Vector Crypto Specification Release 1.0.0

Ratified

Vector Crypto Specification 1.0.0-rc3

Public review has been completed and all issues have been addressed.

Clarified Zvkt: masks, constants (immediate and X0) not subject to DIEL
Created Zvkb as a subset of Zvbb. Zvkb only incudes bitmanip instructions identified as useful for cryptography
Zvkn and Zvks (add all extensions that subsume these) include Zvkb (instead of Zvbb)
Fixed typos vaeskf1 and vaeskf2 pseudo code
Fixed "Included In:" on the bottom of instruction pages
Fixed round constant index in vaesfk2 pseudo code

Minor non-technical typo fix.

Vector Crypto Frozen Specification 1.0.0-rc1

Update riscv-crypto-spec-vector.adoc

The document is now frozen and ready for public review.

Scalar Cryptography v1.0.1

This is the formal release of v1.0.1 of the RISC-V Scalar Cryptography extensions.

This specification's status is Ratified.

Changes since the previous version:

• Remove -rc4 from the minimum supported version of each instruciton. These now all point to v1.0.0 (I.e. the first ratified verison).
• Fix three typos to show that c.srli, c.srai, and c.slli are Zkt instructions in RV64. See #149, #152.
• Include this in a new change-log section.

Scalar Cryptography v1.0.0

This is the formal release of v1.0.0 of the RISC-V Scalar Cryptography extensions.

This specification's status is now Ratified.

The only change from the previous release is to remove the -rc* from the version, and update the document ratification status.

Scalar Cryptograph v1.0.0-rc6

This is a post-public review release for the Scalar Cryptography extension. It includes a clarification to exception handling around Zkr in the presence of a hypervisor to be consistent with the broader architecture. It is intended/expected to be the fixed version of the specification which is ratified by the RISC-V Board of Directors.

Specific changes since v1.0.0-rc5:

• #139 - Access to seed CSR from VS/VU modes.
  • Addressed in PR #141

Scalar Cryptography v1.0.0-rc5

This is a post-public review release for the Scalar Cryptography extension. It includes a small number of clarifying updates around Zkt and the handling of access control to Zkr in the presence of a hypervisor. It is intended to be a fixed version of the specification used by various RISC-V committees for final sign-off, post-public-review / pre-ratification.

Specific changes since v1.0.0-rc4:

• #136 - Clarified the behaviour of Zkt for sequences of instructions.
• #134 - Updated which exceptions are raised in relation to Zkr in the presence of a hypervisor.

Attached to this release is a summary of all feedback we received during the public review process. We'd like to thank everyone who contributed to our public review for their time and attention, and helping to improve our specification. Your efforts were greatly appreciated!

Scalar Cryptography v1.0.0-rc4

This is an update to the public review release of the scalar cryptography extensions to RISC-V. The public review period has been announced on the RISC-V isa-dev mailing list, and runs for 45 days from that announcement until October 17'th, 2021.

To respond to the public review, please either email comments to the public isa-dev mailing list or add issues to the Crypto GitHub repo. We welcome all input and appreciate your time and effort in helping us by reviewing the specification.

During the public review period, corrections, comments, and suggestions, will be gathered for review by the Cryptography task group. Any minor corrections and/or uncontroversial changes will be incorporated into the specification. Any remaining issues or proposed changes will be addressed in the public review summary report. If there are no issues that require incompatible changes to the public review specification, the unprivileged ISA committee will recommend the updated specifications be approved and ratified by the RISC-V Technical Steering Committee and the RISC-V Board of Directors.

We, the RISC-V Cryptography Task Group, would like to sincerely thank everyone taking part in the public review, and who has contributed to our specification so far.

Changes since the previous release candidate:

• Final fixes to zip and unzip descriptions and encodings for clarity. (#130)
  • Sincere apologies to everyone affected by this, there was confusion about the encodings and matching the correct descriptions to the right mnemonics. The previous RC fixed the encodings but broke the descriptions. This release has been made to ensure everything is now consistent with expectation, given the original Bitmanip 0.93 definition of the more general shfli/unshfli instructions and their specific zip/unzip instances.

Scalar Cryptography v1.0.0-rc3

NOTE: This release has been superseded by v1.0.0-rc4

This is an update to the public review release of the scalar cryptography extensions to RISC-V. The public review period has been announced on the RISC-V isa-dev mailing list, and runs for 45 days from that announcement until October 17'th, 2021.

To respond to the public review, please either email comments to the public isa-dev mailing list or add issues to the Crypto GitHub repo. We welcome all input and appreciate your time and effort in helping us by reviewing the specification.

During the public review period, corrections, comments, and suggestions, will be gathered for review by the Cryptography task group. Any minor corrections and/or uncontroversial changes will be incorporated into the specification. Any remaining issues or proposed changes will be addressed in the public review summary report. If there are no issues that require incompatible changes to the public review specification, the unprivileged ISA committee will recommend the updated specifications be approved and ratified by the RISC-V Technical Steering Committee and the RISC-V Board of Directors.

We, the RISC-V Cryptography Task Group, would like to sincerely thank everyone taking part in the public review, and who has contributed to our specification so far.

Changes since the previous release candidate:

• Fix Sail code for zip and unzip being the wrong way around and update descriptions for clarity. (#130)
• Fix incorrect encodings for zip and unzip. (#130)
  • The immediate values for the instructions in bits 24:20 did not correspond to the correct instance of the more generic shfli and unshfli instructions from the previous Bitmanip (v0.93/4) specifications.
• Miscellaneous editorial updates, with thanks to folks for spotting these. (#119, #122, #124, 9fae816)
• Fix typo in aes64ks1i sail code and update descriptions for clarity. (529c0f1, #127)
• Fix typo in examples for sha512* instructions. (#128)

Scalar Cryptography v1.0.0-rc2

NOTE: This release has been superseded by v1.0.0-rc4

This is intended to be the public review release of the scalar cryptography extensions to RISC-V. The public review period has been announced on the RISC-V isa-dev mailing list, and runs for 45 days from that announcement.

To respond to the public review, please either email comments to the public isa-dev mailing list or add issues to the Crypto GitHub repo. We welcome all input and appreciate your time and effort in helping us by reviewing the specification.

During the public review period, corrections, comments, and suggestions, will be gathered for review by the Cryptography task group. Any minor corrections and/or uncontroversial changes will be incorporated into the specification. Any remaining issues or proposed changes will be addressed in the public review summary report. If there are no issues that require incompatible changes to the public review specification, the unprivileged ISA committee will recommend the updated specifications be approved and ratified by the RISC-V Technical Steering Committee and the RISC-V Board of Directors.

We, the RISC-V Cryptography Task Group, would like to sincerely thank everyone taking part in the public review, and who has contributed to our specification so far.

Functional Changes since the previous release candidate:

• After feedback from the unpriv committee, The Entropy source CSR interface has been changed:.
  • There is a user mode CSR seed at 0x015, which essentially performs the same function as reading the old CSR register.
  • The access control options have been expanded to allow access to seed in U and S mode.
• Some instructions have been renamed for consistency (#115):
  • The rev.b instruction has been renamed to brev8.
  • The xperm.n instruction has been renamed to xperm4.
  • The xperm.b instruction has been renamed to xperm8.
• Fixed issue #109 - sha256sig1 result should be EXTS, not EXTZ
• Fixed issue #111 - sm4ed description uses "rt" instead of "rs1"
• Fixed issue #113 - Bitmanip specs Zba/b/c/s now at version 1.0