Merge pull request #1324 from riscv/kersten1-patch-4

Reordering

src/b-st-ext.adoc

@@ -856,78 +856,6 @@ a single bit in a register. The bit is specified by its index.
 
 |===
 
-[#zbkc,reftext="Carry-less multiplication for Cryptography"]
-==== Zbkc: Carry-less multiplication for Cryptography
-
-[NOTE,caption=Frozen]
-====
-The Zbkc extension is frozen.
-====
-
-Carry-less multiplication is the multiplication in the polynomial ring over
-GF(2). This is a critical operation in some cryptographic workloads,
-particularly the AES-GCM authenticated encryption scheme.
-This extension provides only the instructions needed to
-efficiently implement the GHASH operation, which is part of this workload.
-
-[%header,cols="^1,^1,4,8"]
-|===
-|RV32
-|RV64
-|Mnemonic
-|Instruction
-
-|✓
-|✓
-|clmul _rd_, _rs1_, _rs2_
-|<<#insns-clmul>>
-
-|&#10003;
-|&#10003;
-|clmulh _rd_, _rs1_, _rs2_
-|<<#insns-clmulh>>
-
-|===
-
-[#zbkx,reftext="Crossbar permutations"]
-==== Zbkx: Crossbar permutations
-
-[NOTE,caption=Frozen]
-====
-The Zbkx extension is frozen.
-====
-
-These instructions implement a "lookup table" for 4 and 8 bit elements
-inside the general purpose registers.
-_rs1_ is used as a vector of N-bit words, and _rs2_ as a vector of N-bit
-indices into _rs1_.
-Elements in _rs1_ are replaced by the indexed element in _rs2_, or zero
-if the index into _rs2_ is out of bounds.
-
-These instructions are useful for expressing N-bit to N-bit boolean
-operations, and implementing cryptographic code with secret
-dependent memory accesses (particularly SBoxes) such that the execution
-latency does not depend on the (secret) data being operated on.
-
-[%header,cols="^1,^1,4,8"]
-|===
-|RV32
-|RV64
-|Mnemonic
-|Instruction
-
-|&#10003;
-|&#10003;
-|xperm.n _rd_, _rs1_, _rs2_
-|<<#insns-xpermn>>
-
-|&#10003;
-|&#10003;
-|xperm.b _rd_, _rs1_, _rs2_
-|<<#insns-xpermb>>
-
-|===
-
 [#zbkb,reftext="Bit-manipulation for Cryptography"]
 ==== Zbkb: Bit-manipulation for Cryptography
 
@@ -1029,6 +957,78 @@ common operations in cryptographic workloads.
 
 |===
 
+[#zbkc,reftext="Carry-less multiplication for Cryptography"]
+==== Zbkc: Carry-less multiplication for Cryptography
+
+[NOTE,caption=Frozen]
+====
+The Zbkc extension is frozen.
+====
+
+Carry-less multiplication is the multiplication in the polynomial ring over
+GF(2). This is a critical operation in some cryptographic workloads,
+particularly the AES-GCM authenticated encryption scheme.
+This extension provides only the instructions needed to
+efficiently implement the GHASH operation, which is part of this workload.
+
+[%header,cols="^1,^1,4,8"]
+|===
+|RV32
+|RV64
+|Mnemonic
+|Instruction
+
+|&#10003;
+|&#10003;
+|clmul _rd_, _rs1_, _rs2_
+|<<#insns-clmul>>
+
+|&#10003;
+|&#10003;
+|clmulh _rd_, _rs1_, _rs2_
+|<<#insns-clmulh>>
+
+|===
+
+[#zbkx,reftext="Crossbar permutations"]
+==== Zbkx: Crossbar permutations
+
+[NOTE,caption=Frozen]
+====
+The Zbkx extension is frozen.
+====
+
+These instructions implement a "lookup table" for 4 and 8 bit elements
+inside the general purpose registers.
+_rs1_ is used as a vector of N-bit words, and _rs2_ as a vector of N-bit
+indices into _rs1_.
+Elements in _rs1_ are replaced by the indexed element in _rs2_, or zero
+if the index into _rs2_ is out of bounds.
+
+These instructions are useful for expressing N-bit to N-bit boolean
+operations, and implementing cryptographic code with secret
+dependent memory accesses (particularly SBoxes) such that the execution
+latency does not depend on the (secret) data being operated on.
+
+[%header,cols="^1,^1,4,8"]
+|===
+|RV32
+|RV64
+|Mnemonic
+|Instruction
+
+|&#10003;
+|&#10003;
+|xperm.n _rd_, _rs1_, _rs2_
+|<<#insns-xpermn>>
+
+|&#10003;
+|&#10003;
+|xperm.b _rd_, _rs1_, _rs2_
+|<<#insns-xpermb>>
+
+|===
+
 <<<
 
 [#insns,reftext="Instructions (in alphabetical order)"]