Add RISCV64 RVV backend

.clang-format

@@ -17,7 +17,7 @@ IncludeBlocks: Preserve
 # as "attributes" so they don't get increasingly indented line after line
 BreakBeforeBraces: Allman
 InsertBraces: true
-WhitespaceSensitiveMacros: ['__contract__', '__loop__' ]
+WhitespaceSensitiveMacros: ['__contract__', '__loop__', 'MLK_RV64V_ABS_BOUNDS16' ]
 Macros:
  # Make this artifically long to avoid function bodies after short contracts
  - __contract__(x)={ void a; void b; void c; void d; void e; void f; } void abcdefghijklmnopqrstuvw()

.github/actions/multi-functest/action.yml

@@ -150,7 +150,7 @@ runs:
           check_namespace: ${{ inputs.check_namespace }}
           stack: ${{ inputs.stack }}
           extra_args: ${{ inputs.extra_args }}
-      - name: Cross riscv64 Tests
+      - name: Cross riscv64 Tests (RVV, VLEN=128)
         if: ${{ (inputs.compile_mode == 'all' || inputs.compile_mode == 'cross-riscv64') && (success() || failure()) }}
         uses: ./.github/actions/functest
         with:
@@ -161,7 +161,67 @@ runs:
           custom_shell: ${{ inputs.custom_shell }}
           cflags: "${{ inputs.cflags }} -DMLK_FORCE_RISCV64"
           cross_prefix: riscv64-unknown-linux-gnu-
-          exec_wrapper: qemu-riscv64
+          exec_wrapper: "qemu-riscv64 -cpu rv64,v=true,vlen=128"
+          opt: ${{ inputs.opt }}
+          func: ${{ inputs.func }}
+          kat: ${{ inputs.kat }}
+          acvp: ${{ inputs.acvp }}
+          examples: ${{ inputs.examples }}
+          check_namespace: ${{ inputs.check_namespace }}
+          stack: ${{ inputs.stack }}
+          extra_args: ${{ inputs.extra_args }}
+      - name: Cross riscv64 Tests (RVV, VLEN=256)
+        if: ${{ (inputs.compile_mode == 'all' || inputs.compile_mode == 'cross-riscv64') && (success() || failure()) }}
+        uses: ./.github/actions/functest
+        with:
+          nix-shell: ${{ inputs.nix-shell }}
+          nix-cache: ${{ inputs.nix-cache }}
+          nix-verbose: ${{ inputs.nix-verbose }}
+          gh_token: ${{ inputs.gh_token }}
+          custom_shell: ${{ inputs.custom_shell }}
+          cflags: "${{ inputs.cflags }} -DMLK_FORCE_RISCV64"
+          cross_prefix: riscv64-unknown-linux-gnu-
+          exec_wrapper: "qemu-riscv64 -cpu rv64,v=true,vlen=256"
+          opt: ${{ inputs.opt }}
+          func: ${{ inputs.func }}
+          kat: ${{ inputs.kat }}
+          acvp: ${{ inputs.acvp }}
+          examples: ${{ inputs.examples }}
+          check_namespace: ${{ inputs.check_namespace }}
+          stack: ${{ inputs.stack }}
+          extra_args: ${{ inputs.extra_args }}
+      - name: Cross riscv64 Tests (RVV, VLEN=512)
+        if: ${{ (inputs.compile_mode == 'all' || inputs.compile_mode == 'cross-riscv64') && (success() || failure()) }}
+        uses: ./.github/actions/functest
+        with:
+          nix-shell: ${{ inputs.nix-shell }}
+          nix-cache: ${{ inputs.nix-cache }}
+          nix-verbose: ${{ inputs.nix-verbose }}
+          gh_token: ${{ inputs.gh_token }}
+          custom_shell: ${{ inputs.custom_shell }}
+          cflags: "${{ inputs.cflags }} -DMLK_FORCE_RISCV64"
+          cross_prefix: riscv64-unknown-linux-gnu-
+          exec_wrapper: "qemu-riscv64 -cpu rv64,v=true,vlen=512"
+          opt: ${{ inputs.opt }}
+          func: ${{ inputs.func }}
+          kat: ${{ inputs.kat }}
+          acvp: ${{ inputs.acvp }}
+          examples: ${{ inputs.examples }}
+          check_namespace: ${{ inputs.check_namespace }}
+          stack: ${{ inputs.stack }}
+          extra_args: ${{ inputs.extra_args }}
+      - name: Cross riscv64 Tests (RVV, VLEN=1024)
+        if: ${{ (inputs.compile_mode == 'all' || inputs.compile_mode == 'cross-riscv64') && (success() || failure()) }}
+        uses: ./.github/actions/functest
+        with:
+          nix-shell: ${{ inputs.nix-shell }}
+          nix-cache: ${{ inputs.nix-cache }}
+          nix-verbose: ${{ inputs.nix-verbose }}
+          gh_token: ${{ inputs.gh_token }}
+          custom_shell: ${{ inputs.custom_shell }}
+          cflags: "${{ inputs.cflags }} -DMLK_FORCE_RISCV64"
+          cross_prefix: riscv64-unknown-linux-gnu-
+          exec_wrapper: "qemu-riscv64 -cpu rv64,v=true,vlen=1024"
           opt: ${{ inputs.opt }}
           func: ${{ inputs.func }}
           kat: ${{ inputs.kat }}

.github/workflows/ci.yml

@@ -134,23 +134,43 @@ jobs:
     runs-on: ${{ matrix.target.runner }}
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      - name: build + test
+      - name: build + test (no-opt)
         uses: ./.github/actions/multi-functest
         with:
           nix-shell: ${{ matrix.target.nix_shell }}
           nix-cache: ${{ matrix.target.mode == 'native' && 'false' || 'true' }}
           gh_token: ${{ secrets.GITHUB_TOKEN }}
           compile_mode: ${{ matrix.target.mode }}
-          # There is no native code yet on PPC64LE, R-V or AArch64_be, so no point running opt tests
-          opt: ${{ (matrix.target.arch != 'ppc64le' && matrix.target.arch != 'riscv64' && matrix.target.arch != 'riscv32' && matrix.target.arch != 'aarch64_be') && 'all' || 'no_opt' }}
-      - name: build + test (+debug+memsan+ubsan)
+          opt: 'no_opt'
+      - name: build + test (+debug+memsan+ubsan, native)
         uses: ./.github/actions/multi-functest
         if: ${{ matrix.target.mode == 'native' }}
         with:
           gh_token: ${{ secrets.GITHUB_TOKEN }}
           compile_mode: native
           cflags: "-DMLKEM_DEBUG -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all"
           check_namespace: 'false'
+      - name: build + test (cross, opt)
+        uses: ./.github/actions/multi-functest
+        # There is no native code yet on PPC64LE, riscv32 or AArch64_be, so no point running opt tests
+        if: ${{ matrix.target.mode != 'native' && (matrix.target.arch != 'ppc64le' && matrix.target.arch != 'riscv32' && matrix.target.arch != 'aarch64_be') }}
+        with:
+          nix-shell: ${{ matrix.target.nix_shell }}
+          nix-cache: ${{ matrix.target.mode == 'native' && 'false' || 'true' }}
+          gh_token: ${{ secrets.GITHUB_TOKEN }}
+          compile_mode: ${{ matrix.target.mode }}
+          opt: 'opt'
+      - name: build + test (cross, opt, +debug)
+        uses: ./.github/actions/multi-functest
+        # There is no native code yet on PPC64LE, riscv32 or AArch64_be, so no point running opt tests
+        if: ${{ matrix.target.mode != 'native' && (matrix.target.arch != 'ppc64le' && matrix.target.arch != 'riscv32' && matrix.target.arch != 'aarch64_be') }}
+        with:
+          nix-shell: ${{ matrix.target.nix_shell }}
+          nix-cache: ${{ matrix.target.mode == 'native' && 'false' || 'true' }}
+          gh_token: ${{ secrets.GITHUB_TOKEN }}
+          compile_mode: ${{ matrix.target.mode }}
+          cflags: "-DMLKEM_DEBUG"
+          opt: 'opt'
   backend_tests:
     name: AArch64 FIPS202 backends (${{ matrix.backend }})
     strategy:

examples/monolithic_build_multilevel_native/Makefile

@@ -77,6 +77,7 @@ else ifneq ($(findstring aarch64_be, $(CROSS_PREFIX)),)
 else ifneq ($(findstring aarch64, $(CROSS_PREFIX)),)
 	CFLAGS += -DMLK_FORCE_AARCH64
 else ifneq ($(findstring riscv64, $(CROSS_PREFIX)),)
+	CFLAGS += -march=rv64gcv
 	CFLAGS += -DMLK_FORCE_RISCV64
 else ifneq ($(findstring riscv32, $(CROSS_PREFIX)),)
 	CFLAGS += -DMLK_FORCE_RISCV32

examples/monolithic_build_native/Makefile

@@ -60,6 +60,41 @@ LIB1024=libmlkem1024.a
 
 MLK_OBJS=$(BUILD_DIR)/mlkem_native.c.o $(BUILD_DIR)/mlkem_native.S.o
 
+# Automatically detect system architecture and set preprocessor etc accordingly
+HOST_PLATFORM := $(shell uname -s)-$(shell uname -m)
+
+# linux x86_64
+ifeq ($(HOST_PLATFORM),Linux-x86_64)
+	CFLAGS += -z noexecstack
+endif
+
+# Native compilation
+ifeq ($(CROSS_PREFIX),)
+ifeq ($(HOST_PLATFORM),Linux-x86_64)
+	CFLAGS += -mavx2 -mbmi2 -mpopcnt -maes
+	CFLAGS += -DMLK_FORCE_X86_64
+else ifeq ($(HOST_PLATFORM),Linux-aarch64)
+	CFLAGS += -DMLK_FORCE_AARCH64
+else ifeq ($(HOST_PLATFORM),Darwin-arm64)
+	CFLAGS += -DMLK_FORCE_AARCH64
+endif
+# Cross compilation
+else ifneq ($(findstring x86_64, $(CROSS_PREFIX)),)
+	CFLAGS += -mavx2 -mbmi2 -mpopcnt -maes
+	CFLAGS += -DMLK_FORCE_X86_64
+else ifneq ($(findstring aarch64_be, $(CROSS_PREFIX)),)
+	CFLAGS += -DMLK_FORCE_AARCH64_EB
+else ifneq ($(findstring aarch64, $(CROSS_PREFIX)),)
+	CFLAGS += -DMLK_FORCE_AARCH64
+else ifneq ($(findstring riscv64, $(CROSS_PREFIX)),)
+	CFLAGS += -march=rv64gcv
+	CFLAGS += -DMLK_FORCE_RISCV64
+else ifneq ($(findstring riscv32, $(CROSS_PREFIX)),)
+	CFLAGS += -DMLK_FORCE_RISCV32
+else ifneq ($(findstring powerpc64le, $(CROSS_PREFIX)),)
+	CFLAGS += -DMLK_FORCE_PPC64LE
+endif
+
 CFLAGS := \
 	-Wall \
 	-Wextra \

examples/multilevel_build_native/Makefile

@@ -44,6 +44,7 @@ else ifneq ($(findstring aarch64_be, $(CROSS_PREFIX)),)
 else ifneq ($(findstring aarch64, $(CROSS_PREFIX)),)
 	CFLAGS += -DMLK_FORCE_AARCH64
 else ifneq ($(findstring riscv64, $(CROSS_PREFIX)),)
+	CFLAGS += -march=rv64gcv
 	CFLAGS += -DMLK_FORCE_RISCV64
 else ifneq ($(findstring riscv32, $(CROSS_PREFIX)),)
 	CFLAGS += -DMLK_FORCE_RISCV32

mlkem/mlkem_native.S

@@ -85,6 +85,8 @@
 #include "mlkem/src/native/x86_64/src/rej_uniform_asm.S"
 #include "mlkem/src/native/x86_64/src/tomont.S"
 #endif /* MLK_SYS_X86_64 */
+#if defined(MLK_SYS_RISCV64)
+#endif
 #endif /* MLK_CONFIG_USE_NATIVE_BACKEND_ARITH */
 
 #if defined(MLK_CONFIG_USE_NATIVE_BACKEND_FIPS202)
@@ -344,6 +346,7 @@
 #undef MLK_SYS_PPC64LE
 #undef MLK_SYS_RISCV32
 #undef MLK_SYS_RISCV64
+#undef MLK_SYS_RISCV64_RVV
 #undef MLK_SYS_WINDOWS
 #undef MLK_SYS_X86_64
 #undef MLK_SYS_X86_64_AVX2
@@ -552,5 +555,40 @@
 #undef MLK_NATIVE_X86_64_SRC_CONSTS_H
 #undef mlk_qdata
 #endif /* MLK_SYS_X86_64 */
+#if defined(MLK_SYS_RISCV64)
+/*
+ * Undefine macros from native code (Arith, RISC-V 64)
+ */
+/* mlkem/src/native/riscv64/meta.h */
+#undef MLK_ARITH_BACKEND_RISCV64
+#undef MLK_NATIVE_RISCV64_META_H
+#undef MLK_USE_NATIVE_INTT
+#undef MLK_USE_NATIVE_NTT
+#undef MLK_USE_NATIVE_POLYVEC_BASEMUL_ACC_MONTGOMERY_CACHED
+#undef MLK_USE_NATIVE_POLY_MULCACHE_COMPUTE
+#undef MLK_USE_NATIVE_POLY_REDUCE
+#undef MLK_USE_NATIVE_POLY_TOMONT
+#undef MLK_USE_NATIVE_REJ_UNIFORM
+/* mlkem/src/native/riscv64/src/arith_native_riscv64.h */
+#undef MLK_NATIVE_RISCV64_SRC_ARITH_NATIVE_RISCV64_H
+#undef mlk_rv64v_poly_add
+#undef mlk_rv64v_poly_basemul_mont_add_k2
+#undef mlk_rv64v_poly_basemul_mont_add_k3
+#undef mlk_rv64v_poly_basemul_mont_add_k4
+#undef mlk_rv64v_poly_invntt_tomont
+#undef mlk_rv64v_poly_ntt
+#undef mlk_rv64v_poly_reduce
+#undef mlk_rv64v_poly_sub
+#undef mlk_rv64v_poly_tomont
+#undef mlk_rv64v_rej_uniform
+/* mlkem/src/native/riscv64/src/rv64v_debug.h */
+#undef MLK_NATIVE_RISCV64_SRC_RV64V_DEBUG_H
+#undef mlk_assert_abs_bound_int16m1
+#undef mlk_assert_abs_bound_int16m2
+#undef mlk_assert_bound_int16m1
+#undef mlk_assert_bound_int16m2
+#undef mlk_debug_check_bounds_int16m1
+#undef mlk_debug_check_bounds_int16m2
+#endif /* MLK_SYS_RISCV64 */
 #endif /* MLK_CONFIG_USE_NATIVE_BACKEND_ARITH */
 #endif /* !MLK_CONFIG_MONOBUILD_KEEP_SHARED_HEADERS */

mlkem/mlkem_native.c

@@ -84,6 +84,10 @@
 #include "src/native/x86_64/src/consts.c"
 #include "src/native/x86_64/src/rej_uniform_table.c"
 #endif
+#if defined(MLK_SYS_RISCV64)
+#include "src/native/riscv64/src/rv64v_debug.c"
+#include "src/native/riscv64/src/rv64v_poly.c"
+#endif
 #endif /* MLK_CONFIG_USE_NATIVE_BACKEND_ARITH */
 
 #if defined(MLK_CONFIG_USE_NATIVE_BACKEND_FIPS202)
@@ -331,6 +335,7 @@
 #undef MLK_SYS_PPC64LE
 #undef MLK_SYS_RISCV32
 #undef MLK_SYS_RISCV64
+#undef MLK_SYS_RISCV64_RVV
 #undef MLK_SYS_WINDOWS
 #undef MLK_SYS_X86_64
 #undef MLK_SYS_X86_64_AVX2
@@ -539,5 +544,40 @@
 #undef MLK_NATIVE_X86_64_SRC_CONSTS_H
 #undef mlk_qdata
 #endif /* MLK_SYS_X86_64 */
+#if defined(MLK_SYS_RISCV64)
+/*
+ * Undefine macros from native code (Arith, RISC-V 64)
+ */
+/* mlkem/src/native/riscv64/meta.h */
+#undef MLK_ARITH_BACKEND_RISCV64
+#undef MLK_NATIVE_RISCV64_META_H
+#undef MLK_USE_NATIVE_INTT
+#undef MLK_USE_NATIVE_NTT
+#undef MLK_USE_NATIVE_POLYVEC_BASEMUL_ACC_MONTGOMERY_CACHED
+#undef MLK_USE_NATIVE_POLY_MULCACHE_COMPUTE
+#undef MLK_USE_NATIVE_POLY_REDUCE
+#undef MLK_USE_NATIVE_POLY_TOMONT
+#undef MLK_USE_NATIVE_REJ_UNIFORM
+/* mlkem/src/native/riscv64/src/arith_native_riscv64.h */
+#undef MLK_NATIVE_RISCV64_SRC_ARITH_NATIVE_RISCV64_H
+#undef mlk_rv64v_poly_add
+#undef mlk_rv64v_poly_basemul_mont_add_k2
+#undef mlk_rv64v_poly_basemul_mont_add_k3
+#undef mlk_rv64v_poly_basemul_mont_add_k4
+#undef mlk_rv64v_poly_invntt_tomont
+#undef mlk_rv64v_poly_ntt
+#undef mlk_rv64v_poly_reduce
+#undef mlk_rv64v_poly_sub
+#undef mlk_rv64v_poly_tomont
+#undef mlk_rv64v_rej_uniform
+/* mlkem/src/native/riscv64/src/rv64v_debug.h */
+#undef MLK_NATIVE_RISCV64_SRC_RV64V_DEBUG_H
+#undef mlk_assert_abs_bound_int16m1
+#undef mlk_assert_abs_bound_int16m2
+#undef mlk_assert_bound_int16m1
+#undef mlk_assert_bound_int16m2
+#undef mlk_debug_check_bounds_int16m1
+#undef mlk_debug_check_bounds_int16m2
+#endif /* MLK_SYS_RISCV64 */
 #endif /* MLK_CONFIG_USE_NATIVE_BACKEND_ARITH */
 #endif /* !MLK_CONFIG_MONOBUILD_KEEP_SHARED_HEADERS */

mlkem/src/native/meta.h

@@ -18,4 +18,8 @@
 #include "x86_64/meta.h"
 #endif
 
+#if defined(MLK_SYS_RISCV64_RVV)
+#include "riscv64/meta.h"
+#endif
+
 #endif /* !MLK_NATIVE_META_H */

mlkem/src/native/riscv64/README.md

@@ -0,0 +1,11 @@
+[//]: # (SPDX-License-Identifier: CC-BY-4.0)
+
+# RISC-V Vector Extension Backend
+
+This is an arithmetic backend for CPUs implementing the RISC-V Vector Extension. The backend is functional for all physical `VLEN`, but the NTT and inverse NTT are so far only implemented for VLEN=256, falling back to the default C implementations for other VLENs.
+
+## Requirements
+
+- RISC-V 64-bit architecture
+- Vector extension (RVV) version 1.0
+- Standard "gc" extensions (integer and compressed instructions)