From 24f7075f45b9a99c877bc59235a4a316294f8672 Mon Sep 17 00:00:00 2001 From: Kersten Richter Date: Tue, 11 Jun 2024 15:21:12 -0500 Subject: [PATCH 1/3] Update scalar-crypto.adoc dup ids Signed-off-by: Kersten Richter --- src/scalar-crypto.adoc | 190 ++++++++++++++++++++--------------------- 1 file changed, 95 insertions(+), 95 deletions(-) diff --git a/src/scalar-crypto.adoc b/src/scalar-crypto.adoc index 61d70e202..b879474da 100644 --- a/src/scalar-crypto.adoc +++ b/src/scalar-crypto.adoc @@ -207,7 +207,7 @@ operate in. NIST ciphers are a part of most standardised internet protocols, while ShangMi ciphers are required for use in China. ==== -[[zbkb,Zbkb]] +[[zbkb-sc,Zbkb-sc]] ==== `Zbkb` - Bitmanip instructions for Cryptography These are a subset of the Bitmanipulation Extension `Zbb` which are @@ -215,13 +215,13 @@ particularly useful for Cryptography. NOTE: Some of these instructions are defined in the first Bitmanip ratification package, and some are not ( -<>, -<>, -<>, +<>, +<>, +<>, <>, -<>, -<>). -All of the instructions in <> have their complete specification included +<>, +<>). +All of the instructions in <> have their complete specification included in this document, including those _not_ present in the initial Bitmanip ratification package. This is to make the present specification complete as a standalone document. @@ -240,35 +240,35 @@ and Bitmanip are being rapidly iterated on prior to public review. |Mnemonic |Instruction -| ✓ | ✓ | ror | <> -| ✓ | ✓ | rol | <> -| ✓ | ✓ | rori | <> -| | ✓ | rorw | <> -| | ✓ | rolw | <> -| | ✓ | roriw | <> -| ✓ | ✓ | andn | <> -| ✓ | ✓ | orn | <> -| ✓ | ✓ | xnor | <> -| ✓ | ✓ | pack | <> -| ✓ | ✓ | packh | <> -| | ✓ | packw | <> +| ✓ | ✓ | ror | <> +| ✓ | ✓ | rol | <> +| ✓ | ✓ | rori | <> +| | ✓ | rorw | <> +| | ✓ | rolw | <> +| | ✓ | roriw | <> +| ✓ | ✓ | andn | <> +| ✓ | ✓ | orn | <> +| ✓ | ✓ | xnor | <> +| ✓ | ✓ | pack | <> +| ✓ | ✓ | packh | <> +| | ✓ | packw | <> | ✓ | ✓ | brev8 | <> -| ✓ | ✓ | rev8 | <> -| ✓ | | zip | <> -| ✓ | | unzip | <> +| ✓ | ✓ | rev8 | <> +| ✓ | | zip | <> +| ✓ | | unzip | <> |=== -[[zbkc,Zbkc]] +[[zbkc-sc,Zbkc-sc]] ==== `Zbkc` - Carry-less multiply instructions Constant time carry-less multiply for Galois/Counter Mode. -These are separated from the <> because they +These are separated from the <> because they have a considerable implementation overhead which cannot be amortised across other instructions. NOTE: These instructions are defined in the first Bitmanip ratification package for the `Zbc` extension. -All of the instructions in <> have their complete specification included +All of the instructions in <> have their complete specification included in this document, including those _not_ present in the initial Bitmanip ratification package. This is to make the present specification complete as a standalone document. @@ -288,21 +288,21 @@ and Bitmanip are being rapidly iterated on prior to public review. |Instruction | ✓ | ✓ | clmul | <> -| ✓ | ✓ | clmulh | <> +| ✓ | ✓ | clmulh | <> |=== -[[zbkx,Zbkx]] +[[zbkx-sc,Zbkx-sc]] ==== `Zbkx` - Crossbar permutation instructions These instructions are useful for implementing SBoxes in constant time, and potentially with DPA protections. -These are separated from the <> because they +These are separated from the <> because they have an implementation overhead which cannot be amortised across other instructions. NOTE: All of these instructions are missing from the first Bitmanip ratification package. -Hence, all of the instructions in <> have their complete specification +Hence, all of the instructions in <> have their complete specification included in this document. This is to make the present specification complete as a standalone document. Inevitably there might be small divergences between the Bitmanip and @@ -461,9 +461,9 @@ This extension is shorthand for the following set of other extensions: |Included Extension |Description -| <> | Bitmanipulation instructions for cryptography. -| <> | Carry-less multiply instructions. -| <> | Cross-bar Permutation instructions. +| <> | Bitmanipulation instructions for cryptography. +| <> | Carry-less multiply instructions. +| <> | Cross-bar Permutation instructions. | <> | AES encryption instructions. | <> | AES decryption instructions. | <> | SHA2 hash function instructions. @@ -481,9 +481,9 @@ This extension is shorthand for the following set of other extensions: |Included Extension |Description -| <> | Bitmanipulation instructions for cryptography. -| <> | Carry-less multiply instructions. -| <> | Cross-bar Permutation instructions. +| <> | Bitmanipulation instructions for cryptography. +| <> | Carry-less multiply instructions. +| <> | Cross-bar Permutation instructions. | <> | SM4 block cipher instructions. | <> | SM3 hash function instructions. |=== @@ -1272,7 +1272,7 @@ Included in:: <<< -[#insns-andn,reftext="AND with inverted operand"] +[#insns-andn-sc,reftext="AND with inverted operand"] ==== andn Synopsis:: @@ -1314,7 +1314,7 @@ Included in:: |1.0.0 |Ratified -|Zbkb (<<#zbkb>>) +|Zbkb (<<#zbkb-sc>>) |v1.0.0-rc4 |Ratified |=== @@ -1370,14 +1370,14 @@ Included in:: |Minimum version |Lifecycle state -|Zbkb (<<#zbkb>>) +|Zbkb (<<#zbkb-sc>>) |v1.0.0-rc4 |Ratified |=== <<< -[#insns-clmul,reftext="Carry-less multiply (low-part)"] +[#insns-clmul-sc,reftext="Carry-less multiply (low-part)"] ==== clmul Synopsis:: @@ -1429,14 +1429,14 @@ Included in:: |1.0.0 |Ratified -|Zbkc (<<#zbkc>>) +|Zbkc (<<#zbkc-sc>>) |v1.0.0-rc4 |Ratified |=== <<< -[#insns-clmulh,reftext="Carry-less multiply (high-part)"] +[#insns-clmulh-sc,reftext="Carry-less multiply (high-part)"] ==== clmulh Synopsis:: @@ -1488,14 +1488,14 @@ Included in:: |1.0.0 |Ratified -|Zbkc (<<#zbkc>>) +|Zbkc (<<#zbkc-sc>>) |v1.0.0-rc4 |Ratified |=== <<< -[#insns-orn,reftext="OR with inverted operand"] +[#insns-orn-sc,reftext="OR with inverted operand"] ==== orn Synopsis:: @@ -1537,14 +1537,14 @@ Included in:: |v1.0.0 |Ratified -|Zbkb (<<#zbkb>>) +|Zbkb (<<#zbkb-sc>>) |v1.0.0-rc4 |Ratified |=== <<< -[#insns-pack,reftext="Pack low halves of registers"] +[#insns-pack-sc,reftext="Pack low halves of registers"] ==== pack Synopsis:: @@ -1585,14 +1585,14 @@ Included in:: |Minimum version |Lifecycle state -|Zbkb (<<#zbkb>>) +|Zbkb (<<#zbkb-sc>>) |v1.0.0-rc4 |Ratified |=== <<< -[#insns-packh,reftext="Pack low bytes of registers"] +[#insns-packh-sc,reftext="Pack low bytes of registers"] ==== packh Synopsis:: @@ -1634,14 +1634,14 @@ Included in:: |Minimum version |Lifecycle state -|Zbkb (<<#zbkb>>) +|Zbkb (<<#zbkb-sc>>) |v1.0.0-rc4 |Ratified |=== <<< -[#insns-packw,reftext="Pack low 16-bits of registers (RV64)"] +[#insns-packw-sc,reftext="Pack low 16-bits of registers (RV64)"] ==== packw Synopsis:: @@ -1685,14 +1685,14 @@ Included in:: |Minimum version |Lifecycle state -|Zbkb (<<#zbkb>>) +|Zbkb (<<#zbkb-sc>>) |v1.0.0-rc4 |Ratified |=== <<< -[#insns-rev8,reftext="Byte-reverse register"] +[#insns-rev8-sc,reftext="Byte-reverse register"] ==== rev8 Synopsis:: @@ -1769,14 +1769,14 @@ Included in:: |v1.0.0 |Ratified -|Zbkb (<<#zbkb>>) +|Zbkb (<<#zbkb-sc>>) |v1.0.0-rc4 |Ratified |=== <<< -[#insns-rol,reftext="Rotate left (Register)"] +[#insns-rol-sc,reftext="Rotate left (Register)"] ==== rol Synopsis:: @@ -1823,14 +1823,14 @@ Included in:: |v1.0.0 |Ratified -|Zbkb (<<#zbkb>>) +|Zbkb (<<#zbkb-sc>>) |v1.0.0-rc4 |Ratified |=== <<< -[#insns-rolw,reftext="Rotate Left Word (Register)"] +[#insns-rolw-sc,reftext="Rotate Left Word (Register)"] ==== rolw Synopsis:: @@ -1876,14 +1876,14 @@ Included in:: |v1.0.0 |Ratified -|Zbkb (<<#zbkb>>) +|Zbkb (<<#zbkb-sc>>) |v1.0.0-rc4 |Ratified |=== <<< -[#insns-ror, reftext="Rotate right (Register)"] +[#insns-ror-sc, reftext="Rotate right (Register)"] ==== ror Synopsis:: @@ -1930,14 +1930,14 @@ Included in:: |v1.0.0 |Ratified -|Zbkb (<<#zbkb>>) +|Zbkb (<<#zbkb-sc>>) |v1.0.0-rc4 |Ratified |=== <<< -[#insns-rori,reftext="Rotate right (Immediate)"] +[#insns-rori-sc,reftext="Rotate right (Immediate)"] ==== rori Synopsis:: @@ -1998,14 +1998,14 @@ Included in:: |v1.0.0 |Ratified -|Zbkb (<<#zbkb>>) +|Zbkb (<<#zbkb-sc>>) |v1.0.0-rc4 |Ratified |=== <<< -[#insns-roriw,reftext="Rotate right Word (Immediate)"] +[#insns-roriw-sc,reftext="Rotate right Word (Immediate)"] ==== roriw Synopsis:: @@ -2054,14 +2054,14 @@ Included in:: |v1.0.0 |Ratified -|Zbkb (<<#zbkb>>) +|Zbkb (<<#zbkb-sc>>) |v1.0.0-rc4 |Ratified |=== <<< -[#insns-rorw,reftext="Rotate right Word (Register)"] +[#insns-rorw-sc,reftext="Rotate right Word (Register)"] ==== rorw Synopsis:: @@ -2107,7 +2107,7 @@ Included in:: |v1.0.0 |Ratified -|Zbkb (<<#zbkb>>) +|Zbkb (<<#zbkb-sc>>) |v1.0.0-rc4 |Ratified |=== @@ -3327,7 +3327,7 @@ Included in:: <<< -[#insns-unzip,reftext="Bit deinterleave"] +[#insns-unzip-sc,reftext="Bit deinterleave"] ==== unzip Synopsis:: @@ -3353,7 +3353,7 @@ Encoding:: Description:: This instruction gathers bits from the high and low halves of the source word into odd/even bit positions in the destination word. -It is the inverse of the <> instruction. +It is the inverse of the <> instruction. This instruction is available only on RV32. Operation:: @@ -3381,14 +3381,14 @@ Included in:: |Minimum version |Lifecycle state -|Zbkb (<<#zbkb>>) (RV32) +|Zbkb (<<#zbkb-sc>>) (RV32) |v1.0.0-rc4 |Ratified |=== <<< -[#insns-xnor,reftext="Exclusive NOR"] +[#insns-xnor-sc,reftext="Exclusive NOR"] ==== xnor Synopsis:: @@ -3430,7 +3430,7 @@ Included in:: |v1.0.0 |Ratified -|Zbkb (<<#zbkb>>) +|Zbkb (<<#zbkb-sc>>) |v1.0.0-rc4 |Ratified |=== @@ -3488,7 +3488,7 @@ Included in:: |Minimum version |Lifecycle state -|Zbkx (<<#zbkx>>) +|Zbkx (<<#zbkx-sc>>) |v1.0.0-rc4 |Ratified |=== @@ -3547,14 +3547,14 @@ Included in:: |Minimum version |Lifecycle state -|Zbkx (<<#zbkx>>) +|Zbkx (<<#zbkx-sc>>) |v1.0.0-rc4 |Ratified |=== <<< -[#insns-zip,reftext="Bit interleave"] +[#insns-zip-sc,reftext="Bit interleave"] ==== zip Synopsis:: @@ -3581,7 +3581,7 @@ Encoding:: Description:: This instruction scatters all of the odd and even bits of a source word into the high and low halves of a destination word. -It is the inverse of the <> instruction. +It is the inverse of the <> instruction. This instruction is available only on RV32. Operation:: @@ -3609,7 +3609,7 @@ Included in:: |Minimum version |Lifecycle state -|Zbkb (<<#zbkb>>) (RV32) +|Zbkb (<<#zbkb-sc>>) (RV32) |v1.0.0-rc4 |Ratified |=== @@ -4251,7 +4251,7 @@ See <>. ===== RVB (Bitmanip) -The <>, <> and <> extensions are included in their entirety. +The <>, <> and <> extensions are included in their entirety. .Note to implementers [NOTE,caption="SH"] @@ -4267,26 +4267,26 @@ specific instances of `grevi`, `shfli` and `unshfli` respectively. |Mnemonic |Instruction -| ✓ | ✓ | clmul | <> -| ✓ | ✓ | clmulh | <> +| ✓ | ✓ | clmul | <> +| ✓ | ✓ | clmulh | <> | ✓ | ✓ | xperm4 | <> | ✓ | ✓ | xperm8 | <> -| ✓ | ✓ | ror | <> -| ✓ | ✓ | rol | <> -| ✓ | ✓ | rori | <> -| | ✓ | rorw | <> -| | ✓ | rolw | <> -| | ✓ | roriw | <> -| ✓ | ✓ | andn | <> -| ✓ | ✓ | orn | <> -| ✓ | ✓ | xnor | <> -| ✓ | ✓ | pack | <> -| ✓ | ✓ | packh | <> -| | ✓ | packw | <> +| ✓ | ✓ | ror | <> +| ✓ | ✓ | rol | <> +| ✓ | ✓ | rori | <> +| | ✓ | rorw | <> +| | ✓ | rolw | <> +| | ✓ | roriw | <> +| ✓ | ✓ | andn | <> +| ✓ | ✓ | orn | <> +| ✓ | ✓ | xnor | <> +| ✓ | ✓ | pack | <> +| ✓ | ✓ | packh | <> +| | ✓ | packw | <> | ✓ | ✓ | brev8 | <> -| ✓ | ✓ | rev8 | <> -| ✓ | | zip | <> -| ✓ | | unzip | <> +| ✓ | ✓ | rev8 | <> +| ✓ | | zip | <> +| ✓ | | unzip | <> |=== [[crypto_scalar_appx_rationale]] @@ -4335,10 +4335,10 @@ and cryptographic hash functions are well supported by the RISC-V Bitmanip cite:[riscv:bitmanip:repo] extensions. NOTE: This section repeats much of the information in -<>, -<> +<>, +<> and -<>, +<>, but includes more rationale. We proposed that the scalar cryptographic extension _reuse_ a From c765bebc120c6a5f363734d7fcef7a520eee106c Mon Sep 17 00:00:00 2001 From: Kersten Richter Date: Tue, 11 Jun 2024 15:25:19 -0500 Subject: [PATCH 2/3] Update b-st-ext.adoc dupe id Signed-off-by: Kersten Richter --- src/b-st-ext.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/b-st-ext.adoc b/src/b-st-ext.adoc index 4f45af166..0dfb273d2 100644 --- a/src/b-st-ext.adoc +++ b/src/b-st-ext.adoc @@ -29,7 +29,7 @@ Bitmanip instructions with the suffix _.b_, _.h_ and _.w_ only look at the least === Pseudocode for instruction semantics -The semantics of each instruction in <<#insns>> is expressed in a SAIL-like syntax. +The semantics of each instruction in <<#insns-b>> is expressed in a SAIL-like syntax. === Extensions @@ -996,7 +996,7 @@ latency does not depend on the (secret) data being operated on. <<< -[#insns,reftext="Instructions (in alphabetical order)"] +[#insns-b,reftext="Instructions (in alphabetical order)"] === Instructions (in alphabetical order) [#insns-add_uw,reftext=Add unsigned word] From 3c2afa8a9fa3649a6f9dc530591e19e08339f1a0 Mon Sep 17 00:00:00 2001 From: Kersten Richter Date: Tue, 11 Jun 2024 15:26:00 -0500 Subject: [PATCH 3/3] Update cmo.adoc dupe id Signed-off-by: Kersten Richter --- src/cmo.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cmo.adoc b/src/cmo.adoc index 42941bb44..710106eaf 100644 --- a/src/cmo.adoc +++ b/src/cmo.adoc @@ -6,7 +6,7 @@ The semantics of each instruction in the <<#insns>> chapter is expressed in a SAIL-like syntax. -[#intro,reftext="Introduction"] +[#intro-cmo,reftext="Introduction"] === Introduction _Cache-management operation_ (or _CMO_) instructions perform operations on