From: "Markku-Juhani O. Saarinen" <mjos@pqshield.com>
To: Jan Beulich <jbeulich@suse.com>
Cc: 陈嘉炜 <jiawei@iscas.ac.cn>, "Kito Cheng" <kito.cheng@sifive.com>,
nelson.chu@sifive.com, "Jim Wilson" <jimw@sifive.com>,
"Philipp Tomsich" <philipp.tomsich@vrull.eu>,
"Ben Marshall" <ben.marshall@pqshield.com>,
"Christoph Muellner" <cmuellner@ventanamicro.com>,
"Palmer Dabbelt" <palmer@dabbelt.com>,
"Andrew Waterman" <andrew@sifive.com>,
"Wei Wu (吴伟)" <lazyparser@gmail.com>,
siyu@isrc.iscas.ac.cn, schwab@linux-m68k.org,
binutils@sourceware.org
Subject: Re: [PATCH v4 2/3] RISC-V: Scalar crypto instructions and operand set
Date: Tue, 4 Jan 2022 13:13:10 +0000 [thread overview]
Message-ID: <CAPwdP4NCe5oT8jcGaZVsM1m+Y+Ypzi5u8FRfxW4TqG6gBNzduQ@mail.gmail.com> (raw)
In-Reply-To: <ed40c8b7-b48c-5b36-0f36-fb2bbb76f76b@suse.com>
On Tue, Jan 4, 2022 at 8:49 AM Jan Beulich <jbeulich@suse.com> wrote:
>
> > > For these two and a few more with immediate operands and a trailing
> 'i'
> > > in the mnemonics: Shouldn't they have i-suffix-less pseudos,
> matching
> > > other insns with immediate operands?
> > >
> > > Jan
> >
> > I think the 'i' trailing is just a dinstinguishing symbol in zknd
> extension, there are no i-suffix-less pseudo definitions in the cryptogrpah
> extension spec, please check it.
>
> Perhaps I should have said explicitly that this is a question not so much
> on the implementation, but on the spec itself.
>
Hi,
I agree that it's a bit odd that sm4* instructions don't have an "i" but
equivalent-format aes32* instructions have it. Hence I wouldn't assign too
much meaning to the "i" here; there is no equivalent "register input"
version for these as there would be with something like "addi" vs "add".
For 32-bit aes/sm4 the immediate refers to a 2-bit field that could have
even been incorporated into the mnemonic (e.g. sm4ed0, sm4ed1, sm4ed2,
sm4ed3) -- to me, these instructions fundamentally have an R-type encoding.
For aes64ks1i it's a 4-bit value holding 0x0..0xA.
If we consider C language intrinsics, passing a variable as an immediate
for K extension instruction needs to be an illegal operation: if the
compiler generates some kind of switch-case statement, that is unlikely to
be constant-time and defeats half of the purpose of the instruction. At
least the inline assembler headers work this way; I hope proper builtins
will fault at attempts to use variables too.
Wrt to "the spec", the Scalar K spec was ratified in November. In the
RISC-V process, ISA ratification means that those mnemonics are beyond
"stable" and "freeze" stages in terms of unmovability. That would require
really serious technical arguments. The consistency of mnemonic and opcode
assignments is really a matter for the top architecture committee chairs,
so even us in the committee that authored that spec did not have final
control over them. Krste & Co changed some of the mnemonics (such as the
names of xperm4 and xperm8) as late as August, before the ratification.
One more thing about intrinsics: If we consider also Bitmanip intrinsics,
my take is that if an instruction has both immediate and register-based
form, it makes obvious sense to combine them into the same intrinsic (e.g.
GREV and GREVI would be better served by a single intrinsic, even though
they are separate mnemonics). K instructions only have one form -- one
avoids confusion by using the mnemonic name to create an intrinsic function
(with a consistent prefix). That's how the current C language intrinsic
proposal works.
Cheers,
- markku
Dr. Markku-Juhani O. Saarinen <mjos@pqshield.com> PQShield, Oxford UK.
>
> Jan
>
>
next prev parent reply other threads:[~2022-01-04 13:13 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-15 3:03 [PATCH v4 0/3] RISC-V: Support Scalar Cryptography extension jiawei
2021-11-15 3:03 ` [PATCH v4 1/3] RISC-V: Minimal support of scalar crypto extension jiawei
2022-02-21 13:24 ` Jan Beulich
2022-02-21 14:14 ` jiawei
2022-02-21 14:16 ` Philipp Tomsich
2022-02-21 14:25 ` Jan Beulich
2022-02-21 14:44 ` Tsukasa OI
2022-02-21 14:50 ` Kito Cheng
2021-11-15 3:03 ` [PATCH v4 2/3] RISC-V: Scalar crypto instructions and operand set jiawei
2022-01-04 8:04 ` Jan Beulich
2022-01-04 8:38 ` 陈嘉炜
2022-01-04 8:49 ` Jan Beulich
2022-01-04 13:13 ` Markku-Juhani O. Saarinen [this message]
2021-11-15 3:03 ` [PATCH v4 3/3] RISC-V: Scalar crypto instruction and Entropy Source CSR testcases jiawei
2021-12-21 16:06 ` Jan Beulich
2021-11-16 4:07 ` [PATCH v4 0/3] RISC-V: Support Scalar Cryptography extension Nelson Chu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAPwdP4NCe5oT8jcGaZVsM1m+Y+Ypzi5u8FRfxW4TqG6gBNzduQ@mail.gmail.com \
--to=mjos@pqshield.com \
--cc=andrew@sifive.com \
--cc=ben.marshall@pqshield.com \
--cc=binutils@sourceware.org \
--cc=cmuellner@ventanamicro.com \
--cc=jbeulich@suse.com \
--cc=jiawei@iscas.ac.cn \
--cc=jimw@sifive.com \
--cc=kito.cheng@sifive.com \
--cc=lazyparser@gmail.com \
--cc=nelson.chu@sifive.com \
--cc=palmer@dabbelt.com \
--cc=philipp.tomsich@vrull.eu \
--cc=schwab@linux-m68k.org \
--cc=siyu@isrc.iscas.ac.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).