Scalar bitmanip and crypto intrinsics proposal

[topperc]

This is a proposal for scalar crypto intrinsics for the Zk* extensions.

I've removed the recommendation to use 'long' for XLEN. There's nothing guaranteeing that 'long' is XLEN. For example, if we were to support ILP32 on RV64, 'long' would become 32 bits while XLEN would still be 64 bits.

Other design decisions are spelled out in the document.

Some text has been copied from #23.

One open question is whether we should emulate 64-bit intrinsics on RV32 where it is feasible. This could be useful for the sha512 intrinsics and some others.

@cmuellner @kito-cheng @mjosaarinen

[topperc]

@nick-knight @Xinlong-Wu @aswaterman @ChunyuLiao

[Xinlong-Wu]

here is a related issue: https://github.com/rvkrypto/rvkrypto-fips/issues/11

[ChunyuLiao]

LGTM, thanks.

[topperc]

I removed __riscv_clmulh_32 and __riscv_clmulr_32 from RV64 as the emulation is 4-6 instructions.

[topperc]

I fixed the number of arguments to the xperm intrinsics. And I reduce the rotate amount for __riscv_rol_64 and __riscv_ror_64 intrinsics to uint32_t

[wangpc-pp]

What about adding an intrinsic that reads seed CSR defined in Zkr?

[topperc]

What about adding an intrinsic that reads seed CSR defined in Zkr?

It's not guaranteed to be accessible to user level software. I don't think it belongs in this proposal.

[topperc]

What do we need to do to move this proposal forward?

[cmuellner]

We have discussed this in today's SIG toolchain call. We have positive feedback in the comments here and the PR had much time so everyone had much time to give comments. Therefore, I've reached out to the sig-toolchains list with a request for review with the intend to merge this PR in two weeks

The planned timeline is as follows:

• Oct 9: Send request for review to sig-toolchains list
• Oct 23: End of review period
• October: Work on patches for the intrinsics (GCC, LLVM)
• End of October: merge PR if patches are on the list (GCC) or in a PR (LLVM)

[topperc]

Clang/llvm patch https://reviews.llvm.org/D155647

[nick-knight]

Are we adding new macros like __riscv_zbkb? If so, is it important to add them to this document?

[cmuellner]

Are we adding new macros like __riscv_zbkb? If so, is it important to add them to this document?

We have a list in this repo, but it does not make sense to add each and every extension manually (which is the reason that nobody does it). Kito attempted to address this in https://github.com/riscv-non-isa/riscv-c-api-doc/pull/28, but the PR was not finished.

So instead of a PR that adds __riscv_zbkb it would be great to get a more generic description of the test macros.

[cmuellner]

@pz9115 is working on the GCC patches. The work is tracked in an dev-partners issue: https://github.com/riscv-admin/dev-partners/issues/37

[topperc]

I think the public review period for this is over now. How do we proceed?

[cmuellner]

@pz9115 is there an ETA for the GCC patch?

[pz9115]

Still WIP, plan to send patches within this month.

[kito-cheng]

@cmuellner I would suggest moving forward this PR, I mean merge this first, I believe the proposal isn't come with complicated technical issue on the GCC side, just need few more time to implement.

Also I am happy to accept that on GCC 14 even it's not stage 1.

[cmuellner]

I kept it open, because I was not sure if this is still being work on. Now, that this has been confirmed in yesterday's SIG Toolchain call, it is probably the best to merge it.

Thanks @topperc for the PR and the patience!