core/stdarch/crates/core_arch/src/riscv64/zk.rs
1#[cfg(test)]
2use stdarch_test::assert_instr;
3
4extern "unadjusted" {
5 #[link_name = "llvm.riscv.aes64es"]
6 fn _aes64es(rs1: i64, rs2: i64) -> i64;
7
8 #[link_name = "llvm.riscv.aes64esm"]
9 fn _aes64esm(rs1: i64, rs2: i64) -> i64;
10
11 #[link_name = "llvm.riscv.aes64ds"]
12 fn _aes64ds(rs1: i64, rs2: i64) -> i64;
13
14 #[link_name = "llvm.riscv.aes64dsm"]
15 fn _aes64dsm(rs1: i64, rs2: i64) -> i64;
16
17 #[link_name = "llvm.riscv.aes64ks1i"]
18 fn _aes64ks1i(rs1: i64, rnum: i32) -> i64;
19
20 #[link_name = "llvm.riscv.aes64ks2"]
21 fn _aes64ks2(rs1: i64, rs2: i64) -> i64;
22
23 #[link_name = "llvm.riscv.aes64im"]
24 fn _aes64im(rs1: i64) -> i64;
25
26 #[link_name = "llvm.riscv.sha512sig0"]
27 fn _sha512sig0(rs1: i64) -> i64;
28
29 #[link_name = "llvm.riscv.sha512sig1"]
30 fn _sha512sig1(rs1: i64) -> i64;
31
32 #[link_name = "llvm.riscv.sha512sum0"]
33 fn _sha512sum0(rs1: i64) -> i64;
34
35 #[link_name = "llvm.riscv.sha512sum1"]
36 fn _sha512sum1(rs1: i64) -> i64;
37}
38
39/// AES final round encryption instruction for RV64.
40///
41/// Uses the two 64-bit source registers to represent the entire AES state, and produces half
42/// of the next round output, applying the ShiftRows and SubBytes steps. This instruction must
43/// always be implemented such that its execution latency does not depend on the data being
44/// operated on.
45///
46/// Source: RISC-V Cryptography Extensions Volume I: Scalar & Entropy Source Instructions
47///
48/// Version: v1.0.1
49///
50/// Section: 3.7
51///
52/// # Safety
53///
54/// This function is safe to use if the `zkne` target feature is present.
55#[target_feature(enable = "zkne")]
56#[cfg_attr(test, assert_instr(aes64es))]
57#[inline]
58#[unstable(feature = "riscv_ext_intrinsics", issue = "114544")]
59pub unsafe fn aes64es(rs1: u64, rs2: u64) -> u64 {
60 _aes64es(rs1 as i64, rs2 as i64) as u64
61}
62
63/// AES middle round encryption instruction for RV64.
64///
65/// Uses the two 64-bit source registers to represent the entire AES state, and produces half
66/// of the next round output, applying the ShiftRows, SubBytes and MixColumns steps. This
67/// instruction must always be implemented such that its execution latency does not depend on
68/// the data being operated on.
69///
70/// Source: RISC-V Cryptography Extensions Volume I: Scalar & Entropy Source Instructions
71///
72/// Version: v1.0.1
73///
74/// Section: 3.8
75///
76/// # Safety
77///
78/// This function is safe to use if the `zkne` target feature is present.
79#[target_feature(enable = "zkne")]
80#[cfg_attr(test, assert_instr(aes64esm))]
81#[inline]
82#[unstable(feature = "riscv_ext_intrinsics", issue = "114544")]
83pub unsafe fn aes64esm(rs1: u64, rs2: u64) -> u64 {
84 _aes64esm(rs1 as i64, rs2 as i64) as u64
85}
86
87/// AES final round decryption instruction for RV64.
88///
89/// Uses the two 64-bit source registers to represent the entire AES state, and produces half
90/// of the next round output, applying the Inverse ShiftRows and SubBytes steps. This
91/// instruction must always be implemented such that its execution latency does not depend on
92/// the data being operated on.
93///
94/// Source: RISC-V Cryptography Extensions Volume I: Scalar & Entropy Source Instructions
95///
96/// Version: v1.0.1
97///
98/// Section: 3.5
99///
100/// # Safety
101///
102/// This function is safe to use if the `zknd` target feature is present.
103#[target_feature(enable = "zknd")]
104#[cfg_attr(test, assert_instr(aes64ds))]
105#[inline]
106#[unstable(feature = "riscv_ext_intrinsics", issue = "114544")]
107pub unsafe fn aes64ds(rs1: u64, rs2: u64) -> u64 {
108 _aes64ds(rs1 as i64, rs2 as i64) as u64
109}
110
111/// AES middle round decryption instruction for RV64.
112///
113/// Uses the two 64-bit source registers to represent the entire AES state, and produces half
114/// of the next round output, applying the Inverse ShiftRows, SubBytes and MixColumns steps.
115/// This instruction must always be implemented such that its execution latency does not depend
116/// on the data being operated on.
117///
118/// Source: RISC-V Cryptography Extensions Volume I: Scalar & Entropy Source Instructions
119///
120/// Version: v1.0.1
121///
122/// Section: 3.6
123///
124/// # Safety
125///
126/// This function is safe to use if the `zknd` target feature is present.
127#[target_feature(enable = "zknd")]
128#[cfg_attr(test, assert_instr(aes64dsm))]
129#[inline]
130#[unstable(feature = "riscv_ext_intrinsics", issue = "114544")]
131pub unsafe fn aes64dsm(rs1: u64, rs2: u64) -> u64 {
132 _aes64dsm(rs1 as i64, rs2 as i64) as u64
133}
134
135/// This instruction implements part of the KeySchedule operation for the AES Block cipher
136/// involving the SBox operation.
137///
138/// This instruction implements the rotation, SubBytes and Round Constant addition steps of the
139/// AES block cipher Key Schedule. This instruction must always be implemented such that its
140/// execution latency does not depend on the data being operated on. Note that rnum must be in
141/// the range 0x0..0xA. The values 0xB..0xF are reserved.
142///
143/// Source: RISC-V Cryptography Extensions Volume I: Scalar & Entropy Source Instructions
144///
145/// Version: v1.0.1
146///
147/// Section: 3.10
148///
149/// # Note
150///
151/// The `RNUM` parameter is expected to be a constant value inside the range of `0..=10`.
152///
153/// # Safety
154///
155/// This function is safe to use if the `zkne` or `zknd` target feature is present.
156#[target_feature(enable = "zkne", enable = "zknd")]
157#[rustc_legacy_const_generics(1)]
158#[cfg_attr(test, assert_instr(aes64ks1i, RNUM = 0))]
159#[inline]
160#[unstable(feature = "riscv_ext_intrinsics", issue = "114544")]
161pub unsafe fn aes64ks1i<const RNUM: u8>(rs1: u64) -> u64 {
162 static_assert!(RNUM <= 10);
163
164 _aes64ks1i(rs1 as i64, RNUM as i32) as u64
165}
166
167/// This instruction implements part of the KeySchedule operation for the AES Block cipher.
168///
169/// This instruction implements the additional XOR’ing of key words as part of the AES block
170/// cipher Key Schedule. This instruction must always be implemented such that its execution
171/// latency does not depend on the data being operated on.
172///
173/// Source: RISC-V Cryptography Extensions Volume I: Scalar & Entropy Source Instructions
174///
175/// Version: v1.0.1
176///
177/// Section: 3.11
178///
179/// # Safety
180///
181/// This function is safe to use if the `zkne` or `zknd` target feature is present.
182#[target_feature(enable = "zkne", enable = "zknd")]
183#[cfg_attr(test, assert_instr(aes64ks2))]
184#[inline]
185#[unstable(feature = "riscv_ext_intrinsics", issue = "114544")]
186pub unsafe fn aes64ks2(rs1: u64, rs2: u64) -> u64 {
187 _aes64ks2(rs1 as i64, rs2 as i64) as u64
188}
189
190/// This instruction accelerates the inverse MixColumns step of the AES Block Cipher, and is used to aid creation of
191/// the decryption KeySchedule.
192///
193/// The instruction applies the inverse MixColumns transformation to two columns of the state array, packed
194/// into a single 64-bit register. It is used to create the inverse cipher KeySchedule, according to the equivalent
195/// inverse cipher construction in (Page 23, Section 5.3.5). This instruction must always be implemented
196/// such that its execution latency does not depend on the data being operated on.
197///
198/// Source: RISC-V Cryptography Extensions Volume I: Scalar & Entropy Source Instructions
199///
200/// Version: v1.0.1
201///
202/// Section: 3.9
203///
204/// # Safety
205///
206/// This function is safe to use if the `zkne` or `zknd` target feature is present.
207#[target_feature(enable = "zkne", enable = "zknd")]
208#[cfg_attr(test, assert_instr(aes64im))]
209#[inline]
210#[unstable(feature = "riscv_ext_intrinsics", issue = "114544")]
211pub unsafe fn aes64im(rs1: u64) -> u64 {
212 _aes64im(rs1 as i64) as u64
213}
214
215/// Implements the Sigma0 transformation function as used in the SHA2-512 hash function \[49\]
216/// (Section 4.1.3).
217///
218/// This instruction is supported for the RV64 base architecture. It implements the Sigma0
219/// transform of the SHA2-512 hash function. \[49\]. This instruction must always be
220/// implemented such that its execution latency does not depend on the data being operated on.
221///
222/// Source: RISC-V Cryptography Extensions Volume I: Scalar & Entropy Source Instructions
223///
224/// Version: v1.0.1
225///
226/// Section: 3.37
227///
228/// # Safety
229///
230/// This function is safe to use if the `zknh` target feature is present.
231#[target_feature(enable = "zknh")]
232#[cfg_attr(test, assert_instr(sha512sig0))]
233#[inline]
234#[unstable(feature = "riscv_ext_intrinsics", issue = "114544")]
235pub unsafe fn sha512sig0(rs1: u64) -> u64 {
236 _sha512sig0(rs1 as i64) as u64
237}
238
239/// Implements the Sigma1 transformation function as used in the SHA2-512 hash function \[49\]
240/// (Section 4.1.3).
241///
242/// This instruction is supported for the RV64 base architecture. It implements the Sigma1
243/// transform of the SHA2-512 hash function. \[49\]. This instruction must always be
244/// implemented such that its execution latency does not depend on the data being operated on.
245///
246/// Source: RISC-V Cryptography Extensions Volume I: Scalar & Entropy Source Instructions
247///
248/// Version: v1.0.1
249///
250/// Section: 3.38
251///
252/// # Safety
253///
254/// This function is safe to use if the `zknh` target feature is present.
255#[target_feature(enable = "zknh")]
256#[cfg_attr(test, assert_instr(sha512sig1))]
257#[inline]
258#[unstable(feature = "riscv_ext_intrinsics", issue = "114544")]
259pub unsafe fn sha512sig1(rs1: u64) -> u64 {
260 _sha512sig1(rs1 as i64) as u64
261}
262
263/// Implements the Sum0 transformation function as used in the SHA2-512 hash function \[49\]
264/// (Section 4.1.3).
265///
266/// This instruction is supported for the RV64 base architecture. It implements the Sum0
267/// transform of the SHA2-512 hash function. \[49\]. This instruction must always be
268/// implemented such that its execution latency does not depend on the data being operated on.
269///
270/// Source: RISC-V Cryptography Extensions Volume I: Scalar & Entropy Source Instructions
271///
272/// Version: v1.0.1
273///
274/// Section: 3.39
275///
276/// # Safety
277///
278/// This function is safe to use if the `zknh` target feature is present.
279#[target_feature(enable = "zknh")]
280#[cfg_attr(test, assert_instr(sha512sum0))]
281#[inline]
282#[unstable(feature = "riscv_ext_intrinsics", issue = "114544")]
283pub unsafe fn sha512sum0(rs1: u64) -> u64 {
284 _sha512sum0(rs1 as i64) as u64
285}
286
287/// Implements the Sum1 transformation function as used in the SHA2-512 hash function \[49\]
288/// (Section 4.1.3).
289///
290/// This instruction is supported for the RV64 base architecture. It implements the Sum1
291/// transform of the SHA2-512 hash function. \[49\]. This instruction must always be
292/// implemented such that its execution latency does not depend on the data being operated on.
293///
294/// Source: RISC-V Cryptography Extensions Volume I: Scalar & Entropy Source Instructions
295///
296/// Version: v1.0.1
297///
298/// Section: 3.40
299///
300/// # Safety
301///
302/// This function is safe to use if the `zknh` target feature is present.
303#[target_feature(enable = "zknh")]
304#[cfg_attr(test, assert_instr(sha512sum1))]
305#[inline]
306#[unstable(feature = "riscv_ext_intrinsics", issue = "114544")]
307pub unsafe fn sha512sum1(rs1: u64) -> u64 {
308 _sha512sum1(rs1 as i64) as u64
309}