From cec67dc4fc0077185cf784f5d2b26b65f1032731 Mon Sep 17 00:00:00 2001 From: Project Nayuki Date: Fri, 3 Sep 2021 15:52:12 +0000 Subject: [PATCH 1/5] spec: Fix grammar: it's -> its. --- doc/old-tex/tex/sec-vector.tex | 2 +- doc/scalar/insns/aes32dsi.adoc | 2 +- doc/scalar/insns/aes32dsmi.adoc | 2 +- doc/scalar/insns/aes32esi.adoc | 2 +- doc/scalar/insns/aes32esmi.adoc | 2 +- doc/scalar/insns/aes64ds.adoc | 2 +- doc/scalar/insns/aes64dsm.adoc | 2 +- doc/scalar/insns/aes64es.adoc | 2 +- doc/scalar/insns/aes64esm.adoc | 2 +- doc/scalar/insns/aes64im.adoc | 2 +- doc/scalar/insns/aes64ks1i.adoc | 2 +- doc/scalar/insns/aes64ks2.adoc | 2 +- doc/scalar/insns/sha256sig0.adoc | 2 +- doc/scalar/insns/sha256sig1.adoc | 2 +- doc/scalar/insns/sha256sum0.adoc | 2 +- doc/scalar/insns/sha256sum1.adoc | 2 +- doc/scalar/insns/sha512sig0.adoc | 2 +- doc/scalar/insns/sha512sig0h.adoc | 2 +- doc/scalar/insns/sha512sig0l.adoc | 2 +- doc/scalar/insns/sha512sig1.adoc | 2 +- doc/scalar/insns/sha512sig1h.adoc | 2 +- doc/scalar/insns/sha512sig1l.adoc | 2 +- doc/scalar/insns/sha512sum0.adoc | 2 +- doc/scalar/insns/sha512sum0r.adoc | 2 +- doc/scalar/insns/sha512sum1.adoc | 2 +- doc/scalar/insns/sha512sum1r.adoc | 2 +- doc/scalar/insns/sm3p0.adoc | 2 +- doc/scalar/insns/sm3p1.adoc | 2 +- doc/scalar/insns/sm4ed.adoc | 2 +- doc/scalar/insns/sm4ks.adoc | 2 +- rtl/README.md | 2 +- 31 files changed, 31 insertions(+), 31 deletions(-) diff --git a/doc/old-tex/tex/sec-vector.tex b/doc/old-tex/tex/sec-vector.tex index e97e9835..f0fe2bcd 100644 --- a/doc/old-tex/tex/sec-vector.tex +++ b/doc/old-tex/tex/sec-vector.tex @@ -38,7 +38,7 @@ The base vector extension has the constraint $\VLEN \ge \ELEN$. The vector crypto instructions require that $\ELEN \ge 128$ for all -of it's instructions, and upto $1024$ for some. +of its instructions, and upto $1024$ for some. Note that the vector crypto extension {\em does not} require these large \ELEN values to be supported for all instructions, only those which require them in order to function. diff --git a/doc/scalar/insns/aes32dsi.adoc b/doc/scalar/insns/aes32dsi.adoc index fdee4d91..2e8baff9 100644 --- a/doc/scalar/insns/aes32dsi.adoc +++ b/doc/scalar/insns/aes32dsi.adoc @@ -25,7 +25,7 @@ Description:: This instruction sources a single byte from `rs2` according to `bs`. To this it applies the inverse AES SBox operation, and XOR's the result with `rs1`. -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. Operation:: diff --git a/doc/scalar/insns/aes32dsmi.adoc b/doc/scalar/insns/aes32dsmi.adoc index dfe86897..77b741a5 100644 --- a/doc/scalar/insns/aes32dsmi.adoc +++ b/doc/scalar/insns/aes32dsmi.adoc @@ -25,7 +25,7 @@ Description:: This instruction sources a single byte from `rs2` according to `bs`. To this it applies the inverse AES SBox operation, and a partial inverse MixColumn, before XOR'ing the result with `rs1`. -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. Operation:: diff --git a/doc/scalar/insns/aes32esi.adoc b/doc/scalar/insns/aes32esi.adoc index 0467da96..b695d306 100644 --- a/doc/scalar/insns/aes32esi.adoc +++ b/doc/scalar/insns/aes32esi.adoc @@ -25,7 +25,7 @@ Description:: This instruction sources a single byte from `rs2` according to `bs`. To this it applies the forward AES SBox operation, before XOR'ing the result with `rs1`. -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. Operation:: diff --git a/doc/scalar/insns/aes32esmi.adoc b/doc/scalar/insns/aes32esmi.adoc index 9e7ad8ea..06055d22 100644 --- a/doc/scalar/insns/aes32esmi.adoc +++ b/doc/scalar/insns/aes32esmi.adoc @@ -25,7 +25,7 @@ Description:: This instruction sources a single byte from `rs2` according to `bs`. To this it applies the forward AES SBox operation, and a partial forward MixColumn, before XOR'ing the result with `rs1`. -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. Operation:: diff --git a/doc/scalar/insns/aes64ds.adoc b/doc/scalar/insns/aes64ds.adoc index 9ec88943..badef71a 100644 --- a/doc/scalar/insns/aes64ds.adoc +++ b/doc/scalar/insns/aes64ds.adoc @@ -25,7 +25,7 @@ Description:: Uses the two 64-bit source registers to represent the entire AES state, and produces _half_ of the next round output, applying the Inverse ShiftRows and SubBytes steps. -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. .Note To Software Developers diff --git a/doc/scalar/insns/aes64dsm.adoc b/doc/scalar/insns/aes64dsm.adoc index 837497b4..6a2b60f3 100644 --- a/doc/scalar/insns/aes64dsm.adoc +++ b/doc/scalar/insns/aes64dsm.adoc @@ -25,7 +25,7 @@ Description:: Uses the two 64-bit source registers to represent the entire AES state, and produces _half_ of the next round output, applying the Inverse ShiftRows, SubBytes and MixColumns steps. -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. .Note To Software Developers diff --git a/doc/scalar/insns/aes64es.adoc b/doc/scalar/insns/aes64es.adoc index 8d974b31..5d25d6a4 100644 --- a/doc/scalar/insns/aes64es.adoc +++ b/doc/scalar/insns/aes64es.adoc @@ -25,7 +25,7 @@ Description:: Uses the two 64-bit source registers to represent the entire AES state, and produces _half_ of the next round output, applying the ShiftRows and SubBytes steps. -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. .Note To Software Developers diff --git a/doc/scalar/insns/aes64esm.adoc b/doc/scalar/insns/aes64esm.adoc index 0843a3a9..b9b9877b 100644 --- a/doc/scalar/insns/aes64esm.adoc +++ b/doc/scalar/insns/aes64esm.adoc @@ -25,7 +25,7 @@ Description:: Uses the two 64-bit source registers to represent the entire AES state, and produces _half_ of the next round output, applying the ShiftRows, SubBytes and MixColumns steps. -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. .Note To Software Developers diff --git a/doc/scalar/insns/aes64im.adoc b/doc/scalar/insns/aes64im.adoc index 023977a8..e1b8fb9b 100644 --- a/doc/scalar/insns/aes64im.adoc +++ b/doc/scalar/insns/aes64im.adoc @@ -29,7 +29,7 @@ transformation to two columns of the state array, packed into a single It is used to create the inverse cipher KeySchedule, according to the equivalent inverse cipher construction in cite:[nist:fips:197] (Page 23, Section 5.3.5). -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. Operation:: diff --git a/doc/scalar/insns/aes64ks1i.adoc b/doc/scalar/insns/aes64ks1i.adoc index ff9d6760..dbe0972c 100644 --- a/doc/scalar/insns/aes64ks1i.adoc +++ b/doc/scalar/insns/aes64ks1i.adoc @@ -26,7 +26,7 @@ Encoding:: Description:: This instruction implements the rotation, SubBytes and Round Constant addition steps of the AES block cipher Key Schedule. -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. Note that `rnum` must be in the range `0x0..0xA`. The values `0xB..0xF` are reserved. diff --git a/doc/scalar/insns/aes64ks2.adoc b/doc/scalar/insns/aes64ks2.adoc index d3c948f7..569c019b 100644 --- a/doc/scalar/insns/aes64ks2.adoc +++ b/doc/scalar/insns/aes64ks2.adoc @@ -25,7 +25,7 @@ Encoding:: Description:: This instruction implements the additional XOR'ing of key words as part of the AES block cipher Key Schedule. -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. Operation:: diff --git a/doc/scalar/insns/sha256sig0.adoc b/doc/scalar/insns/sha256sig0.adoc index 3f766ece..d7e6f3ad 100644 --- a/doc/scalar/insns/sha256sig0.adoc +++ b/doc/scalar/insns/sha256sig0.adoc @@ -30,7 +30,7 @@ result sign extended to `XLEN` bits. Though named for SHA2-256, the instruction works for both the SHA2-224 and SHA2-256 parameterisations as described in cite:[nist:fips:180:4]. -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. Operation:: diff --git a/doc/scalar/insns/sha256sig1.adoc b/doc/scalar/insns/sha256sig1.adoc index bf0323eb..c5b36353 100644 --- a/doc/scalar/insns/sha256sig1.adoc +++ b/doc/scalar/insns/sha256sig1.adoc @@ -30,7 +30,7 @@ result sign extended to `XLEN` bits. Though named for SHA2-256, the instruction works for both the SHA2-224 and SHA2-256 parameterisations as described in cite:[nist:fips:180:4]. -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. Operation:: diff --git a/doc/scalar/insns/sha256sum0.adoc b/doc/scalar/insns/sha256sum0.adoc index 3adfcdf4..b5a1b891 100644 --- a/doc/scalar/insns/sha256sum0.adoc +++ b/doc/scalar/insns/sha256sum0.adoc @@ -30,7 +30,7 @@ result sign extended to `XLEN` bits. Though named for SHA2-256, the instruction works for both the SHA2-224 and SHA2-256 parameterisations as described in cite:[nist:fips:180:4]. -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. Operation:: diff --git a/doc/scalar/insns/sha256sum1.adoc b/doc/scalar/insns/sha256sum1.adoc index 9572c459..9d10954e 100644 --- a/doc/scalar/insns/sha256sum1.adoc +++ b/doc/scalar/insns/sha256sum1.adoc @@ -30,7 +30,7 @@ result sign extended to `XLEN` bits. Though named for SHA2-256, the instruction works for both the SHA2-224 and SHA2-256 parameterisations as described in cite:[nist:fips:180:4]. -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. Operation:: diff --git a/doc/scalar/insns/sha512sig0.adoc b/doc/scalar/insns/sha512sig0.adoc index ac020ddd..00278828 100644 --- a/doc/scalar/insns/sha512sig0.adoc +++ b/doc/scalar/insns/sha512sig0.adoc @@ -26,7 +26,7 @@ Description:: This instruction is supported for the RV64 base architecture. It implements the Sigma0 transform of the SHA2-512 hash function. cite:[nist:fips:180:4]. -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. Operation:: diff --git a/doc/scalar/insns/sha512sig0h.adoc b/doc/scalar/insns/sha512sig0h.adoc index 46dd694b..039b57c9 100644 --- a/doc/scalar/insns/sha512sig0h.adoc +++ b/doc/scalar/insns/sha512sig0h.adoc @@ -28,7 +28,7 @@ Used to compute the Sigma0 transform of the SHA2-512 hash function in conjunction with the <> instruction. The transform is a 64-bit to 64-bit function, so the input and output is represented by two 32-bit registers. -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. [TIP] diff --git a/doc/scalar/insns/sha512sig0l.adoc b/doc/scalar/insns/sha512sig0l.adoc index 074b8892..27ab813e 100644 --- a/doc/scalar/insns/sha512sig0l.adoc +++ b/doc/scalar/insns/sha512sig0l.adoc @@ -28,7 +28,7 @@ Used to compute the Sigma0 transform of the SHA2-512 hash function in conjunction with the <> instruction. The transform is a 64-bit to 64-bit function, so the input and output is represented by two 32-bit registers. -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. [TIP] diff --git a/doc/scalar/insns/sha512sig1.adoc b/doc/scalar/insns/sha512sig1.adoc index a49aa603..afb9ac6b 100644 --- a/doc/scalar/insns/sha512sig1.adoc +++ b/doc/scalar/insns/sha512sig1.adoc @@ -26,7 +26,7 @@ Description:: This instruction is supported for the RV64 base architecture. It implements the Sigma1 transform of the SHA2-512 hash function. cite:[nist:fips:180:4]. -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. Operation:: diff --git a/doc/scalar/insns/sha512sig1h.adoc b/doc/scalar/insns/sha512sig1h.adoc index 0652dbce..db2f9a42 100644 --- a/doc/scalar/insns/sha512sig1h.adoc +++ b/doc/scalar/insns/sha512sig1h.adoc @@ -28,7 +28,7 @@ Used to compute the Sigma1 transform of the SHA2-512 hash function in conjunction with the <> instruction. The transform is a 64-bit to 64-bit function, so the input and output is represented by two 32-bit registers. -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. [TIP] diff --git a/doc/scalar/insns/sha512sig1l.adoc b/doc/scalar/insns/sha512sig1l.adoc index 921dcda5..d137c532 100644 --- a/doc/scalar/insns/sha512sig1l.adoc +++ b/doc/scalar/insns/sha512sig1l.adoc @@ -28,7 +28,7 @@ Used to compute the Sigma1 transform of the SHA2-512 hash function in conjunction with the <> instruction. The transform is a 64-bit to 64-bit function, so the input and output is represented by two 32-bit registers. -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. [TIP] diff --git a/doc/scalar/insns/sha512sum0.adoc b/doc/scalar/insns/sha512sum0.adoc index 8e57f701..9ae7ee0a 100644 --- a/doc/scalar/insns/sha512sum0.adoc +++ b/doc/scalar/insns/sha512sum0.adoc @@ -26,7 +26,7 @@ Description:: This instruction is supported for the RV64 base architecture. It implements the Sum0 transform of the SHA2-512 hash function. cite:[nist:fips:180:4]. -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. Operation:: diff --git a/doc/scalar/insns/sha512sum0r.adoc b/doc/scalar/insns/sha512sum0r.adoc index 81fabcea..fadb1f16 100644 --- a/doc/scalar/insns/sha512sum0r.adoc +++ b/doc/scalar/insns/sha512sum0r.adoc @@ -27,7 +27,7 @@ This instruction is implemented on RV32 only. Used to compute the Sum0 transform of the SHA2-512 hash function. The transform is a 64-bit to 64-bit function, so the input and output is represented by two 32-bit registers. -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. [TIP] diff --git a/doc/scalar/insns/sha512sum1.adoc b/doc/scalar/insns/sha512sum1.adoc index 3d1e342c..ae195d9b 100644 --- a/doc/scalar/insns/sha512sum1.adoc +++ b/doc/scalar/insns/sha512sum1.adoc @@ -26,7 +26,7 @@ Description:: This instruction is supported for the RV64 base architecture. It implements the Sum1 transform of the SHA2-512 hash function. cite:[nist:fips:180:4]. -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. Operation:: diff --git a/doc/scalar/insns/sha512sum1r.adoc b/doc/scalar/insns/sha512sum1r.adoc index 982f3891..4e7d73c2 100644 --- a/doc/scalar/insns/sha512sum1r.adoc +++ b/doc/scalar/insns/sha512sum1r.adoc @@ -27,7 +27,7 @@ This instruction is implemented on RV32 only. Used to compute the Sum1 transform of the SHA2-512 hash function. The transform is a 64-bit to 64-bit function, so the input and output is represented by two 32-bit registers. -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. [TIP] diff --git a/doc/scalar/insns/sm3p0.adoc b/doc/scalar/insns/sm3p0.adoc index 072013af..295f0e5c 100644 --- a/doc/scalar/insns/sm3p0.adoc +++ b/doc/scalar/insns/sm3p0.adoc @@ -25,7 +25,7 @@ Encoding:: Description:: This instruction is supported for the RV32 and RV64 base architectures. It implements the _P0_ transform of the SM3 hash function cite:[gbt:sm3,iso:sm3]. -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. .Supporting Material diff --git a/doc/scalar/insns/sm3p1.adoc b/doc/scalar/insns/sm3p1.adoc index 2d466371..c99a32ba 100644 --- a/doc/scalar/insns/sm3p1.adoc +++ b/doc/scalar/insns/sm3p1.adoc @@ -25,7 +25,7 @@ Encoding:: Description:: This instruction is supported for the RV32 and RV64 base architectures. It implements the _P1_ transform of the SM3 hash function cite:[gbt:sm3,iso:sm3]. -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. .Supporting Material diff --git a/doc/scalar/insns/sm4ed.adoc b/doc/scalar/insns/sm4ed.adoc index 808bbf05..801f2b1c 100644 --- a/doc/scalar/insns/sm4ed.adoc +++ b/doc/scalar/insns/sm4ed.adoc @@ -30,7 +30,7 @@ linear layer transforms are applied, before the result is XOR'd with `rs1` and written back to `rd`. This instruction exists on RV32 and RV64 base architectures. On RV64, the 32-bit result is sign extended upto XLEN bits. -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. Operation:: diff --git a/doc/scalar/insns/sm4ks.adoc b/doc/scalar/insns/sm4ks.adoc index 62d1ab36..51a496eb 100644 --- a/doc/scalar/insns/sm4ks.adoc +++ b/doc/scalar/insns/sm4ks.adoc @@ -30,7 +30,7 @@ linear layer transforms are applied, before the result is XOR'd with `rs1` and written back to `rd`. This instruction exists on RV32 and RV64 base architectures. On RV64, the 32-bit result is sign extended upto XLEN bits. -This instruction must _always_ be implemented such that it's execution +This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. Operation:: diff --git a/rtl/README.md b/rtl/README.md index 5e95fa2e..7eadd13a 100644 --- a/rtl/README.md +++ b/rtl/README.md @@ -77,7 +77,7 @@ RV32 and RV64 CPUs. - They can also optionally drop support for AES decryption instructions. - The RV32 core can also optionally use the combined AES+SM4 module, - reducing it's size but increasing it's path length. + reducing its size but increasing its path length. - The cores optionally allow gating of inputs to each sub-module. This prevents downstream toggling in logic we are not using for the current From 85f02034e1e64b736658d284a2786d49e1d29690 Mon Sep 17 00:00:00 2001 From: Project Nayuki Date: Fri, 3 Sep 2021 15:53:34 +0000 Subject: [PATCH 2/5] spec: Fix grammar: upto -> up to. --- doc/old-tex/tex/sec-vector-grev.tex | 2 +- doc/old-tex/tex/sec-vector-sha2.tex | 2 +- doc/old-tex/tex/sec-vector.tex | 2 +- doc/scalar/insns/sm4ed.adoc | 2 +- doc/scalar/insns/sm4ks.adoc | 2 +- doc/supp/fusion.adoc | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/old-tex/tex/sec-vector-grev.tex b/doc/old-tex/tex/sec-vector-grev.tex index 15fe551f..d19ccc66 100644 --- a/doc/old-tex/tex/sec-vector-grev.tex +++ b/doc/old-tex/tex/sec-vector-grev.tex @@ -34,7 +34,7 @@ \subsection{Vector GREV} \cite[Section 2.2.2, Generalized Reverse]{riscv:bitmanip:draft}. For the Cryptography Extension, -Implementations must support an \EEW upto and including \XLEN. +Implementations must support an \EEW up to and including \XLEN. Executing the instruction with an un-supported \EEW results in an Invalid Opcode Exception. Only the values of \texttt{uimm} listed in table \ref{tab:vgrev:uimm} diff --git a/doc/old-tex/tex/sec-vector-sha2.tex b/doc/old-tex/tex/sec-vector-sha2.tex index cbaec537..00da6e34 100644 --- a/doc/old-tex/tex/sec-vector-sha2.tex +++ b/doc/old-tex/tex/sec-vector-sha2.tex @@ -36,7 +36,7 @@ \subsection{Vector SHA2 Acceleration - Per Round} will result in an Invalid Opcode Exception. \todo{The vsha2ws.vv immediate requires $3$ bits but only needs to express -upto $5$ values. Recommend embedding the immediate in the encoding directly +up to $5$ values. Recommend embedding the immediate in the encoding directly to make the instructions require fewer encoding points. They can still be written as above in assembly to avoid confusing mnemonic names.} diff --git a/doc/old-tex/tex/sec-vector.tex b/doc/old-tex/tex/sec-vector.tex index f0fe2bcd..995dc2f4 100644 --- a/doc/old-tex/tex/sec-vector.tex +++ b/doc/old-tex/tex/sec-vector.tex @@ -38,7 +38,7 @@ The base vector extension has the constraint $\VLEN \ge \ELEN$. The vector crypto instructions require that $\ELEN \ge 128$ for all -of its instructions, and upto $1024$ for some. +of its instructions, and up to $1024$ for some. Note that the vector crypto extension {\em does not} require these large \ELEN values to be supported for all instructions, only those which require them in order to function. diff --git a/doc/scalar/insns/sm4ed.adoc b/doc/scalar/insns/sm4ed.adoc index 801f2b1c..0e32a860 100644 --- a/doc/scalar/insns/sm4ed.adoc +++ b/doc/scalar/insns/sm4ed.adoc @@ -29,7 +29,7 @@ A byte is extracted from `rs2` based on `bs`, to which the SBox and linear layer transforms are applied, before the result is XOR'd with `rs1` and written back to `rd`. This instruction exists on RV32 and RV64 base architectures. -On RV64, the 32-bit result is sign extended upto XLEN bits. +On RV64, the 32-bit result is sign extended up to XLEN bits. This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. diff --git a/doc/scalar/insns/sm4ks.adoc b/doc/scalar/insns/sm4ks.adoc index 51a496eb..ffcdde8f 100644 --- a/doc/scalar/insns/sm4ks.adoc +++ b/doc/scalar/insns/sm4ks.adoc @@ -29,7 +29,7 @@ A byte is extracted from `rs2` based on `bs`, to which the SBox and linear layer transforms are applied, before the result is XOR'd with `rs1` and written back to `rd`. This instruction exists on RV32 and RV64 base architectures. -On RV64, the 32-bit result is sign extended upto XLEN bits. +On RV64, the 32-bit result is sign extended up to XLEN bits. This instruction must _always_ be implemented such that its execution latency does not depend on the data being operated on. diff --git a/doc/supp/fusion.adoc b/doc/supp/fusion.adoc index 9e069bdd..afb8975d 100644 --- a/doc/supp/fusion.adoc +++ b/doc/supp/fusion.adoc @@ -186,7 +186,7 @@ the input/output array pointers. This will cost two instructions to move them from `a0` / `a1`. If the arguments are marked as `const` in C code, then two more instructions are needed to put them back. -A core capable of fusing this sequence when both instructions are upto +A core capable of fusing this sequence when both instructions are up to 32 bits long saves `4` cycles per quarter round. A core capable of fusing this sequence only when the xor is 16 bits and From aa4ddc424988f3b5ee17c694a31bbb8c6f934ef3 Mon Sep 17 00:00:00 2001 From: Project Nayuki Date: Fri, 3 Sep 2021 16:03:14 +0000 Subject: [PATCH 3/5] spec: Fix spelling: neccessary -> necessary. --- doc/scalar/riscv-crypto-scalar-zbkb.adoc | 2 +- doc/scalar/riscv-crypto-scalar-zbkc.adoc | 2 +- doc/scalar/riscv-crypto-scalar-zbkx.adoc | 2 +- tools/gcc-patch-tasks.adoc | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/scalar/riscv-crypto-scalar-zbkb.adoc b/doc/scalar/riscv-crypto-scalar-zbkb.adoc index 6e526605..ed5b2117 100644 --- a/doc/scalar/riscv-crypto-scalar-zbkb.adoc +++ b/doc/scalar/riscv-crypto-scalar-zbkb.adoc @@ -21,7 +21,7 @@ Scalar Cryptography specification documents as they move at different paces. When this happens, assume that the Bitmanip specification has the most up-to-date version of Bitmanip instructions. -This is an unfortunate but neccessary stop-gap while Scalar Cryptography +This is an unfortunate but necessary stop-gap while Scalar Cryptography and Bitmanip are being rapidly iterated on prior to public review. [%header,cols="^1,^1,4,8"] diff --git a/doc/scalar/riscv-crypto-scalar-zbkc.adoc b/doc/scalar/riscv-crypto-scalar-zbkc.adoc index 15d4f9a0..c0ca64f8 100644 --- a/doc/scalar/riscv-crypto-scalar-zbkc.adoc +++ b/doc/scalar/riscv-crypto-scalar-zbkc.adoc @@ -17,7 +17,7 @@ Scalar Cryptography specification documents as they move at different paces. When this happens, assume that the Bitmanip specification has the most up-to-date version of Bitmanip instructions. -This is an unfortunate but neccessary stop-gap while Scalar Cryptography +This is an unfortunate but necessary stop-gap while Scalar Cryptography and Bitmanip are being rapidly iterated on prior to public review. [%header,cols="^1,^1,4,8"] diff --git a/doc/scalar/riscv-crypto-scalar-zbkx.adoc b/doc/scalar/riscv-crypto-scalar-zbkx.adoc index 21937200..48cc5711 100644 --- a/doc/scalar/riscv-crypto-scalar-zbkx.adoc +++ b/doc/scalar/riscv-crypto-scalar-zbkx.adoc @@ -17,7 +17,7 @@ Scalar Cryptography specification documents as they move at different paces. When this happens, assume that the Bitmanip specification has the most up-to-date version of Bitmanip instructions. -This is an unfortunate but neccessary stop-gap while Scalar Cryptography +This is an unfortunate but necessary stop-gap while Scalar Cryptography and Bitmanip are being rapidly iterated on prior to public review. [%header,cols="^1,^1,4,8"] diff --git a/tools/gcc-patch-tasks.adoc b/tools/gcc-patch-tasks.adoc index ca2daa8d..e414a086 100644 --- a/tools/gcc-patch-tasks.adoc +++ b/tools/gcc-patch-tasks.adoc @@ -5,7 +5,7 @@ Ben Marshall == Introduction & Purpose -This document describes the work neccessary to implement support +This document describes the work necessary to implement support the scalar crypto extension in GCC and Binutils. We currently have experimental patches for Binutils in the same @@ -129,6 +129,6 @@ We do not expect the compiler to use the complex algorithm specific instructions. NOTE: It _might_ be possible to write a matching pattern for the -SHA2 and SM3 instructions, but this is not neccessary for inital +SHA2 and SM3 instructions, but this is not necessary for inital support. From c40237628222249e3e6342b9d3e06e336999ef13 Mon Sep 17 00:00:00 2001 From: Project Nayuki Date: Fri, 3 Sep 2021 16:03:42 +0000 Subject: [PATCH 4/5] spec: Fix spelling: various words. --- doc/old-tex/tex/sec-audience.tex | 2 +- doc/scalar/riscv-crypto-scalar-audience.adoc | 2 +- doc/scalar/riscv-crypto-scalar-introduction.adoc | 2 +- doc/scalar/riscv-crypto-scalar-zbkx.adoc | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/old-tex/tex/sec-audience.tex b/doc/old-tex/tex/sec-audience.tex index 728bf716..de8fa43e 100644 --- a/doc/old-tex/tex/sec-audience.tex +++ b/doc/old-tex/tex/sec-audience.tex @@ -11,7 +11,7 @@ We have tried to capture these backgrounds here, with a brief explanation of what we expect them to know, and how it relates to the specification. -We hope this aids peoples understanding of which aspects of the specificaiton +We hope this aids people's understanding of which aspects of the specificaiton are particularly relevent to them, which they may (safely!) ignore, and pass to a colleague. diff --git a/doc/scalar/riscv-crypto-scalar-audience.adoc b/doc/scalar/riscv-crypto-scalar-audience.adoc index 4978e21a..442d7d65 100644 --- a/doc/scalar/riscv-crypto-scalar-audience.adoc +++ b/doc/scalar/riscv-crypto-scalar-audience.adoc @@ -13,7 +13,7 @@ with different backgrounds. We have tried to capture these backgrounds here, with a brief explanation of what we expect them to know, and how it relates to the specification. -We hope this aids peoples understanding of which aspects of the specification +We hope this aids people's understanding of which aspects of the specification are particularly relevant to them, which they may (safely!) ignore, and pass to a colleague. diff --git a/doc/scalar/riscv-crypto-scalar-introduction.adoc b/doc/scalar/riscv-crypto-scalar-introduction.adoc index 1ece5a07..ee877b54 100644 --- a/doc/scalar/riscv-crypto-scalar-introduction.adoc +++ b/doc/scalar/riscv-crypto-scalar-introduction.adoc @@ -21,5 +21,5 @@ A companion document _Volume II: Vector Instructions_, describes instruction proposals which build on the RISC-V Vector Extension. The Vector Cryptography extension is currently a work in progress waiting for the base Vector extension to stabilise. -We expect to pick up this work in ernest in Q4-2021 or Q1-2022. +We expect to pick up this work in earnest in Q4-2021 or Q1-2022. diff --git a/doc/scalar/riscv-crypto-scalar-zbkx.adoc b/doc/scalar/riscv-crypto-scalar-zbkx.adoc index 48cc5711..de4d30ef 100644 --- a/doc/scalar/riscv-crypto-scalar-zbkx.adoc +++ b/doc/scalar/riscv-crypto-scalar-zbkx.adoc @@ -4,7 +4,7 @@ These instructions are useful for implementing SBoxes in constant time, and potentially with DPA protections. These are separated from the <> because they -have a implementation overhead which cannot be amortised +have an implementation overhead which cannot be amortised across other instructions. NOTE: All of these instructions are missing from the first Bitmanip From c9fa30df7a664ab7f029e6768dffa01a0a4513ec Mon Sep 17 00:00:00 2001 From: Project Nayuki Date: Fri, 3 Sep 2021 16:04:11 +0000 Subject: [PATCH 5/5] spec: Fix spelling: hyphenation. --- doc/old-tex/riscv-crypto-spec-scalar.tex | 2 +- doc/old-tex/tex/sec-policies.tex | 4 ++-- doc/old-tex/tex/sec-scalar-aes.tex | 2 +- doc/old-tex/tex/sec-scalar-intro.tex | 2 +- doc/scalar/arch-review-letter.adoc | 2 +- doc/scalar/riscv-crypto-scalar-introduction.adoc | 2 +- doc/scalar/riscv-crypto-scalar-policies.adoc | 4 ++-- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/doc/old-tex/riscv-crypto-spec-scalar.tex b/doc/old-tex/riscv-crypto-spec-scalar.tex index b5703938..4b8f79cb 100644 --- a/doc/old-tex/riscv-crypto-spec-scalar.tex +++ b/doc/old-tex/riscv-crypto-spec-scalar.tex @@ -56,7 +56,7 @@ \section{Scalar Cryptography Extension} As per the RISC-V Cryptographic Extensions Task Group charter: ``{\em The committee will also make ISA extension proposals for lightweight -scalar instructions for 32 and 64 bit machines that improve the performance +scalar instructions for 32- and 64-bit machines that improve the performance and reduce the code size required for software execution of common algorithms like AES and SHA and lightweight algorithms like PRESENT and GOST}." diff --git a/doc/old-tex/tex/sec-policies.tex b/doc/old-tex/tex/sec-policies.tex index 71649838..d6ece5c3 100644 --- a/doc/old-tex/tex/sec-policies.tex +++ b/doc/old-tex/tex/sec-policies.tex @@ -35,9 +35,9 @@ \policy{ Historically, there has been some discussion \cite{LSYRR:04} on -how newly supported operations in general purpose computing might +how newly supported operations in general-purpose computing might enable new bases for cryptographic algorithms. -The standard will not try to anticipate new useful low level +The standard will not try to anticipate new useful low-level operations which {\em may} be useful as building blocks for future cryptographic constructs. } diff --git a/doc/old-tex/tex/sec-scalar-aes.tex b/doc/old-tex/tex/sec-scalar-aes.tex index 3e2577aa..d102fb61 100644 --- a/doc/old-tex/tex/sec-scalar-aes.tex +++ b/doc/old-tex/tex/sec-scalar-aes.tex @@ -5,7 +5,7 @@ \subsection{Scalar AES Acceleration} This section details proposals for acceleration of the AES block cipher \cite{nist:fips:197} within a scalar RISC-V core, -obeying the two-read-one-write constraint on general purpose register +obeying the two-read-one-write constraint on general-purpose register file accesses. Supporting material, including rationale and a design space exploration for these instructions can be found in \cite{cryptoeprint:2020:930}. diff --git a/doc/old-tex/tex/sec-scalar-intro.tex b/doc/old-tex/tex/sec-scalar-intro.tex index aa2b939d..e970ff3a 100644 --- a/doc/old-tex/tex/sec-scalar-intro.tex +++ b/doc/old-tex/tex/sec-scalar-intro.tex @@ -1,7 +1,7 @@ This document describes the proposed {\em scalar} cryptography extension for RISC-V. -All instructions proposed here use the general purpose {\tt X} +All instructions proposed here use the general-purpose {\tt X} registers, and obey the 2-read-1-write register access constraint. These instructions are designed to be lightweight, and be suitable for $32$ and $64$ bit base architectures, from embedded, IoT class diff --git a/doc/scalar/arch-review-letter.adoc b/doc/scalar/arch-review-letter.adoc index 30348afd..67bfd39b 100644 --- a/doc/scalar/arch-review-letter.adoc +++ b/doc/scalar/arch-review-letter.adoc @@ -86,7 +86,7 @@ The key algorithms we aimed to accelerate (AES, SHA2, SM3 and SM4) are `.text` size and a 95% reduction in `.data` size. (Faster: dynamic instruction count, smaller: static code size). -The more general purpose instructions (`Zbk*`) are harder to evaluate, but +The more general-purpose instructions (`Zbk*`) are harder to evaluate, but for important algorithms like SHA3/CSHAKE (Keccak) and ChaCha20, the improvement is at least 2x in performance and 0.5x in code size. diff --git a/doc/scalar/riscv-crypto-scalar-introduction.adoc b/doc/scalar/riscv-crypto-scalar-introduction.adoc index ee877b54..b447b993 100644 --- a/doc/scalar/riscv-crypto-scalar-introduction.adoc +++ b/doc/scalar/riscv-crypto-scalar-introduction.adoc @@ -3,7 +3,7 @@ This document describes the _scalar_ cryptography extension for RISC-V. -All instructions described herein use the general purpose `X` +All instructions described herein use the general-purpose `X` registers, and obey the 2-read-1-write register access constraint. These instructions are designed to be lightweight and suitable for `32` and `64` bit base architectures; from embedded IoT class diff --git a/doc/scalar/riscv-crypto-scalar-policies.adoc b/doc/scalar/riscv-crypto-scalar-policies.adoc index 33362c65..e5fd9c72 100644 --- a/doc/scalar/riscv-crypto-scalar-policies.adoc +++ b/doc/scalar/riscv-crypto-scalar-policies.adoc @@ -29,9 +29,9 @@ policies: * Historically, there has been some discussion cite:[LSYRR:04] - on how newly supported operations in general purpose computing might + on how newly supported operations in general-purpose computing might enable new bases for cryptographic algorithms. - The standard will not try to anticipate new useful low level + The standard will not try to anticipate new useful low-level operations which _may_ be useful as building blocks for future cryptographic constructs.