_not_reached(); } -- 2.43.0
