This is the mail archive of the
mailing list for the GCC project.
Re: Power 8 in-core crypto not working as expected
- From: Jeffrey Walton <noloader at gmail dot com>
- To: Segher Boessenkool <segher at kernel dot crashing dot org>
- Cc: GCC Development <gcc at gcc dot gnu dot org>
- Date: Thu, 7 Sep 2017 10:35:18 -0400
- Subject: Re: Power 8 in-core crypto not working as expected
- Authentication-results: sourceware.org; auth=none
- References: <CAH8yC8nw20DXRW6RtDsLQEh6YeLjbHCLv43Ub+843Off=jFZiQ@mail.gmail.com> <20170907083844.GN13471@gate.crashing.org>
- Reply-to: noloader at gmail dot com
On Thu, Sep 7, 2017 at 4:38 AM, Segher Boessenkool
> On Thu, Sep 07, 2017 at 12:37:33AM -0400, Jeffrey Walton wrote:
>> I have implementation for AES on Power 8 using GCC's built-ins. Its
>> available for inspection and download at
>> https://github.com/noloader/AES-Power8. The problem is, it does not
>> arrive at the correct results on GCC112 (ppc64-le) or GCC119 (AIX, big
> First see if you can get a *single* vcipher call to work as expected
> (it is a single round of AES). Refer to Power ISA 3.0B and FIPS 197.
We are using the key and subkey schedule from FIPS 197, Appendix A. We
are using it because the key schedule is fully specified.
We lack the known answers for a single round using a subkey like one
specified in FIPS 197. IBM does not appear to provide them.
I've been trying to obtain a subkey schedule and known answers
per-round from IBM. I've been in touch with some folks at Linux
Technology Center. I have not been successful.
I don't have access to Power ISA 3.0B. It seems to be hidden behind a
Before I go down a rabbit hole of trying to obtain a membership, do
you know if the documents provide the information we need? I.e., the
fully specified key schedule and the known answers?
This sort of thing takes the fun out of computing.