This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Power 8 in-core crypto not working as expected


> On Sep 7, 2017, at 10:35 AM, Jeffrey Walton <noloader@gmail.com> wrote:
> 
> On Thu, Sep 7, 2017 at 4:38 AM, Segher Boessenkool
> <segher@kernel.crashing.org> wrote:
>> Hi!
>> 
>> On Thu, Sep 07, 2017 at 12:37:33AM -0400, Jeffrey Walton wrote:
>>> I have implementation for AES on Power 8 using GCC's built-ins. Its
>>> available for inspection and download at
>>> https://github.com/noloader/AES-Power8. The problem is, it does not
>>> arrive at the correct results on GCC112 (ppc64-le) or GCC119 (AIX, big
>>> endian).
>> 
>> First see if you can get a *single* vcipher call to work as expected
>> (it is a single round of AES).  Refer to Power ISA 3.0B and FIPS 197.
> 
> Thanks Segher.
> 
> We are using the key and subkey schedule from FIPS 197, Appendix A. We
> are using it because the key schedule is fully specified.
> 
> We lack the known answers for a single round using a subkey like one
> specified in FIPS 197. IBM does not appear to provide them.

Known answers don't depend on hardware.  If there is a documented single round known answer, and the hardware primitive is a single round with a supplied subkey, then that answer should apply.

	paul


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]