core/stdarch/crates/core_arch/src/riscv32/zk.rs
1#[cfg(test)]
2use stdarch_test::assert_instr;
3
4extern "unadjusted" {
5 #[link_name = "llvm.riscv.aes32esi"]
6 fn _aes32esi(rs1: i32, rs2: i32, bs: i32) -> i32;
7
8 #[link_name = "llvm.riscv.aes32esmi"]
9 fn _aes32esmi(rs1: i32, rs2: i32, bs: i32) -> i32;
10
11 #[link_name = "llvm.riscv.aes32dsi"]
12 fn _aes32dsi(rs1: i32, rs2: i32, bs: i32) -> i32;
13
14 #[link_name = "llvm.riscv.aes32dsmi"]
15 fn _aes32dsmi(rs1: i32, rs2: i32, bs: i32) -> i32;
16
17 #[link_name = "llvm.riscv.zip.i32"]
18 fn _zip(rs1: i32) -> i32;
19
20 #[link_name = "llvm.riscv.unzip.i32"]
21 fn _unzip(rs1: i32) -> i32;
22
23 #[link_name = "llvm.riscv.sha512sig0h"]
24 fn _sha512sig0h(rs1: i32, rs2: i32) -> i32;
25
26 #[link_name = "llvm.riscv.sha512sig0l"]
27 fn _sha512sig0l(rs1: i32, rs2: i32) -> i32;
28
29 #[link_name = "llvm.riscv.sha512sig1h"]
30 fn _sha512sig1h(rs1: i32, rs2: i32) -> i32;
31
32 #[link_name = "llvm.riscv.sha512sig1l"]
33 fn _sha512sig1l(rs1: i32, rs2: i32) -> i32;
34
35 #[link_name = "llvm.riscv.sha512sum0r"]
36 fn _sha512sum0r(rs1: i32, rs2: i32) -> i32;
37
38 #[link_name = "llvm.riscv.sha512sum1r"]
39 fn _sha512sum1r(rs1: i32, rs2: i32) -> i32;
40}
41
42/// AES final round encryption instruction for RV32.
43///
44/// This instruction sources a single byte from rs2 according to bs. To this it applies the
45/// forward AES SBox operation, before XOR’ing the result with rs1. This instruction must
46/// always be implemented such that its execution latency does not depend on the data being
47/// operated on.
48///
49/// Source: RISC-V Cryptography Extensions Volume I: Scalar & Entropy Source Instructions
50///
51/// Version: v1.0.1
52///
53/// Section: 3.3
54///
55/// # Note
56///
57/// The `BS` parameter is expected to be a constant value and only the bottom 2 bits of `bs` are
58/// used.
59///
60/// # Safety
61///
62/// This function is safe to use if the `zkne` target feature is present.
63#[target_feature(enable = "zkne")]
64#[rustc_legacy_const_generics(2)]
65// See #1464
66// #[cfg_attr(test, assert_instr(aes32esi, BS = 0))]
67#[inline]
68#[unstable(feature = "riscv_ext_intrinsics", issue = "114544")]
69pub unsafe fn aes32esi<const BS: u8>(rs1: u32, rs2: u32) -> u32 {
70 static_assert!(BS < 4);
71
72 _aes32esi(rs1 as i32, rs2 as i32, BS as i32) as u32
73}
74
75/// AES middle round encryption instruction for RV32 with.
76///
77/// This instruction sources a single byte from rs2 according to bs. To this it applies the
78/// forward AES SBox operation, and a partial forward MixColumn, before XOR’ing the result with
79/// rs1. This instruction must always be implemented such that its execution latency does not
80/// depend on the data being operated on.
81///
82/// Source: RISC-V Cryptography Extensions Volume I: Scalar & Entropy Source Instructions
83///
84/// Version: v1.0.1
85///
86/// Section: 3.4
87///
88/// # Note
89///
90/// The `bs` parameter is expected to be a constant value and only the bottom 2 bits of `bs` are
91/// used.
92///
93/// # Safety
94///
95/// This function is safe to use if the `zkne` target feature is present.
96#[target_feature(enable = "zkne")]
97#[rustc_legacy_const_generics(2)]
98// See #1464
99// #[cfg_attr(test, assert_instr(aes32esmi, BS = 0))]
100#[inline]
101#[unstable(feature = "riscv_ext_intrinsics", issue = "114544")]
102pub unsafe fn aes32esmi<const BS: u8>(rs1: u32, rs2: u32) -> u32 {
103 static_assert!(BS < 4);
104
105 _aes32esmi(rs1 as i32, rs2 as i32, BS as i32) as u32
106}
107
108/// AES final round decryption instruction for RV32.
109///
110/// This instruction sources a single byte from rs2 according to bs. To this it applies the
111/// inverse AES SBox operation, and XOR’s the result with rs1. This instruction must always be
112/// implemented such that its execution latency does not depend on the data being operated on.
113///
114/// Source: RISC-V Cryptography Extensions Volume I: Scalar & Entropy Source Instructions
115///
116/// Version: v1.0.1
117///
118/// Section: 3.1
119///
120/// # Note
121///
122/// The `BS` parameter is expected to be a constant value and only the bottom 2 bits of `bs` are
123/// used.
124///
125/// # Safety
126///
127/// This function is safe to use if the `zknd` target feature is present.
128#[target_feature(enable = "zknd")]
129#[rustc_legacy_const_generics(2)]
130// See #1464
131// #[cfg_attr(test, assert_instr(aes32dsi, BS = 0))]
132#[inline]
133#[unstable(feature = "riscv_ext_intrinsics", issue = "114544")]
134pub unsafe fn aes32dsi<const BS: u8>(rs1: u32, rs2: u32) -> u32 {
135 static_assert!(BS < 4);
136
137 _aes32dsi(rs1 as i32, rs2 as i32, BS as i32) as u32
138}
139
140/// AES middle round decryption instruction for RV32.
141///
142/// This instruction sources a single byte from rs2 according to bs. To this it applies the
143/// inverse AES SBox operation, and a partial inverse MixColumn, before XOR’ing the result with
144/// rs1. This instruction must always be implemented such that its execution latency does not
145/// depend on the data being operated on.
146///
147/// Source: RISC-V Cryptography Extensions Volume I: Scalar & Entropy Source Instructions
148///
149/// Version: v1.0.1
150///
151/// Section: 3.2
152///
153/// # Note
154///
155/// The `BS` parameter is expected to be a constant value and only the bottom 2 bits of `bs` are
156/// used.
157///
158/// # Safety
159///
160/// This function is safe to use if the `zknd` target feature is present.
161#[target_feature(enable = "zknd")]
162#[rustc_legacy_const_generics(2)]
163// See #1464
164// #[cfg_attr(test, assert_instr(aes32dsmi, BS = 0))]
165#[inline]
166#[unstable(feature = "riscv_ext_intrinsics", issue = "114544")]
167pub unsafe fn aes32dsmi<const BS: u8>(rs1: u32, rs2: u32) -> u32 {
168 static_assert!(BS < 4);
169
170 _aes32dsmi(rs1 as i32, rs2 as i32, BS as i32) as u32
171}
172
173/// Place upper/lower halves of the source register into odd/even bits of the destination
174/// respectivley.
175///
176/// This instruction places bits in the low half of the source register into the even bit
177/// positions of the destination, and bits in the high half of the source register into the odd
178/// bit positions of the destination. It is the inverse of the unzip instruction. This
179/// instruction is available only on RV32.
180///
181/// Source: RISC-V Cryptography Extensions Volume I: Scalar & Entropy Source Instructions
182///
183/// Version: v1.0.1
184///
185/// Section: 3.49
186///
187/// # Safety
188///
189/// This function is safe to use if the `zbkb` target feature is present.
190#[target_feature(enable = "zbkb")]
191// See #1464
192// #[cfg_attr(test, assert_instr(zip))]
193#[inline]
194#[unstable(feature = "riscv_ext_intrinsics", issue = "114544")]
195pub unsafe fn zip(rs: u32) -> u32 {
196 _zip(rs as i32) as u32
197}
198
199/// Place odd and even bits of the source word into upper/lower halves of the destination.
200///
201/// This instruction places the even bits of the source register into the low half of the
202/// destination, and the odd bits of the source into the high bits of the destination. It is
203/// the inverse of the zip instruction. This instruction is available only on RV32.
204///
205/// Source: RISC-V Cryptography Extensions Volume I: Scalar & Entropy Source Instructions
206///
207/// Version: v1.0.1
208///
209/// Section: 3.45
210///
211/// # Safety
212///
213/// This function is safe to use if the `zbkb` target feature is present.
214#[target_feature(enable = "zbkb")]
215#[cfg_attr(test, assert_instr(unzip))]
216#[inline]
217#[unstable(feature = "riscv_ext_intrinsics", issue = "114544")]
218pub unsafe fn unzip(rs: u32) -> u32 {
219 _unzip(rs as i32) as u32
220}
221
222/// Implements the high half of the Sigma0 transformation, as used in the SHA2-512 hash
223/// function \[49\] (Section 4.1.3).
224///
225/// This instruction is implemented on RV32 only. Used to compute the Sigma0 transform of the
226/// SHA2-512 hash function in conjunction with the sha512sig0l instruction. The transform is a
227/// 64-bit to 64-bit function, so the input and output are each represented by two 32-bit
228/// registers. This instruction must always be implemented such that its execution latency does
229/// not depend on the data being operated on.
230///
231/// Source: RISC-V Cryptography Extensions Volume I: Scalar & Entropy Source Instructions
232///
233/// Version: v1.0.1
234///
235/// Section: 3.31
236///
237/// # Safety
238///
239/// This function is safe to use if the `zknh` target feature is present.
240#[target_feature(enable = "zknh")]
241// See #1464
242// #[cfg_attr(test, assert_instr(sha512sig0h))]
243#[inline]
244#[unstable(feature = "riscv_ext_intrinsics", issue = "114544")]
245pub unsafe fn sha512sig0h(rs1: u32, rs2: u32) -> u32 {
246 _sha512sig0h(rs1 as i32, rs2 as i32) as u32
247}
248
249/// Implements the low half of the Sigma0 transformation, as used in the SHA2-512 hash function
250/// \[49\] (Section 4.1.3).
251///
252/// This instruction is implemented on RV32 only. Used to compute the Sigma0 transform of the
253/// SHA2-512 hash function in conjunction with the sha512sig0h instruction. The transform is a
254/// 64-bit to 64-bit function, so the input and output are each represented by two 32-bit
255/// registers. This instruction must always be implemented such that its execution latency does
256/// not depend on the data being operated on.
257///
258/// Source: RISC-V Cryptography Extensions Volume I: Scalar & Entropy Source Instructions
259///
260/// Version: v1.0.1
261///
262/// Section: 3.32
263///
264/// # Safety
265///
266/// This function is safe to use if the `zknh` target feature is present.
267#[target_feature(enable = "zknh")]
268// See #1464
269// #[cfg_attr(test, assert_instr(sha512sig0l))]
270#[inline]
271#[unstable(feature = "riscv_ext_intrinsics", issue = "114544")]
272pub unsafe fn sha512sig0l(rs1: u32, rs2: u32) -> u32 {
273 _sha512sig0l(rs1 as i32, rs2 as i32) as u32
274}
275
276/// Implements the high half of the Sigma1 transformation, as used in the SHA2-512 hash
277/// function \[49\] (Section 4.1.3).
278///
279/// This instruction is implemented on RV32 only. Used to compute the Sigma1 transform of the
280/// SHA2-512 hash function in conjunction with the sha512sig1l instruction. The transform is a
281/// 64-bit to 64-bit function, so the input and output are each represented by two 32-bit
282/// registers. This instruction must always be implemented such that its execution latency does
283/// not depend on the data being operated on.
284///
285/// Source: RISC-V Cryptography Extensions Volume I: Scalar & Entropy Source Instructions
286///
287/// Version: v1.0.1
288///
289/// Section: 3.33
290///
291/// # Safety
292///
293/// This function is safe to use if the `zknh` target feature is present.
294#[target_feature(enable = "zknh")]
295// See #1464
296// #[cfg_attr(test, assert_instr(sha512sig1h))]
297#[inline]
298#[unstable(feature = "riscv_ext_intrinsics", issue = "114544")]
299pub unsafe fn sha512sig1h(rs1: u32, rs2: u32) -> u32 {
300 _sha512sig1h(rs1 as i32, rs2 as i32) as u32
301}
302
303/// Implements the low half of the Sigma1 transformation, as used in the SHA2-512 hash function
304/// \[49\] (Section 4.1.3).
305///
306/// This instruction is implemented on RV32 only. Used to compute the Sigma1 transform of the
307/// SHA2-512 hash function in conjunction with the sha512sig1h instruction. The transform is a
308/// 64-bit to 64-bit function, so the input and output are each represented by two 32-bit
309/// registers. This instruction must always be implemented such that its execution latency does
310/// not depend on the data being operated on.
311///
312/// Source: RISC-V Cryptography Extensions Volume I: Scalar & Entropy Source Instructions
313///
314/// Version: v1.0.1
315///
316/// Section: 3.34
317///
318/// # Safety
319///
320/// This function is safe to use if the `zknh` target feature is present.
321#[target_feature(enable = "zknh")]
322#[cfg_attr(test, assert_instr(sha512sig1l))]
323#[inline]
324#[unstable(feature = "riscv_ext_intrinsics", issue = "114544")]
325pub unsafe fn sha512sig1l(rs1: u32, rs2: u32) -> u32 {
326 _sha512sig1l(rs1 as i32, rs2 as i32) as u32
327}
328
329/// Implements the Sum0 transformation, as used in the SHA2-512 hash function \[49\] (Section
330/// 4.1.3).
331///
332/// This instruction is implemented on RV32 only. Used to compute the Sum0 transform of the
333/// SHA2-512 hash function. The transform is a 64-bit to 64-bit function, so the input and
334/// output is represented by two 32-bit registers. This instruction must always be implemented
335/// such that its execution latency does not depend on the data being operated on.
336///
337/// Source: RISC-V Cryptography Extensions Volume I: Scalar & Entropy Source Instructions
338///
339/// Version: v1.0.1
340///
341/// Section: 3.35
342///
343/// # Safety
344///
345/// This function is safe to use if the `zknh` target feature is present.
346#[target_feature(enable = "zknh")]
347// See #1464
348// #[cfg_attr(test, assert_instr(sha512sum0r))]
349#[inline]
350#[unstable(feature = "riscv_ext_intrinsics", issue = "114544")]
351pub unsafe fn sha512sum0r(rs1: u32, rs2: u32) -> u32 {
352 _sha512sum0r(rs1 as i32, rs2 as i32) as u32
353}
354
355/// Implements the Sum1 transformation, as used in the SHA2-512 hash function \[49\] (Section
356/// 4.1.3).
357///
358/// This instruction is implemented on RV32 only. Used to compute the Sum1 transform of the
359/// SHA2-512 hash function. The transform is a 64-bit to 64-bit function, so the input and
360/// output is represented by two 32-bit registers. This instruction must always be implemented
361/// such that its execution latency does not depend on the data being operated on.
362///
363/// Source: RISC-V Cryptography Extensions Volume I: Scalar & Entropy Source Instructions
364///
365/// Version: v1.0.1
366///
367/// Section: 3.36
368///
369/// # Safety
370///
371/// This function is safe to use if the `zknh` target feature is present.
372#[target_feature(enable = "zknh")]
373// See #1464
374// #[cfg_attr(test, assert_instr(sha512sum1r))]
375#[inline]
376#[unstable(feature = "riscv_ext_intrinsics", issue = "114544")]
377pub unsafe fn sha512sum1r(rs1: u32, rs2: u32) -> u32 {
378 _sha512sum1r(rs1 as i32, rs2 as i32) as u32
379}