Add AES support for RISC-V: RV64 vector

Author: silvanshade

.github/workflows/aes.yml

@@ -323,6 +323,12 @@ jobs:
           - target: riscv64gc-unknown-linux-gnu
             rustflags: '-Ctarget-feature=+zkne,+zknd'
             rust: nightly
+          - target: riscv64gc-unknown-linux-gnu
+            rustflags: '-Ctarget-feature=+v,+zvkned --cfg=aes_zvkned'
+            rust: nightly
+          - target: riscv64gc-unknown-linux-gnu
+            rustflags: '-Ctarget-feature=+zkne,+zknd,+v,+zvkned --cfg=aes_zvkned'
+            rust: nightly
     runs-on: ubuntu-latest
     defaults:
       run:

aes/Cargo.toml

@@ -37,6 +37,7 @@ check-cfg = [
     "cfg(aes_avx256_disable)",
     "cfg(aes_avx512_disable)",
     "cfg(riscv_zkned)",
+    "cfg(riscv_zvkned)"
 ]
 
 [package.metadata.docs.rs]

aes/src/lib.rs

@@ -42,6 +42,19 @@
 //! enable the appropriate target features at compile time. For example:
 //! `RUSTFLAGS=-C target-feature=+zkne,+zknd`.
 //!
+//! ## RISC-V rvv (vector) {Zvkned} extensions
+//!
+//! Support is available for the RISC-V vector crypto extensions for AES. This is
+//! not currently autodetected at runtime. In order to enable, you need to enable
+//! the appropriate target features at compile time. For example:
+//! `RUSTFLAGS=-C target-feature=+v,+zvkned`.
+//!
+//! NOTE: Hardware accelerated vector key-schedule routines for AES-192 are not
+//! available for the RISC-V vector crypto extensions. It is still possible to
+//! fall back to using the scalar key-schedule routines for AES-192 in this case
+//! if the appropriate target features are enabled. For example:
+//! `RUSTFLAGS=-C target-feature=+zkne,+zknd,+v,+zvkned`.
+//!
 //! ## `x86`/`x86_64` intrinsics (AES-NI and VAES)
 //! By default this crate uses runtime detection on `i686`/`x86_64` targets
 //! in order to determine if AES-NI and VAES are available, and if they are
@@ -159,6 +172,9 @@ cfg_if! {
         mod armv8;
         mod autodetect;
         pub use autodetect::*;
+    } else if #[cfg(all(any(target_arch = "riscv32", target_arch = "riscv64"), target_feature = "v", riscv_zvkned))] {
+        mod riscv;
+        pub use riscv::rvv::*;
     } else if #[cfg(all(target_arch = "riscv64", riscv_zkned))] {
         mod riscv;
         pub use riscv::rv64::*;

aes/src/riscv.rs

@@ -1,26 +1,43 @@
 //! AES block cipher implementations for RISC-V using the Cryptography
 //! Extensions
 //!
-//! Supported targets: rv64 (scalar)
+//! Supported targets: rv64 (scalar), rvv
 //!
 //! NOTE: rv32 (scalar) is not currently implemented, primarily due to the
 //! difficulty in obtaining a suitable development environment (lack of distro
 //! support and lack of precompiled toolchains), the effort required for
 //! maintaining a test environment as 32-bit becomes less supported, and the
 //! overall scarcity of relevant hardware. If someone has a specific need for
-//! such an implementation, please open an issue.
+//! such an implementation, please open an issue. Theoretically, the rvv
+//! implementation should work for riscv32, for a hypothetical rv32
+//! implementation satisfying the vector feature requirements.
 //!
 //! NOTE: These implementations are currently not enabled through
 //! auto-detection. In order to use this implementation, you must enable the
 //! appropriate target-features.
 //!
+//! Additionally, for the vector implementation, since the `zvkned`
+//! target-feature is not yet defined in Rust, you must pass
+//! `--cfg=riscv_zvkned` to the compiler (through `RUSTFLAGS` or some other
+//! means). However, you still must enable the `v` target-feature.
+//!
 //! Examining the module structure for this implementation should give you an
 //! idea of how to specify these features in your own code.
 //!
-//! NOTE: AES-128, AES-192, and AES-256 are supported.
+//! NOTE: AES-128, AES-192, and AES-256 are supported for both the scalar and
+//! vector implementations.
+//!
+//! However, key expansion is not vector-accelerated for the AES-192 case
+//! (because RISC-V does not provide vector instructions for this case). Users
+//! concerned with vector performance are advised to select AES-129 or AES-256
+//! instead. Nevertheless, the AES-192 vector implementation will still fall
+//! back to the scalar AES-192 key-schedule implementation, if the appropriate
+//! scalar target-features are enabled.
 
 #[cfg(all(target_arch = "riscv64", riscv_zkned))]
 pub(crate) mod rv64;
+#[cfg(all(target_arch = "riscv64", riscv_zvkned,))]
+pub(crate) mod rvv;
 
 use crate::Block;
 

aes/src/riscv/rv64.rs

@@ -1,3 +1,9 @@
+#![cfg_attr(all(riscv_zkned, riscv_zvkned),
+// When RVV crypto (Zvkned) and Scalar crypto (Zkn{ed}) is enabled, RVV will use
+// Scalar crypto AES-192 definitions. But the reset of the definitions from this
+// module will be unused, so we silence them once here.
+allow(unused))]
+
 //! AES block cipher implementation for RISC-V 64 using Scalar Cryptography Extensions: Zkne, Zknd
 //!
 //! RISC-V Scalar Cryptography Extension v1.0.1: