On Nov 10, 2023, at 12:06, Jerry Shih <jerry.shih@xxxxxxxxxx> wrote: > On Nov 9, 2023, at 16:05, Eric Biggers <ebiggers@xxxxxxxxxx> wrote: >> On Thu, Oct 26, 2023 at 02:36:38AM +0800, Jerry Shih wrote: >>> +# prepare input data(v24), iv(v28), bit-reversed-iv(v16), bit-reversed-iv-multiplier(v20) >>> +sub init_first_round { >>> .... >>> + # Prepare GF(2^128) multiplier [1, x, x^2, x^3, ...] in v8. >>> + slli $T0, $LEN32, 2 >>> + @{[vsetvli "zero", $T0, "e32", "m1", "ta", "ma"]} >>> + # v2: [`1`, `1`, `1`, `1`, ...] >>> + @{[vmv_v_i $V2, 1]} >>> + # v3: [`0`, `1`, `2`, `3`, ...] >>> + @{[vid_v $V3]} >>> + @{[vsetvli "zero", $T0, "e64", "m2", "ta", "ma"]} >>> + # v4: [`1`, 0, `1`, 0, `1`, 0, `1`, 0, ...] >>> + @{[vzext_vf2 $V4, $V2]} >>> + # v6: [`0`, 0, `1`, 0, `2`, 0, `3`, 0, ...] >>> + @{[vzext_vf2 $V6, $V3]} >>> + slli $T0, $LEN32, 1 >>> + @{[vsetvli "zero", $T0, "e32", "m2", "ta", "ma"]} >>> + # v8: [1<<0=1, 0, 0, 0, 1<<1=x, 0, 0, 0, 1<<2=x^2, 0, 0, 0, ...] >>> + @{[vwsll_vv $V8, $V4, $V6]} >> >> This code assumes that '1 << i' fits in 64 bits, for 0 <= i < vl. >> >> I think that works out to an implicit assumption that VLEN <= 2048. I.e., >> AES-XTS encryption/decryption would produce the wrong result on RISC-V >> implementations with VLEN > 2048. >> >> Perhaps it should be explicitly checked that VLEN <= 2048? >> >> - Eric > > Yes, we could just have the simple checking like: > > riscv_vector_vlen() >= 128 || riscv_vector_vlen() <=2048 > > We could also truncate the VL inside for VLEN>2048 case. > Let me think more about these two approaches. > > -Jerry I use the simplest solution. Setup the check for vlen: riscv_vector_vlen() >= 128 || riscv_vector_vlen() <=2048 It will have a situation that we will not enable accelerated aes-xts for `vlen>2048`. I would like to make a `todo` task to fix that in the future. -Jerry