ab_riscv_primitives/instructions/rv32/zk/zkn/
zknh.rs

1//! RV32 Zknh extension
2
3#[cfg(test)]
4mod tests;
5
6use crate::instructions::Instruction;
7use crate::registers::general_purpose::Register;
8use ab_riscv_macros::instruction;
9use core::fmt;
10
11/// RISC-V RV32 Zknh instruction (SHA-256 and SHA-512 sigma/sum functions).
12///
13/// SHA-256 instructions take a single source register.
14/// SHA-512 instructions take two source registers because 64-bit operands must be split across two
15/// 32-bit registers on RV32. The register conventions differ by instruction and follow the RISC-V
16/// scalar crypto Sail model exactly:
17///
18/// - `sha512sig0l`, `sha512sig1l`: rs1 = LOW word, rs2 = HIGH word
19/// - `sha512sig0h`, `sha512sig1h`: rs1 = HIGH word, rs2 = LOW word
20/// - `sha512sum0r`, `sha512sum1r`: rs1 = LOW word, rs2 = HIGH word
21///
22/// For `sha512sum0r` and `sha512sum1r` the Sail pseudocode builds the 64-bit operand as
23/// `x[63:32] = X(rs2), x[31:0] = X(rs1)` (rs2 is the HIGH half) and writes the low 32 bits of the
24/// result to `rd`.
25#[instruction]
26#[derive(Debug, Clone, Copy, PartialEq, Eq)]
27pub enum Rv32ZknhInstruction<Reg> {
28    // SHA-256 (single-register, identical encoding to RV64)
29    Sha256Sig0 { rd: Reg, rs1: Reg },
30    Sha256Sig1 { rd: Reg, rs1: Reg },
31    Sha256Sum0 { rd: Reg, rs1: Reg },
32    Sha256Sum1 { rd: Reg, rs1: Reg },
33    // SHA-512 (two-register, RV32-only R-type)
34    Sha512Sig0h { rd: Reg, rs1: Reg, rs2: Reg },
35    Sha512Sig0l { rd: Reg, rs1: Reg, rs2: Reg },
36    Sha512Sig1h { rd: Reg, rs1: Reg, rs2: Reg },
37    Sha512Sig1l { rd: Reg, rs1: Reg, rs2: Reg },
38    Sha512Sum0r { rd: Reg, rs1: Reg, rs2: Reg },
39    Sha512Sum1r { rd: Reg, rs1: Reg, rs2: Reg },
40}
41
42#[instruction]
43impl<Reg> const Instruction for Rv32ZknhInstruction<Reg>
44where
45    Reg: [const] Register<Type = u32>,
46{
47    type Reg = Reg;
48
49    #[inline(always)]
50    fn try_decode(instruction: u32) -> Option<Self> {
51        let opcode = (instruction & 0b111_1111) as u8;
52        let rd_bits = ((instruction >> 7) & 0x1f) as u8;
53        let funct3 = ((instruction >> 12) & 0b111) as u8;
54        let rs1_bits = ((instruction >> 15) & 0x1f) as u8;
55        let rs2_bits = ((instruction >> 20) & 0x1f) as u8;
56        // Same field as rs2 for I-type
57        let funct5 = ((instruction >> 20) & 0x1f) as u8;
58        let funct7 = ((instruction >> 25) & 0b111_1111) as u8;
59
60        match opcode {
61            // SHA-256: I-type format (OP-IMM)
62            0b0010011 => {
63                if funct3 != 0b001 || funct7 != 0b0001000 {
64                    None
65                } else {
66                    let rd = Reg::from_bits(rd_bits)?;
67                    let rs1 = Reg::from_bits(rs1_bits)?;
68                    match funct5 {
69                        0b00010 => Some(Self::Sha256Sig0 { rd, rs1 }),
70                        0b00011 => Some(Self::Sha256Sig1 { rd, rs1 }),
71                        0b00000 => Some(Self::Sha256Sum0 { rd, rs1 }),
72                        0b00001 => Some(Self::Sha256Sum1 { rd, rs1 }),
73                        _ => None,
74                    }
75                }
76            }
77            // SHA-512: R-type format (OP)
78            // RV32-only two-register instructions.
79            0b0110011 => {
80                if funct3 == 0b000 {
81                    let rd = Reg::from_bits(rd_bits)?;
82                    let rs1 = Reg::from_bits(rs1_bits)?;
83                    let rs2 = Reg::from_bits(rs2_bits)?;
84                    match funct7 {
85                        // 0b0101000 = 40
86                        0b0101000 => Some(Self::Sha512Sum0r { rd, rs1, rs2 }),
87                        // 0b0101001 = 41
88                        0b0101001 => Some(Self::Sha512Sum1r { rd, rs1, rs2 }),
89                        // 0b0101010 = 42
90                        0b0101010 => Some(Self::Sha512Sig0l { rd, rs1, rs2 }),
91                        // 0b0101011 = 43
92                        0b0101011 => Some(Self::Sha512Sig1l { rd, rs1, rs2 }),
93                        // 0b0101110 = 46
94                        0b0101110 => Some(Self::Sha512Sig0h { rd, rs1, rs2 }),
95                        // 0b0101111 = 47
96                        0b0101111 => Some(Self::Sha512Sig1h { rd, rs1, rs2 }),
97                        _ => None,
98                    }
99                } else {
100                    None
101                }
102            }
103            _ => None,
104        }
105    }
106
107    #[inline(always)]
108    fn alignment() -> u8 {
109        size_of::<u32>() as u8
110    }
111
112    #[inline(always)]
113    fn size(&self) -> u8 {
114        size_of::<u32>() as u8
115    }
116}
117
118impl<Reg> fmt::Display for Rv32ZknhInstruction<Reg>
119where
120    Reg: fmt::Display,
121{
122    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
123        match self {
124            Self::Sha256Sig0 { rd, rs1 } => write!(f, "sha256sig0 {}, {}", rd, rs1),
125            Self::Sha256Sig1 { rd, rs1 } => write!(f, "sha256sig1 {}, {}", rd, rs1),
126            Self::Sha256Sum0 { rd, rs1 } => write!(f, "sha256sum0 {}, {}", rd, rs1),
127            Self::Sha256Sum1 { rd, rs1 } => write!(f, "sha256sum1 {}, {}", rd, rs1),
128            Self::Sha512Sig0h { rd, rs1, rs2 } => write!(f, "sha512sig0h {}, {}, {}", rd, rs1, rs2),
129            Self::Sha512Sig0l { rd, rs1, rs2 } => write!(f, "sha512sig0l {}, {}, {}", rd, rs1, rs2),
130            Self::Sha512Sig1h { rd, rs1, rs2 } => write!(f, "sha512sig1h {}, {}, {}", rd, rs1, rs2),
131            Self::Sha512Sig1l { rd, rs1, rs2 } => write!(f, "sha512sig1l {}, {}, {}", rd, rs1, rs2),
132            Self::Sha512Sum0r { rd, rs1, rs2 } => write!(f, "sha512sum0r {}, {}, {}", rd, rs1, rs2),
133            Self::Sha512Sum1r { rd, rs1, rs2 } => write!(f, "sha512sum1r {}, {}, {}", rd, rs1, rs2),
134        }
135    }
136}
ab_riscv_primitives/instructions/rv32/zk/zkn/zknh.rs

ab_riscv_primitives/instructions/rv32/zk/zkn/
zknh.rs
