github-mirrors/cva6
1
0
Fork 0
mirror of https://github.com/openhwgroup/cva6.git synced 2025-04-22 21:27:10 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

hashing instructions added

Browse source
This commit is contained in:
munailwaqar 2025-02-24 17:40:31 +05:00 committed by Munail Waqar
parent 964f568043
commit 127233d2f8
6 changed files with 272 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

61
core/aes_fu.sv
View file

@ -12,13 +12,9 @@ module aes_fu
input fu_data_t fu_data_i,
// Original instruction bits for aes
input logic [ 5:0] orig_instr_aes,
// Crypto result - ISSUE_STAGE
// AES result - ISSUE_STAGE
output logic [ CVA6Cfg.XLEN-1:0] result_o
);
logic aes_valid_op;
assign aes_valid_op = fu_data_i.operation inside { AES32ESI, AES32ESMI, AES64ES, AES64ESM, AES32DSI, AES32DSMI, AES64DS, AES64DSM, AES64IM, AES64KS1I, AES64KS2 };
logic [ 63:0] sr;
logic [ 31:0] aes32esi_gen;
@ -34,8 +30,33 @@ module aes_fu
logic [ 63:0] aes64ks1i_gen;
logic [ 63:0] aes64ks2_gen;
logic [ 31:0] sha256sig0_gen;
logic [ 31:0] sha256sig1_gen;
logic [ 31:0] sha256sum0_gen;
logic [ 31:0] sha256sum1_gen;
logic [ 31:0] sha512sig0h_gen;
logic [ 31:0] sha512sig0l_gen;
logic [ 31:0] sha512sig1h_gen;
logic [ 31:0] sha512sig1l_gen;
logic [ 31:0] sha512sum0r_gen;
logic [ 31:0] sha512sum1r_gen;
logic [ 63:0] sha512sig0_gen;
logic [ 63:0] sha512sig1_gen;
logic [ 63:0] sha512sum0_gen;
logic [ 63:0] sha512sum1_gen;
// AES gen block
if (CVA6Cfg.ZKN && CVA6Cfg.RVB) begin : aes_gen_block
// SHA256 sigma0 transformation function by rotating, shifting and XORing rs1
assign sha256sig0_gen = (fu_data_i.operand_a[31:0] >> 7 | fu_data_i.operand_a[31:0] << 25) ^ (fu_data_i.operand_a[31:0] >> 18 | fu_data_i.operand_a[31:0] << 14) ^ (fu_data_i.operand_a[31:0] >> 3);
// SHA256 sigma1 transformation function by rotating, shifting and XORing rs1
assign sha256sig1_gen = (fu_data_i.operand_a[31:0] >> 17 | fu_data_i.operand_a[31:0] << 15) ^ (fu_data_i.operand_a[31:0] >> 19 | fu_data_i.operand_a[31:0] << 13) ^ (fu_data_i.operand_a[31:0] >> 10);
// SHA256 sum0 transformation function by rotating, shifting and XORing rs1
assign sha256sum0_gen = (fu_data_i.operand_a[31:0] >> 2 | fu_data_i.operand_a[31:0] << 30) ^ (fu_data_i.operand_a[31:0] >> 13 | fu_data_i.operand_a[31:0] << 19) ^ (fu_data_i.operand_a[31:0] >> 22 | fu_data_i.operand_a[31:0] << 10);
// SHA256 sum1 transformation function by rotating, shifting and XORing rs1
assign sha256sum1_gen = (fu_data_i.operand_a[31:0] >> 6 | fu_data_i.operand_a[31:0] << 26) ^ (fu_data_i.operand_a[31:0] >> 11 | fu_data_i.operand_a[31:0] << 21) ^ (fu_data_i.operand_a[31:0] >> 25 | fu_data_i.operand_a[31:0] << 7);
if (CVA6Cfg.IS_XLEN32) begin
// AES 32-bit final round encryption by applying rotations and the forward sbox to a single byte of rs2 based on the MSB byte of the instruction itself
assign aes32esi_gen = (fu_data_i.operand_a ^ ({24'b0, aes_sbox_fwd((fu_data_i.operand_b >> {orig_instr_aes[5:4], 3'b000}[7:0]))} << {orig_instr_aes[5:4], 3'b000}) | ({24'b0, aes_sbox_fwd((fu_data_i.operand_b >> {orig_instr_aes[5:4], 3'b000}[7:0]))} >> (32 - {orig_instr_aes[5:4], 3'b000})));
@ -45,6 +66,13 @@ module aes_fu
assign aes32dsi_gen = (fu_data_i.operand_a ^ ({24'b0, aes_sbox_inv((fu_data_i.operand_b >> {orig_instr_aes[5:4], 3'b000}[7:0]))} << {orig_instr_aes[5:4], 3'b000}) | ({24'b0, aes_sbox_inv((fu_data_i.operand_b >> {orig_instr_aes[5:4], 3'b000}[7:0]))} >> (32 - {orig_instr_aes[5:4], 3'b000})));
// AES 32-bit middle round decryption by applying rotations, inverse mix-columns and the inverse sbox to a single byte of rs2 based on the MSB byte of the instruction itself
assign aes32dsmi_gen = fu_data_i.operand_a ^ ((aes_mixcolumn_inv({24'h000000, aes_sbox_inv((fu_data_i.operand_b >> {orig_instr_aes[5:4], 3'b000}[7:0]))}) << {orig_instr_aes[5:4], 3'b000}) | (aes_mixcolumn_inv({24'h000000, aes_sbox_inv((fu_data_i.operand_b >> {orig_instr_aes[5:4], 3'b000}[7:0]))}) >> (32 - {orig_instr_aes[5:4], 3'b000})));
// SHA512 32-bit shifting and XORing rs1 and rs2
assign sha512sig0h_gen = (fu_data_i.operand_a >> 1) ^ (fu_data_i.operand_a >> 7) ^ (fu_data_i.operand_a >> 8) ^ (fu_data_i.operand_b << 31) ^ (fu_data_i.operand_b << 24);
assign sha512sig0l_gen = (fu_data_i.operand_a >> 1) ^ (fu_data_i.operand_a >> 7) ^ (fu_data_i.operand_a >> 8) ^ (fu_data_i.operand_b << 31) ^ (fu_data_i.operand_b << 25) ^ (fu_data_i.operand_b << 24);
assign sha512sig1h_gen = (fu_data_i.operand_a << 3) ^ (fu_data_i.operand_a >> 6) ^ (fu_data_i.operand_a >> 19) ^ (fu_data_i.operand_b >> 29) ^ (fu_data_i.operand_b << 13);
assign sha512sig1l_gen = (fu_data_i.operand_a << 3) ^ (fu_data_i.operand_a >> 6) ^ (fu_data_i.operand_a >> 19) ^ (fu_data_i.operand_b >> 29) ^ (fu_data_i.operand_b << 26) ^ (fu_data_i.operand_b << 13);
assign sha512sum0r_gen = (fu_data_i.operand_a << 25) ^ (fu_data_i.operand_a << 30) ^ (fu_data_i.operand_a >> 28) ^ (fu_data_i.operand_b >> 7) ^ (fu_data_i.operand_b >> 2) ^ (fu_data_i.operand_b << 4);
assign sha512sum1r_gen = (fu_data_i.operand_a << 23) ^ (fu_data_i.operand_a >> 14) ^ (fu_data_i.operand_a >> 18) ^ (fu_data_i.operand_b >> 9) ^ (fu_data_i.operand_b << 18) ^ (fu_data_i.operand_b << 14);
end
else if (CVA6Cfg.IS_XLEN64) begin
// AES Shift rows forward and inverse step
@ -64,6 +92,11 @@ module aes_fu
assign aes64ks2_gen = {(fu_data_i.operand_a[63:32] ^ fu_data_i.operand_b[31:0] ^ fu_data_i.operand_b[63:32]), (fu_data_i.operand_a[63:32] ^ fu_data_i.operand_b[31:0])};
// AES Key Schedule part by substituting round constant based on round number(from instruction), rotations and forward subword substitutions
assign aes64ks1i_gen = (orig_instr_aes[3:0] <= 4'hA) ? {((aes_subword_fwd((orig_instr_aes[3:0] == 4'hA) ? fu_data_i.operand_a[63:32] : ((fu_data_i.operand_a[63:32] >> 8) | (fu_data_i.operand_a[63:32] << 24)))) ^ (aes_decode_rcon(orig_instr_aes[3:0]))), ((aes_subword_fwd((orig_instr_aes[3:0] == 4'hA) ? fu_data_i.operand_a[63:32] : ((fu_data_i.operand_a[63:32] >> 8) | (fu_data_i.operand_a[63:32] << 24)))) ^ (aes_decode_rcon(orig_instr_aes[3:0])))} : 64'h0;
// SHA512 64bit rotating, shifting and XORing rs1
assign sha512sig0_gen = (fu_data_i.operand_a >> 1 | fu_data_i.operand_a << 63) ^ (fu_data_i.operand_a >> 8 | fu_data_i.operand_a << 56) ^ (fu_data_i.operand_a >> 7);
assign sha512sig1_gen = (fu_data_i.operand_a >> 19 | fu_data_i.operand_a << 45) ^ (fu_data_i.operand_a >> 61 | fu_data_i.operand_a << 3) ^ (fu_data_i.operand_a >> 6);
assign sha512sum0_gen = (fu_data_i.operand_a >> 28 | fu_data_i.operand_a << 36) ^ (fu_data_i.operand_a >> 34 | fu_data_i.operand_a << 30) ^ (fu_data_i.operand_a >> 39 | fu_data_i.operand_a << 25);
assign sha512sum1_gen = (fu_data_i.operand_a >> 14 | fu_data_i.operand_a << 50) ^ (fu_data_i.operand_a >> 18 | fu_data_i.operand_a << 46) ^ (fu_data_i.operand_a >> 41 | fu_data_i.operand_a << 23);
end
end
@ -80,6 +113,16 @@ module aes_fu
AES32ESMI: result_o = aes32esmi_gen;
AES32DSI: result_o = aes32dsi_gen;
AES32DSMI: result_o = aes32dsmi_gen;
SHA256SIG0: result_o = sha256sig0_gen;
SHA256SIG1: result_o = sha256sig1_gen;
SHA256SUM0: result_o = sha256sum0_gen;
SHA256SUM1: result_o = sha256sum1_gen;
SHA512SIG0H: result_o = sha512sig0h_gen;
SHA512SIG0L: result_o = sha512sig0l_gen;
SHA512SIG1H: result_o = sha512sig1h_gen;
SHA512SIG1L: result_o = sha512sig1l_gen;
SHA512SUM0R: result_o = sha512sum0r_gen;
SHA512SUM1R: result_o = sha512sum1r_gen;
default: ;
endcase
end
@ -92,6 +135,14 @@ module aes_fu
AES64IM: result_o = aes64im_gen;
AES64KS1I: result_o = aes64ks1i_gen;
AES64KS2: result_o = aes64ks2_gen;
SHA256SIG0: result_o = {{32{sha256sig0_gen[31]}}, sha256sig0_gen};
SHA256SIG1: result_o = {{32{sha256sig1_gen[31]}}, sha256sig1_gen};
SHA256SUM0: result_o = {{32{sha256sum0_gen[31]}}, sha256sum0_gen};
SHA256SUM1: result_o = {{32{sha256sum1_gen[31]}}, sha256sum1_gen};
SHA512SIG0: result_o = sha512sig0_gen;
SHA512SIG1: result_o = sha512sig1_gen;
SHA512SUM0: result_o = sha512sum0_gen;
SHA512SUM1: result_o = sha512sum1_gen;
default: ;
endcase
end

72
core/decoder.sv
View file

@ -905,6 +905,54 @@ module decoder
instruction_o.fu = AES;
end else illegal_instr_bm = 1'b1;
end
{
7'b010_1110, 3'b000
} : begin
if (CVA6Cfg.ZKN) begin
instruction_o.op = ariane_pkg::SHA512SIG0H; // sha512sig0h
instruction_o.fu = AES;
end else illegal_instr_bm = 1'b1;
end
{
7'b010_1010, 3'b000
} : begin
if (CVA6Cfg.ZKN) begin
instruction_o.op = ariane_pkg::SHA512SIG0L; // sha512sig0l
instruction_o.fu = AES;
end else illegal_instr_bm = 1'b1;
end
{
7'b010_1111, 3'b000
} : begin
if (CVA6Cfg.ZKN) begin
instruction_o.op = ariane_pkg::SHA512SIG1H; // sha512sig1h
instruction_o.fu = AES;
end else illegal_instr_bm = 1'b1;
end
{
7'b010_1011, 3'b000
} : begin
if (CVA6Cfg.ZKN) begin
instruction_o.op = ariane_pkg::SHA512SIG1L; // sha512sig1l
instruction_o.fu = AES;
end else illegal_instr_bm = 1'b1;
end
{
7'b010_1000, 3'b000
} : begin
if (CVA6Cfg.ZKN) begin
instruction_o.op = ariane_pkg::SHA512SUM0R; // sha512sum0r
instruction_o.fu = AES;
end else illegal_instr_bm = 1'b1;
end
{
7'b010_1001, 3'b000
} : begin
if (CVA6Cfg.ZKN) begin
instruction_o.op = ariane_pkg::SHA512SUM1R; // sha512sum1r
instruction_o.fu = AES;
end else illegal_instr_bm = 1'b1;
end
default: begin
illegal_instr_bm = 1'b1;
end
@ -1051,6 +1099,30 @@ module decoder
end else if (CVA6Cfg.ZKN && instr.instr[31:20] == 12'b001100000000) begin
instruction_o.op = ariane_pkg::AES64IM;
instruction_o.fu = AES;
end else if (CVA6Cfg.ZKN && instr.instr[31:20] == 12'b000100000010) begin
instruction_o.op = ariane_pkg::SHA256SIG0;
instruction_o.fu = AES;
end else if (CVA6Cfg.ZKN && instr.instr[31:20] == 12'b000100000011) begin
instruction_o.op = ariane_pkg::SHA256SIG1;
instruction_o.fu = AES;
end else if (CVA6Cfg.ZKN && instr.instr[31:20] == 12'b000100000000) begin
instruction_o.op = ariane_pkg::SHA256SUM0;
instruction_o.fu = AES;
end else if (CVA6Cfg.ZKN && instr.instr[31:20] == 12'b000100000001) begin
instruction_o.op = ariane_pkg::SHA256SUM1;
instruction_o.fu = AES;
end else if (CVA6Cfg.ZKN && instr.instr[31:20] == 12'b000100000110) begin
instruction_o.op = ariane_pkg::SHA512SIG0;
instruction_o.fu = AES;
end else if (CVA6Cfg.ZKN && instr.instr[31:20] == 12'b000100000111) begin
instruction_o.op = ariane_pkg::SHA512SIG1;
instruction_o.fu = AES;
end else if (CVA6Cfg.ZKN && instr.instr[31:20] == 12'b000100000100) begin
instruction_o.op = ariane_pkg::SHA512SUM0;
instruction_o.fu = AES;
end else if (CVA6Cfg.ZKN && instr.instr[31:20] == 12'b000100000101) begin
instruction_o.op = ariane_pkg::SHA512SUM1;
instruction_o.fu = AES;
end else illegal_instr_bm = 1'b1;
end
3'b101: begin

17
core/include/ariane_pkg.sv
View file

@ -514,7 +514,22 @@ package ariane_pkg;
AES64IM,
// AES Key-Schedule instructions
AES64KS1I,
AES64KS2
AES64KS2,
// Hashing instructions
SHA256SIG0,
SHA256SIG1,
SHA256SUM0,
SHA256SUM1,
SHA512SIG0H,
SHA512SIG0L,
SHA512SIG1H,
SHA512SIG1L,
SHA512SUM0R,
SHA512SUM1R,
SHA512SIG0,
SHA512SIG1,
SHA512SUM0,
SHA512SUM1
} fu_op;
function automatic logic op_is_branch(input fu_op op);

5
core/issue_read_operands.sv
View file

@ -136,7 +136,7 @@ module issue_read_operands
localparam OPERANDS_PER_INSTR = CVA6Cfg.NrRgprPorts / CVA6Cfg.NrIssuePorts;
typedef struct packed {
logic none, load, store, alu, alu2, ctrl_flow, mult, csr, fpu, fpu_vec, cvxif, accel;
logic none, load, store, alu, alu2, ctrl_flow, mult, csr, fpu, fpu_vec, cvxif, accel, aes;
} fus_busy_t;
logic [CVA6Cfg.NrIssuePorts-1:0] stall_raw, stall_waw, stall_rs1, stall_rs2, stall_rs3;
@ -292,6 +292,7 @@ module issue_read_operands
// Since we can not have two CVXIF instruction on 1st issue port, CVXIF is always ready for the pending instruction.
if (!flu_ready_i) begin
fus_busy[0].alu = 1'b1;
fus_busy[0].aes = 1'b1;
fus_busy[0].ctrl_flow = 1'b1;
fus_busy[0].csr = 1'b1;
fus_busy[0].mult = 1'b1;
@ -301,6 +302,7 @@ module issue_read_operands
// otherwise we will get contentions on the fixed latency bus
if (|mult_valid_q) begin
fus_busy[0].alu = 1'b1;
fus_busy[0].aes = 1'b1;
fus_busy[0].ctrl_flow = 1'b1;
fus_busy[0].csr = 1'b1;
end
@ -399,6 +401,7 @@ module issue_read_operands
LOAD: fu_busy[i] = fus_busy[i].load;
STORE: fu_busy[i] = fus_busy[i].store;
CVXIF: fu_busy[i] = fus_busy[i].cvxif;
AES: fu_busy[i] = fus_busy[i].aes;
default:
if (CVA6Cfg.FpPresent) begin
unique case (issue_instr_i[i].fu)

4
verif/sim/cva6.py
View file

@ -889,7 +889,7 @@ def load_config(args, cwd):
args.isa = "rv64gc_zba_zbb_zbs_zbc"
elif base in ("cv64a6_imafdc_sv39", "cv64a6_imafdc_sv39_hpdcache", "cv64a6_imafdc_sv39_hpdcache_wb"):
args.mabi = "lp64d"
args.isa = "rv64gc_zba_zbb_zbs_zbc_zbkb_zbkx_zkne_zknd"
args.isa = "rv64gc_zba_zbb_zbs_zbc_zbkb_zbkx_zkne_zknd_zknh"
elif base == "cv32a60x":
args.mabi = "ilp32"
args.isa = "rv32imc_zba_zbb_zbs_zbc"
@ -906,7 +906,7 @@ def load_config(args, cwd):
args.isa = "rv32imac"
elif base == "cv32a6_imac_sv32":
args.mabi = "ilp32"
args.isa = "rv32imac_zbkb_zbkx_zkne_zknd"
args.isa = "rv32imac_zbkb_zbkx_zkne_zknd_zknh"
elif base == "cv32a6_imafc_sv32":
args.mabi = "ilp32f"
args.isa = "rv32imafc"

122
verif/tests/testlist_riscv-arch-test-cv64a6_imafdc_sv39.yaml
View file

@ -968,6 +968,8 @@ testlist:
<<: *common_test_config
asm_tests: <path_var>/riscv-arch-test/riscv-test-suite/rv64i_m/A/src/amoxor.w-01.S
#K
- test: rv64im-pack-01
<<: *common_test_config
iterations: 1
@ -1032,3 +1034,123 @@ testlist:
iterations: 1
<<: *common_test_config
asm_tests: <path_var>/riscv-arch-test/riscv-test-suite/rv64i_m/K/src/aes64im-01.S
- test: rv64i_m-sha256sig0-01
iterations: 1
<<: *common_test_config
asm_tests: <path_var>/riscv-arch-test/riscv-test-suite/rv64i_m/K/src/sha256sig0-01.S
- test: rv64i_m-sha256sig0-rwp1
iterations: 1
<<: *common_test_config
asm_tests: <path_var>/riscv-arch-test/riscv-test-suite/rv64i_m/K/src/sha256sig0-rwp1.S
- test: rv64i_m-sha256sig0-rwp2
iterations: 1
<<: *common_test_config
asm_tests: <path_var>/riscv-arch-test/riscv-test-suite/rv64i_m/K/src/sha256sig0-rwp2.S
- test: rv64i_m-sha256sig1-01
iterations: 1
<<: *common_test_config
asm_tests: <path_var>/riscv-arch-test/riscv-test-suite/rv64i_m/K/src/sha256sig1-01.S
- test: rv64i_m-sha256sig1-rwp1
iterations: 1
<<: *common_test_config
asm_tests: <path_var>/riscv-arch-test/riscv-test-suite/rv64i_m/K/src/sha256sig1-rwp1.S
- test: rv64i_m-sha256sig1-rwp2
iterations: 1
<<: *common_test_config
asm_tests: <path_var>/riscv-arch-test/riscv-test-suite/rv64i_m/K/src/sha256sig1-rwp2.S
- test: rv64i_m-sha256sum0-01
iterations: 1
<<: *common_test_config
asm_tests: <path_var>/riscv-arch-test/riscv-test-suite/rv64i_m/K/src/sha256sum0-01.S
- test: rv64i_m-sha256sum0-rwp1
iterations: 1
<<: *common_test_config
asm_tests: <path_var>/riscv-arch-test/riscv-test-suite/rv64i_m/K/src/sha256sum0-rwp1.S
- test: rv64i_m-sha256sum0-rwp2
iterations: 1
<<: *common_test_config
asm_tests: <path_var>/riscv-arch-test/riscv-test-suite/rv64i_m/K/src/sha256sum0-rwp2.S
- test: rv64i_m-sha256sum1-01
iterations: 1
<<: *common_test_config
asm_tests: <path_var>/riscv-arch-test/riscv-test-suite/rv64i_m/K/src/sha256sum1-01.S
- test: rv64i_m-sha256sum1-rwp1
iterations: 1
<<: *common_test_config
asm_tests: <path_var>/riscv-arch-test/riscv-test-suite/rv64i_m/K/src/sha256sum1-rwp1.S
- test: rv64i_m-sha256sum1-rwp2
iterations: 1
<<: *common_test_config
asm_tests: <path_var>/riscv-arch-test/riscv-test-suite/rv64i_m/K/src/sha256sum1-rwp2.S
- test: rv64i_m-sha512sig0-01
iterations: 1
<<: *common_test_config
asm_tests: <path_var>/riscv-arch-test/riscv-test-suite/rv64i_m/K/src/sha512sig0-01.S
- test: rv64i_m-sha512sig0-rwp1
iterations: 1
<<: *common_test_config
asm_tests: <path_var>/riscv-arch-test/riscv-test-suite/rv64i_m/K/src/sha512sig0-rwp1.S
- test: rv64i_m-sha512sig0-rwp2
iterations: 1
<<: *common_test_config
asm_tests: <path_var>/riscv-arch-test/riscv-test-suite/rv64i_m/K/src/sha512sig0-rwp2.S
- test: rv64i_m-sha512sig1-01
iterations: 1
<<: *common_test_config
asm_tests: <path_var>/riscv-arch-test/riscv-test-suite/rv64i_m/K/src/sha512sig1-01.S
- test: rv64i_m-sha512sig1-rwp1
iterations: 1
<<: *common_test_config
asm_tests: <path_var>/riscv-arch-test/riscv-test-suite/rv64i_m/K/src/sha512sig1-rwp1.S
- test: rv64i_m-sha512sig1-rwp2
iterations: 1
<<: *common_test_config
asm_tests: <path_var>/riscv-arch-test/riscv-test-suite/rv64i_m/K/src/sha512sig1-rwp2.S
- test: rv64i_m-sha512sum0-01
iterations: 1
<<: *common_test_config
asm_tests: <path_var>/riscv-arch-test/riscv-test-suite/rv64i_m/K/src/sha512sum0-01.S
- test: rv64i_m-sha512sum0-rwp1
iterations: 1
<<: *common_test_config
asm_tests: <path_var>/riscv-arch-test/riscv-test-suite/rv64i_m/K/src/sha512sum0-rwp1.S
- test: rv64i_m-sha512sum0-rwp2
iterations: 1
<<: *common_test_config
asm_tests: <path_var>/riscv-arch-test/riscv-test-suite/rv64i_m/K/src/sha512sum0-rwp2.S
- test: rv64i_m-sha512sum1-01
iterations: 1
<<: *common_test_config
asm_tests: <path_var>/riscv-arch-test/riscv-test-suite/rv64i_m/K/src/sha512sum1-01.S
- test: rv64i_m-sha512sum1-rwp1
iterations: 1
<<: *common_test_config
asm_tests: <path_var>/riscv-arch-test/riscv-test-suite/rv64i_m/K/src/sha512sum1-rwp1.S
- test: rv64i_m-sha512sum1-rwp2
iterations: 1
<<: *common_test_config
asm_tests: <path_var>/riscv-arch-test/riscv-test-suite/rv64i_m/K/src/sha512sum1-rwp2.S