On 2026-06-18 07:45, Finn Callies wrote:
On 17.06.26 11:48, Harald Freudenberger wrote:
Support the subfunctions XTS-AES-128 and XTS-AES-256
for the cpacf km instruction.
Signed-off-by: Harald Freudenberger <[email protected]>
Tested-by: Holger Dengler <[email protected]>
---
target/s390x/gen-features.c | 2 +
target/s390x/tcg/cpacf.h | 4 ++
target/s390x/tcg/cpacf_aes.c | 107
+++++++++++++++++++++++++++++++
target/s390x/tcg/crypto_helper.c | 6 ++
4 files changed, 119 insertions(+)
[ snip ]
+
+ /* process up to MAX_BLOCKS_PER_RUN aes blocks */
+ for (i = 0; i < MAX_BLOCKS_PER_RUN && len >= AES_BLOCK_SIZE; i++)
{
I guess this has the same "feature" as the real xts where the pcc part
is not included if not explicitly done beforehand by the user right?
But since CPACF does it that way I guess you can't do it the "correct"
way. Instead of XTS + PCC you could implement Full XTS... just
something to think about.
+ /* fetch one AES block into buf1 */
+ aes_read_block(env, mmu_idx, *src_ptr_reg + done, buf1, ra);
+ /* buf1 xor tweak => buf2 */
[ snip ]
Well Finn, it is a CPACF emulation - not an emulation about what CPACF
should return if it would have been designed the right way :-)
