Re: [PATCH v7 09/17] target/s390x: Support pckmo encrypt AES subfunctions

Thu, 18 Jun 2026 07:20:16 -0700 



On 17.06.26 11:48, Harald Freudenberger wrote:

Support the subfuctions PCKMO-Encrypt-AES-128-Key,
PCKMO-Encrypt-AES-192-Key and PCKMO-Encrypt-AES-256-Key.

These subfunctions derive a protected key from an AES clear key
by encrypting it with an internal AES wrapping key. More
details can be found in the "z/Architecture Prinziples of
Operation" document.

The qemu version provided here is only a fake indented to make


typo: indeted -> intended


protected key available for developing and testing purpose:
* The protected key is 'derived' from the clear key by xoring
   the fixed pattern 0xAAAA... onto the key value.
* The AES Wrapping Key Verification Pattern is a fixed
   value of 32 bytes 0xFACEFACE...

Signed-off-by: Harald Freudenberger <[email protected]>
Tested-by: Holger Dengler <[email protected]>


With the typo fixed and the other comments at least considered:

Reviewed-by: Finn Callies <[email protected]>


---
  target/s390x/gen-features.c      |  3 ++
  target/s390x/tcg/cpacf.h         |  2 +
  target/s390x/tcg/cpacf_aes.c     | 66 ++++++++++++++++++++++++++++++++
  target/s390x/tcg/crypto_helper.c | 21 ++++++++++
  4 files changed, 92 insertions(+)


[ snip ]


diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c
index 0312436c43..5a0a3473d5 100644
--- a/target/s390x/tcg/cpacf_aes.c
+++ b/target/s390x/tcg/cpacf_aes.c
@@ -467,3 +467,69 @@ int cpacf_aes_xts(CPUS390XState *env, const int mmu_idx, 
uintptr_t ra,

  
      return !len ? 0 : 3;

  }
+
+/*
+ * Hard coded pattern xored with the AES clear key
+ * to 'produce' the protected key.
+ */
+static const uint8_t protkey_xor_pattern[32] = {



the wrapping key for protected keys is called virtual server master key 
if I recall correctly. Maybe name this accordingly or at least something 
with master or wrapping key in it as this describes the purpose better I 
think.



+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA };
+
+/*
+ * Hard coded wkvp ("Wrapping Key Verification Pattern")
+ */
+static const uint8_t protkey_wkvp[32] = {


Since you call this protkey_wkvp you could call the wrapping key protkey_wk.


+    0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E,
+    0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E,
+    0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E,
+    0x0F, 0x0A, 0x0C, 0x0E, 0x0F, 0x0A, 0x0C, 0x0E };


[ snip ]
























					Reply via email to