Add support for Zvksed extension

Co-authored-by: Charalampos Mitrodimas <[email protected]>
Co-authored-by: Prashanth Mundkur <[email protected]>

Author: 3 people

README.md

@@ -119,6 +119,7 @@ Supported RISC-V ISA features
 - Zvbb extension for vector basic bit-manipulation, v1.0
 - Zvbc extension for vector carryless multiplication, v1.0
 - Zvkb extension for vector cryptography bit-manipulation, v1.0
+- Zvksed extension for vector cryptography ShangMi Suite: SM4 Block Cipher, v1.0
 - Machine, Supervisor, and User modes
 - Smcntrpmf extension for cycle and instret privilege mode filtering, v1.0
 - Sscofpmf extension for Count Overflow and Mode-Based Filtering, v1.0

config/default.json

@@ -74,6 +74,9 @@
         "Zvbc" : {
             "supported" : true
         },
+        "Zvksed" : {
+            "supported" : true
+        },
         "Sstc" : {
             "supported" : false
         }

model/CMakeLists.txt

@@ -88,6 +88,7 @@ foreach (xlen IN ITEMS 32 64)
                 "riscv_insts_zicboz.sail"
                 "riscv_insts_zvbb.sail"
                 "riscv_insts_zvbc.sail"
+                "riscv_insts_zvksed.sail"
                 # Zimop and Zcmop should be at the end so they can be overridden by earlier extensions
                 "riscv_insts_zimop.sail"
                 "riscv_insts_zcmop.sail"
@@ -180,6 +181,7 @@ foreach (xlen IN ITEMS 32 64)
                 ${sail_vm_srcs}
                 # Shared/common code for the cryptography extension.
                 "riscv_types_kext.sail"
+                "riscv_zvk_utils.sail"
             )
 
             if (variant STREQUAL "rvfi")

model/riscv_extensions.sail

@@ -137,6 +137,9 @@ function clause hartSupports(Ext_Zvkb) = config extensions.Zvkb.supported
 // Vector Carryless Multiplication
 enum clause extension = Ext_Zvbc
 function clause hartSupports(Ext_Zvbc) = config extensions.Zvbc.supported
+// ShangMi Suite: SM4 Block Cipher
+enum clause extension = Ext_Zvksed
+function clause hartSupports(Ext_Zvksed) = config extensions.Zvksed.supported
 
 // Count Overflow and Mode-Based Filtering
 enum clause extension = Ext_Sscofpmf

model/riscv_insts_vext_utils.sail

@@ -172,6 +172,16 @@ function get_scalar(rs1, SEW) = {
   }
 }
 
+val get_velem_quad_vec : forall 'n 'm 'p, 'n > 0 & 8 <= 'm <= 64  & 'p >= 0 & 4 * 'p + 3 < 'n. (vector('n, bits('m)), int('p)) -> vector(4, bits('m))
+function get_velem_quad_vec(v, i) = [ v[4 * i + 3], v[4 * i + 2], v[4 * i + 1], v[4 * i] ]
+
+
+val write_velem_quad_vec : forall 'p 'n, 8 <= 'n <= 64 & 'p >= 0. (vregidx, int('n), vector(4, bits('n)), int('p)) -> unit
+function write_velem_quad_vec(vd, SEW, input, i) = {
+  foreach(j from 0 to 3)
+    write_single_element(SEW, 4 * i + j, vd, input[j]);
+}
+
 /* Get the starting element index from csr vtype */
 val get_start_element : unit -> nat
 function get_start_element() = {

model/riscv_insts_zvksed.sail

@@ -0,0 +1,125 @@
+/*=======================================================================================*/
+/*  This Sail RISC-V architecture model, comprising all files and                        */
+/*  directories except where otherwise noted is subject the BSD                          */
+/*  two-clause license in the LICENSE file.                                              */
+/*                                                                                       */
+/*  SPDX-License-Identifier: BSD-2-Clause                                                */
+/*=======================================================================================*/
+
+function clause currentlyEnabled(Ext_Zvksed) = hartSupports(Ext_Zvksed) & currentlyEnabled(Ext_V)
+
+union clause ast = VSM4K_VI : (vregidx, bits(5), vregidx)
+
+mapping clause encdec = VSM4K_VI(vs2, uimm, vd)
+  <-> 0b1000011 @ encdec_vreg(vs2) @ uimm @ 0b010 @ encdec_vreg(vd) @ 0b1110111
+  when currentlyEnabled(Ext_Zvksed) & get_sew() == 32 & zvk_check_encdec(128, 4)
+
+mapping clause assembly = VSM4K_VI(vs2, uimm, vd)
+  <-> "vsm4k.vi" ^ spc() ^ vreg_name(vd) ^ sep() ^ vreg_name(vs2) ^ sep() ^ hex_bits_5(uimm)
+
+function clause execute (VSM4K_VI(vs2, uimm, vd)) = {
+  let SEW      = get_sew();
+  let LMUL_pow = get_lmul_pow();
+  let num_elem = get_num_elem(LMUL_pow, SEW);
+
+  assert(SEW == 32);
+
+  let vs2_val = read_vreg(num_elem, SEW, LMUL_pow, vs2);
+
+  let rnd = unsigned(uimm[2..0]);
+
+  let eg_len   = (unsigned(vl) / 4);
+  let eg_start = (unsigned(vstart) / 4);
+
+  foreach (i from eg_start to (eg_len - 1)) {
+    assert(i * 4 + 3 < num_elem);
+
+    let rk_in  : vector(4, bits(32)) = get_velem_quad_vec(vs2_val, i);
+    var rk_out : vector(4, bits(32)) = vector_init(zeros());
+
+    var B = rk_in[1] ^ rk_in[2] ^ rk_in[3] ^ zvksed_sm4_sbox(4 * rnd);
+    var S = sm4_subword(B);
+    rk_out[0] = round_key(rk_in[0], S);
+
+    B = rk_in[2]  ^ rk_in[3]  ^ rk_out[0] ^ zvksed_sm4_sbox(4 * rnd + 1);
+    S = sm4_subword(B);
+    rk_out[1] = round_key(rk_in[1], S);
+
+    B = rk_in[3]  ^ rk_out[0] ^ rk_out[1] ^ zvksed_sm4_sbox(4 * rnd + 2);
+    S = sm4_subword(B);
+    rk_out[2] = round_key(rk_in[2], S);
+
+    B = rk_out[0] ^ rk_out[1] ^ rk_out[2] ^ zvksed_sm4_sbox(4 * rnd + 3);
+    S = sm4_subword(B);
+    rk_out[3] = round_key(rk_in[3], S);
+
+    write_velem_quad_vec(vd, SEW, rk_out, i);
+  };
+
+  set_vstart(zeros());
+  RETIRE_SUCCESS
+}
+
+union clause ast = ZVKSM4RTYPE : (zvkfunct6, vregidx, vregidx)
+
+mapping clause encdec = ZVKSM4RTYPE(ZVK_VSM4RVV, vs2, vd)
+  <-> 0b1010001 @ encdec_vreg(vs2) @ 0b10000 @ 0b010 @ encdec_vreg(vd) @ 0b1110111
+  when currentlyEnabled(Ext_Zvksed) & get_sew() == 32 & zvk_check_encdec(128, 4)
+
+mapping clause encdec = ZVKSM4RTYPE(ZVK_VSM4RVS, vs2, vd)
+  <-> 0b1010011 @ encdec_vreg(vs2) @ 0b10000 @ 0b010 @ encdec_vreg(vd) @ 0b1110111
+  when currentlyEnabled(Ext_Zvksed) & get_sew() == 32 & zvk_check_encdec(128, 4) & zvk_valid_reg_overlap(vs2, vd, get_lmul_pow())
+
+mapping vsm4r_mnemonic : zvkfunct6 <-> string = {
+   ZVK_VSM4RVV <-> "vsm4r.vv",
+   ZVK_VSM4RVS <-> "vsm4r.vs",
+}
+
+mapping clause assembly = ZVKSM4RTYPE(funct6, vs2, vd)
+  <-> vsm4r_mnemonic(funct6) ^ spc() ^ vreg_name(vd) ^ sep() ^ vreg_name(vs2)
+
+function clause execute (ZVKSM4RTYPE(funct6, vs2, vd)) = {
+  let SEW      = get_sew();
+  let LMUL_pow = get_lmul_pow();
+  let num_elem = get_num_elem(LMUL_pow, SEW);
+
+  assert(SEW == 32);
+
+  let vs2_val = read_vreg(num_elem, SEW, LMUL_pow, vs2);
+  let vd_val  = read_vreg(num_elem, SEW, LMUL_pow, vd);
+
+  let eg_len   = (unsigned(vl) / 4);
+  let eg_start = (unsigned(vstart) / 4);
+
+  foreach (i from eg_start to (eg_len - 1)) {
+    assert(i * 4 + 3 < num_elem);
+
+    let rk_in : vector(4, bits(32)) = if funct6 == ZVK_VSM4RVV
+                                      then get_velem_quad_vec(vs2_val, i)
+                                      else get_velem_quad_vec(vs2_val, 0);
+
+    let x_in  : vector(4, bits(32)) = get_velem_quad_vec(vd_val, i);
+    var x_out : vector(4, bits(32)) = vector_init(zeros());
+
+    var B = x_in[1] ^ x_in[2] ^ x_in[3] ^ rk_in[0];
+    var S = sm4_subword(B);
+    x_out[0] = sm4_round(x_in[0], S);
+
+    B = x_in[2]  ^ x_in[3]  ^ x_out[0] ^ rk_in[1];
+    S = sm4_subword(B);
+    x_out[1] = sm4_round(x_in[1], S);
+
+    B = x_in[3]  ^ x_out[0] ^ x_out[1] ^ rk_in[2];
+    S = sm4_subword(B);
+    x_out[2] = sm4_round(x_in[2], S);
+
+    B = x_out[0] ^ x_out[1] ^ x_out[2] ^ rk_in[3];
+    S = sm4_subword(B);
+    x_out[3] = sm4_round(x_in[3], S);
+
+    write_velem_quad_vec(vd, SEW, x_out, i);
+  };
+
+  set_vstart(zeros());
+  RETIRE_SUCCESS
+}

model/riscv_zvk_utils.sail

@@ -0,0 +1,59 @@
+
+/*=======================================================================================*/
+/*  This Sail RISC-V architecture model, comprising all files and                        */
+/*  directories except where otherwise noted is subject the BSD                          */
+/*  two-clause license in the LICENSE file.                                              */
+/*                                                                                       */
+/*  SPDX-License-Identifier: BSD-2-Clause                                                */
+/*=======================================================================================*/
+
+val zvk_valid_reg_overlap : (vregidx, vregidx, int) -> bool
+function zvk_valid_reg_overlap(rs, rd, emul_pow) = {
+  let reg_group_size = if emul_pow > 0 then 2 ^ emul_pow else 1;
+  let rs_int = unsigned(vregidx_bits(rs));
+  let rd_int = unsigned(vregidx_bits(rd));
+  (rs_int + reg_group_size <= rd_int) | (rd_int + reg_group_size <= rs_int)
+}
+
+function zvk_check_encdec(EGW: int, EGS: int) -> bool = (unsigned(vl) % EGS == 0) & (unsigned(vstart) % EGS == 0) & (2 ^ get_lmul_pow() * VLEN) >= EGW
+
+/*
+ * Utility functions for Zvksed
+ * ----------------------------------------------------------------------
+ */
+
+enum zvkfunct6 = {ZVK_VSM4RVV, ZVK_VSM4RVS}
+
+val round_key : (bits(32), bits(32)) -> bits(32)
+function round_key(X, S) = X ^ (S ^ (S <<< 13) ^ (S <<< 23))
+
+val sm4_round : (bits(32), bits(32)) -> bits(32)
+function sm4_round(X, S) = X ^ (S ^ (S <<< 2) ^ (S <<< 10) ^ (S <<< 18) ^ (S <<< 24))
+
+// SM4 Constant Key (CK)
+let zvksed_ck : vector(32, bits(32)) = [
+0x00070E15, 0x1C232A31, 0x383F464D, 0x545B6269,
+0x70777E85, 0x8C939AA1, 0xA8AFB6BD, 0xC4CBD2D9,
+0xE0E7EEF5, 0xFC030A11, 0x181F262D, 0x343B4249,
+0x50575E65, 0x6C737A81, 0x888F969D, 0xA4ABB2B9,
+0xC0C7CED5, 0xDCE3EAF1, 0xF8FF060D, 0x141B2229,
+0x30373E45, 0x4C535A61, 0x686F767D, 0x848B9299,
+0xA0A7AEB5, 0xBCC3CAD1, 0xD8DFE6ED, 0xF4FB0209,
+0x10171E25, 0x2C333A41, 0x484F565D, 0x646B7279
+]
+
+val zvksed_box_lookup : (bits(5), vector(32, bits(32))) -> bits(32)
+function zvksed_box_lookup(x, table) = {
+  table[31 - unsigned(x)]
+}
+
+val zvksed_sm4_sbox : (int) -> bits(32)
+function zvksed_sm4_sbox(x) = zvksed_box_lookup(to_bits(5, x), zvksed_ck)
+
+val sm4_subword : bits(32) -> bits(32)
+function sm4_subword(x) = {
+  sm4_sbox(x[31..24]) @
+  sm4_sbox(x[23..16]) @
+  sm4_sbox(x[15.. 8]) @
+  sm4_sbox(x[ 7.. 0])
+}