> On Sep 7, 2017, at 10:35 AM, Jeffrey Walton <[email protected]> wrote:
>
> On Thu, Sep 7, 2017 at 4:38 AM, Segher Boessenkool
> <[email protected]> wrote:
>> Hi!
>>
>> On Thu, Sep 07, 2017 at 12:37:33AM -0400, Jeffrey Walton wrote:
>>> I have implementation for AES on Power 8 using GCC's built-ins. Its
>>> available for inspection and download at
>>> https://github.com/noloader/AES-Power8. The problem is, it does not
>>> arrive at the correct results on GCC112 (ppc64-le) or GCC119 (AIX, big
>>> endian).
>>
>> First see if you can get a *single* vcipher call to work as expected
>> (it is a single round of AES). Refer to Power ISA 3.0B and FIPS 197.
>
> Thanks Segher.
>
> We are using the key and subkey schedule from FIPS 197, Appendix A. We
> are using it because the key schedule is fully specified.
>
> We lack the known answers for a single round using a subkey like one
> specified in FIPS 197. IBM does not appear to provide them.
Known answers don't depend on hardware. If there is a documented single round
known answer, and the hardware primitive is a single round with a supplied
subkey, then that answer should apply.
paul
